Patally is provided by CSharp Solutions Limited (“CSharp”, “we”, “us”, “our”), a company registered in England with company number 7225800 with a registered office address of 34 Lower Richmond Road London, SW15 1JP.

We are committed to protecting and respecting your privacy.

Scope of this privacy notice

This notice (together with our end-user licence agreement) applies to your use of:

  • The Patally Website (
  • The Patally Service (

Note: Updates below in reverse chronological order

Update: 18 Mar 2021  (NHS Login users)

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

Version 1.0: 16 August 2019  (Initial Release)

Data we collect from you

Note: When we say, "collect", we mean data that we retain on our systems.

From the Patally Website: Any information you provide to us via the contact form on our Website or through any of our contact email addresses.

From the Patally Service:

  • Your registration information: which at the time of this update includes your email address, your "strongly hashed" password, your "memorable word", your date of birth (only if you choose to provide this info to "protect" your account), your surname and your registered practice details.
  • Your historical system usage information: This would include information such as when (at what time) you logged in to our service, when you booked an appointment through our service, when you ordered any repeats through our service, etc.
    Note that we do not collect (retain) detailed clinical information. What this means is that we do not retain any information about when your next appointment is or who with or when your past appointments were or your current medication or your repeat prescription details. We simply access this information as required from your GP's clinical software on your behalf. For example, when you login to our service and request to see your past appointments or book an appointment or order a repeat prescription, we simply connect to your GP's clinical software and retrieve this information or pass that request to your GP's clinical software on your behalf.
  • Technical information: This would include information such as the browser used to access the service, your screen resolution, your device type and operating system. This may also include other technical and business performance metrics such as page load times, user service navigation patterns, errors, page abandonment and service usage patterns.

Uses of data

  • Registration information is first used to link up your account on our service with your GP's clinical software. Subsequently your information is used to verify your login credentials and then to retrieve information from your GP's clinical software or to pass requests (such as an appointment booking request) to your GP's clinical software. We may also use this information to provide you with technical support or to contact you (without limitation) so as to notify you regarding any important updates relating to the Service, to answer queries you might raise regarding the Service and for our own internal administrative purposes.
  • Historical system usage information is used for security and audit purposes and to ensure that we are able to proactively (or reactively) tend to problems relating to use of our service. We may also use your contact email in order to alert you to any relevant security issues or safety concerns of which we may become aware.
  • Technical information would typically be used to improve our services should we find patterns of problems that relate to specific technical conditions - such as specific browser / operating system / device type. We may also use this information to update "user-views" of our Services or to modify any communications you may receive from us.

Data storage

We use strict procedures and security features designed to prevent any unauthorised or unlawful access to any of your data that we control.
All your stored data is held within secure UK data centres and encrypted at "rest" and during transmission. The transmission of data over the internet cannot be deemed 100% secure; but we have taken measures to make our service as secure as practically possible.
Please also review our cookie policy.

Data Sharing

As explained earlier, while audit information, such as when you logged in, when you viewed your appointments, relating to your use of our service is stored in secure logs, detailed clinical information is not collected (retained) by us. This information is only accessed on your behalf from the GP's clinical system and discarded after intended use (for example, to display to you your upcoming appointments).
None of your detailed clinical information is available to be shared with any third parties.
None of your non clinical information (such as Registration information) is shared with any third parties under normal circumstances (see "Disclosure" section below).


We may disclose your (non clinical) data to third parties:

  • If we are obliged to disclose or share your data in order to comply with any legal or regulatory obligation or request.
  • If we were to re-organise, re-structure, sell or transfer our business (in part or whole). In such circumstances we may share information, for example as part of a controlled due diligence exercise. In case of a transfer of business, the new incumbent of the business will respect this policy till such time they may notify you of a new one that may then come into effect.

Your rights

CSharp Solutions is the controller of the data referred to in this policy. You have a number of legal rights regarding the manner in which data relating to you is used. You can find more information about your rights on the Information Commissioner’s Office website – please see This privacy policy covers what data we collect and how we store and use your information. You can also make what is called a "subject access request" if you have any further queries on our policy (specifically on how we collect / use your data). You can use our contact information on this Website or email us at We will review each request and provided we determine that there is an obligation on our part to provide us with the information you have requested, we will respond to your request appropriately.

Updates to this privacy policy

We may update this privacy policy from time to time (for example, when we make updates to our service). Any future changes we may make to our privacy notice will be posted on this page (along with the date of update). We encourage you to visit this page periodically if you want to lookout for any changes that may affect you. We will also send out an e-mail notification when a significant change to this policy is made (specifically when we add to or modify our existing service). The new terms may be displayed on-screen when you Login (after a significant update) and you may be required to read and accept them to continue your use of our Service.

Policy Updated: 18 Mar 2021