Privacy Policy & Terms of Service

1. Who We Are

GP Triage Ltd (Company No. 14797566) is a health technology company providing an autonomous AI-powered triage and appointment booking platform for NHS Primary Care. We are registered with the Information Commissioner's Office under registration reference ZB581953.

Registered address: 7 St James Place, Nechells, Birmingham, B7 4JE. Contact: info@gptriage.com. Telephone: 0121 798 2598.

GP Triage Ltd acts as a data processor on behalf of NHS GP practices, which act as data controllers for patient data. This Privacy Policy describes how we handle personal data in connection with the GP Triage platform and our website.

2. What Data We Collect and Why

When patients use the GP Triage platform, we collect the following categories of personal data on behalf of the GP practice:

• Identity data: first name, last name, date of birth, and registered sex, used to verify the patient's identity against the NHS Personal Demographics Service (PDS).
• Health data: symptoms, past medical history, medications, and risk factors provided by the patient during the triage process. This is special category data under UK GDPR and is handled accordingly.
• Appointment data: the triage outcome, the appointment type selected, and the appointment slot booked into the practice's clinical system.
• Operational data: timestamps, device type, and IP address, retained for security and audit purposes only.

We do not collect NHS numbers at the point of patient access. We do not use patient data for any purpose other than delivering the triage and booking service to the registered GP practice.

3. Legal Basis for Processing

Patient data is processed under the following legal bases:

• Article 6(1)(e) UK GDPR: processing is necessary for the performance of a task carried out in the public interest, specifically the delivery of NHS primary medical services under a GP contract.
• Article 9(2)(h) UK GDPR: processing of special category health data is necessary for the provision of health care and treatment.

GP practices, as data controllers, are responsible for ensuring patients are informed of the use of GP Triage in their care. GP Triage supports this by providing privacy information at the point of patient triage entry.

4. How We Share Your Data

Patient data processed through the GP Triage platform is shared only as follows:

• With the registered GP practice: triage summaries, urgency classifications, and appointment bookings are delivered directly into the practice's clinical system (EMIS Web or SystmOne).
• With approved sub-processors: listed below. All sub-processors are bound by data processing agreements and are prohibited from using patient data for any secondary purpose.
• With regulatory or statutory bodies: where required by law, for example in response to a court order or regulatory investigation.

• Microsoft Azure (UK regions): Cloud hosting, data storage, encryption, backups, and monitoring. All data held within UK borders.
• Infermedica: AI clinical decision support engine. Receives anonymised symptom data only. No identifiable patient data is transmitted.
• Hero Health: Appointment slot querying and booking into EMIS Web and SystmOne. UK-based.
• NHS Digital / PDS: Patient identity verification against the NHS Personal Demographics Service. UK only.

We do not sell, share, or transfer patient data to any third party for commercial purposes. All data is processed within the United Kingdom.

5. NHS Login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a "processor" only and we must act under the instructions provided by NHS England (as the "controller") when verifying your identity. To see NHS login's Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

6. Data Retention

We retain patient data only for as long as is necessary to deliver the service and meet our legal obligations:

• Active triage and booking records: retained for the duration of the contract with the GP practice and deleted securely within 30 days of contract termination.
• Security and audit logs: retained for 12 months.
• Clinical records transferred to the GP practice's EHR system: subject to the practice's own NHS records management retention policy.

7. Security

GP Triage implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• TLS encryption for all data in transit
• AES-256 encryption for all data at rest
• Role-based access control and multi-factor authentication
• Immutable audit logging
• Annual penetration testing by an independent CREST-accredited provider
• Cyber Essentials Plus certification
• NHS Data Security and Protection Toolkit compliance

8. Cookies

The GP Triage platform and website use essential cookies only. Essential cookies are necessary for the platform to function and cannot be switched off. They do not track users across websites and do not store any personal health information.

We do not use advertising cookies, tracking cookies, or analytics cookies. If this changes in future, this policy will be updated and a consent mechanism will be implemented before any non-essential cookies are placed.

