Privacy Policy & Terms of Service

Last updated: September 10, 2025

Your Privacy is Our Priority

Know My Patient is committed to protecting your privacy and ensuring your personal information is handled securely and in accordance with UK GDPR, Data Protection Act 2018, and NHS standards.

Our Key Privacy Principles

Secure Storage

Your data is encrypted and stored securely, accessible only by authorized NHS staff.

Minimal Data Collection

We collect only the information necessary for your care and support.

Your Control

You can update, access, or request removal of your information at any time.

Monitored Access

All access to your digital hospital passport is monitored and logged for security.

Personal Information:
  • Name, email address, and NHS number (if applicable)
  • Medical conditions, allergies, and medications
  • Emergency contact information
  • Dietary preferences and care instructions
Technical Information:
  • IP addresses and browser information (for security)
  • Login timestamps and access logs
  • Device information for QR code generation

We use your information to:

  • Provide personalized care through your digital hospital passport
  • Enable NHS staff to access critical care information quickly
  • Maintain security and prevent unauthorized access
  • Improve our services and user experience
  • Comply with legal and regulatory requirements
Legal Basis: We process your data under Article 6(1)(e) and Article 9(2)(h) of GDPR for the provision of health and social care.

We do NOT sell or share your data commercially.

We may share your information only:

  • With authorized NHS healthcare professionals involved in your care
  • With emergency services in life-threatening situations
  • When required by law or court order
  • With trusted technical service providers (under strict data processing agreements)

All data sharing is logged and auditable.

You have the right to:
  • Access your personal data
  • Rectify inaccurate information
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability
  • Object to processing
Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer.

Contact DPO

Technical Safeguards
  • 256-bit SSL encryption
  • Secure password hashing
  • Regular security audits
  • Firewall protection
Organizational Safeguards
  • Staff training on data protection
  • Access controls and monitoring
  • Data breach response procedures
  • Regular policy updates

We retain your data in accordance with NHS records management guidelines:

  • Active accounts: Data retained while account is active
  • Inactive accounts: Reviewed annually for continued necessity
  • Deleted accounts: Data permanently deleted within 30 days
  • Audit logs: Retained for 7 years for security and compliance
Some data may be retained longer if required by law or for legitimate medical purposes.
This privacy policy may be updated from time to time. We will notify you of any significant changes.
Know My Patient is committed to NHS values and GDPR compliance.