At C the Signs (C the Signs Limited, company number 10683539 and registered office is at Gridiron Building, 1 Pancras Square, London N1C 4AG) ("We", "Us" and "Our)), We are committed to protecting and respecting your privacy, and the personal data that We hold and process about you. This privacy policy explains what data We collect, how We use it and your rights to ensure that data is managed appropriately.
The data protection laws require controllers to be open and transparent about data use. We are the controller of your personal data used for the purposes set out in this privacy policy.
Your privacy is important tous, so if there is anything in our privacy policy that is unclear or you do notunderstand, please contact us at support@cthesigns.co.uk.
1. How we use your personal data
2. Where C the Signs acts as a processor
3. How long we keep your personal data
4. Privacy guidance about using the C the Signs Self-Assessment Service
5. User research and giving feedback
6. Where We store your personal data
7. Automated decision making
8. Sharing your personal data with third parties
9. How We protect your personal data
10. Your rights
11. Updating your information
12. Changes to this policy
This privacy policy explains how C the Signs and other organisations may use your data when you use the C the Signs Self-Assessment Service (also known as "C my Signs" and also referred to in this privacy policy asour "Services").
You can access the C theSigns Self-Assessment Service via our website or mobile device. This policy applies to using either of those channels.
As well as this policy, youshould also read the NHS App terms of use and cookies policy.
You may find it helps to understand these terms when reading this policy.
You can find out more about these terms on the InformationCommissioner’s Office website.
We use your data to provide the C the Signs Self-Assessment Services. It means we can give you access to specific cancer pathways commissioned within the NHS in your area.
We may also use your personal data to:
The points above are a shortsummary of our reasons for capturing and using personal data. You can find moredetails in the sections below.
In the tables below, you can find out more about data we may collect about you when you use the C theSigns Self-Assessment Service.
We obtain your personal data from you directly when you use the C the Signs Self-Assessment Service.
This is part of your contact information and part of your identity for your health record. It is used to:
Email Address
Name
This is part of your contact information. It is used to:
ODS codes are unique identifiers used by the NHS to assign to all parts of its organisation. This is used:
The ODS code of the NHS organisation receiving the self-assessment referral generated at the end of the self-assessment pathway is used for:
This is a part of your demographic information that forms part of your health record. It enables us to:
This is calculated from your date of birth. It is used to:
This is part of your demographic information that part of your health record. It is used for:
This is part of your demographic information that part of your health record. It is used for:
Your NHS number is unique identification number for you and your health record. It is used for:
Your CTS number is a unique identity number assigned by C the Signs to you. It is used:
This is part of your contact. It is used to:
This is used to log events, trace faults and provide security protective monitoring log data.
This is used for session and performance management.
Online identifier (for example your IP address, event logs)
Facilitating the Self-Assessment Service
The C the Signs Self-Assessment Service requires you to insert your medical information in order to determine your eligibility for the referral pathway. If you are eligible this data is then transferred into a referral form (or letter) and sent to the receiving NHS Organisation (either via secure NHSmail or via a secure C the Signs dashboard). This includes any additional information uploaded by you in the process of completing your self-assessment (e.g. photos).
Enhancing the quality of the referral
In addition, where commissioned and with the consent of your GP practice, C the Signs is able to process your GP practice electronic healthcare record to attach critical information relating to your health into the referral form before transmission to the NHS Organisation receiving the referral. This includes but is not limited to: any active medical conditions you are currently being treated for, serious medical events in the past, medications and allergies. Please also note that this may include information related to race/ethnicity, HIV status, sexual orientation, safeguarding issues, genetic information, and/or test results (e.g. blood tests, urine analysis, stool tests, scans etc).
C the Signs acts as a Data Processor for this information and is unable to show you the contents of this information prior to the referral being sent. This information is transferred onto the referral form automatically without any individual from C the Signs seeing or accessing the data. The receiving NHS Organisation will receive this information (as they would routinely with other referrals sent by your GP).
The provision of this data within the referral increases the quality of the referral and helps the receiving NHS Organisation to be able to triage you to the most appropriate next step, speeding up the diagnostic process and reducing waste (e.g. where a test may be inappropriate).
Messages processed as part of Messaging Service will be stored within your record for the duration of your account (and any additional time required by law or NHS data requirements).
C the Signs will process identifiable data from Self-Assessment Service:
C the Signs will also process anonymised data from the Self-Assessment Service:
Logging in
You gain access to the C the Signs Self-Assessment Service using the personal login you generate through the service or by using Your NHS App login (where available).
Camera and location information
The Self-Assessment Service may ask for access to the camera on your device for specific pathways available in your area (e.g. to photograph skin lesions).
Where available and necessary, the C the Signs Self-Assessment Service may also ask for access to your device location. If you allow access to your device’s location, then location data may be used to help you find services in your area.
Accessing services for someone else
This service is intended to be used by yourself, and not on behalf of anyone else. If you are completing this risk assessment on behalf of someone else you must keep this data safe and secure. To the extent possible bearing in mind their age, condition and capacity, you must:
When you register to use the C the Signs Self-Assessment Service, we may ask if you would like to join our user research community. User research helps us to make sure that the C the Signs Self-Assessment Service are meeting people’s needs.
If you choose to take part, we will email you a short survey to fill in about yourself. Your answers will help make sure we invite you to user research that is relevant to you.
When you have signed up, we may ask you to:
You can always say no to an invite, and you can leave the user research panel at any time.
Your personal data will only be captured if you choose to provide it as part of participating in user research relating to the C the Signs Self-Assessment Service. C the Signs is the controller for this data. This may be shared with third parties (e.g. commissioners of the service in the NHS or researchers).
We’ll collect your name and email address to maintain a mailing list for the user research, where you have consented to receive it. We will ask general questions about your health and background to ensure we are inclusive in our research, which counts as special category data. The amount of time we keep this data varies depending on the research you are taking part in. We will tell you before asking your consent.a
You have a right to:
Please note, that for data we add to your self-assessment referral from your GP electronic healthcare record, C the Signs is the Data Processor and therefore does not have the permission or ability to share this with you directly. This must be requested through your GP practice. C the Signs can assist you with this.
For user research activities and your membership of voluntary mailing lists, you also have the right to:
You can exercise your rights by contacting the relevant controller. For contact details, see the next section of this policy below.
If you have a general question about using the C the Signs Self-Assessment Service, please contact support@cthesigns.co.uk.
If you have any objections or complaints relating to your data, we will investigate and attempt to resolve them. We will make every reasonable effort to allow you to exercise your rights as quickly as possible and within the timescales set out in data protection laws.
You can contact our Data Protection Officer at C the Signs to make a complaint. You can do this by emailing support@cthesigns.co.uk or by sending a letter to:
Gridiron Building
1 Pancras Square
Kings Cross
London
N1C 4AG
We ask that you try to resolve any issues with us first. However, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information. The ICO is the UK regulator for data protection and upholds information rights.
Your health data has extra legal protection and C the Signs must also comply with UK GDPR Article 6 and 9. To process your health data, we rely on:
The terms of our privacy policy may change from time to time. We will inform you via email or via the C the Signs Self-Assessment Service if we make any significant changes to our Privacy Policy, Cookies Policy or Terms of Use.