Privacy Policy

Privacy Notice

Keeping your information safe

In order to support your care, healthcare staff maintain records about you. We take great care to ensure your information is kept securely and used appropriately. Our staff are fully trained to understand their legal and professional obligations to protect your information. X-PERT Health are registered with the Information Commissioners Office, number Z3004299. Any communication we have with you whilst you are participating in any of our programmes, including online video consultations, are delivered using secure, encrypted methods.

If you are accessing our digital programme you will be requested to set your own password. Please ensure that this is kept securely and not shared, to avoid any unauthorised access. If you believe that access has been gained without your consent then please report to our Data Protection Officer (DPO) using the contact details provided below. If you have any queries about your data or this policy you can contact our Data Protection Officer about this too.

Data Protection Officer: Helen Knight. Address: X-PERT Health, Linden Mill, Linden Road, Hebden Bridge, West Yorkshire, HX7 7DP; phone number: 01422 847871; email: mail@xperthealth.org.uk.

Information we hold about you

No personal data is collected beyond the minimum necessary for the specific purpose, and your data will be securely destroyed once there is no longer any need to keep it.

Why do we need to collect your data?

We collect and process information about you only where we have the legal basis for doing so under applicable EU/UK laws. We collect and share information for the following purposes:

How is your data stored?

Your data is transferred and stored in encrypted format in either secure UK based data centres (UKFast) or held on Cloud platforms run by AWS (Amazon EC2) or Google Cloud Platform. All have extensive data security measures in place.

Consent to sharing your information

The first time you attend our group programmes or access our digital programme we will ask for your consent to hold your data and to be able to share it with other organisations, in line with procedures outline in the subsequent sections. However, if you decide that you do not want us to have access to your information or to share it with other organisations then please do not fill in the consent form or mark this as a preference in the settings page of the digital programme.

Sharing information with other organisations

When information is shared, it is passed securely and kept confidentially by the people who receive it. It will only be used for the purpose it has been shared for. This includes providing:

We may also share anonymised information with organisations that help plan local health and care. Identifiable information personal to you is removed before sharing. Organisations that this statement is relevant to include:

We facilitate regular testing of our security measures and in the event of a data breach incident we will notify the data protection authority within 72 hours.

Sharing your information without consent

We will usually tell you before we share your information. However, there are times when we may need to share your information without your consent, for example:

You may request details of personal information we hold about you under the Data Protection Act 2018, or you can make a complaint. To do this, please write to the address below.

Your data rights

All our data collection fully complies with the General Data Protection Regulation (Regulation (EU) 2016/679) and the wider Data Protection Act 2018 (DPA 2018). You are entitled to the following rights: the right to access; the right to rectification; the right to erasure; the right to restrict processing; the right to object to processing; the right to data portability; the right to withdraw consent; and the right to request that you are not subject to a decision based solely on automated processing, including profiling. If you wish to exercise any of these rights please contact the Information Governance Lead listed below, who will respond in accordance with the above Act. If the purpose of our data collection changes you will be informed and consent reobtained.

Unsubscribing or requesting your data be deleted

If you would like to unsubscribe or have your data deleted from any of our records at any time please contact our Information Governance Lead at the address below. If using our digital programme and you would like to stop your data from automatically uploading to the audit database, or you would like to permanently delete your data, then please visit the settings section of the digital programme.

Information Governance Lead: Helen Knight. Address: X-PERT Health, Linden Mill, Linden Road, Hebden Bridge, West Yorkshire, HX7 7DP; phone number: 01422 847871; email: mail@xperthealth.org.uk.

Transparency Statement – National Data Opt-out

How the NHS and care services use your information – X-PERT Health is one of many organisations working in the health and care system to improve care for patients and the public. Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law. Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will be able to:

You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); or https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes, however X-PERT Health would never use, or ask for permission to use, your data in this way.

X-PERT Health is compliant with the national data opt-out policy.