top of page

Privacy Statement

Our contact details:

  • Name: Barcode Data Healthcare Solutions

  • Address: Ashton House, 6 Margaret St, Ashton under Lyne, Greater Manchester, OL7 0SH

  • Phone Number: 03333 660 842

  • Email: info@barcodedata.co.uk

We currently collect and process the following information:

  • Name, NHS Number, Date of Birth, Address

  • Phone number and/or email address

  • Past medical history

  • Current medical information

  • Employee history

How we get the personal information and why we have it?

Most of the personal information we process is provided to us indirectly by your healthcare provider via our software Cyril.

 

We also receive personal information directly staff at the time of onboarding.

 

We use the information that you have given us in order to provide key information regarding your health and wellbeing to support your healthcare practitioner with the ongoing monitoring and review of your condition.

 

We may further use your information to provide data in the use of ongoing software development and design, audit and research. Personal data used for these purposes will be anonymised or pseudonymised whenever possible.

 

We may share this information with your healthcare providers and with our research partners.

 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information is that we have a legitimate interest.

 

How we store your personal information?

Barcode Data Healthcare Solutions LTD keep Patient Demographics, Routine Data and Patient Observations for 12 Months or as deemed necessarily by the client as part of the DPIA.

All information is stored securely, we have a shared responsibility model between Cyril Sense Health Care Solutions LTD and AWS to ensure security and compliance requirements to be met.  The Application has been developed based on the following guidelines:

  • Follow AWS Well-architected Framework, especially the Security Pillar and Resilience Pillar to ensure data protection, resilience and security controls.  

  • Deploy dedicated AWS Landing Zone and secure VPCs for each client.

  • Apply data encryption in transition and data encryption at rest by default for data protection.  

  • Employ comprehensive tools, e.g. AWS WAF, AWS Shield, AWS Firewall, for Internet and Interface protection. 

  • Implement DevSecOps practice and tooling for automation and security testing at every stage of the SDLC.  

  • Joint responsibility and collaboration with AWS for Vulnerability management and system security patching.  

  • Employ protective monitoring and incident management process to ensure application health and service continuity. 

  • Implement role-based and policy-based access control with AWS IAM to ensure personnel security and secure user management.  

  • Robust Identity and access management solutions for interface (API) access, 3rd Party Integration, and End user authentication.  

  • Implement Service Administration and Auditing capabilities, such as security logging, database activity monitoring, security & compliance alerts, etc.  

  

The summary above provides some insights into the security posture of Cyril’s data platform. We are fully aware of the cyber security guidelines and best practices, in the context of Health Care domain, set by relevant authorities and agencies, such as NCSC Ireland, ENISA, EHDS, UK NHS, etc. We are confident that we will be able to meet the detailed compliance requirements and certification requirements. 

 

AWS provides its certification details at https://aws.amazon.com/compliance/iso-certified/ and publishes its Healthcare Compliance in the Cloud White Papers at https://aws.amazon.com/health/healthcare-compliance/. The development of our platform primarily follows the Health and Social Care Cloud Security – Good Practice Guide written jointly by NHS Digital, NHS England, the Department of Health and Social Care and NHS Improvement and the relevant recommendations by AWS.  

 

We use Health and Social Care Cloud Risk Framework and the Health and Social Care Data Risk Model for assessing the risks associated with the data and apply controls accordingly. Furthermore, we implement comprehensive monitoring and adulting capabilities to ensure sufficient management of ongoing risks. The platform can be tailored for meeting the detailed requirements for HSE use cases.

 

We will then dispose your information in adherence to the ISO 27001 standards. 

The Company ensures that records are maintained of any destruction of hardware, hard drives, or storage media to ensure auditability in respect of the information they hold.

The ICO guidance Deleting personal data sets out that if information is deleted from a live environment and cannot be readily accessed then this will suffice to remove information for the purposes of UK GDPR.

Where a record that has reached its retention period and has been approved for destruction, then the record will be deleted with a separate record kept of what record has been deleted. The Company destroys all physical electronic storage media such as computer hard drives or USBs through the manual in office physical destruction of the drive before disposal. Any paper records are shredded in the Company shredder. Electronic mail will be deleted from the mailbox.

 

Your data protection rights.

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

Please contact us at the details in section 1 if you wish to make a request.

 

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

 

Name: Barcode Data Healthcare Solutions

Address: Ashton House, 6 Margaret St, Ashton under Lyne, Greater Manchester, OL7 0SH

Phone Number: 03333 660 842

Email: info@barcodedata.co.uk

 

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline Number: 0303 123 1113

ICO website: https://www.ico.org.uk

bottom of page