Privacy Notice

Doctorlink is a provider of online products that connects to NHS clinical systems to enable you to:

  • Access medical advice 24/7
  • Be signposted to the most appropriate service
  • Book an appointment with the most appropriate clinician and in a timescale suited to your needs
  • Undertake assessments of your symptoms to establish the most appropriate treatment
  • Order repeat prescriptions
  • Participate in video consultations

 

 

And which helps GP, Out of Hours and extended access Services by providing them with:

 

  • Symptom information for clinicians, prior to patient appointment

 

 

We are committed to making healthcare more accessible online whilst protecting and respecting your privacy.

This Privacy Notice (along with our terms of service) explains how we use any personal information we collect about you when using Doctorlink products.

The data controller and processor for Doctorlink is Doctorlink Limited, a company registered in England with company number 10337756 with registered offices at Grosvenor House, 7 Horseshoe Crescent, Beaconsfield, Bucks, HP9 1LJ.

Topics:

  • What information do we collect about you?
  • How will we use the information we collect about you?
  • How will we share your personal information?
  • Where and how we store your data?
  • How long do we store your data for?
  • Legal Basis
  • Marketing
  • Your rights
  • Changes to our privacy notice
  • How to contact us

What information do we collect about you?

We collect information about you provided by you when you register with us, when you complete a symptom assessment, when you book an appointment or order a repeat prescription. We may also collect information about you provided by someone else if they complete a symptom assessment for you, on your behalf and with your consent.

Registering directly with Doctorlink

We obtain information about you including your NHS Number from the NHS Digital Personal Demographic Service (PDS) and from your registered GP’s computer system.  PDS is an NHS registry that contains the demographic (name, date of birth, NHS Number, address etc.) details of most people in England and Wales.  Doctorlink uses details you provide (date of birth, gender, name and postcode) to query PDS to establish your NHS Number.  PDS is managed by NHS Digital, more information can be found at this link.

 

The information we collect from you or the above sources is as given below:

Information Source (s)
Name, Date of Birth, sex at birth, address, email & Phone number Yourself
Your registered GP Yourself and PDS
Details of any prescriptions and appointments Yourself
NHS Number PDS
Details about your health Yourself
Outcome of a GP appointment booked via Doctorlink GP System

 

Should the GP details you provide us with not match those returned by PDS then functionality will be limited to managing your profile.  If this occurs we will tell you and direct you to contact [email protected] to help resolve the difference.

Using NHS login to register with Doctorlink

‘NHS login’ can be used by NHS patients to use a single username and password to securely access a range of NHS digital health and care services.

If you use NHS login to register and access Doctorlink the identity verification services are managed by NHS Digital.  NHS Digital is the controller for any personal information you provide to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose.

For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here Your Privacy on NHS login. This restriction does not apply to the personal information you provide to us separately.

The information we collect from you, using ‘NHS login’, is as given below:

Information Source (s)
Name, Date of Birth, phone number Yourself (via NHS login)
Your registered GP Yourself and NHS login
NHS Number NHS login
Details of prescriptions, appointments and requests made Yourself
Details about your health Yourself
Outcome of a GP appointment booked via Doctorlink GP System

 

Doctorlink is a supplier commissioned by the NHS, assured through NHS login as a ‘Connected Service’.

When you connect to and use a Connected Service, following I.D. verification undertaken by NHS login, Doctorlink as a Connected Service also becomes a data controller for the information we hold about you.

For further information about NHS login please visit their website:  https://www.nhs.uk/using-the-nhs/nhs-services/nhs-login/

The information we collect about you from someone else if they complete a symptom assessment on your behalf is given below:

Information Source
Name, Date of Birth & Phone number Someone else
Details about your health Someone else
Your registered GP Someone else
Your consent to complete the symptom assessment Someone else

 

If an NHS clinician invites you to a Rapid VC video consultation, they will provide your name and mobile phone number to facilitate the connection of the video consultation.

The information we collect about you from a NHS clinician if they invite you to a Rapid VC video consultation is given below:

Information Source
Name & Mobile phone number NHS Clinician

Any data provided to facilitate a Rapid VC video consultation is not stored or saved by Doctorlink.

