Privacy Policy

At C the Signs (C the Signs Limited, company number 10683539 and registered office is at Gridiron Building, 1 Pancras Square, London N1C 4AG) ("We", "us" and "our")), We are committed to protecting and respecting your privacy, and the personal data that We hold and process about you. This privacy policy explains what data We collect about General Practitioners (GPs), healthcare professionals (HCPs) including Practice Administrative Staff, patients via the C the Signs services ("Services") and website users and how We use it and your rights to ensure that data is managed appropriately.

The data protection laws require controllers to be open and transparent about data use. We are the controller of your personal data used for the purposes set out in this privacy policy.

We will continue to process your personal data in accordance with the privacy laws, including the General Data Protection Regulation and the Data Protection Act.

Your privacy is important to us, so if there is anything in Our privacy policy that is unclear or you do not understand, please contact us at info@cthesigns.co.uk.

  1. 1. What personal data do We hold?
  2. 2. Where do We get your personal data from?
  3. 3. How we use your personal data
  4. 4. Automated decision-making
  5. 5. Sharing your personal data with third parties
  6. 6. How long do We hold your personal data?
  7. 7. Where We store your personal data
  8. 8. How We protect your personal data
  9. 9. Your rights
  10. 10. Updating your information

1. What personal data do We hold?

To provide the online services and applications, including our website and the C the Signs App, We hold and process a number of different types of personal data:

Service users (HCPs/ GPs)

Registration information to set up and identify your user account: name, address, email. We need this information in order for you to enter into a contract with us.

  • Registration information to access our C the Signs App: details of your profession, the GP Practice and clinical commissioning groups that you are affiliated with. We need this information in order for you to enter into a contract with us.
  • Survey responses relating to user experiences and issues in the clinical pathways or as part of clinical trials or evaluations.

Patients

C the Signs uses patient information received from GP practices as a processor when providing certain services to the GP practices – where that is the case, the GP's privacy policy is relevant to explain how patient personal data is used.

We also use some patient personal data as a controller (see "how we use your personal data" section below for more details). The patient information that we use as a controller is:

  • Identifying information: Name, NHS number, ODS number, C the Signs ID, Online identifier (for example your IP address, event logs)
  • Contact information: telephone number
  • Age, gender, sex
  • Health information: all your health information contained in your GP records

Website users

  • Technical information about your visit to our website and services: including the internet protocol (IP) address used to connect your computer to the internet, your login-information, browser type, time

2. Where do We get your personal data from?

The personal data that We hold and manage comes from a number of different sources:

Information that you provide to us:

  • When completing online forms to register to use our App and online services
  • When completing online forms to report issues with our website or services
  • When completing surveys or other information requests
  • When you contact us by telephone or email

From GP practices or other primary care providers:

  • If you are a patient, we receive your personal data from your GP practice or other primary care providers, such as out of hours providers or other clinics.

Information that We collect automatically:

  • With regards to each of your visits to our website, or when you sign in to use our online services, We may automatically collect technical information about your visit, including the number of times you use our services, the pages that you visited, the time of your visit, how long you stayed connected to our site or services, data that you input into our services (including the signs, symptoms, risk factors and investigation outcomes) and details of the recommendations that are delivered through the Services.
  • When you read our newsletters, we use automated tools to record details of which articles were of interest, to you, and geolocation data from where they were accessed.
  • We collect this information using online analytical tools and cookies which are specific computer programs. Please click here for more information on our cookies

3. How We use your personal data

To enable you to use our services: Our primary purpose for using your personal data is to enable you to register with us, and log in to use our online services. By registering with us to use our online service, We are entering into a contract with you to provide the services, and it is necessary for us to process certain information to enable the contract to be entered into and fulfilled. Our lawful basis for this use of your personal data is therefore the performance of the contract with you or our legitimate interest to provide you with the services.

We work closely with a range of bodies involved in delivering healthcare services including GP practices, Primary Care Networks, Places, Integrated Care Boards, Cancer Alliances, NHS England, Public Health England, the National Institute for Health and Clinical Excellence, Medicines and Healthcare Products Regulatory Agency and SBRI Healthcare, to ensure that our online services are accurate, up to date and provide valuable information for local GPs and healthcare practitioners. In order to fulfil our contracts with your local Clinical Commissioning Group, GP practice, Alliance, STP or Vanguard, We will share certain information about users with them to monitor the contract. We share aggregated data about all users within a defined group, providing details of the nature of searches conducted, and the pathways recommended. Whilst we do not actively report this data at individual user level, it may be possible for an individual reading the report to identify an individual GP or healthcare professional based on a specific set of circumstances. Our lawful basis for this use of your personal data is that it is necessary to pursue our legitimate interest in fulfilling our contracts with these third parties.

