Immedicare is a clinical and technology partnership between Airedale NHS Foundation Trust (ANHSFT) and Involve Visual Collaboration Ltd (Involve).
This Privacy Notice explains how Immedicare uses any information we collect in a lawful, fair and transparent manner, in line with UK General Data Protection Regulation (UK GDPR).
Who We Are (Data Controllers and Processors)
Depending on the service provided:
- Airedale NHS Foundation Trust acts as the Data Controller for all clinical and patient data processed through the Digital Clinical Care Hub.
- Involve Visual Collaboration Ltd acts as:
- A Data Controller for business, contract, and marketing data
- A Data Processor when processing data on behalf of ANHSFT
For clinical data, please refer to ANHSFT’s Privacy Notice:
Airedale-NHS-Foundation-Trust-Privacy-Notice-FEB-26-1.pdf
The Service we provide
Immedicare provides secure video consultation services connecting care homes with NHS clinicians via a Digital Clinical Care Hub located at Airedale General Hospital.
This service supports direct patient care and improves access to clinical expertise.
Personal Data We Collect
We apply the principle of data minimisation and only collect data necessary for defined purposes.
- Website Use
When you visit immedicare.co.uk, we collect information via cookies and similar technologies.
Please see our cookie policy
- Service Contracts
When organisations purchase our services, we may collect:
- Names of individuals
- Organisation name
- Email addresses
- Telephone numbers
- Financial and billing information
- Videoconferencing (Clinical Use)
- Video consultations are encrypted in transit using secure protocols.
- No video, audio, or consultation data is recorded or stored by the Immedicare platform.
- Clinical records are created and stored by ANHSFT within NHS systems where applicable.
Involve Visual Collaboration Ltd Privacy Policy applies: Privacy Notice | Involve
- Service Monitoring and Reporting
We may process aggregated and pseudonymised usage data to:
- Monitor service performance
- Produce utilisation reports for organisations
- Digital Clinical Care Hub
ANHSFT processes:
- Patient-identifiable data
- Clinical records
- Health information
This processing is carried out under NHS legal bases for direct care.
- Training Platforms (e.g. MoodleCloud)
We collect:
- Name
- Organisation details
To provide training access and certification.
- Market Research
We may process limited professional contact data under legitimate interests to inform relevant organisations about our services.
How We Use Your Personal Data
We use personal data to:
- Respond to enquiries
- Deliver contracted services
- Communicate with you (email, phone, or other channels)
- Manage ongoing service relationships
- Provide training and support
- Monitor service usage (where applicable)
- Send relevant service updates or marketing communications (where permitted)
- Lawful Basis for Processing
We rely on the following lawful basis:
For Clinical Data (ANHSFT)
- Article 6(1)(e) – Public task (provision of healthcare)
- Article 9(2)(h) – Health or social care purposes
- Common Law Duty of Confidentiality (supported by implied or explicit consent where applicable)
For Business and Operational Data (Involve)
- Contract (Article 6(1)(b)) – to deliver services
- Legitimate Interests (Article 6(1)(f)) – service improvement and B2B communications
- Legal Obligation (Article 6(1)(c)) – compliance requirements
- Data Sharing and Information Governance
We share data only where necessary and under strict controls:
- Between ANHSFT and Involve (as controller/processor)
- With approved third-party processors:
- Moodle Pty Ltd
- Brevo
- Redcentric PLC (secure infrastructure provider)
- All Third Parties:
- Are subject to Data Processing Agreements (DPAs)
- Meet NHS DSPT or equivalent security standards
- Are assessed through due diligence and risk management processes
- Data Security
We implement appropriate technical and organisational measures in line with NHS standards, including:
- Encryption of data in transit
- Secure NHS-compliant hosting environments
- Role-based access controls
- Audit logging and monitoring
- Staff training in data protection and confidentiality
- Data Retention
We retain data in accordance with:
- NHS Records Management Code of Practice (for clinical data)
- Legal and contractual requirements (for business data)
Retention periods are defined in internal policies and available on request.
- Your Rights
Under UK GDPR, you have the following rights:
- Right to be informed – about how your data is used
- Right of access – to request a copy of your data
- Right to rectification – to correct inaccurate or incomplete data
- Right to erasure – in certain circumstances
- Right to restrict processing – where applicable
- Right to object – to certain types of processing (e.g. marketing)
- Right to data portability – where applicable
To exercise your rights, please contact us using the details below.
We will respond within one month and may need to verify your identity.
- Data Accuracy
We take reasonable steps to ensure personal data is accurate and up to date. Please inform us of any changes to your information.
Contact and Complaints
If you would like to exercise any of your rights or raise a concern, please contact our DPO using the following contact details:
Tel: 01925 918187
We may request proof of identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) directly (www.ico.org.uk).
However, we would appreciate if you could give us the chance to address your complaint and put it right first.