NewRedo Privacy Policy

‍NewRedo Limited (‘we’ ‘us’) is a privately owned company and not part of any other group of companies.

Our privacy policy pertains only to NewRedo Limited and explains what we do with personal information we process or collect about you when you use one of our products.

Please email IG@newredo.com for more information on the solution used to manage your data or the full functionality of our products. There are laws allowing us to collect and keep personal information to:

meet our contractual obligations
provide products to you
protect our systems
detect and prevent fraud

The law also gives you certain rights relating to information we collect and use. See the sections on 'your rights' and 'how to exercise your rights' for more information.

We provide products to customers in both the private and public sectors. We have customers across primary, secondary and tertiary care services as well as across various sectors delivery private products. Our customers will have their own privacy policies in relation to their use of your data, which should be read alongside this policy.

For the purpose of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 1998 2018 (the Act), our customers are the 'data controller' as they determine the purposes of 'why' and 'how' your personal data should be processed. We are the 'data processor' as your personal data will pass through or be stored in our systems.

As the data processor we adhere to the following principles:

Unless the law requires it, the controller’s documented instructions are the only instructions the processor must act on.
The processor must ensure that the people processing the data are subject to a duty of confidentiality.
Appropriate measures need to be taken to ensure the security of the processing.
Under a written contract, the processor must only engage a sub-processor with the controller’s prior approval.
Appropriate measures must be taken to help the controller respond to requests from individuals to exercise their rights.
The data controller needs the help of the processor in meeting its obligations concerning security of processing, declaration of personal data breaches and data protection impact assessments.
At the end of the contract, the processor must return all personal data to the controller. If the law requires it, the processor must also destroy existing personal data unless stated explicitly that data needs to be held in storage.
The processor is required to submit audits and inspections. The processor needs to give the controller all the information to ensure they meet their obligations in line with their GDPR Article 28 obligations.

If you have any questions about how NewRedo Limited uses your information, please email IG@newredo.com.

Why we use your personal information.

We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing).

We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies.

Please see below for more information about this and the reasons why we may need to process special category information. By law, we must have a lawful reason for processing your personal information.

We process standard personal information about you if this is:

necessary to provide the services set out in a contract
in our or a third party’s legitimate interests, or
required or allowed by law.

We process special category information about you because:

it is necessary to provide a medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems
it is necessary for reasons of public interest in the area of public health, or
we have your permission.

How we handle your data

When you use a service that one of our products is integrated with, we process your data in line with our customer’s requirements. The processing is done in a secure manner and in line with our strong governance policies. Our Information Governance Accreditations can be seen below:

Information Commission We are registered with the Information Commission. Our registration number is: Z298919X.
Cyber Essentials NewRedo Limited hold a Certificate of Assurance to confirm that we comply with the requirements of the Cyber Essentials Scheme Certificate Number: b391ceae-6f7a-477c-abe5-9c6e813229ef

Working towards:

ISO 9001 (Quality Management)
ISO 27001 (Information Security Management)

‍Protection of information

NewRedo Limited is committed to ensuring the security of your personal information. We use commercially reasonable technological, physical, and administrative security safeguards, such as firewalls and carefully developed security features — to protect the confidentiality and security of your personal information within our products, services and sites.

When you enter confidential information (such as login credentials or information submitted from within the Service) we encrypt the transmission of that information using secure socket layer technology (SSL).

These technologies, procedures, and other measures are used in an effort to ensure that your data is safe, secure, and only available to you and to those you authorised to access your data.

However, no internet, email, or other electronic transmission is ever fully secure or error- free, so you should take care in deciding what information you send to us in this way.

NewRedo Limited is not responsible for the functionality or security measures of any third party.

‍Other websites

Our products may be contained within other systems, apps or websites. This privacy policy only applies to our products alone, so when you link to other systems, apps or websites you should read their own privacy policies.

NewRedo Limited does not endorse and is not responsible for the practices of third parties or their websites or applications. We do not determine and are not responsible for the privacy practices or the content of websites or applications operated by third parties.

Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies.

We are not responsible for, and we do not control any third parties that you authorise to access your user content. If you are using a third-party website or service and you allow such a third-party access to your user content, you do so at your own risk.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

NewRedo Limited products which collect patient/citizen data do not use cookies.

‍Who we share your information with

Your data will be shared with the Data Controller. The Data Controller is the organisation deploying NewRedo Limited’s products to provide you with a service. This may be your local health or social care provider or a provider of other services (e.g. education).

If NewRedo Limited (or substantially all of its assets) is sold to another organisation, information we hold about our users and customers will become one of the transferred assets. We may share your information if we are under a duty to disclose or share your personal data to:

comply with a legal obligation
apply or enforce our terms and conditions of supply and other agreements
protect the rights, property or safety of NewRedo Limited, our customers or others — this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction

We will never sell your information to other organisations.

Where we store your information

We use a number of cloud-based products to help us process the information we collect. By submitting your personal information, you agree for it to be transferred to, stored in or processed by these products. All of our data processing takes place within Amazon Web Services (AWS) in the eu-west-2 region (London) in multiple availability zones.

We review what information is being processed and ensure your information is treated securely and in accordance with our privacy policy.

‍How long we keep your information

We have a Data and Record Management Policy in place which outlines how we manage personal information and medical information.

We comply with our legal obligations in relation to the retention and deletion of personal information and medical information.

We store personal information and medical information only for as long as is necessary, for the purpose the data was collected or to comply with applicable legal, tax or regulatory requirements.

Please email IG@newredo.com for a copy of our Data and Record Management Policy

You have the right to:

request a copy of the information that we hold about you
correct inaccurate or incomplete data that we have about you
ask for information about you to be deleted, in certain circumstances
restrict how we use your information, where certain conditions apply
ask us to transfer information about you to another organisation
object to having your information used in certain ways
object to automatic processing, including profiling
not be subject to solely automated decisions that affect your legal status or rights

‍Access to your information and your right to correct your information.

You have the right to request a copy of the information that we hold about you. Typically, this request should be submitted through your service provider (e.g. your GP Practice).

Alternatively, you can request a copy of your information directly from NewRedo Limited. This can be done by completing our information request form.

Please email IG@newredo.com

‍Write to:
Information Governance Team
NewRedo Limited
Platform,
New Station Street,
Leeds,
LS1 4JB

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You also have the right to ask us to delete all of the data we hold on you.

We will acknowledge receipt of your request within two working days of receipt of the request. We will provide you with the information you requested within one calendar month of receipt of the request.

In instances where the request is assessed as complex we may take an additional two calendar months (three calendar months total) to process the request in line with ICO guidance. If we assess your request as complex and require an extended timescale we will inform you of this within one calendar month.

‍How to exercise your rights

To exercise any of these rights, please email IG@newredo.com We will forward any requests you make to other organisations that may be involved in processing your information.

How to complain

If you are unhappy about how your information has been handled by NewRedo Limited or an organisation involved in how we use your information, you can make a complaint to our Data Protection Officer or the Information Commissioner’s Office:

‍NewRedo Limited Data Protection Officer

Royd Brayshay
NewRedo Limited
Platform,
New Station Street,
Leeds,
LS1 4JB
Email: IG@newredo.com

‍Information Commissioner's Office
‍Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Web: ico.org.uk/make-a-complaint‍

Telephone: 0303 123 1113

‍Changes to our privacy policy

This policy was last updated on the 08 September 2023.

We will post any future changes on this page and, where appropriate, notify you by email. Please check this page frequently for updates.‍

Contact us‍

Please contact us if you have any questions, comments or requests in relation to this privacy policy or information we hold about you by emailing IG@newredo.com or in writing to:

Information Governance Team
NewRedo Limited
Platform,
New Station Street,
Leeds,
LS1 4JB

Our Services

Privacy Policy

NewRedo Privacy Policy

Contact Us

Follow Us