At C the Signs, We are committed to protecting and respecting your privacy, and the personal data that We hold and process about you. This privacy notice explains what data We collect, how We use it and your rights to ensure that data is managed appropriately.
The data protection laws require data controllers to be open and transparent about data use.
We will continue to process your personal information in accordance with the new privacy laws, including the General Data Protection Regulations and the Data Protection Act.
Your privacy is important to us, so if there is anything in our privacy notice that is unclear or you do not understand, please contact us at firstname.lastname@example.org.
What personal data do We hold?
To provide the online services and applications, including our website and the C the Signs App, We hold and process a number of different types of personal data:
- Registration information to set up and identify your user account: name, address, email
- Registration information to access our C the Signs App: details of your profession, the GP Practice and clinical commissioning groups that you are affiliated with
- Technical information about your visit to our website and services: including the internet protocol (IP) address used to connect your computer to the internet, your login-information, browser type, time
- Survey responses data relating to user experiences and issues in the clinical pathways or as part of clinical trials or evaluations.
Where do We get your personal data from?
The personal data that We hold and manage comes from a number of different sources:
Information that you provide to us:
- When completing online forms to register to use our App and online services
- When completing online forms to report issues with our website or services
- When completing surveys or other information requests
- When you contact us by telephone or email
Information that We collect automatically:
- With regards to each of your visits to our website, or when you sign in to use our online services, We may automatically collect technical information about your visit, including the number of times you use our services, the pages that you visited, the time of your visit, how long you stayed connected to our site or services, anonymised data that you input into our services (including the signs, symptoms, risk factors and investigation outcomes) and details of the recommendations that are delivered through the Services.
- When you read our newsletters, we use automated tools to record details of which articles were of interest, to you, and geolocation data from where they were accessed.
- We collect this information using online analytical tools and cookies which are specific computer programmes Please click here for more information on our cookies and how you can disable them[insert hyperlink to the cookie pages]
Information that We collect from third parties:
We collect a range of anonymised statistical data that is recorded by third parties who enable you to access our Services (including Google Analytics, iTunesConnect, AWS Mobile and Hotjar). These companies provide us with statistical data to enable us to monitor and improve the performance of our services. This data may include demographic data (geolocation, age, gender) data on how users navigate the website and services including anonymised vidoes of individual user journeys, how users enter and locate our services.
How We use your information
Our primary purpose for using your personal information is to enable you to register with us, and log in to use our online services. By registering with us to use our online service, We are entering into a contract with you to provide the services, and it is necessary for us to process certain information to enable the contract to be entered into and fulfilled.
We work closely with a range of bodies involved in delivering healthcare services including GP practices, Clinical Commissioning Groups, Alliances, STPs, Vanguards, NHS England, Public Health England, the National Institute for Health and Clinical Excellence, Medicines and Healthcare Products Regulatory Agency and SBRI Healthcare, to ensure that our online services are accurate, up to date and provide valuable information for local GPs and healthcare practitioners. As part of our contracts with your local Clinical Commissioning Group, GP practice, Alliance, STP or Vanguard, We will receive and share certain information about users with them to monitor the contract. We share aggregated data about all users within a defined group, providing details of the nature of searches conducted, and the pathways recommended. Whilst we do not actively report this data at individual user level, it may be possible for an individual reading the report to identify an individual GP or healthcare professional based on a specific set of circumstances.
We also process information about users, including the technical information, to support our legitimate business interests in monitoring the performance, and efficiency of the online services, to improve our services, and promote our services.
We also collect anonymised information for statistical purposes, and for referencing in journals and articles. Although survey data is collected by reference to individual users to ensure that you are not asked to participate multiple times in the same or similar surveys, the response data is collated anonymously prior to publication. Where We use information , We ensure that We do not identify specific users or their data. We may also share anonymised information with charities and other groups interested in particular specialities, to demonstrate how much traffic is generated by their content.
Sharing your information with third parties
We work closely with GP practices Clinical Commissioning Groups, Alliances, STPs and Vanguards and contract with them to provide our services. As part of our contract with these overarching bodies, , we may be required to share details of users including usage data, take up and details of the pathways researched to enable informed decisions to be taken on service planning. Although the reported data is aggregated and anonymised to compile individual reports, it may be possible for individual users to identify an individual GP or healthcare professional based on a specific set of circumstances.
Where possible We will support our online services internally, however, We may use external suppliers to support specific aspects of our business that We cannot manage ourselves. Where We engage a third party supplier, We only share information that is necessary to provide a particular support service, and ensure that We only work with third parties who understand and implement good data handling practices. We have contracts in place to ensure that data is only used for specific purposes that We instruct, that the supplier respects confidentiality and hold the data securely.
