At appthealth we take privacy and data security very seriously. Here are our privacy FAQs and our policies.

Privacy FAQs

Here is a list of the privacy and data security questions that we get asked most frequently. We hope this helps you find what you are looking for, but if not, our full privacy policy can be found below.

Right arrow forward

Is appthealth GDPR compliant?

Yes. The software and databases that makes up appthealth are all hosted in the UK and personal data transferred out of the EU is only ever to organisations covered by Privacy Shield. In order to be an assured partner of NHS Digital (as we are) a provider must be GDPR compliant.

Right arrow forward

Is it safe to share patient data with appthealth?

Yes. No system is ever completely safe, but we follow data minimisation practices (only storing the data we legitimately need to run our service, and then only storing it for as long as is required) and we pseudonomise or anonymise personal data to further reduce the risk of sharing unnecessary data with appthealth. It is our mission to make sure that any patient data shared with us is as safe as possible.

Right arrow forward

Why do I need to sign a data processing agreement?

Because you’ll need to share (limited) patient data with appthealth for us to invite and book patients into suitable appointments, it is a legal requirement that there is a data processing agreement between appthealth (the “data processor”) and your practice (the “data controller”) that explains what data is being shared and for what purpose. We make sure that this agreement is in place before we set up your account to ensure we’re fully compliant with all relevant regulation.

Right arrow forward

Who regulates appthealth?

We are regulated by the Information Commissioners Office and by NHS Digital, including the completion of the NHS Data Security and Protection Toolkit and the requirements set on appthealth as part of the assurance process for NHS Digital APIs.

Right arrow forward

What happens to the patient data I’ve shared with appthealth if I cancel my account?

You can permanently cancel your account in just a couple of clicks in your account settings when you’re logged in to your management portal. Patient data will still be kept in an encrypted format for GDPR auditing and reporting requirements including subject access requests.

Right arrow forward

Will appthealth ever sell on patient data to third-parties?

No. appthealth will never sell any patient data on to third-parties. This restriction is clearly stated in the data processing agreement that is put in place with each practice before any data is shared with us.

Appt Privacy Policy

This Privacy Policy sets out the way in which we use any personal information that is collected from you whilst using (“Site”). This Privacy Policy also covers information we collect and process in the provision of the Appt appointment services to you ("Services").

Personal Information means information that identifies you personally such as your name, photo or contact details or data that can be linked with such information in order to identify you.

You are provided with access to this Privacy Policy when you register with us and it is available on our Site at all times.

[References to "us"/"we"/"our" in this Privacy Policy means Appt (registered: Appt-Health Ltd.) which is registered in England and Wales under company number 10877648. Our registered office is Appt-Health LTD, 8 New Colliers Row, Bolton, BL1 7PJ.]

What personal information does Appt collect?

Personal information you give us when making an enquiry on our Site

You give us your personal information about yourself when you enter your details into any form on this website. The data entered into a form on the Appt Health website will only be used for the purpose agreed upon for that particular form. Information collected across the forms is:

  • Name
  • Job title
  • Email address

Once the data is collected your information may be transferred into a secure database at Hubspot or MailChimp for storage, and your contact preferences will be recorded.

Personal information we collect automatically

We may also collect certain information by automated means, such as cookies and web beacons, whenever you visit our Site. This could include IP address, browser type, operating system, referring URLs, information on actions taken on a site, and dates and times of site visits.

We may collect details of your use of the site. This includes page interaction and Online Services site activity, such as if you have clicked through from a notification message, if you have completed specific surveys or how easy or difficult you find the log on process. Where required, this is linked with demographic and appointment information to provide a clearer picture.

Personal information we collect from third parties

We collect personal information about you from health care providers to facilitate your use of the Services. This information includes:

  • Name;
  • Gender;
  • Date of birth;
  • Date of death;
  • Phone number;
  • Email;
  • Postal Address;
  • Default language preference;
  • Consent to contact;
  • Clinical report information (including diagnoses, outcomes.)
  • Appointment details

How does Appt use your personal information?

