Privacy Policy

We collect and use personal information to:

1) Deliver our products and services to customers
2) Enter into and maintain contracts with customers and suppliers
3) Recruit and administer staff

More detail about what personal data we hold and how we use it is provided below.

We process personal information about:
Visitors to our website
Customers and other business contacts
Job applicants
Current and former employees

We process patient data to help healthcare organisations achieve sustainable improvements in their performance. We receive anonymised and pseudonymised patient data from NHS Digital and, for some services, directly from our customers.

We are a data controller for the anonymised and pseudonymised patient data sent to us by NHS Digital, namely:
1) Hospital Episode Statistics (HES) Ė with additional pseudonymisation
2) Summary Hospital-level Mortality Indicator (SHMI)
HES data relating to you may be shared back to your healthcare provider in a pseudonymisation format if they are a customer of i5 Health. Though we cannot identify you in the HES data, your healthcare provider may be able to do so subject to various opt-in/opt-out and data sharing rules. Statistics and analysis based on the whole HES dataset held by us will be available for all customers for purposes such as benchmarking. HES and SHMI will also be used to inform research and insight that we publish. You can, however, manage your health data choices through the NHS.

For some services, we act as a data processor on the instruction of our customers. We use the minimum data necessary to produce the best results, subject to the strict terms of an agreement and as outlined in that providerís privacy information and data sharing agreements.

The pseudonymised HES data that we hold is not processed outside of the EEA.
We do not hold NHS patient identifiable data.

We use cookies on our website to analyse traffic and improve the way it works. The cookies are anonymised and not used to identify individuals. You can control cookies settings in your browser. Our cookies notice has more details.

We collect information about people when they contact us to enquire about our products and services and during the course of any contract they may take out with us. This will include contact details and correspondence. We use this information for contracts administration, to deliver services to customers, to keep people updated about our products and services, to monitor usage of tools for security and to inform development.

We also collect usage statistics for our tools for security and to inform development. Processing this security information is necessary to fulfil the terms of our contracts and to meet obligations under the General Data Protection Regulation (GDPR), the NHS Data Security and Protection Toolkit.

We also process information about current and prospective customers to keep them informed of our products and services through marketing messages. You can opt out of direct marketing from us at any time. Each direct marketing message from us includes an opt-out button. Customers can also manage their communication preferences through our website.

We collect prospective customer data from a number of sources: through recommendations, public directories, networking events and from scientific publications.

Correspondence through Outlook is processed through Microsoft Office. We use Mailchimp to manage mailing lists. Mailchimp is based in the USA and is certified to the EU-U.S. Privacy Shield Framework.

We process contact details and correspondence relating to current, former and prospective suppliers. This includes correspondence about how suppliers meet their data protection and security obligations. The information is processed to negotiate and enter into contracts and to provide evidence of compliance with our legal and contractual obligations.

Correspondence through Outlook is processed through Microsoft Office.

We receive queries and CVs related to job vacancies either directly from candidates or from recruitment agencies. We use this information to complete the recruitment process, to monitor statistics and to provide assurance that the process is run fairly. We keep candidates informed of when we need references from third parties. In most cases, references are managed through a third party agency.

We process job application data as necessary to take steps prior to entering into a contract and for the performance of a contract with successful applicants. We process special category data, relating to health and ethnic background for example, to meet legal obligations relating to employment and to safeguard your fundamental rights.

For unsuccessful candidates we keep copies of application information, such as CVs and covering letters, for up to one year after the end of the recruitment process for the advertised vacancy. The information is retained as part of our commitment to monitoring equality and diversity and to provide assurance that the process is run fairly. It is also retained so that we can consider applicants for similar vacancies during that time.

We keep anonymised statistics about candidates to inform and improve our recruitment process. We will not be able to identify individuals from these statistics.

Information relating to successful candidates will be transferred to an employee file once they start work with us.

Data relating to job applications is processed through Microsoft Office.

Employees are provided with a detailed notice about how we use their information. This is provided when they join the company and is available to current staff on our intranet. We also hold information provided to us by employees about next of kin and emergency contacts. Data on employee files for former employees are kept for six years after the end of employment except where required for longer (for example, when necessary to comply with obligations under the Health and Safety at Work Act 1974).

You have a number of rights relating to your personal information including:

You have the right to request a copy of any personal information we hold about you. We wonít be able to identify you from the pseudonymised and anonymised data from NHS Digital but you can make a subject access request directly through them.

You have the right to request the correction of any information we hold about you. If you believe that any data we hold about you is incomplete then you also have the right to request that we complete this.

This is also known as the right to be forgotten. You can request that your personal information is erased if it is no longer necessary for us to keep it, or you withdraw consent that you have previously provided, or you object and there are no overriding grounds to keep it or if it is unlawful to continue to keep it.

You can request that the use of your personal information is limited to storage only and that we use it for no other purpose in certain circumstances.

You have the right to object to us processing your data where we are doing so on the basis of legitimate interests.

If you have provided information on the basis of your consent or for a contract then you can request that we send a digital copy to you or directly to another organisation. This only applies where the processing is automated.

You can make a request to us using the contact details below. We must respond to you within one month. You can manage your patient data choices at The Information Commissionerís Office website has more information about your personal data rights.

Disclosures to third parties
In exceptional circumstances we may be asked to share information with police or other investigators, if it would prevent or detect crime or safeguard a personís wellbeing. Each instance will be judged on its own merit and any sharing of information will be done within the law.

How to contact us
For general enquiries please email