We also process information about users and website users, including the technical information, to support our legitimate business interests in monitoring the performance, and efficiency of the online services, to improve our services, and promote our services. Our lawful basis for this use of your personal data is that it is necessary to pursue our legitimate interests in monitoring and improving the performance of our services.

Communicating with you: From time to time We may wish to communicate with you to:

  • Seek feedback on our services. Our lawful basis for this use of your personal data is that it is necessary for our legitimate interests in managing our relationship with you and improving our services.
  • Inform you of our services that may be of interest to you. If required by data protection laws, we will collect your consent to send you marketing.
  • Send you our newsletter. We also provide a newsletter to keep you informed of local or national activities and meetings that may be of interest to you or your patients. We only issue the newsletter to users who have asked to receive it. Our lawful basis for this processing of your information is to pursue our legitimate interests in providing the service that you have requested or consent (where the law requires us to obtain consent).

We understand that you may not want to receive communications, particularly marketing information. Please contact us at info@cthesigns.co.uk to ask us to stop sending these messages. If you ask us to stop sending communications, We may continue to hold and use your personal data for other purposes as set out in this privacy policy.

Patients: We use patient personal data for the following purposes as a controller:

  • Determine whether a patient could be eligible for a clinical trial. Our lawful basis for this use of personal data is that it is necessary to pursue our legitimate interests in identifying patients that are eligible for certain clinical trials, and the special category data condition is that the processing is necessary for scientific research purposes.
  • Using our algorithms, to identify whether a patient in a GP practice's database is at a higher risk of certain cancers. This information will be used to invite (via SMS or email) the identified patients to attend further appointments or to send them a questionnaire to complete to determine if they are eligible for other referrals. Our lawful basis for this use of personal data is that it is necessary to pursue our legitimate interests in providing this service to the GP practices, and the special category data condition is that the processing is necessary for the purposes of preventive medicine.
  • If a patient is identified as higher risk for certain cancers by Our algorithm and they are sent a questionnaire, we will use the patient's responses to that questionnaire to triage the patient, which can include referral back to GP or to secondary care, as well as the provision of advice only. Please see the section "Automated decision-making" below for further information on this processing. Our lawful basis for this use of personal data and the special category data condition is the patient's explicit consent.

For information about how C the Signs uses patient personal data for its Self-Assessment Services, please see its Self-Assessment Services privacy policy.

We also collect anonymised information for statistical purposes, and for referencing in journals and articles. Although survey data is collected by reference to individual users to ensure that you are not asked to participate multiple times in the same or similar surveys, the response data is collated anonymously prior to publication. Where We use this information, We ensure that We do not identify specific users or their data. We may also share anonymised information with charities and other groups interested in particular specialities, to demonstrate how much traffic is generated by their content.

4. Automated decision-making

We use patient personal data contained in responses to questionnaires to triage the patient, which can include a referral back to the GP or to secondary care, as well as the provision of advice only. We do this using our algorithms, and this involves automated decision-making because there is no human oversight on the decision to refer the patient back to the GP, to secondary care or the provision of advice. If you are a patient, you have the right to obtain human intervention on the decision made about how to triage you, to express your point of view and to contest the triaging decision. If you would like further information on this automated decision-making, or to exercise your rights, please contact us at info@cthesigns.co.uk.

5. Sharing your personal data with third parties

We work closely with GP practices Primary Care Network, Place, Integrated Care Board, Cancer Alliances, and contract with them to provide our services. As part of our contract with these overarching bodies, we may be required to share details of users including usage data, take up and details of the pathways researched to enable informed decisions to be taken on service planning. Although the reported data is aggregated and anonymised as far as possible to compile individual reports, it may be possible for individual users to identify an individual GP or healthcare professional based on a specific set of circumstances.

