Immedicare is a clinical and technology partnership between Airedale NHS Foundation Trust (ANHSFT) and Involve Visual Collaboration Ltd (Involve).

This Privacy Notice explains how Immedicare uses any information we collect in a lawful, fair and transparent manner, in line with UK General Data Protection Regulation (UK GDPR).

 

 

Who We Are (Data Controllers and Processors)

Depending on the service provided:

  • Airedale NHS Foundation Trust acts as the Data Controller for all clinical and patient data processed through the Digital Clinical Care Hub.
  • Involve Visual Collaboration Ltd acts as:
    • A Data Controller for business, contract, and marketing data
    • A Data Processor when processing data on behalf of ANHSFT

For clinical data, please refer to ANHSFT’s Privacy Notice:
Airedale-NHS-Foundation-Trust-Privacy-Notice-FEB-26-1.pdf

 

The Service we provide

Immedicare provides secure video consultation services connecting care homes with NHS clinicians via a Digital Clinical Care Hub located at Airedale General Hospital.

This service supports direct patient care and improves access to clinical expertise.

 

 

Personal Data We Collect

We apply the principle of data minimisation and only collect data necessary for defined purposes.

 

 

  • Website Use

When you visit immedicare.co.uk, we collect information via cookies and similar technologies.
Please see our cookie policy

Cookie Policy | Involve

 

 

  • Service Contracts

When organisations purchase our services, we may collect:

 

  • Names of individuals
  • Organisation name
  • Email addresses
  • Telephone numbers
  • Financial and billing information
 
 
  • Videoconferencing (Clinical Use)

 

  • Video consultations are encrypted in transit using secure protocols.
  • No video, audio, or consultation data is recorded or stored by the Immedicare platform.
  • Clinical records are created and stored by ANHSFT within NHS systems where applicable.

Involve Visual Collaboration Ltd Privacy Policy applies: Privacy Notice | Involve

 

 

  • Service Monitoring and Reporting

We may process aggregated and pseudonymised usage data to:

 

  • Monitor service performance
  • Produce utilisation reports for organisations
 
 
  • Digital Clinical Care Hub

ANHSFT processes:

 

  • Patient-identifiable data
  • Clinical records
  • Health information

This processing is carried out under NHS legal bases for direct care.

 

 

  • Training Platforms (e.g. MoodleCloud)

We collect:

 

  • Name
  • Email
  • Organisation details

To provide training access and certification.

 

 

  • Market Research
 

We may process limited professional contact data under legitimate interests to inform relevant organisations about our services.

 

 

How We Use Your Personal Data

We use personal data to:

  • Respond to enquiries
  • Deliver contracted services
  • Communicate with you (email, phone, or other channels)
  • Manage ongoing service relationships
  • Provide training and support
  • Monitor service usage (where applicable)
  • Send relevant service updates or marketing communications (where permitted)
 
 
  • Lawful Basis for Processing

We rely on the following lawful basis:

 

For Clinical Data (ANHSFT)

  • Article 6(1)(e) – Public task (provision of healthcare)
  • Article 9(2)(h) – Health or social care purposes
  • Common Law Duty of Confidentiality (supported by implied or explicit consent where applicable)
 

For Business and Operational Data (Involve)

  • Contract (Article 6(1)(b)) – to deliver services
  • Legitimate Interests (Article 6(1)(f)) – service improvement and B2B communications
  • Legal Obligation (Article 6(1)(c)) – compliance requirements
 
  • Data Sharing and Information Governance
 

We share data only where necessary and under strict controls:

 

  • Between ANHSFT and Involve (as controller/processor)
  • With approved third-party processors:
    • Moodle Pty Ltd
    • Brevo
    • Redcentric PLC (secure infrastructure provider)
 
  • All Third Parties:
 
  • Are subject to Data Processing Agreements (DPAs)
  • Meet NHS DSPT or equivalent security standards
  • Are assessed through due diligence and risk management processes
 
 
  • Data Security

We implement appropriate technical and organisational measures in line with NHS standards, including:

 

  • Encryption of data in transit
  • Secure NHS-compliant hosting environments
  • Role-based access controls
  • Audit logging and monitoring
  • Staff training in data protection and confidentiality
 
 
  • Data Retention

We retain data in accordance with:

 

  • NHS Records Management Code of Practice (for clinical data)
  • Legal and contractual requirements (for business data)

Retention periods are defined in internal policies and available on request.

 

 

  • Your Rights

Under UK GDPR, you have the following rights:

 

  • Right to be informed – about how your data is used
  • Right of access – to request a copy of your data
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – in certain circumstances
  • Right to restrict processing – where applicable
  • Right to object – to certain types of processing (e.g. marketing)
  • Right to data portability – where applicable

             

To exercise your rights, please contact us using the details below.

We will respond within one month and may need to verify your identity.

 

 

  • Data Accuracy
 

We take reasonable steps to ensure personal data is accurate and up to date. Please inform us of any changes to your information.

 

 

Contact and Complaints

 

If you would like to exercise any of your rights or raise a concern, please contact our DPO using the following contact details:

 

DPO@Immedicare.co.uk

Tel: 01925 918187

 

We may request proof of identity before processing your request.

 

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) directly (www.ico.org.uk).

 

However, we would appreciate if you could give us the chance to address your complaint and put it right first.