Privacy policy

This privacy policy sets out how we use and protect any information that you give us when you use this platform. This policy meets the requirements of GDPR data processing legislation.

What we collect

We only collect data that is relevant and necessary for us to provide this service.

We may collect the following information:

  • full name
  • date of birth
  • email address
  • telephone number

How we use your data

We use your data to:

  • identify you
  • provide a healthcare service

We may also use it for:

  • internal record keeping
  • improving our products and services

How we share your data

We sometimes use other organisations to process your personal information on our behalf. When we do, these organisations are bound by legal agreements to ensure your personal information is secure and used only for the purpose we stipulate.

We may need to share your personal information if we are required to do so by law.

How we protect your data

We encrypt all data both in transit and in storage. We protect your data through:

  • two-factor authentication
  • system auditing functionality and procedures
  • vulnerability scanning and anti-virus measures
  • network security including firewalls and penetration testing
  • encryption of personal data
  • Cyber Essentials compliance
  • system security policy and standard operating procedures
  • ISO 27001 standard for information security compliance
  • defined information security and related policies
  • staff training in security and privacy best practice
  • a documented incident management and reporting process
  • physical security policies

Your data is securely stored in the United Kingdom and Northern Ireland or European Economic Area (EEA). We'll update this notice if this changes.

How long we keep your data

We comply with the agreed NHS specific patient information retention periods. We will only hold your data for as long as is reasonably necessary. Legal, tax, accounting or technical requirements may also impact this.

Once we no longer need your data, we will permanently delete it from our databases.

Your rights

You have the right to:

  • request a copy of your personal data and other supplementary information
  • correct errors or omissions in your personal data

Contact us to request a correction or a copy of your data.

Request your personal information is deleted

You can request that we erase your personal information where:

  • it's no longer necessary for the purpose for which it was originally collected
  • you have withdrawn consent
  • you object to the processing and there’s no legitimate interest for us to continue
  • your data was unlawfully processed or in breach of General Data Protection Regulation
  • the data has to be erased in order to comply with a legal obligation

We can refuse to comply to erase your data where it’s being used:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation or for the performance of a public interest task or exercise of official authority
  • for public health purposes in the public interest
  • for archiving purposes in the public interest
  • to inform scientific or historical research, or for statistical purposes
  • for the exercise or defence of legal claims

Object to processing

You can object to:

  • data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling
  • direct marketing, including profiling
  • processing for purposes of scientific/historical research and statistics

Request we restrict our use of your personal information:

You have the right to request a restriction such as a temporary stop of the processing of your personal information where:

  • you think the personal information is inaccurate and it should not be used until it's corrected
  • we're using your personal information unlawfully and you want your personal information to be held by us but not processed whilst a complaint / investigation takes place
  • you require us to keep your personal information and not delete it while you make or defend a legal claim
  • you have objected to our use of your personal information and we do not have legitimate grounds to override your objection

Make a complaint

You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time.

You can contact the ICO by:

Third-party websites

This privacy policy no longer applies when you follow links from this service to third-party external websites. Consult the third party’s privacy policy for privacy information when using that website.

Get in touch

If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our data protection point of contact (dataprotection@lenushealth.com).

Cookies

When you use this service, we put small files called cookies onto your device. We use Microsoft Azure App Insights cookies. These necessary cookies provide telemetry to:

  • ensure that the service is working properly
  • monitor exceptions
  • identify bugs and issues

Two of these necessary App Insights cookies (UserTelemetryInitializer cookie and SessionTelemetryInitializer session cookie) are also used for analytics purposes.

They do not collect or store your information, so we cannot identify you from them.

You can remove cookies from your device at any time. Your device will automatically delete expired cookies.

Find out more about cookies.