Skip to main content

Privacy policy

About this policy

This privacy policy explains what we do with your data if you choose to use this service; and what your rights are.

Whenever you provide personal information to a third party, that party is legally obliged to use your information in line with data protection law.

We take the security of your personal information seriously. We've set up security measures, policies and procedures such as:

  • monitoring our platform to keep your personal information secure
  • following good practice guidance in line with that provided by the National Technical Authority
  • having security and confidentiality policies in place across the organisation
  • restricting access to personal information to only those staff who need access to perform their role

The Service and who we are

The Service allows a user to complete a mind and body health check. It is owned and operated by South London and Maudsley NHS Foundation Trust (as part of King's Health Partners), working with the Stockwell Primary Care Network and member GP practices.

Our legal basis for processing personal data

Our legal basis for processing your personal data under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) is:

  • GDPR Article 6 (1) (e): processing is necessary for the performance of a task carried out in the public interest
  • GDPR Article 9 (2) (h): processing is necessary for the management of health or social care systems and services
  • GDPR Article 9 (2) (i): processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health
  • DPA 2018 – Schedule 1, Part 1, (3): public health

What information we collect about you and how it is used

The information processed for the purposes of the Service can be split into several different categories:

  • Assessment data: personal and health details you provide to complete your health check.
  • Feedback data: Non-personally identifiable information you provide if you choose to give us feedback.
  • Audit data: Non-personally identifiable information that is captured against your IP address about your use of the Service, such as the time of use, actions you took using the Service, and associated technical log events. These are used to diagnose problems, understand usage by individuals and the Service as a whole.

Who we share your data with

Your assessment data is processed by your GP and the Stockwell Primary Care Network, according to their privacy policies.

How we use your data and why

The processing of your data is necessary to provide you with the Service and ensure its functionality.

You will not be able to use the Service unless you agree to its terms of use and this privacy policy.

We may need to share your personal information if we are required to do so by law.

How long we keep data for

  • Assessment data: 8 years
  • Feedback data: Indefinitely
  • Audit data: Indefinitely

Where this data is stored and processed

We only store and process data within the European Economic Area.

Your rights

Under data protection law you have certain rights. The rights available to you depend on our reason for processing your data. These rights are listed below:

  • to know how your data will be collected, processed and stored, and for what purposes
  • to withdraw your consent
  • to request a copy of your personal data
  • to correct your personal data errors or omissions
  • to request we restrict our use of your personal data (for example, if you think it's inaccurate and needs to be corrected before it's used)

You can read more about your rights and when they apply on the Information Commissioner's Office's (ICO) website.

Points of contact for queries

If you have any queries about the Service in general, contact mindandbody.healthcheck@nhs.net.

If you have any queries in relation to the use of your data by your GP practice or the Stockwell Primary Care Network, contact your GP or SEL GP Data Protection Officer at danielle.gibbons@selondonics.nhs.uk.

Your right to complain

If you wish to raise a complaint about how we use your data, please contact your GP practice. You also have the right to raise a concern with the Information Commissioner's Office at any time.

Changes to the privacy policy

The terms of our privacy policy may change from time to time. Any updates to the privacy policy will be published on the Service website.