Should your symptom assessment result in a video consultation with a clinician, the consultation may be recorded for quality and training purposes.

All support calls made and received by Doctorlink’s Service Desk are recorded and may be used to support the learning and development of our staff. They may also be used when investigating incidents, compliments and complaints.

Video and Call recordings will be managed in the same way as all other personal information processed by us in line with current legislation.

If we contact you or if you contact us to provide feedback on our products or support functions, we may store your contact details and any other information you provide to us during the feedback.

We also collect information about our website usage using cookies, including the website that users came from or are going to, which pages of our website users visit, IP addresses, the type of browser used and the times our website is accessed. This information is aggregated and is not used to identify individuals. If you require more information about how we use cookies please see our cookies policy.

 

Submitting a Support Webform

 

As a patient/user, you may choose to submit a technical enquiry or a general enquiry/product feedback via the support webform on our website (doctorlink.com/support-form/). In doing this, you consent for us to process your personal data you provided to address your enquiry.

Your data will be used by our team to contact you to resolve/acknowledge your enquiry/feedback. Your personal data will be processed in accordance with the General Data Protection Regulation, privacy law and any other laws that apply.

How will we use the information we collect about you?

We collect information about you to enable us to best identify the nature of the problem or illness you are experiencing so that we can recommend the best care or course of action. This is done by an automated individual decision making process.

Your NHS number is a unique identifier, retrieving it from PDS helps us to safely locate your record and not someone else’s in your registered GP’s computer system.

We also use information collected from you to personalise repeat visits, for example when you undertake a symptom assessment one of the first questions is always ‘what is your age’.  To save you having to answer this question every time you do the assessment we will use the date of birth you supplied to work out your age automatically.

We will use your email address to communicate with you but these emails will only be in relation to the functions of the Doctorlink product such as an appointment confirmation.

Whilst email contact from us is limited, we are working to improve the way we manage contact preferences to offer you greater flexibility to choose the types of emails you may wish to receive from us.

Information provided to us may be used for analytical purposes. Prior to this it will be pseudonymised. Pseudonymisation means processing the information according to our data processing policies which ensure that any information that identifies you are removed and computer generated information used instead. As a result, individual people and their details cannot be identified.

The pseudonymised information is processed and stored on a secure server that contains no identifiable information. This allows the Doctorlink team to perform statistical analyses to:

 

  • Enhance, improve and demonstrate the efficacy of our products or customer experience
  • Investigate and resolve any technical and functional issues

Direct access to the data is restricted to Doctorlink’s database administrators and analysts within the data science team.

We may on occasion work with academic partners to evaluate our products and support functions and in such instances may need to share anonymised information with them.

We may publish the results of our analyses on our website, in printed documents or in peer-review journals. Details of individuals will not be identifiable in any published materials. Any statistical analysis produced is reviewed to ensure the risk of identification is removed which includes the suppression of statistically small numbers where necessary.

How will we share your personal information?

We may share your information with your registered GP and other health care providers e.g. a pharmacist to enable them to provide you with the most informed level of care possible. This may include engagement with you or your healthcare provider to get feedback on system performance, quality and experience, when this is required as part of our obligations for ongoing product performance and monitoring.

To prevent third parties from pretending to be you, we may need to establish your identity by passing your details to an Identity Assurance Provider.

Doctorlink may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle personal information and ensures they treat any personal information in line with the General Data Protection Regulation, privacy law, and any other laws that apply.

If we are required to by law or regulation, we may disclose information as required to the relevant regulatory body.

In some symptom assessments, a safeguarding flag may be triggered. Safeguarding flags are built into the algorithms and an alert is triggered where a user’s answers indicates that either they, or another person, may be at risk of harm. Where a symptom assessment indicates a potential safeguarding concern, the GP Surgery’s nominated safeguarding lead will receive an alert. This alert includes the name of the person who completed the symptom assessment along with details of the symptom assessment. This alert is sent ‘silently’ as there are some cases where the safety of a user or others may be compromised if it was flagged that an alert had been sent. GP Surgeries will address the safeguarding alert in line with their own internal policy.