We may use your personal information for the following purposes:

Where we rely on consent you have provided to your healthcare provider

  • To send you communications from your healthcare provider via email and SMS.
  • To allow you and your healthcare providers to book and reschedule appointments and to manage any cancellations.
  • To provide you with information about the care you receive from your healthcare provider. This includes leaflets, videos, text and supporting information.
  • To allow you request that a healthcare provider update the details they hold on record for you.

Where we rely on it being required to provide the service

  • To allow us to investigate and address queries, questions and complaints and respond to any feedback.
  • To update you on any developments or information about our services. These are strictly service emails and do not include marketing.
  • To understand the effectiveness of the services provided by the healthcare provider and allow a healthcare provider benchmark against other healthcare providers.

Where it is in our legitimate interest

  • To develop and improve the Appt application and platform through details of your use of the Site and Services.
  • To improve your experience when using our Site and Services.
  • To have the product services team contact you where you have indicated an interest.

How long does Appt keep your personal information?

Your personal information is stored until such a time as all the healthcare providers who utilise this information, cease to be Appt clients/partners and will be deleted or anonymised within 30 days of the end of the contractual relationship.

Notwithstanding the above, we will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy policy and to fulfil our legal obligations.  However, please be advised that we may retain some of your personal information after you cease to use our Site or  Services, for instance if this is necessary to meet our legal obligations.

When determining the relevant retention periods, we will take into account factors including:

  1. our contractual obligations and rights in relation to the information involved;
  2. legal obligation(s) under applicable law to retain data for a certain period of time;
  3. statute of limitations under applicable law(s);
  4. (potential) disputes;
  5. if you have made a request to have your information deleted; and
  6. guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

Who does Appt share your personal information with?

We share your personal information with you as well as doctors and admin staff working at your relevant healthcare providers.

We may pass your personal information to other third-party suppliers, such as technology services firms, in order to enable us to provide the services to you. In particular we share your personal information with third party suppliers in order to send you relevant communications (via email, letter, interactive voice messaging or SMS) about your healthcare provider appointments.

We share your personal information with law enforcement agencies, regulators, courts or other public authorities if we have to, or are authorised to by law.

As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity.

We don't sell your personal information to third parties.

Does Appt transfer your personal information outside the EEA?

We store your personal information on servers located in the UK, which is within the EEA. However, where you complete a survey or assessment on the site, your personal information from such survey or assessment is transferred to the United States. Where your personal information is transferred outside the EEA, security measures and appropriate safeguards are put in place to protect your information and we ensure that all transfers of your information comply with applicable data protection law, and are carried out in accordance with our instructions. We have in place EU Model Clauses with any party your information is transferred to outside the EEA, as an adequate safeguard. To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us via the details provided in the ‘Contact us’ section below.

How does Appt keep your personal information safe?

All the data we collect about you as an individual is held in private networks with multiple levels of security including industry leading encryption and access controls. Our data centres are accredited to the standards set out by the NHS and GCHQ/CESG for protecting the healthcare information of UK citizens.

What are my rights?

By law, you have a number of rights (subject to certain conditions) when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country.

In relation to personal information we process for the purposes of providing services to you on behalf of your healthcare provider, you will need to contact your relevant healthcare provider to exercise or enquire about these rights. For personal information you have provided on  and through other means such as a survey or assessment. you can contact us using the details in the ‘Contact us’ section below to exercise any of these rights (as applicable) or to find out more about the information we hold on you as a Data Controller**:**

The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you about other services we have which we think will be of interest to you or being contacted with varying potential opportunities).

The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.

The right of access. You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law. You can do this by writing us on the email address below.

The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing us on the email address below.

The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold by writing to us on the email address below.

The right to restrict processing. You have rights to ‘block’ or supress further use of your information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.

The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.

The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details below.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

Can I opt out of the Appt services?

As a patient, you can opt out of Appt in a number of ways depending on what is required:

  • If you would like to update your contact preferences or remove a contact method from use, then this can be set by using the web portal
  • If you would like to stop all notifications to your phone, then this can be achieved by replying ‘STOP’ to any message.
  • If you would like to stop any information being shared with Appt then you will need to contact your Healthcare Provider who will make this change.

Contact us

We're always happy to talk. If you have any questions or concerns, please email and we'll do everything we can to help.