Security & Privacy

Privacy Policy

The following Privacy Policy will be effective 22 September 2021.accuRx's current Privacy Policy is available here for reference.

Who are we?

We are accuRx Limited. We provide software to enable health and social care teams to communicate with each other and with patients. Our company details and our registration with the UK’s Data Protection Regulator (the ICO) can be found here.

Your trust in our data security and privacy is at the heart of what we do. It's not enough to ask you to trust us, we have to show that we are trustworthy. Being transparent about what we do with any personal data needed to provide our software is key to that.

This page tells you what we do. Please see the following groups below  to see how we use data about you:

  • Health and Care Professionals
  • Patients
  • Prospective buyers from healthcare organisations
  • User/ Market Research Participants
  • Job Applicants and Prospects

This notice may change periodically and will be published on the accuRx website.

Roles

Health and Care Professionals

accuRx is a communication software provider for healthcare organisations like your employer - perhaps a GP practice or hospital Trust. If you’re a member of staff here that uses accuRx, we receive information about you in three ways:

  • accuRx account registration - when you sign up, or are signed up for, an accuRx account
  • ongoing use of the accuRx platform 
  • if you contact us directly, for example through our email or chat platform

accuRx registration

Upon creating an accuRx account using our sign up page, we collect the following information about you and link this to a unique identifier in our system:

  • Name
  • Email 
  • NHS number
  • Telephone number

Why: We collect this information on the basis of legitimate interest to be ready to link your profile to your organisation (after which, we process your data as a data processor).

Ongoing use for your work in a healthcare organisation

We provide software products to healthcare organisations. These healthcare organisations are responsible for how your information is used in our platform - in legal language, they are the “Data Controller”. They provide us with information and instruct us how to use it. This means we’re acting as a “Data Processor”. When your registration (above) is linked to an organisation, we link the data to other information about you, provided by yourself or your organisation, including your job role, and actions you’ve taken in accuRx software. We have a very clear agreement with your healthcare provider that sets out what we do with the data, and how we keep it safe. You can read the full agreement here.

Email, social media or telephone engagement with us as an actual or prospective accuRx user

When you contact us over social media, email, or via live chat on our website, we may collect the following information about you:

  • Name
  • Email
  • Telephone number
  • Social media handles
  • Anything else you share with us in our engagement

Why: We collect this information on the basis of our legitimate interest to respond to you.

Patients

accuRx is a communication software provider for healthcare organisations like your GP practice or local hospital. If you’re a patient, we receive information about you in two ways:

  • Via healthcare organisations who use accuRx software 
  • If you contact us directly, for example through our email or chat platform

Via healthcare organisations who use accuRx software

We provide software products to healthcare organisations involved in your care. These healthcare organisations are responsible for how your information is used - in legal language, they are the “Data Controller”. When they want to use our software to communicate with or about you, they provide us with information and instruct us how to use it.

This means we’re acting as a “Data Processor” and this falls outside the scope of a Privacy Policy. We have a very clear agreement with your healthcare provider that sets out what we do with the data, and how we keep it safe. You can read the full agreement here and more information about our role and how we protect data here.

Via direct correspondence with you

If we correspond with you directly, we’ll collect information about you. The exact information we collect about you will depend on the way you contact us.

By email or social media

  • Name
  • Email
  • Telephone number
  • Social media handles
  • Anything else you share with us over the correspondence

Why: We collect this information on the basis of our legitimate interest to ensure we deal with your queries quickly and efficiently and understand how you interact with us.

Via the support chat on our website

  • Name
  • Email

Why: We collect this information on the basis of our legitimate interest to ensure we deal with your queries quickly and efficiently and understand how you interact with us. 

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you.

Prospective buyers from healthcare organisations

If you work for a commissioner in the NHS or someone who buys software for healthcare providers.

When we speak to you about prospective deals for our software services, we will collect the following information about you:

  • Name
  • Age
  • Email
  • Content of email communications with you and metadata (including delivery status)
  • Any additional information you provide to us through our communications with you

Why: we collect this information on the basis of our legitimate interests to discuss procurement and purchasing decisions of our products by your organisation.

User/Market Research Participants

We try to build software that our users love. To achieve this, we spend a lot of time speaking to healthcare professionals and to patients to understand their needs and what they’re looking for. We may conduct this research to improve existing products or inform the development of new products.
When you participate in our research, we will collect the following information about you:

  • Name
  • Age
  • Email
  • Any additional information you provide to us through surveys, interviews or other communications with us

Why: we collect this information on the basis of our legitimate interest to ensure our products are fit for purpose and match your expectations as a healthcare professional or patient or explicit consent which we will obtain from you at the beginning of the research project.

