Information Governance
Privacy Notice for Healthcare Professionals using referapatient
Issued by:
Corsalveo Limited,
63 Calbourne Road
London, SW12 8LS
United Kingdom
Company registration number:
ICO registration number:
NHS DSPT Registration
ODS code: 8J759
What is a Privacy Notice? A Privacy Notice is a statement issued by an organisation explaining how personal and confidential information is collected, used, and shared. This document outlines how Corsalveo Limited manages information about healthcare professionals using our software, makeareferral. This Privacy Notice applies to healthcare professionals working for NHS and private healthcare organisations. A separate privacy notice is available for patient data processed through our services.
Who We Are: Corsalveo Limited provides software services to NHS and private healthcare organisations. We are governed by UK laws and regulations, including oversight by:
Department of Health
Information Commissioner's Office (ICO)
NHS England
Why Have We Issued This Privacy Notice?
We value openness, accountability, and the protection of personal and confidential information. This Privacy Notice outlines how and why we collect, use, and store information about you.
Our processing complies with the following:
Data Protection Act 2018
UK General Data Protection Regulation (UK GDPR)
Common Law Duty of Confidentiality
ISO27001 Information Security Standards
What Information Do We Collect?
We may collect the following personal data:
Salutation
Name
Professional title or qualification
Professional membership
Email address
Personal mobile phone number
Why Do We Collect Your Information?
We collect your data for the following purposes:
To ensure professional accountability and accurate records.
To facilitate secure communication and service notifications.
To enable multi-factor authentication (MFA) for secure access.
What is Our Lawful Basis for Processing Your Data?
We will only process your personal data where legally justified:
Salutation, Name, Professional Title or Qualification, and Professional Membership
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To maintain professional accountability and facilitate accurate records.
Email Address
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To facilitate professional communication and secure notifications.
Personal Mobile Phone Number
Lawful Basis: Legitimate Interests (Article 6(1)(f)).
Purpose: Used for MFA and urgent communication. Implied consent is assumed when entered.
How Do We Use Your Information?
We use your data to:
Manage secure logins and database access, including MFA.
Provide important notifications about service updates or issues.
Our customers (NHS and private healthcare organisations) may use your data for:
Personalised performance monitoring.
Depersonalised quality monitoring.
Medical records audit.
Direct contact if necessary.
How Do We Keep Your Information Safe?
We follow strict security standards compliant with ISO27001. Safeguards include:
Data encryption.
Regular security audits and penetration testing.
Access controls to restrict data to authorised personnel.
All staff undergo training and adhere to internal information governance policies.
How Long Do We Keep Your Information?
We retain your personal data indefinitely to ensure professional accountability and comply with legal or organisational obligations.
Do We Share Your Information?
We do not share your information with third parties unless:
Legally required (e.g., risk to safety).
To facilitate outsourced IT services (e.g., SMS providers or cloud service providers).
All third-party providers comply with our data processing agreements and UK GDPR.
What Are Your Rights?
Under UK GDPR, you have the following rights:
Access: Request a copy of the data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Request deletion of your data (subject to legal and contractual obligations).
Restriction: Limit how we use your data.
Objection: Object to processing based on legitimate interests.
How Can You Access or Manage Your Data?
Log in to your account to update or view your data.
Contact [email protected] for further assistance.
How Can You Contact Us?
If you have questions or concerns about this Privacy Notice, please contact:
Email: [email protected]
You can also find details of our registration with the ICO online:
Website: www.ico.org.uk
ICO Registration Number: Z3632714
How Can You Make a Complaint?
If you’re dissatisfied with how we handle your data, please contact us at [email protected].
If unresolved, you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Privacy Notice for Healthcare Professionals using referapatient
Issued by:
Bloomsbury Health Limited
The Bloomsbury Building,
10 Bloomsbury Way,
London, WC1A 2SL,
United Kingdom
Company registration number: 08298089
ICO registration number: Z3632714
NHS DSPT Registration
ODS code: 8J759
What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation explaining how personal and confidential information is collected, used, and shared. This document outlines how Bloomsbury Health Limited manages information about healthcare professionals using our software, referapatient.
This Privacy Notice applies to healthcare professionals working for NHS and private healthcare organisations. A separate privacy notice is available for patient data processed through our services.
Who We Are
Bloomsbury Health Limited provides software services to NHS and private healthcare organisations. We are governed by UK laws and regulations, including oversight by:
Department of Health
Information Commissioner's Office (ICO)
NHS England
Why Have We Issued This Privacy Notice?
We value openness, accountability, and the protection of personal and confidential information. This Privacy Notice outlines how and why we collect, use, and store information about you.
Our processing complies with the following:
Data Protection Act 2018
UK General Data Protection Regulation (UK GDPR)
Common Law Duty of Confidentiality
ISO27001 Information Security Standards
What Information Do We Collect?