Where possible We will support our online services internally, however, We do use external suppliers to support specific aspects of our business that We cannot manage ourselves, such as software and IT providers that provide our CRM systems and analytics tools. Where We engage a third party supplier, We only share information that is necessary to provide a particular support service, and ensure that We only work with third parties who understand and implement good data handling practices. We have contracts in place to ensure that data is only used for specific purposes and under Our instructions, that the supplier respects confidentiality and holds the data securely.

We share personal data if We have to in order to comply with the law. For example, We may disclose your personal data to respond to a court order. We will disclose information if a government agency or regulatory body requests it, which includes law enforcement or regulatory authorities.

We share personal data with our professional advisors for the purpose of receiving professional services and advice.

We share anonymous information with the online analytics and search engine providers that assist us to improve and optimise the use of our site.

We do not sell the data that is captured or recorded through the website or the services for commercial benefit.

If We sell the whole or part of our business, or We acquire the whole or part of another business, We may share personal data to facilitate that business transaction.

6. How long do We hold your personal data?

Service users: Where you have registered to use our online services We will hold data about you whilst you are an active user, and for up to 7 years after you cease to be an active user of our services. This is to ensure that We retain an accurate picture of the use of our services, and to ensure that We are able to defend any legal rights or protect ourselves from any claims against us.

If accounts are unused for a continuous period of time, or a contract with the commissioning GP Practice, Primary Care Network, Place, Integrated Care Board, Cancer Alliance, expires or terminates, then we will deactivate an account to protect the security and integrity of the website and our Services. We will continue to hold data on individual users whilst an account is inactive.

We hold and process information about enquiries via our website for 24 months to ensure that they have been appropriately resolved and to support training, and improvements in our practices and services.

We hold and process the technical information about users for 4 years to support our statistical analysis of the website and our services and to monitor improvements. Most of this information is pseudo-anonymised, to protect individuals. Where we are able to completely anonymise information so that it is no longer identifiable personal data, we will store this data so long as we have a business requirement.

Patients: We retain information about patients for the duration of our contract with the GP practice or other primary care provider, after which we anonymise the information so that you cannot be identified from the information.  

7. Where We store your personal data

All of our information that is held within the business is stored in a database within our control which is located within the UK.

Some of our third party suppliers, including our newsletter service provider and some of our data analytics providers are based outside of the United Kingdom (UK) and European Economic Area (EEA), meaning that your personal data will be transferred to and processed by these suppliers outside of the UK and the EEA. In order to protect your personal data where it is being collected, transferred to and processed by these suppliers, we ensure that our contract with them includes appropriate safeguards for your data, including, where appropriate, standard contractual clauses or ensuring that US companies are members of the US Data Privacy Framework.

8. How We protect your personal data

All information that you provide to us is stored on our secure servers, which are located within the UK.

Once We have received your personal data We employ a number of technical and organisational security measures to keep information secure and confidential. We ensure that only our personnel who need to access data do so, and that they are trained and understand good data handling techniques. Unfortunately the transmission of information via the internet is not completely secure, and although We will do our best to protect your information whilst stored on our systems, We cannot guarantee the complete security of data in transmission.

In order to access our services you have unique user names and passwords – please help us to keep your personal data safe by keeping these secret and confidential, and not sharing them with other people. If you think that someone else knows your user name or password, please tell us as soon as possible to help us reset the security.

9. Your rights

The data protection laws include a number of specific rights that you have in certain circumstances to ensure that your personal data is collected and handled in a secure and appropriate manner. These include the right to ask for:

  • Access to your personal data that We process and obtain a copy of your data in a commonly used electronic form
  • Correction of any inaccuracies in personal data that We hold about you
  • Withdrawal of your consent where that is the legal basis of our processing
  • Erasure of your personal data, that is for your details to be deleted from systems that We use to process your personal data
  • Restriction of the processing of your personal data in certain ways
  • Objection to certain processing of your personal data by us
  • Portability of your personal data to a third party

If you would like to exercise your rights, please contact our Data Protection Officer at info@cthesigns.co.uk

Whilst We try our best, there may be times when you are not happy with the way in which We have handled your personal data. If you have any concerns, please contact our Data Protection Officer, by emailing info@cthesigns.co.uk to allow us to investigate your concerns. You also have the right to complain to the Information Commissioner’s Office (the regulator for data protection in the UK) via www.ico.org.uk  

10. Updating your information

It is important that We are able to keep a track of our users, and your rights to use our services may change if you change your employer. Please keep us informed if any of the information that We hold about you changes.

This privacy policy was last updated on July 2025.