Privacy Policy & Terms of Service

1. Data Controller

GP Triage Ltd ("we", "us", "our") is the data controller for personal information collected through our AI-powered triage and appointment booking platform. We are committed to protecting your privacy and handling your data in accordance with UK GDPR and the Data Protection Act 2018.

Registered Address:
7 St James Place, Nechells, Birmingham, B7 4JE, United Kingdom

Contact: info@gptriage.com

2. Information We Collect

When you use GP Triage, we may collect the following categories of personal data:

• Identity Data: Name, date of birth, gender, NHS number
• Contact Data: Address, email address, telephone number
• Health Data: Symptoms, medical history, triage responses, and clinical information you provide during the triage process
• Technical Data: IP address, browser type, device information, and usage data
• Appointment Data: Booking preferences, appointment history, and communications with your GP practice

3. How We Use Your Information

We process your personal data for the following purposes:

• To provide AI-powered clinical triage and assess the urgency of your symptoms
• To facilitate appointment booking with your registered GP practice
• To verify your identity using the NHS Personal Demographics Service (PDS)
• To communicate appointment confirmations and reminders
• To improve our services and ensure clinical safety
• To comply with our legal and regulatory obligations

4. Legal Basis for Processing

We process your data under the following legal bases:

• Consent: For optional communications and service improvements
• Contract: To provide the triage and booking services you request
• Legal Obligation: To comply with healthcare regulations and NHS requirements
• Vital Interests: Where necessary to protect your health in emergency situations
• Legitimate Interests: For service improvement and security purposes

For special category health data, we rely on explicit consent and/or the provision of healthcare services under Article 9(2)(h) of UK GDPR.

5. Data Sharing

We share your personal data with:

• Your GP Practice: Triage summaries, appointment bookings, and clinical information are shared with your registered practice via EMIS Web or SystmOne
• NHS Systems: We integrate with NHS PDS for identity verification and NHS App for notifications
• Technology Partners: Hero Health (appointment booking API), Microsoft Azure (cloud hosting), and Infermedica (medical knowledge base)
• Regulatory Bodies: Where required by law or for clinical safety purposes

We do not sell your personal data to third parties. GP practices using our service retain full ownership of their patient data at all times.

6. Data Security

We implement robust security measures to protect your data:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Hosted on Microsoft Azure's NHS-approved UK data centres
• Zero-trust security architecture with role-based access controls
• Annual penetration testing by CREST-accredited specialists
• Cyber Essentials Plus certified
• DSPT (Data Security and Protection Toolkit) compliant

7. Data Retention

We retain your personal data in accordance with NHS records management guidelines:

• Clinical triage records: Retained for the duration required by your GP practice's retention policy (typically 10 years after last contact for adults)
• Technical logs: 12 months
• Audit trails: 8 years (as required for clinical governance)

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at info@gptriage.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use essential cookies to ensure our service functions correctly. We do not use advertising or tracking cookies. For more information, contact us at info@gptriage.com.

10. International Transfers

All patient data is stored and processed within the United Kingdom. We do not transfer your health data outside the UK. Some non-clinical data may be processed by service providers in countries with adequate data protection, subject to appropriate safeguards.

1. Acceptance of Terms

By using GP Triage ("the Service"), you agree to be bound by these Terms of Service. If you do not accept these terms, please do not use our Service. These terms apply to all users of GP Triage, including patients accessing the triage system through their GP practice website.

2. Service Description

GP Triage is an AI-powered clinical triage and appointment booking system designed for NHS GP practices. The Service:

• Uses artificial intelligence to gather symptom information and assess clinical urgency
• Facilitates appointment booking based on triage outcomes
• Integrates with NHS systems including EMIS Web and SystmOne

3. Medical Disclaimer

GP Triage is not a substitute for professional medical advice, diagnosis, or treatment.

• The AI triage system provides guidance to help prioritise your care, but clinical decisions remain with qualified healthcare professionals
• In a medical emergency, call 999 or go to your nearest A&E immediately
• Always follow the advice of your GP or healthcare provider
• If your symptoms worsen, seek immediate medical attention regardless of any triage outcome

4. Eligibility

To use GP Triage, you must:

• Be registered with a GP practice that uses GP Triage
• Provide accurate personal and health information
• Be aged 16 or over (or have parental/guardian consent if under 16)
• Accept that the Service may verify your identity via NHS systems

5. User Responsibilities

When using GP Triage, you agree to:

• Provide truthful and accurate information about your symptoms and medical history
• Not use the Service for fraudulent purposes or to obtain appointments inappropriately
• Attend booked appointments or cancel with reasonable notice
• Not attempt to interfere with or disrupt the Service
• Report any security concerns or errors to us promptly

6. Availability and Support

While we strive to provide continuous availability:

• The Service may be unavailable during scheduled maintenance
• We do not guarantee uninterrupted access and are not liable for temporary unavailability
• Emergency services (999, 111) should be used if the Service is unavailable and you need urgent care

Support Hours: We provide technical support on weekdays during 9:00am to 5:00pm GMT/BST. Contact us at info@gptriage.com.

7. Intellectual Property

All content, software, and technology comprising GP Triage is owned by GP Triage Ltd or its licensors. You may not copy, modify, distribute, or reverse engineer any part of the Service without our written permission.

8. Limitation of Liability

To the fullest extent permitted by law:

• GP Triage is provided "as is" without warranties of any kind
• We are not liable for clinical decisions made by healthcare professionals based on triage information
• Our total liability for any claim is limited to the fees paid for the Service (where applicable)
• Nothing in these terms excludes liability for death or personal injury caused by negligence, or for fraud

9. Changes to Terms

We may update these Terms of Service from time to time. Material changes will be communicated via the Service or by email. Continued use of the Service after changes constitutes acceptance of the updated terms.

10. Governing Law

These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

11. Contact Us

For questions about this Privacy Policy or Terms of Service, contact us:

GP Triage Ltd
7 St James Place, Nechells, Birmingham, B7 4JE
Email: info@gptriage.com
Phone: 0121 798 2598