We may collect the following personal data:
Salutation
Name
Professional title or qualification
Professional membership
Email address
Personal mobile phone number
Why Do We Collect Your Information?
We collect your data for the following purposes:
To ensure professional accountability and accurate records.
To facilitate secure communication and service notifications.
To enable multi-factor authentication (MFA) for secure access.
What is Our Lawful Basis for Processing Your Data?
We will only process your personal data where legally justified:
Salutation, Name, Professional Title or Qualification, and Professional Membership
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To maintain professional accountability and facilitate accurate records.
Email Address
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To facilitate professional communication and secure notifications.
Personal Mobile Phone Number
Lawful Basis: Legitimate Interests (Article 6(1)(f)).
Purpose: Used for MFA and urgent communication. Implied consent is assumed when entered.
How Do We Use Your Information?
We use your data to:
Manage secure logins and database access, including MFA.
Provide important notifications about service updates or issues.
Our customers (NHS and private healthcare organisations) may use your data for:
Personalised performance monitoring.
Depersonalised quality monitoring.
Medical records audit.
Direct contact if necessary.
How Do We Keep Your Information Safe?
We follow strict security standards compliant with ISO27001. Safeguards include:
Data encryption.
Regular security audits and penetration testing.
Access controls to restrict data to authorised personnel.
All staff undergo training and adhere to internal information governance policies.
How Long Do We Keep Your Information?
We retain your personal data indefinitely to ensure professional accountability and comply with legal or organisational obligations.
Do We Share Your Information?
We do not share your information with third parties unless:
Legally required (e.g., risk to safety).
To facilitate outsourced IT services (e.g., SMS providers or cloud service providers).
All third-party providers comply with our data processing agreements and UK GDPR.
What Are Your Rights?
Under UK GDPR, you have the following rights:
Access: Request a copy of the data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Request deletion of your data (subject to legal and contractual obligations).
Restriction: Limit how we use your data.
Objection: Object to processing based on legitimate interests.
How Can You Access or Manage Your Data?
Log in to your account to update or view your data.
Contact [email protected] for further assistance.
How Can You Contact Us?
If you have questions or concerns about this Privacy Notice, please contact:
Email: [email protected]
You can also find details of our registration with the ICO online:
Website: www.ico.org.uk
ICO Registration Number: Z3632714
How Can You Make a Complaint?
If you’re dissatisfied with how we handle your data, please contact us at [email protected].
If unresolved, you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Issued by:
Corsalveo Limited,
63 Calbourne Road
London, SW12 8LS
United Kingdom
Company registration number:
ICO registration number:
NHS DSPT Registration
ODS code: 8J759
What is a Privacy Notice? A Privacy Notice is a statement issued by an organisation explaining how personal and confidential information is collected, used, and shared. This document outlines how Corsalveo Limited manages information about healthcare professionals using our software, makeareferral. This Privacy Notice applies to healthcare professionals working for NHS and private healthcare organisations. A separate privacy notice is available for patient data processed through our services.
Who We Are: Corsalveo Limited provides software services to NHS and private healthcare organisations. We are governed by UK laws and regulations, including oversight by:
Department of Health
Information Commissioner's Office (ICO)
NHS England
Why Have We Issued This Privacy Notice?
We value openness, accountability, and the protection of personal and confidential information. This Privacy Notice outlines how and why we collect, use, and store information about you.
Our processing complies with the following:
Data Protection Act 2018
UK General Data Protection Regulation (UK GDPR)
Common Law Duty of Confidentiality
ISO27001 Information Security Standards
What Information Do We Collect?
We may collect the following personal data:
Salutation
Name
Professional title or qualification
Professional membership
Email address
Personal mobile phone number
Why Do We Collect Your Information?
We collect your data for the following purposes:
To ensure professional accountability and accurate records.
To facilitate secure communication and service notifications.
To enable multi-factor authentication (MFA) for secure access.
What is Our Lawful Basis for Processing Your Data?
We will only process your personal data where legally justified:
Salutation, Name, Professional Title or Qualification, and Professional Membership
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To maintain professional accountability and facilitate accurate records.
Email Address
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To facilitate professional communication and secure notifications.
Personal Mobile Phone Number
Lawful Basis: Legitimate Interests (Article 6(1)(f)).
Purpose: Used for MFA and urgent communication. Implied consent is assumed when entered.
How Do We Use Your Information?
We use your data to:
Manage secure logins and database access, including MFA.
Provide important notifications about service updates or issues.
Our customers (NHS and private healthcare organisations) may use your data for:
Personalised performance monitoring.
Depersonalised quality monitoring.
Medical records audit.
Direct contact if necessary.
How Do We Keep Your Information Safe?
We follow strict security standards compliant with ISO27001. Safeguards include:
Data encryption.
Regular security audits and penetration testing.
Access controls to restrict data to authorised personnel.
All staff undergo training and adhere to internal information governance policies.