In some symptom assessments we may collect information or reach conclusions which indicate you or others are at risk from a condition which is a Public Health Concern. Doctorlink follows the advice and guidance of Public Health England when updating the product and sharing information in the best interests of the public; for purposes such as prevention or management of a potential viral pandemic which is a Public Health Concern. We may share your information with your GP, other healthcare organisations or Government bodies to help manage the risk to you and others.  We will only share your information when the law allows or requires us to do so and will make reasonable attempts to advise you if your information is shared this way.

Where and how we store your information?

We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.  Any personal information we store is held on secure servers located in the UK and European Union.

We do not store any data other than cookies on the device that you use to access this site.

We have a comprehensive Information Security Management System (ISMS) which is ISO 27001 accredited and as such employ best practice security protocols and procedures including encrypting your data in transit and at rest to protect your personal information and prevent unauthorised access to it.

How long do we store your information for?

We follow the Records Management Code of Practice for Health and Social Care 2016 records retention schedule published by the Information Governance Alliance for the Department of Health which states that patient records should be retained for 8 years after last use of Doctorlink.

We do not record Rapid VC video consultations and we do not retain any information used to facilitate Rapid VC video consultations.

Legal basis

Doctorlink processes some of your information by an automated individual decision making process.  We will only process your information in this way if you have explicitly consented to it. You will have been asked to consent to the use of your information in this way when you registered with Doctorlink. You may withdraw your consent at any time by deactivating your account within the Doctorlink app or website but we will retain your personal data for 8 years.

The processing of your sensitive personal information is necessary for the purposes of medical assessment, the management of health or social care systems and services and also for the establishment, exercise or defence of legal claims.

If required, we will process your sensitive personal information for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care.

While investigating any issues, incidents, complaints or compliments we may process your personal data as it is in your and our legitimate interest to do so with the full details required.

If you use our Rapid VC product for a video consultation with a NHS Clinician, we will process your personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller to enable NHS clinicians to complete remote consultations.

Marketing

We will not use any personal information we hold about you (including your email address) for direct marketing purposes – either of our own services or of any third parties.

Your rights

You have a right to:

  • access the information we hold about you;
  • correct inaccuracies in the information we hold about you;
  • receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
  • withdraw any consent you have given to the use of your information;
  • complain to the relevant supervisory authority in any jurisdiction about our use of your information
  • in some circumstances:
  • ask us to erase information we hold about you;
  • ask us to restrict the use of information we hold about you; and
  • object to the use of information we hold about you.

 

In addition, you may request a person reconsider any decision made by the use of automated individual decision making, obtain an explanation of how such decision was made and challenge such decision.

You can exercise these rights by contacting us as detailed below.

NHS National Data Opt-out

Confidential information about your health and care is collected by Doctorlink and shared with other organisations for the purposes of your individual care.

 

Confidential information about your health and care can be used and provided to other organisations for purposes beyond your individual care where allowed by law.

Doctorlink does not share confidential information for purposes beyond your individual care. Doctorlink uses only anonymised data for research and quality improvements, anonymised so that you cannot be identified. Confidential patient information isn’t needed or used for these purposes.

Organisations that process confidential health information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share information for purposes beyond your individual care.

 

Doctorlink are currently compliant with the National Data Opt-out Policy as they do not share your confidential patient information for purposes beyond your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

*NB If you choose to opt out, and limit use of your data by health care organisations, they will still continue to process your data for the purposes of your individual care, as necessary to provide that care.

You can change your choice at any time.

How to contact us

If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information, please contact our Data Protection Officer at:

Data Protection Officer

[email protected]

Or

Doctorlink Limited

4th Floor

Regal House

14 James Street

London

WC2E 8BU

 

How to make a complaint

You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioner’s Office (ICO):

 

https://ico.org.uk/concerns

0303 123 1113

 

Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on this web page.  This notice was last updated on 7th September 2020.

