Privacy statement

This privacy policy tells you what information we collect when you use the uti-nhs.uk service. It also tells you:

  • how we use your information
  • who we share your information with
  • how we keep your data secure
  • about your rights to see or change information held about you

Information that can identify you

We’ll always tell you when we are collecting this information.

When you use the service we collect:

  • your postcode - to get you help in the right location
  • your age and sex - so we ask the right medical questions

When you answer questions about your symptoms (called ‘triage’) we collect the answers. We also collect the symptom you tell us about and the outcome (called ‘disposition’) you reach. This is so we can recommend the right outcome for your health needs.

If you would like to be referred to a healthcare provider after the triage we will ask for your:

  • first name
  • last name
  • address and postcode
  • telephone number

We use the personal information you’ve given us to carry out a 'personal demographic service (PDS)' check. This means we try and find your NHS number and your GP details. Having your NHS number means the healthcare professional you’re referred to can see information about you, such as details about any care plan you might be on. This makes it easier for them to give you the right help.

We will pass this personal information and the advice you've been given to a healthcare professional. The healthcare professional may work outside the NHS (for example, a pharmacist), but will have been commissioned by the NHS for the pharmacy first service. By agreeing to be referred to a healthcare professional you consent to the sharing of your personal information in a way which respects the Common Law Duty of Confidentiality.

All information that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this to the appropriate authorities.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than necessary.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

 

If you’re advised to go to another service, we may send your details on to that service. We send your personal information, including your NHS number, and the answers to the questions you gave when using uti-nhs.uk.

We might also ask for your email so we can send you a survey later to ask you about what happened after you used uti-nhs.uk.

Other information we may collect

We also collect anonymous information about how you reached the website, for example details of your web browser and part of your IP address. This is so we can improve the service for future users.

Information we collect from the device you use to access our website

When you visit our website or interact with our services, we (and our advertisers and/or other service providers) may use a variety of technologies that automatically or passively collect information about how our site is accessed and used.

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.

Information we receive from other sources 

We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, ID verification organisations and credit reference agencies) and may receive information about you from them. We may also receive your information from other organisations who sell products on our behalf.

To enable us to make medical decisions about you and for fraud prevention purposes, we use identity verification agents to search the files of credit reference and fraud prevention agencies (who will record the search).

If you provide false or inaccurate information and/or we suspect fraud, we will record this and we will be unable to fulfil your order.

We ensure that all of the data that we hold about you is stored within the UK. However, the data that we collect from you may be transferred to and stored at, a third party in a destination outside the United Kingdom. This will always be the minimum required information to carry out the task required and the data is anonymised. An example of this includes anonymous website browsing data that is aggregated within Google Analytics.

Where your personal data is transferred outside the United Kingdom or the EEA, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.

 

 

Information security

We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us. 

We collect the following types of information about you:

  • Contact Dataincludes data such as your email address, telephone number, geographical address, delivery address and billing address
  • Identity Dataincludes data such as first name, last name, username or similar identifier, date of birth, passport number, driving licence number;
  • Health Dataincludes GP address, patient notes, consultation notes, and any other information relating to your health and medical status;
  • Financial Dataincludes details you provide to us so that we can process your payments through our third-party payment provider;
  • Transaction Dataincludes details of products you have purchased and payments made;
  • Technical Dataincludes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any communications we may send to you.
  • Usage Dataincludes information about how you use our website such as information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Marketing Dataincludes your preferences in receiving marketing from us.

We do not knowingly collect personal data of children. Please do not provide personal data to us unless you are at least 18 years old.

As we are unable to verify the identity of an individual or obtain patient consent for treatment or data processing, please do not provide to us information about other people.

We may monitor and record communications with you such as telephone/video  conversations and emails for the purpose of training, quality assurance, fraud prevention and compliance.

 

 

Keeping your personal data secure

A partner organisation is providing hosting services but has no say in how the information is used.

If you choose to be referred to a healthcare service, we add your personal details to the answers you have given to create a record. We send this securely to the healthcare service that you select, which might be a service commissioned by the NHS like a pharmacy. By agreeing to be referred to a healthcare professional you agree to this.

Links to other websites

This privacy policy only applies to this website and doesn't cover other websites that we link to. If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

Data sharing

Providing care

We will pass your answers and personal details to the healthcare service you have selected if you, choose to be referred. This healthcare service might be outside the NHS, but commissioned by it.

That healthcare service may then go on to share your data with other healthcare providers. They will follow their own policies and data protection legislation if so.

By agreeing to be referred to another healthcare provider you are also agreeing that your data can be forwarded to them so they can provide care.

 

 

 

 

 

Other uses of your data

NHS England will also share:

Legal powers

We may pass on your personal information if we’re legally obliged to do so.

If you make a claim against us, we, and other third parties such as our solicitors, may need to look at this information.

We won’t share your personal information with anyone else without your permission for any other reason.

If you have any questions or concerns about our policy or our practices with regards to your personal information, please contact us via post 22 page street, sw1p 4en.

Legal information about using and storing data

The NHS England has instructed Dulwich pharmacy to provide this service through a legally-binding document called a Patient Group Direction. This means that Dulwich Pharmacy is processing your personal data to meet our legal obligation to provide this service.

Articles 6 and 9 of the General Data Protection Regulation give Dulwich pharmacy a lawful basis to process personal and health data.