At Appt Health we take privacy and data security very seriously


Privacy FAQs

Here is a list of the privacy and data security questions that we get asked most frequently. We hope this helps you find what you are looking for, but if not, our full privacy policy can be found below.

Is Appt Health GDPR compliant?

Yes. The software and databases that makes up Appt Health's service are all hosted in the UK or EU. In order to be an assured partner of NHS Digital (as we are) a provider must be GDPR compliant.

Is it safe to share patient data with Appt Health?

Yes. No system is ever completely safe, but we follow data minimisation practices (only storing the data we legitimately need to run our service, and then only storing it for as long as is required) and we pseudonomise or anonymise personal data to further reduce the risk of sharing unnecessary data with Appt Health. It is our mission to make sure that any patient data shared with us is as safe as possible.

What happens to the patient data I’ve shared with appthealth if I cancel my account?

You can permanently cancel your account in just a couple of clicks in your account settings when you’re logged in to your management portal. Patient data will still be kept in an encrypted format for GDPR auditing and reporting requirements including subject access requests.

Who regulates Appt Health?

We are regulated by the Information Commissioners Office and by NHS Digital, including the completion of the NHS Data Security and Protection Toolkit and the requirements set on Appt Health as part of the assurance process for NHS Digital APIs.

Why do I need to sign a data processing agreement?

Because you’ll need to share (limited) patient data with Appt Health for us to invite and book patients into suitable appointments, it is a legal requirement that there is a data processing agreement between Appt Health (the “data processor”) and your practice (the “data controller”) that explains what data is being shared and for what purpose. We make sure that this agreement is in place before we set up your account to ensure we’re fully compliant with all relevant regulation.

Will Appt Health ever sell on patient data to third-parties?

No. Appt Health will never sell any patient data on to third-parties. This restriction is clearly stated in the data processing agreement that is put in place with each practice before any data is shared with us.

Privacy policy

Appt Privacy Policy

This Privacy Policy sets out the way in which we use any personal information that is collected from you whilst using (“Site”). This Privacy Policy also covers information we collect and process in the provision of the Appt appointment services to you ("Services").

Personal Information means information that identifies you personally such as your name, photo or contact details or data that can be linked with such information in order to identify you.
You are provided with access to this Privacy Policy when you register with us and it is available on our Site at all times.

[References to "us"/"we"/"our" in this Privacy Policy means Appt (registered: Appt-Health Ltd.) which is registered in England and Wales under company number 10877648. Our registered office is Appt-Health LTD, 8 New Colliers Row, Bolton, BL1 7PJ.]

What personal information does Appt collect?

Personal information you give us when making an enquiry on our Site

You give us your personal information about yourself when you enter your details into any form on this website. The data entered into a form on the Appt Health website will only be used for the purpose agreed upon for that particular form. Information collected across the forms is:

  • Name
  • Job title
  • Email address

Once the data is collected your information may be transferred into a secure database at Hubspot or MailChimp for storage, and your contact preferences will be recorded.

Personal information we collect automatically

We may also collect certain information by automated means, such as cookies and web beacons, whenever you visit our Site. This could include IP address, browser type, operating system, referring URLs, information on actions taken on a site, and dates and times of site visits.

We may collect details of your use of the site. This includes page interaction and Online Services site activity, such as if you have clicked through from a notification message, if you have completed specific surveys or how easy or difficult you find the log on process. Where required, this is linked with demographic and appointment information to provide a clearer picture.

Personal information we collect from third parties

We collect personal information about you from health care providers to facilitate your use of the Services. This information includes:

  • Forename;
  • Surname;
  • Date of Birth;
  • Age;
  • Email Address;
  • Living/Home Address;
  • Correspondence Address;
  • NHS/PAS Number;
  • Home and Mobile Telephone Numbers;
  • Postcode;
  • Registered GP ODS details; and
  • Ethnicity
  • Religion
  • Gender
  • Appointment Session Information (including: date, start time, duration, location, and staff member name and classification).

How does Appt use your personal information?

We may use your personal information for the following purposes:

Where we rely on consent you have provided to your healthcare provider

  • To send you communications from your healthcare provider via email and SMS.
  • To allow you and your healthcare providers to book and reschedule appointments and to manage any cancellations.
  • To provide you with information about the care you receive from your healthcare provider. This includes leaflets, videos, text and supporting information.
  • To allow you request that a healthcare provider update the details they hold on record for you.