Professional Users Privacy Notice

Doctorlink are suppliers of an online triage platform, providing a 24/7 digital front door to inform and guide people to the right care at the right time. Healthcare providers implement Doctorlink to improve patient access and enable effective demand management.

This privacy notice explains how we use any personal data we collect about you, as professional users of Doctorlink or as potential clients or partners.

Doctorlink Ltd , a company registered in England and Wales under company number 10337756 with its registered office at Grosvenor House, 7 Horseshoe Crescent, Beaconsfield, Bucks, HP9 1LJ.

How do we collect your personal information?

We receive your personal information in a number of ways:

  • When you register with us to access a Doctorlink customer portal
  • When we receive your personal data from your employer
  • If you contact our helpdesk with a query
  • If you complete an API trial request form
  • When we interact with you as a potential client or partner
  • When you submit a webform or contact us directly with a query

What types of personal information do we collect about you?
We collect the following types of personal data:

  • Full name
  • Email address
  • Contact telephone number

 

How will we use the personal information we collect about you?
We will use your personal information in the following ways:

  • To facilitate the provision of Professional User accounts for Doctorlink products such as Video Consultation
  • To facilitate the provision of access to the Doctorlink customer portals
  • To communicate important product and service messages
  • To communicate with you concerning any queries you raise with us
  • To communicate details of your API trial, once authorised
  • To progress a business relationship as a potential Doctorlink client or partner

 

Submitting a Support Webform

As a user or potential client or partner, you may wish to submit a technical enquiry or a general enquiry/product feedback via the support webform on our website (doctorlink.com/support-form/).

In doing this you consent for us to process your personal data provided to address your enquiry. Your data will therefore be communicated to our helpdesk team who will contact you to resolve/acknowledge your enquiry/feedback. Your personal data will be processed in accordance with the General Data Protection Regulation, privacy law and any other laws that apply.

 

Data processors
We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle personal information and ensures they treat any information in line with the Data Protection Act, the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.

 

How will we share your personal information?
We may share your information with third parties if it is necessary to fulfil a contract or request, or for other purposes with your consent. Third party processors will be subject to the same laws, standards and requirements as processing within Doctorlink.

We will not use the personal data you provide to us for our own direct marketing purposes unless you have given your consent for us to do so.

We will respect your rights and preferences in regard to any direct marketing communications.

If we are required to by law or regulation, we may disclose information as required.

 

How long do we keep your personal information?
We will hold your personal information for the duration of the time you are a registered user of a Doctorlink customer portal and retain records in line with the Data Retention Schedule under contract.

If you do not progress a professional relationship with Doctorlink we will retain your personal information no longer than 6 months after last contact, unless otherwise agreed with you.

 

Where and how we store your information

We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.  Any personal information we store is held on secure servers located in the UK and European Union.

We do not store any data other than cookies on the device that you use to access this site.

We have a comprehensive Information Security Management System (ISMS) which is ISO 27001 accredited and as such employ best practice security protocols and procedures.

For further information about cookies please see our Cookie Policy below:

https://www.doctorlink.com/cookie-policy/

 

Legal Basis
The legal basis for us to process your personal information is based on your and our legitimate interest to provide you with access to Doctorlink products and services.

In some circumstances, we may process your personal information on the basis that we are required to do so in order to comply with legal obligations to which we are subject.

Your rights

You have a right to:

  • access the information we hold about you;
  • correct inaccuracies in the information we hold about you;
  • withdraw any consent you have given to the use of your information;
  • complain to the relevant supervisory authority in any jurisdiction about our use of your information; and
  • in some circumstances:
    • erase information we hold about you;
    • receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
    • restrict the use of information we hold about you; and
    • object to the use of information we hold about you.

You can exercise these rights by contacting us as detailed below.

How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Officer at:

Data Protection Officer:

[email protected]

or

Doctorlink
Regal House
14 James Street
Covent Garden
London
WC2E 8BU

How to make a complaint
You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):

https://ico.org.uk/concerns

0303 123 1113

Changes to our privacy notice
We keep our privacy notice under regular review, we will provide any updates here. This privacy notice was last updated on 7th September 2020.