We act as a data processor for our customers.  We store citizen data on their behalf and provide access to their health and administration teams that require access as part of their jobs.

 

The data is stored in the UK within our Microsoft hosted data centre, and managed by our UK team.

 

The access and controls to the data are agreed by our customers such as NHS Trusts, or Local Authorities who act as the overall Data Controller.   If you have any specific requests in relation to the use of your data we can direct you to the appropriate customer.  (e.g. For subject access requests).

 

We have a named Senior Information Risk Owner (UK) SIRO who takes overall accountability for our data processing roles.  To find out more or speak to us about how we process data please get in touch.

 

You can also see more information within our policies.  (Link below)