Who We Are:
Informatica Systems Ltd., Aurora House Deltic Avenue, Rooksley, Milton Keyes, Buckinghamshire, United Kingdom, MK13 8LW, registered in England and Wales with company number 02866377, (“ISL”, “we”, “us”), respects the privacy of every person and is committed to protecting all of your personal data, including sensitive personal health information (“Personal Data”, “data”).
The policy will serve as a summary of your privacy rights. The law (currently the Data Protection Act 1998 and, from 25 May 2018, the General Data Protection Regulation (“GDPR”) requires that your Personal Data are kept private unless there is a legal obligation or requirement for disclosure by us to authorised parties, in which case we will make such disclosure(s) as legally obliged.
What We Provide:
This policy applies to your use of the website and any of its subdomains at www.appointments-online.co.uk (“Service”). The services we provide to you are booking and cancelling appointments with your General Practitioner location at which you are a registered NHS patient (“GP surgery”, “GP”), requesting repeat medications from your GP surgery, secure messaging with your GP surgery and viewing your summary care record. The GP surgery acts as the Data Controller and we act as the Data Processor under their instruction. We are obliged by contract to fulfil all legal data protection requirements.
The Service is a website which individuals in the UK (“Customer”, “Customers”, “you”, “your”, “yourself”) may sign up to use with participating GP surgeries.
It is lawful for us to process personal information about you.
Information we use and how
In order to use the Service, we are provided by the GP surgery personal details about you such as your name, email address, phone number, address, NHS number, date of birth, your preferred GP, medical summary record, medication and appointment data.
Using our Service we record appointment requests, medication repeat requests and secure messages which are all sent to your GP surgery.
We use your data in order to provide you with the Service and to help us with its operation. Here are some examples how we use your data:
You have the right to ask your GP surgery to restrict processing of your personal data and a right to object to your GP surgery processing your personal data in this way, but if you do either of these, it may impact on your use of the Service and/or we may not be able to provide you with information about the Service that you have requested us to provide to you.
Who do we share your personal data with ?
In addition to the above, we may share your personal data with the following third parties:
In order to use our Service, we will be processing health information about you such as: your NHS medical record; appointment history, medication information and summary care record. This is classed as sensitive personal data.
The importance of security for all your Personal Data including, but not limited to, sensitive personal data is of great concern to us. Personal Data collected via the Service is stored in secure environments that are not available or accessible to the public; only those duly authorised individuals. ISL is accredited for ISO 27001 to ensure that we have the systems in place to effectively manage the security of your Personal Data.
The data that we collect from you will be shared with our third party processors which are located and/or store data in the UK.
You have the following legal rights in relation to your personal information:
Accessing your data:
If you would like a copy of all of the Personal Data, we hold about you please raise your request with your GP surgery.
We do charge a small fee of £15 for providing information because we have to gather, collate and process this data to make it available to you in its entirety.
Your GP surgery will send you the information within the legally required timeline after receiving full instructions and payment.
For how long we will keep your data?
Patient personal data will be held for one year beyond the date of your GP surgery’s contract termination with us. At this point your data will be deleted from the database it’s held in.
We may revise this policy to reflect any changes. We will post a copy on our website. This policy was last reviewed on the 20th May 2018.
18-09-2018 2.0 Updated Company Address
21-05-2018 1.0 New privacy notice for GDPR compliance.