9. Your Rights

Under UK GDPR, patients and users have the following rights in relation to their personal data. To exercise any of these rights, contact info@gptriage.com. We will respond within one calendar month.

• Access: Request a copy of personal data held about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of personal data, subject to legal retention obligations.
• Restriction: Request that processing is limited in certain circumstances.
• Portability: Receive personal data in a structured, machine-readable format.
• Object: Object to processing carried out on the basis of legitimate interests.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by telephone on 0303 123 1113.

10. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes to our processing activities or applicable law. The current version is always available at www.gptriage.com/governance. Material changes will be communicated to GP practices in writing.

11. Contact Us

For any queries about this Privacy Policy or our data processing activities, please contact:

GP Triage Ltd
7 St James Place, Nechells, Birmingham, B7 4JE
Email: info@gptriage.com
Telephone: 0121 798 2598

Our Data Protection Officer is Zakariya Yahiya at Qyro. DPO contact: zak@getqyro.com.

1. Acceptance of Terms

By using GP Triage ("the Service"), you agree to be bound by these Terms of Service. If you do not accept these terms, please do not use our Service. These terms apply to all users of GP Triage, including patients accessing the triage system through their GP practice website.

2. Service Description

GP Triage is an AI-powered clinical triage and appointment booking system designed for NHS GP practices. The Service:

• Uses artificial intelligence to gather symptom information and assess clinical urgency
• Facilitates appointment booking based on triage outcomes
• Integrates with NHS systems including EMIS Web and SystmOne

3. Medical Disclaimer

GP Triage is not a substitute for professional medical advice, diagnosis, or treatment.

• The AI triage system provides guidance to help prioritise your care, but clinical decisions remain with qualified healthcare professionals
• In a medical emergency, call 999 or go to your nearest A&E immediately
• Always follow the advice of your GP or healthcare provider
• If your symptoms worsen, seek immediate medical attention regardless of any triage outcome

4. Eligibility

To use GP Triage, you must:

• Be registered with a GP practice that uses GP Triage
• Provide accurate personal and health information
• Be aged 16 or over (or have parental/guardian consent if under 16)
• Accept that the Service may verify your identity via NHS systems

5. User Responsibilities

When using GP Triage, you agree to:

• Provide truthful and accurate information about your symptoms and medical history
• Not use the Service for fraudulent purposes or to obtain appointments inappropriately
• Attend booked appointments or cancel with reasonable notice
• Not attempt to interfere with or disrupt the Service
• Report any security concerns or errors to us promptly

6. Availability and Support

While we strive to provide continuous availability:

• The Service may be unavailable during scheduled maintenance
• We do not guarantee uninterrupted access and are not liable for temporary unavailability
• Emergency services (999, 111) should be used if the Service is unavailable and you need urgent care

Support Hours: We provide technical support on weekdays during 9:00am to 5:00pm GMT/BST. Contact us at info@gptriage.com.

7. Intellectual Property

All content, software, and technology comprising GP Triage is owned by GP Triage Ltd or its licensors. You may not copy, modify, distribute, or reverse engineer any part of the Service without our written permission.

8. Limitation of Liability

To the fullest extent permitted by law:

• GP Triage is provided "as is" without warranties of any kind
• We are not liable for clinical decisions made by healthcare professionals based on triage information
• Our total liability for any claim is limited to the fees paid for the Service (where applicable)
• Nothing in these terms excludes liability for death or personal injury caused by negligence, or for fraud

9. Changes to Terms

We may update these Terms of Service from time to time. Material changes will be communicated via the Service or by email. Continued use of the Service after changes constitutes acceptance of the updated terms.

10. Governing Law

These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

11. Contact Us

For questions about this Privacy Policy or Terms of Service, contact us:

GP Triage Ltd
7 St James Place, Nechells, Birmingham, B7 4JE
Email: info@gptriage.com
Phone: 0121 798 2598