In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to analyse our programmes and support other similar programmes around the world.


Job Applicants and Prospects

When you’ve signed up for information about events and job opportunities:

If you sign up for hiring events or opportunities updates, we gather information:

  • Name
  • Email address
  • Any other information, for example about roles that you are interested in, that you may provide when you sign up

Why: To send you the event or hiring information or to process your booking in relation to an event we are organising. We process this on the basis of your consent and you may opt out at any time.

When you apply for a role with us:

If you apply for a role at accuRx, we will collect the following information about you:

  • Name
  • Telephone number
  • Email address
  • Employment history and other data in your CV or otherwise submitted to us
  • Assessments completed by you as part of the application process
  • Feedback about you from our staff and your referees

Why: We collect this information on the basis of our legitimate interest to assess job applications and to take steps necessary to enter into an employment contract with you. We also collect it because we have a legal obligation to ensure applicants have the right to work.

Email or social media contact

If you contact us over email or social media about a job application, we will also collect the following information about you:

  • Name
  • Email
  • Telephone number
  • Login information
  • Time-zone setting
  • Browser plug-in types and versions
  • Operating system
  • Platform
  • IP addresses
  • MAC addresses and social media handles

We retain information about you as a prospective employee for a maximum of 12 months, so we can use it to improve our hiring process, or to inform you of other opportunities. 

General Questions

How do we collect information?
We may collect information about you from a variety of sources:

  • Email, telephone, social media and in-person interactions we have with you
  • From other organisations within the health system
  • Via the chat function on our website
  • Cookies on our website and pixels in our emails
  • Publicly accessible sources including your employer’s website or your social media profile

How long do we retain your personal data?
Our data retention periods for different groups are set out below. If you have questions about any categories of data not provided below, please contact support@accurx.com.

Type of Data
 Communications from patients who contact us  directly
 Health Care and Professional
 User/Market Research Participants
 Job Applicants and prospects
Up to 48 months after last contact with your organisation.
Retention Period
As long as necessary for the purpose of selling or providing our service, subject to your rights.
For up to 24 months after any direct contact with us.
For up to 48 months after research has been concluded, unless otherwise stated in the project’s information and consent material.
For prospects, we will retain your information until you tell us you’re no longer interested in events or updates. For job applicants, we retain your application information for up to 12 months after any hiring process you are directly involved in has been completed.
 Prospective buyers

Which third parties are involved in processing your data?
The parties we may share different groups’ data with are set out below. If you have questions beyond this, please contact support@accurx.com.
Group
 Patients
 Health Care and Professional
 User/Market Research Participants
 Job Applicants and prospects
Your data may be stored by our email, CRM software, and storage providers.
Parties your information may be shared with
We have contractual agreements in place with hospitals and GP practices, which govern and protect the data about you when you use our software.
If you contact us directly, your data may be securely stored in the software service providers of our email, office, live chat support, and social media systems.
We may share your data with regulators, authorities and enforcement agencies if we’re under a duty to comply with any legal obligation or enforce our terms and conditions.
We have contractual agreements in place with hospitals and GP practices, which protect your data when they work with you.
If you contact us directly, your data may be securely stored in the software service providers of our email, office, and live chat support systems.
We may also share your data with regulators, authorities and enforcement agencies if we’re under a duty to comply with any legal obligation or enforce our terms and conditions.
Your data may be stored by our email, productivity, design, communication and storage providers.
Your data may be stored in our recruitment platform provider well as in our email, productivity, design, communication and storage providers.
 Prospective buyers from healthcare organisations
What rights do you have under data protection laws?
You have various rights under data protection law in relation to the data that we control about you.
Please note that if you are a patient or a member of staff in an organisation that uses accuRx, you should contact the organisation concerned (the data controller) to understand your rights and exercise any that you have. If you wish to exercise any of these rights or have any questions, please contact support@accurx.com
  • Access: You can request access to and obtain a copy of your personal data
  • Rectification: You can correct incomplete or inaccurate data we hold about you
  • Erasure: You can ask to erase personal data we hold about you
    • Restrict: You can ask us to restrict how we handle your personal data
    • Portability: You can ask us to transfer your personal data to a third party
    • Object: you can object to how we’re using your personal data
You also have the right to lodge a complaint with us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.