©2019-2024 All Rights Reserved,
Powered by RediCare ControlDTx
Terms & Conditions
Privacy Policy

Privacy Policy

1. Introduction

RediCare Control Limited ("RediCare", "we", "us", or "our") is committed to protecting your privacy and ensuring compliance with UK and EU data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our digital metabolic health service and associated platforms, including https://pcnprogramme.controldtx.com/

2. Who We Are

RediCare Control Limited
Company No. 14563334
Registered Office: Unit 7, Fareham Innovation Centre, 4 Meteor Way, Lee-on-the-Solent, Hampshire, PO13 9FU, UK
Email: info@controldtx.com
ICO Registration Number: ZB494045

3. What Data We Collect

We may collect and process the following types of personal data:

A. Personal Information
  • Name
  • Date of birth
  • Contact details (email, phone number)
  • Address & postcode
  • NHS Number (if required for service integration)
B.Health & Medical Information (Special Category Data)
  • Height, weight, and BMI
  • Blood pressure readings
  • Blood test results (HbA1c, lipid profiles, and other metabolic markers)
  • Lifestyle and dietary preferences
  • Consultation history and interactions with RediCare services
  • Medical records stored in EMIS
C. Platform Usage & Engagement Data
  • Logins to the RediCare platform
  • Content accessed (e.g., health education videos)
  • Participation in webinars and support groups

We DO NOT collect financial data or store any sensitive payment details.

4. How We Collect Data

We collect your data through the following means:

  • When you sign up for our services
  • When you book and attend consultations
  • When you participate in health workshops and webinars
  • When you interact with our digital tools, including Anna, the AI-powered health coach
  • When you engage with SMS/email health messaging
  • When accessing your medical records via EMIS
5. Purpose & Legal Basis for Processing

We only process your data when we have a lawful basis under UK GDPR & Data Protection Act 2018.

Purpose of Processing Legal Basis
Providing lifestyle medicine support & consultations Article 6(1)(e) – Public Interest & Article 9(2)(h) – Health & Social Care
Accessing and using your medical records in EMIS for service delivery Article 9(2)(h) – Health & Social Care
Storing & analysing health data for monitoring progress Article 9(2)(h) – Health & Social Care
Sending health-related reminders and education content Legitimate Interest (Article 6(1)(f))
Ensuring platform security & improving service Legitimate Interest (Article 6(1)(f))
Complying with NHS data-sharing agreements Legal Obligation (Article 6(1)(c))
Explicit Consent:

For certain non-essential processing activities (e.g., marketing,) we may ask for your explicit consent under Article 9(2)(a) GDPR.

6. How We Share Your Data

We only share your data when necessary for delivering healthcare services and in compliance with UK GDPR.

Who We Share Data With
  • Your GP/Primary Care Network (PCN) – To ensure coordinated care
  • NHS Services & Healthcare Providers – As required for ongoing treatment
  • Secure Cloud Storage Providers – Microsoft SharePoint (UK) for encrypted storage of patient data
  • Regulatory Authorities – If required by law (e.g., ICO, NHS England)

    • We DO NOT sell or share your data for marketing purposes.

7. EMIS/SystemOne Medical Record Access

As part of our services, RediCare Control has access to your medical records stored in EMIS or System One. This allows us to:

  • Review your medical history and relevant health conditions.
  • Provide personalised lifestyle medicine support.
  • Coordinate care with your GP and healthcare providers.
  • Update your EMIS records with consultation details and progress reports.
  • Analyse and audit the performance of the overall service.
  • Analyse responses to various questionnaires such as a PAM and GAD.

    • Your data is only accessed by authorised RediCare healthcare professionals and is protected under strict UK GDPR-compliant security measures.

8. How & Where We Store Your Data
Storage Location

All patient data is stored securely on:

  • Microsoft SharePoint (UK) – Used for encrypted storage of shared data between RediCare and PCNs.
  • RediCare Control Platform (AWS, Dublin, EU) – Stores engagement and adherence data.
  • EMIS (UK) – Patient medical records system.
  • Update your EMIS records with consultation details and progress reports.
  • Analyse and audit the performance of the overall service.
  • Analyse responses to various questionnaires such as a PAM and GAD.

    • Your data is only accessed by authorised RediCare healthcare professionals and is protected under strict UK GDPR-compliant security measures.

Security Measures
  • Password-Protected Encrypted Spreadsheets stored on Microsoft SharePoint.
  • Role-Based Access Control (RBAC) – Only authorised staff can access relevant data.
  • Secure NHS Mail & Microsoft SharePoint for Data Exchange.
  • No Local Storage – Data is not stored on personal devices.
9. How Long We Keep Your Data

We retain your health data for 8 years in line with NHS and medical record-keeping requirements, unless you request earlier deletion.

10. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right to Access – Request a copy of your data.
  • Right to Rectification – Correct inaccurate information.
  • Right to Erasure ("Right to be Forgotten") – Request data deletion (where applicable).
  • Right to Restrict Processing – Limit how we use your data.
  • Right to Data Portability – Transfer your data to another provider.
  • Right to Object – Stop processing for specific purposes
  • Right to Withdraw Consent – If processing is based on consent.

    • To exercise your rights, contact us at info@controldtx.com

11. Data Security Measures

We take appropriate technical and organisational measures to protect your data, including:

  • Encryption of data stored on Microsoft SharePoint (UK) & AWS Cloud (Dublin, EU).
  • Access controls – Only authorised personnel can access your data.
  • Secure communication – NHSmail, encrypted emails, and password-protected files.
12. International Data Transfers

All data is stored in the UK (Microsoft SharePoint) & EU (AWS Dublin). No data is transferred outside the UK/EU.

13.Cookies & Tracking Technologies

We use cookies to improve your experience. You can manage cookie preferences via your browser settings.

14. How to Contact Us

For any privacy-related inquiries, you can reach us at:

RediCare Control Limited
Unit 7, Fareham Innovation Centre, 4 Meteor Way, Lee-on-the-Solent, Hampshire, PO13 9FU, UK
Email: info@controldtx.com

15. Complaints & Regulatory Authority

If you have concerns about how we handle your data, you can contact the UK Information Commissioner's Office (ICO):

Website:www.ico.org.uk
Helpline: 0303 123 1113