This Privacy Policy explains how Signed.Health collects, uses, and protects personal data in accordance with UK data protection law, including the UK GDPR and the Data Protection Act 2018.
Signed.Health is a digital platform supporting clinical documentation and consent workflows.
For the purposes of data protection law, Signed.Health acts as a data processor when processing patient data on behalf of clinicians or organisations, and as a data controller for account and operational data.
Contact: support@signed.health
We may collect and process the following categories of data:
a) Account Data
• Name
• Email address
• Professional details
• Login credentials
b) Clinical and Patient Data
• Patient identifiers (e.g. name, DOB, contact details)
• Clinical information relevant to consent
• Consent records and documentation
c) Technical Data
• IP address
• Device and browser information
• Usage data and logs
We process personal data for the following purposes:
• To provide and operate the Service
• To enable clinical documentation and consent workflows
• To manage user accounts
• To improve platform performance and security
• To comply with legal obligations
We rely on the following legal bases under UK GDPR:
• Contractual necessity (Article 6(1)(b))
• Legitimate interests (Article 6(1)(f))
• Legal obligation (Article 6(1)(c))
For special category data (e.g. health data), processing is carried out:
• Under Article 9(2)(h) (healthcare provision)
• Or under Article 9(2)(a) (explicit consent), where applicable
Clinicians and healthcare organisations using Signed.Health are the data controllers of patient data.
Signed.Health processes such data only on their instructions and does not determine the purposes of processing.
We do not sell personal data.
We may share data with:
• Cloud hosting providers
• IT and security service providers
• Regulatory or legal authorities where required
All third parties are required to implement appropriate data protection safeguards.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
• UK International Data Transfer Agreements (IDTAs)
• Adequacy regulations
We implement appropriate technical and organisational measures to protect personal data, including:
• Encryption
• Access controls
• Secure hosting environments
However, no system can be completely secure.
We retain personal data only for as long as necessary to:
• Provide the Service
• Comply with legal obligations
• Meet contractual requirements
Clinical data retention is determined by the clinician or organisation acting as data controller.
Under UK GDPR, individuals have the right to:
• Access their data
• Rectify inaccurate data
• Erase data (where applicable)
• Restrict processing
• Data portability
• Object to processing
Requests relating to patient data should be directed to the relevant clinician or healthcare provider.
We may use cookies and similar technologies to improve user experience and analyse usage.
You can control cookies through your browser settings.
We may update this Privacy Policy from time to time. Continued use of the Service constitutes acceptance of the updated policy.
If you have any questions or concerns about this Privacy Policy:
Email: support@signed.health