Website Hosting Privacy Notice

Background:

Primary Care Online Ltd hosts and maintains this website on behalf of your GP practice. We understand that your privacy is important and we are committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant NHS digital guidance.

Your GP practice is the Data Controller for any personal data collected via this website. Primary Care Online Ltd acts as a Data Processor providing website hosting, technical support, and maintenance services.

Primary Care Online Ltd does not provide medical care services and does not access your GP medical record through this website.

Please read this notice carefully to understand how your information is handled.

1. Information About the Website Provider

This website ("the Site") is hosted and maintained by Primary Care Online Ltd, a company registered in England and Wales under company number 12558206.

Email: [email protected]
Telephone: 01792 344747
Postal Address: Suite 13, The Cross Community Centre, 1 High Street, Pontardawe, Swansea, SA8 4HU.

Your GP practice is responsible for determining how and why personal data submitted through this Site is processed.

2. What This Notice Covers

This notice explains how personal data is processed when you use this Site, specifically in relation to the website hosting and technical services provided by Primary Care Online Ltd.

The Site may contain links to external websites or services (for example, NHS Wales services or third-party providers). We are not responsible for the privacy practices of those websites and recommend reviewing their privacy notices.

3. What Is Personal Data?

Personal data means any information relating to an identified or identifiable individual. This includes names, contact details, identification numbers, online identifiers (such as IP addresses), and other information that could identify you directly or indirectly.

If you submit health information through a GP practice form, this may constitute special category data under Article 9 UK GDPR.

4. Your Rights

Under UK data protection law, you have the right to:

  • Be informed about how your personal data is used.
  • Access the personal data held about you.
  • Have inaccurate data corrected.
  • Request erasure of personal data (where applicable).
  • Restrict processing.
  • Object to processing.
  • Withdraw consent where processing is based on consent.
  • Data portability (where applicable).
  • Not be subject to solely automated decision-making.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how your data is handled.

5. What Personal Data Is Collected

Technical data collected automatically:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and interaction data

This data is used for security, system administration, performance monitoring, and to ensure the website operates correctly.

Data you provide voluntarily:

  • Name
  • Contact details
  • Any information submitted via contact forms or email

Lawful basis:

  • Article 6(1)(f) UK GDPR – Legitimate interests (site security, performance, and service delivery)
  • Article 6(1)(e) – Public task (where processed by the GP practice)
  • Article 6(1)(a) – Consent (where applicable)
  • Article 9(2)(h) – Provision of health or social care (where health data is submitted to the GP practice)

6. How Personal Data Is Used

Personal data is used to:

  • Operate and maintain the website
  • Respond to enquiries
  • Support delivery of GP practice services
  • Maintain security and prevent misuse

Primary Care Online Ltd does not use personal data for marketing, advertising, or profiling.

7. Data Storage and Security

Data is hosted on secure UK-based servers.

If any processing takes place outside the United Kingdom, appropriate safeguards will be in place in accordance with UK GDPR requirements.

Security measures include:

  • Encrypted data transmission (HTTPS)
  • Access controls and role-based permissions
  • Regular security monitoring
  • Data breach procedures compliant with ICO requirements

Personal data is retained only for as long as necessary and in accordance with NHS records management guidance and legal requirements.

8. Sharing of Personal Data

Personal data may be shared:

  • With the GP practice (as Data Controller)
  • With authorised IT service providers under contractual data processing agreements
  • Where required by law, regulation, or court order

Personal data is never sold or rented.

9. Accessing Your Information

To make a Subject Access Request or exercise your rights, you should contact your GP practice directly as the Data Controller.

If your enquiry relates specifically to website hosting or technical processing carried out by Primary Care Online Ltd, you may contact us using the details above.

Requests will normally be responded to within one calendar month.

10. Changes to This Notice

This notice is reviewed regularly and may be updated to reflect changes in legal requirements or operational practice. The latest version will always be available on this page.