iGPR Secure Download Portal | Privacy Notice

Privacy Notice

iGPR Technologies Limited (“iGPR”) respects the privacy of individuals and is committed to protecting their personal data. 

Scope of this privacy policy

This privacy notice applies only to the personal data of the Data Subjects (as described below) that is collected, stored, used and otherwise processed by iGPR through or in relation to the patient download portal including any software used to operate the patient download portal which is owned by iGPR and/or its licensors (“iGPR software”) in the circumstances set out below. 

iGPR is a Data Processer/service provider for the iGPR Customers

iGPR provides the iGPR software and related services to GP surgeries and third party providers such as insurances companies (“iGPR Customers”) which assists the iGPR Customers to respond to any requests submitted to iGPR through the iGPR software, including:

  • requests relating to patient data, such as subject access requests;
  • requests made by government agencies, such as the DVLA and DWP;
  • requests made by research companies; and/or
  • requests made by insurance companies under the Access to Medical Records Act 1988 in relation to a life insurance policy that individuals hold or which individuals are applying for.

For the purposes of providing the services described above and performing the contract iGPR has with the iGPR Customers, iGPR, on behalf of the iGPR Customers, processes certain personal data of individuals who are:

  • patients; and
  • individuals whose personal data is included with the records of such patents or customers where processing of that personal data is also necessary in order for iGPR to provide the services, (including names of staff of GP practices and next of kin).

(the “Data Subjects”).

Any and all personal data of the Data Subjects that is processed through or in relation to the iGPR Software, is processed by iGPR as a processor for the iGPR Customers, who are the Controllers of such personal data.  iGPR processes such personal data only in accordance with the instructions given by the iGPR Customers and applicable data protection laws. 

Data Subjects can find full details on the processing of their personal data, including the processing undertaken by iGPR, within the privacy notices of the applicable iGPR Customer (“Controller Privacy Notice”).  This privacy notice is provided by iGPR to ensure that Data Subjects have read and understood the applicable Controller Privacy Notice.  In the event that there is any conflict between this privacy notice and the Controller Privacy Notice, the Controller Privacy Notice shall prevail. 

Data Security

iGPR, in accordance with the processing obligations owed to the iGPR Customers, takes appropriate technical and organisational measures to ensure the security of personal data of Data Subjects, including protecting against accidental or unlawful destruction or loss, alteration, unauthorised disclosure. 

Data Retention

Storage periods for personal data of the Data Subjects to whom this privacy notice relates depends on the data processing terms iGPR has entered into with the iGPR Customers and their choices regarding the type of personal data, purposes of its collection and processing, and applicable data protection laws.

Rights and requests

Information about the rights Data subjects have under applicable data protection laws and how to exercise them can be found in the applicable Controller Privacy Notice.