This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. We’re committed to protecting and respecting your privacy and the personal data we hold and process about you.
The processing of your personal data is carried out by or on behalf of RAPID HEALTH under the EU General Data Protection Regulation and the Data Protection Act 2018. Our legal name is RAPID HEALTH LTD with company number 12061137 and our address is 12 Hale End, Woking GU22 0LH.
Please get in touch with our Data Protection Champion Catherine McCrohan at email@example.com if you have any questions about our privacy notice or information we hold about you.
We will only use your personal data where we have a legal basis to do so and will always respect your rights (which are outlined later in this notice).
Some examples of the legal bases we may use to process your personal data are as follows:
We want to give you the best possible experience and to develop better services. We use your data:
Most of the personal information we process is provided to us directly by you in one of the following circumstances:
We may also receive your personal information indirectly in the following scenarios:
As part of our corporate and commercial functions, we process special category data and potentially criminal conviction data. This usage is covered in our Staff Privacy Notice and our Safeguards Policy.
To provide our services, including our website, we hold and process different types of personal data:
We also store the data that you input when using our services as well as the recommendations and outputs of your service usage.
Please keep us informed if any of the information that we hold about you changes. If you are registered to use our services, your rights to use our services may alter if you change your employer.
We may also use publicly available sources to ensure that the information we hold is accurate and up to date.
We will not share your information with third parties for their own purposes unless this is explained to you at the time we collect your information, or we are legally required to do so, or we have another lawful basis for sharing such information.
We share anonymous information with the online analytics and search engine providers that assist us to improve and optimise the use of our site.
We do not sell the data that is captured or recorded through the website or the services for commercial benefit. Where we identify an NHS benefit, we may use the data to enhance our existing services.
If we sell all or part of our business, we may need to share your personal data with the organisation taking on our assets and liabilities.
Aggregated data: so we can fulfil our contracts with the bodies involved in delivering healthcare services (see below), we share aggregated data about the nature of searches conducted, pathways recommended and decisions made within a defined group to the associated body. We do not report this data at individual user level, however it may be possible to work out the identity of a user in a specific set of circumstances, for example in the event of a small GP practice managing a patient with a rare condition, it may be possible for people authorised to access the system to identify the individual GP if they were to cross-reference against external data.
Anonymised data: we also collect anonymised information for statistical purposes. Although survey data is collected by reference to individual users (so you’re not asked to participate multiple times in the same surveys), the response data is collated anonymously. Where we use this information, we never identify specific individuals. We may also share anonymised information with organisations interested in certain specialities to demonstrate how much traffic is generated by their content.
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. In those circumstances we will ensure we have a valid reason under current data protection legislation to do so. This could include ensuring the country or organisation where the data is held has been approved as having adequate data protections standards by the UK and EU.
We will normally hold your information for a period of up to seven years from the end of your relationship with RAPID HEALTH or its services, in line with our retention and disposal policy. In some circumstances this will be different, for example we only keep information about unsuccessful job applications for six months.
The data protection laws include a number of specific rights that you have to ensure that your data is collected and handled in a secure and appropriate manner.
You have the right to be informed about how we collect and use your personal data, and to request:
You can contact us to request to exercise these rights at any time by emailing firstname.lastname@example.org and we will action your request within one calendar month. If we choose not to action your request, we will explain the reasons for our refusal.
We know how much data security matters to all of us, both as individuals and as professionals, and will treat your data with the utmost care, taking all appropriate steps to protect it.
We secure access to all transactional areas of our websites and applications using encrypted ‘https’ technology. Access to your personal data is password-protected, and sensitive data is secured and tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks and stay abreast of best practice.
We work closely with a range of bodies involved in delivering public healthcare services including GP practices, clinical commissioning groups (CCGs), healthcare alliances, sustainability and transformation partnerships (STPs), ‘vanguards’, NHS England, NHSx, Primary Care Networks (PNCs), Local Health and Care Records (LHCRs), Public Health England, the National Institute for Health and Clinical Excellence, Medicines and Healthcare Products Regulatory Agency and SBRI Healthcare, to ensure that our services are accurate, current and provide value to healthcare practitioners. As you would expect, they have stringent security requirements which we fully comply with.
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
From time to time we may wish to communicate with you to:
You can set your browser to block cookies. Please check your browser for instructions on how to do this.
Your experience of using our website may be more limited, as some of the cookies help us to display relevant content.
Do not track (DNT) is a feature offered by some browsers. Our website doesn’t currently respond to DNT requests as there’s no industry-wide standard for managing DNT requests. We’ll keep this and other new technologies under review.
We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide us with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.
This policy was last updated on 4 June 2020.