Patally is provided by CSharp Solutions Limited (“CSharp”, “we”, “us”, “our”), a company registered in England with company number 7225800 with a registered office address of 34 Lower Richmond Road London, SW15 1JP.
We are committed to protecting and respecting your privacy.
Scope of this privacy notice
This notice (together with our end-user licence agreement) applies to your use of:
- The Patally Website (patally.co.uk)
- The Patally Service (app.patally.co.uk)
Note: Updates below in reverse chronological order
Update: 15 Mar 2023 (NHS Login users)
( NHS Digital and NHS England legally merged on 1st of February 2023 )
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
Update: 18 Mar 2021 (NHS Login users)
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
Version 1.0: 16 August 2019 (Initial Release)
Data we collect from you
Note: When we say, "collect", we mean data that we retain on our systems.
From the Patally Website: Any information you provide to us via the contact form on our Website or through any of our contact email addresses.
From the Patally Service:
- Your registration information: which at the time of this update includes your email address, your "strongly hashed" password, your "memorable word", your date of birth (only if you choose to provide this info to "protect" your account), your surname and your registered practice details.
Your historical system usage information: This would include information such as when (at what time) you logged in to our service, when you booked an appointment through our service, when you ordered any repeats through our service, etc.
Note that we do not collect (retain) detailed clinical information. What this means is that we do not retain any information about when your next appointment is or who with or when your past appointments were or your current medication or your repeat prescription details. We simply access this information as required from your GP's clinical software on your behalf. For example, when you login to our service and request to see your past appointments or book an appointment or order a repeat prescription, we simply connect to your GP's clinical software and retrieve this information or pass that request to your GP's clinical software on your behalf.
- Technical information: This would include information such as the browser used to access the service, your screen resolution, your device type and operating system. This may also include other technical and business performance metrics such as page load times, user service navigation patterns, errors, page abandonment and service usage patterns.
Uses of data
- Registration information is first used to link up your account on our service with your GP's clinical software. Subsequently your information is used to verify your login credentials and then to retrieve information from your GP's clinical software or to pass requests (such as an appointment booking request) to your GP's clinical software. We may also use this information to provide you with technical support or to contact you (without limitation) so as to notify you regarding any important updates relating to the Service, to answer queries you might raise regarding the Service and for our own internal administrative purposes.
- Historical system usage information is used for security and audit purposes and to ensure that we are able to proactively (or reactively) tend to problems relating to use of our service. We may also use your contact email in order to alert you to any relevant security issues or safety concerns of which we may become aware.
- Technical information would typically be used to improve our services should we find patterns of problems that relate to specific technical conditions - such as specific browser / operating system / device type. We may also use this information to update "user-views" of our Services or to modify any communications you may receive from us.
We use strict procedures and security features designed to prevent any unauthorised or unlawful access to any of your data
that we control.
All your stored data is held within secure UK data centres and encrypted at "rest" and during transmission. The transmission of data over the internet cannot be deemed 100% secure; but we have taken measures to make our service as secure as practically possible.
As explained earlier, while audit information, such as when you logged in, when you viewed your appointments, relating to your
use of our service is stored in secure logs, detailed clinical information is not collected (retained) by us.
This information is only accessed on your behalf from the GP's clinical system and discarded after intended use
(for example, to display to you your upcoming appointments).
None of your detailed clinical information is available to be shared with any third parties.
None of your non clinical information (such as Registration information) is shared with any third parties under normal circumstances (see "Disclosure" section below).
We may disclose your (non clinical) data to third parties:
- If we are obliged to disclose or share your data in order to comply with any legal or regulatory obligation or request.
- If we were to re-organise, re-structure, sell or transfer our business (in part or whole). In such circumstances we may share information, for example as part of a controlled due diligence exercise. In case of a transfer of business, the new incumbent of the business will respect this policy till such time they may notify you of a new one that may then come into effect.
Any future changes we may make to our privacy notice will be posted on this page (along with the date of update).
We encourage you to visit this page periodically if you want to lookout for any changes that may affect you.
We will also send out an e-mail notification when a significant change to this policy is made (specifically when we add to or modify our existing service).
The new terms may be displayed on-screen when you Login (after a significant update) and you may be required to read and accept them to continue your use of our Service.
Policy Updated: 18 Mar 2021