We share anonymous information with the online analytics and search engine providers that assist us to improve and optimise the use of our site.
We do not sell the data that is captured or recorded through the website or the services for commercial benefit. Where we identify an NHS benefit, we may use the data to enhance our existing services.
If We sell the whole or part of our business, or We acquire the whole or part of another business, We may share personal data to facilitate that business transaction.
How long do We hold your personal data?
Where you have registered to use our online services We will hold data about you whilst you are an active user, and for up to 7 years after you cease to be an active user of our services. This is to ensure that We retain an accurate picture of the use of our services, and to ensure that We are able to defend any legal rights or protect us from any claims against us.
If accounts are unused for a continuous period of time, or a contract with the commissioning GP Practice, Clinical Commissioning Group, Alliance, STP or Vanguard, expires or terminates, then we will deactivate an account to protect the security and integrity of the website and our services. We will continue to hold data on individual users whilst an account is inactive.
We will hold information about searches on a pseudo-anonymised basis for up to 6 years after the initial search, or where the search relates to a minor, for a period of 3years after they reach 18 years old.
We hold and process information about enquiries via our website for 24 months to ensure that they have been appropriately resolved and to support training, and improvements in our practices and services.
We hold and process the technical information about users for 4years to support our statistical analysis of the website and our services and to monitor improvements. Most of this information is pseudo-anonymised, to protect individuals. Where we are able to completely anonymise information so that it is no longer identifiable personal data, we will store this data so long as we have a business requirement.
Communicating with you
From time to time We may wish to communicate with you to:
- Seek feedback on our services
- Inform you of our services that may be of interest to you
We also provide a newsletter to keep you informed of local or national activities and meetings that may be of interest to you or your patients. We only issue the newsletter to users who have asked to receive it.
We understand that you may not want to receive communications, particularly marketing information. Please contact us at email@example.com to ask us to stop sending these messages. If you ask us to stop sending communications, We may continue to hold and use your personal data for other purposes.
Where We store your personal data
All of our information that is held within the business is stored in database within our control which is located within the UK.
Some of our third party suppliers, including our newsletter service provider and some of our data analytics providers are based outside of the European Economic Area (EEA). In order to protect your personal data where it is being collected and processed by these suppliers, we ensure that our contract with them includes adequate safeguards for your data, including, where appropriate, ensuring that US companies are members of the US Privacy Shield.
How We protect your personal data
All information that you provide to us is stored on our secure servers, which is located within the UK
Once We have received your personal information We employ a number of technical and organisational security measures to keep information secure and confidential. We ensure that only our personnel who need to access data do so, and that they are trained and understand good data handling techniques. Unfortunately the transmission of information via the internet is not completely secure, and although We will do our best to protect your information whilst stored on our systems, We cannot guarantee the complete security of data in transmission.
In order to access our services you have unique user names and passwords – please help us to keep your personal information safe by keeping these secret and confidential, and not sharing them with other people. If you think that someone-else knows your user name or password, please tell us as soon as possible to help us reset the security.
The data protection laws include a number of specific rights that you have to ensure that your data is collected and handled in a secure and appropriate manner. These include the right to:
- Access your personal data that We process
- Correct any inaccuracies in personal data that We hold about you
- Withdraw your consent where that is the legal basis of our processing
- Be forgotten, that is your details to be removed from systems that We use to process your personal data
- Restrict the processing in certain ways
- Obtain a copy of your data in a commonly used electronic form; and
- Object to certain processing of your personal data by us
If you would like to exercise your rights, please contact our Data Protection Officer at firstname.lastname@example.org
Whilst We try our best, there may be times when you are not happy with the way in which We have handled your personal information. If you have any concerns, please contact our data protection lead, Miles Payling by emailing email@example.com to allow Us to investigate your concerns. You also have the right to complain to the Information Commissioner’s Office; via www.ico.org.uk
Updating your information
It is important that We are able to keep a track of our users, and your rights to use our services may change if you change your employer. Please keep us informed if any of the information that We hold about you changes.
Although the C the Signs application and services requires the input of specific health data, and data relating to a medical condition, or requirement, the data that is input into the application does not identify a specific individual patient, and therefore we do not process patient identifiable data through our Services. The input data is not stored in a manner that enables an individual patient or the inputting healthcare professional to be identified, but some data may be retained for statistical analysis and reporting and improving the services.