How Long Do We Keep Your Information?
We retain your personal data indefinitely to ensure professional accountability and comply with legal or organisational obligations.
Do We Share Your Information?
We do not share your information with third parties unless:
Legally required (e.g., risk to safety).
To facilitate outsourced IT services (e.g., SMS providers or cloud service providers).
All third-party providers comply with our data processing agreements and UK GDPR.
What Are Your Rights?
Under UK GDPR, you have the following rights:
Access: Request a copy of the data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Request deletion of your data (subject to legal and contractual obligations).
Restriction: Limit how we use your data.
Objection: Object to processing based on legitimate interests.
How Can You Access or Manage Your Data?
Log in to your account to update or view your data.
Contact [email protected] for further assistance.
How Can You Contact Us?
If you have questions or concerns about this Privacy Notice, please contact:
Email: [email protected]
You can also find details of our registration with the ICO online:
Website: www.ico.org.uk
ICO Registration Number: Z3632714
How Can You Make a Complaint?
If you’re dissatisfied with how we handle your data, please contact us at [email protected].
If unresolved, you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Privacy Notice for Healthcare Professionals using referapatient
Issued by:
Bloomsbury Health Limited
The Bloomsbury Building,
10 Bloomsbury Way,
London, WC1A 2SL,
United Kingdom
Company registration number: 08298089
ICO registration number: Z3632714
NHS DSPT Registration
ODS code: 8J759
What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation explaining how personal and confidential information is collected, used, and shared. This document outlines how Bloomsbury Health Limited manages information about healthcare professionals using our software, referapatient.
This Privacy Notice applies to healthcare professionals working for NHS and private healthcare organisations. A separate privacy notice is available for patient data processed through our services.
Who We Are
Bloomsbury Health Limited provides software services to NHS and private healthcare organisations. We are governed by UK laws and regulations, including oversight by:
Department of Health
Information Commissioner's Office (ICO)
NHS England
Why Have We Issued This Privacy Notice?
We value openness, accountability, and the protection of personal and confidential information. This Privacy Notice outlines how and why we collect, use, and store information about you.
Our processing complies with the following:
Data Protection Act 2018
UK General Data Protection Regulation (UK GDPR)
Common Law Duty of Confidentiality
ISO27001 Information Security Standards
What Information Do We Collect?
We may collect the following personal data:
Salutation
Name
Professional title or qualification
Professional membership
Email address
Personal mobile phone number
Why Do We Collect Your Information?
We collect your data for the following purposes:
To ensure professional accountability and accurate records.
To facilitate secure communication and service notifications.
To enable multi-factor authentication (MFA) for secure access.
What is Our Lawful Basis for Processing Your Data?
We will only process your personal data where legally justified:
Salutation, Name, Professional Title or Qualification, and Professional Membership
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To maintain professional accountability and facilitate accurate records.
Email Address
Lawful Basis: Legitimate Interests (Article 6(1)(f)) or Contractual Necessity (Article 6(1)(b)).
Purpose: To facilitate professional communication and secure notifications.
Personal Mobile Phone Number
Lawful Basis: Legitimate Interests (Article 6(1)(f)).
Purpose: Used for MFA and urgent communication. Implied consent is assumed when entered.
How Do We Use Your Information?
We use your data to:
Manage secure logins and database access, including MFA.
Provide important notifications about service updates or issues.
Our customers (NHS and private healthcare organisations) may use your data for:
Personalised performance monitoring.
Depersonalised quality monitoring.
Medical records audit.
Direct contact if necessary.
How Do We Keep Your Information Safe?
We follow strict security standards compliant with ISO27001. Safeguards include:
Data encryption.
Regular security audits and penetration testing.
Access controls to restrict data to authorised personnel.
All staff undergo training and adhere to internal information governance policies.
How Long Do We Keep Your Information?
We retain your personal data indefinitely to ensure professional accountability and comply with legal or organisational obligations.
Do We Share Your Information?
We do not share your information with third parties unless:
Legally required (e.g., risk to safety).
To facilitate outsourced IT services (e.g., SMS providers or cloud service providers).
All third-party providers comply with our data processing agreements and UK GDPR.
What Are Your Rights?
Under UK GDPR, you have the following rights:
Access: Request a copy of the data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Request deletion of your data (subject to legal and contractual obligations).
Restriction: Limit how we use your data.
Objection: Object to processing based on legitimate interests.
How Can You Access or Manage Your Data?
Log in to your account to update or view your data.
Contact [email protected] for further assistance.
How Can You Contact Us?
If you have questions or concerns about this Privacy Notice, please contact:
Email: [email protected]
You can also find details of our registration with the ICO online:
Website: www.ico.org.uk
ICO Registration Number: Z3632714
How Can You Make a Complaint?
If you’re dissatisfied with how we handle your data, please contact us at [email protected].
If unresolved, you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