Where we rely on it being required to provide the service

  • To allow us to investigate and address queries, questions and complaints and respond to any feedback.
  • To update you on any developments or information about our services. These are strictly service emails and do not include marketing.
  • To understand the effectiveness of the services provided by the healthcare provider and allow a healthcare provider benchmark against other healthcare providers.

Where it is in our legitimate interest

  • To develop and improve the Appt application and platform through details of your use of the Site and Services.
  • To improve your experience when using our Site and Services.
  • To have the product services team contact you where you have indicated an interest.

How long does Appt keep your personal information?

Your personal information is stored until such a time as all the healthcare providers who utilise this information, cease to be Appt clients/partners and will be deleted or anonymised within 30 days of the end of the contractual relationship.

Notwithstanding the above, we will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy policy and to fulfil our legal obligations. However, please be advised that we may retain some of your personal information after you cease to use our Site or Services, for instance if this is necessary to meet our legal obligations.

When determining the relevant retention periods, we will take into account factors including:

a.  our contractual obligations and rights in relation to the information involved;
b.  legal obligation(s) under applicable law to retain data for a certain period of time;
c.  statute of limitations under applicable law(s);
d.  (potential) disputes;
e.  if you have made a request to have your information deleted; and
f.  guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

Who does Appt share your personal information with?

We share your personal information with you as well as doctors and admin staff working at your relevant healthcare providers.

We may pass your personal information to other third-party suppliers, such as technology services firms, in order to enable us to provide the services to you. In particular we share your personal information with third party suppliers in order to send you relevant communications (via email, letter, interactive voice messaging or SMS) about your healthcare provider appointments.

We share your personal information with law enforcement agencies, regulators, courts or other public authorities if we have to, or are authorised to by law.

As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity.

We don't sell your personal information to third parties.

Does Appt transfer your personal information outside the EEA?

We store your personal information on servers located in the UK, which is within the EEA. However, where you complete a survey or assessment on the site, your personal information from such survey or assessment is transferred to the United States. Where your personal information is transferred outside the EEA, security measures and appropriate safeguards are put in place to protect your information and we ensure that all transfers of your information comply with applicable data protection law, and are carried out in accordance with our instructions. We have in place EU Model Clauses with any party your information is transferred to outside the EEA, as an adequate safeguard. To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us via the details provided in the ‘Contact us’ section below.

How does Appt keep your personal information safe?

All the data we collect about you as an individual is held in private networks with multiple levels of security including industry leading encryption and access controls. Our data centres are accredited to the standards set out by the NHS and GCHQ/CESG for protecting the healthcare information of UK citizens.

What are my rights?

By law, you have a number of rights (subject to certain conditions) when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country.

In relation to personal information we process for the purposes of providing services to you on behalf of your healthcare provider, you will need to contact your relevant healthcare provider to exercise or enquire about these rights. For personal information you have provided on and through other means such as a survey or assessment. you can contact us using the details in the ‘Contact us’ section below to exercise any of these rights (as applicable) or to find out more about the information we hold on you as a Data Controller**:**

The right to object to processing

You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you about other services we have which we think will be of interest to you or being contacted with varying potential opportunities).

The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.

The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law. You can do this by writing us on the email address below.

The right to rectification

You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing us on the email address below.

The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold by writing to us on the email address below.

The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.

The right to data portability

You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.

The right to withdraw consent

If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details below.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

Can I opt out of the Appt services?

Appt only processes patients whose details have been provided to us by participating GP practices. GP Practices should only share information on patients who have consented i.e., not opted out.

As a patient, you will need to contact your Healthcare Provider to make any of the following changes:

  • If you would like to update your contact preferences or remove a contact method from use, then this can be set by using the web portal
  • If you would like to stop all notifications to your phone, then this can be achieved by replying ‘STOP’ to any message.
  • If you would like to stop any information being shared with Appt then you will need to contact your Healthcare Provider who will make this change.

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit

On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: (which covers health and care research); and (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.

Contact us

We're always happy to talk. If you have any questions or concerns, please email and we'll do everything we can to help.