This policy was last updated on 4 June 2020
We’re committed to protecting and respecting your privacy and the personal data we hold and process about you.
The processing of your personal data is carried out by or on behalf of RAPID HEALTH under the EU General Data Protection Regulation and the Data Protection Act 2018. Our legal name is RAPID HEALTH LTD with company number 12061137 and our address is 12 Hale End, Woking GU22 0LH.
Please get in touch with our Data Protection Champion Catherine McCrohan at firstname.lastname@example.org if you have any questions about our privacy notice or information we hold about you.
We will only use your personal data where we have a legal basis to do so and will always respect your rights (which are outlined later in this notice).
Some examples of the legal bases we may use to process your personal data are as follows:
Consent: in certain situations we can collect and process your data with your consent, for example when you register with us and tick a box to receive email updates from us.
Contractual obligations: in certain circumstances, we need your personal data to comply with our contractual obligations to you or your employer, for example if you use our services to support clinical pathways.
Legal compliance: If the law requires us to, we may need to collect and process your data, for example in relation to law enforcement.
Legitimate interest: In certain situations, we may need to collect and process your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests. For example, we may use information on LinkedIn or in the public domain to approach you about our services, and we may use your usage of our website to send you direct marketing information by post, telling you about products and services we think may interest you. We may also combine your usage of our service with that of many users to identify trends and learnings to improve the services.
We want to give you the best possible experience and to develop better services. We use your data:
To respond to your queries and feedback. Handling information you send us enables us to respond. We may also keep a record of these to inform future communication with you. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with best service and understanding how we can improve our service based on your experience.
To provide you with access to information about our services which is provided to registered users only. If we don’t collect your personal data through your registration, we won’t be able to provide you with this information.
To provide you with our services. If we don’t collect your personal data, we won’t be able to give you access to our services and comply with our associated contractual and legal obligations.
To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account.
We’ll also monitor your browsing activity on our website, and any use of our service, to quickly identify and resolve any problems and protect the integrity of our website and service. We’ll do this as part of our legitimate interest.
With your consent, we will use your personal data to keep you informed by email, web, text and telephone about relevant products and services. You are free to opt out of hearing from us by way of these channels at any time.
Most of the personal information we process is provided to us directly by you in one of the following circumstances:
When you register to use our services When you use our services
When you fill in any forms on our website, such as to report issues
When you choose to complete surveys or respond to information requests
When you contact us by telephone or email
We may also receive your personal information indirectly in the following scenarios:
Your employer has registered your organisation to use our services
An employee of ours gives your contact details as an emergency contact
A prospective employee of ours gives your contact details as a referee
As part of our corporate and commercial functions, we process special category data and potentially criminal conviction data. This usage is covered in our Staff Privacy Notice and our Safeguards Policy.
To provide our services, including our website, we hold and process different types of personal data:
Your name and email address if you’re a registered website user, and for your security, we’ll also keep an encrypted record of your login password.
Your job title, employer and work address, if you’re a registered service user
Information about your use of our website and services, including the internet protocol (IP) address used by the device(s) you use
Any responses you give to our surveys, for example about issues in clinical pathways or as part of clinical trials, or evaluations of our services.
We also store the data that you input when using our services as well as the recommendations and outputs of your service usage.
Please keep us informed if any of the information that we hold about you changes. If you are registered to use our services, your rights to use our services may alter if you change your employer.
We may also use publicly available sources to ensure that the information we hold is accurate and up to date.
We will not share your information with third parties for their own purposes unless this is explained to you at the time we collect your information, or we are legally required to do so, or we have another lawful basis for sharing such information.
We share anonymous information with the online analytics and search engine providers that assist us to improve and optimise the use of our site.
We do not sell the data that is captured or recorded through the website or the services for commercial benefit. Where we identify an NHS benefit, we may use the data to enhance our existing services.
If we sell all or part of our business, we may need to share your personal data with the organisation taking on our assets and liabilities.
Aggregated data: so we can fulfil our contracts with the bodies involved in delivering healthcare services (see below), we share aggregated data about the nature of searches conducted, pathways recommended and decisions made within a defined group to the associated body. We do not report this data at individual user level, however it may be possible to work out the identity of a user in a specific set of circumstances, for example in the event of a small GP practice managing a patient with a rare condition, it may be possible for people authorised to access the system to identify the individual GP if they were to cross-reference against external data.
Anonymised data: we also collect anonymised information for statistical purposes. Although survey data is collected by reference to individual users (so you’re not asked to participate multiple times in the same surveys), the response data is collated anonymously. Where we use this information, we never identify specific individuals. We may also share anonymised information with organisations interested in certain specialities to demonstrate how much traffic is generated by their content.
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. In those circumstances we will ensure we have a valid reason under current data protection legislation to do so. This could include ensuring the country or organisation where the data is held has been approved as having adequate data protections standards by the UK and EU.
We will normally hold your information for a period of up to seven years from the end of your relationship with RAPID HEALTH or its services, in line with our retention and disposal policy. In some circumstances this will be different, for example we only keep information about unsuccessful job applications for six months.
The data protection laws include a number of specific rights that you have to ensure that your data is collected and handled in a secure and appropriate manner.
You have the right to be informed about how we collect and use your personal data, and to request:
Access to the personal data we hold about you, free of charge in most cases
The correction of your personal data when inaccurate, out of date or incomplete
The deletion of data we hold about you, in specific circumstances, eg where you withdraw consent or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has ceased
Restriction of the use of your personal data, in specific circumstances, eg while we are assessing an objection you have made
A copy of your personal data in a commonly used electronic format;
That we stop using your personal data for direct marketing (either through specific channels or all channels)
That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time by emailing email@example.com and we will action your request within one calendar month. If we choose not to action your request, we will explain the reasons for our refusal.
We know how much data security matters to all of us, both as individuals and as professionals, and will treat your data with the utmost care, taking all appropriate steps to protect it.
We secure access to all transactional areas of our websites and applications using encrypted ‘https’ technology. Access to your personal data is password-protected, and sensitive data is secured and tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks and stay abreast of best practice.
We work closely with a range of bodies involved in delivering public healthcare services including GP practices, clinical commissioning groups (CCGs), healthcare alliances, sustainability and transformation partnerships (STPs), ‘vanguards’, NHS England, NHSx, Primary Care Networks (PNCs), Local Health and Care Records (LHCRs), Public Health England, the National Institute for Health and Clinical Excellence, Medicines and Healthcare Products Regulatory Agency and SBRI Healthcare, to ensure that our services are accurate, current and provide value to healthcare practitioners. As you would expect, they have stringent security requirements which we fully comply with.
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
From time to time we may wish to communicate with you to:
Seek feedback on our services
Inform you of our services that may be of interest to you
We also provide a newsletter to keep you informed of local or national activities and meetings that may be of interest to you or your patients. We only issue the newsletter to users who have asked to receive it.
To alter what you receive from us, please contact us at firstname.lastname@example.org and we’ll be pleased to update your details accordingly.
How do I manage my cookies? You can set your browser to block cookies. Please check your browser for instructions on how to do this.
What happens if I disable cookies? Your experience of using our website may be more limited, as some of the cookies help us to display relevant content.
Can I enable ‘Do Not Track’? Do not track (DNT) is a feature offered by some browsers. Our website doesn’t currently respond to DNT requests as there’s no industry-wide standard for managing DNT requests. We’ll keep this and other new technologies under review.
Changes to this Privacy Notice We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide us with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.
Keep up-to-date with the latest developments and insights