Back to Home

Privacy Policy

Last updated: 15 April 2026

1. Who We Are

DischargeIQ Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales. Our registered address is available upon request. For any data protection queries, contact our Data Protection Officer at dpo@dischargeiq.co.uk.

2. Data We Collect

We collect and process the following categories of personal data:

  • Account Data: Full name, email address, job title, professional registration number, and organisation details.
  • Authentication Data: Encrypted password hashes and session tokens.
  • Clinical Operational Data: Anonymised patient identifiers, ward assignments, discharge readiness scores, task records, and audit logs. No directly identifiable patient health data (e.g., NHS numbers) is stored in plaintext.
  • Usage Data: Pages visited, features used, browser type, IP address, and timestamps for platform improvement and security monitoring.

3. Legal Basis for Processing

We process personal data under the following lawful bases (UK GDPR Article 6):

  • Contract Performance (Art. 6(1)(b)): To provide the DischargeIQ platform services to your organisation.
  • Legitimate Interest (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a)): For optional analytics cookies and marketing communications.
  • Legal Obligation (Art. 6(1)(c)): Compliance with UK healthcare regulations and data retention requirements.

4. How We Use Your Data

  • Providing and maintaining the DischargeIQ platform
  • Authenticating users and managing role-based access
  • Generating discharge analytics and operational reports
  • Sending system notifications and security alerts
  • Improving platform features based on aggregated usage patterns

5. Data Sharing

We do not sell personal data. We may share data with:

  • Sub-processors: Cloud hosting providers (data centres located in the UK/EEA) with appropriate data processing agreements.
  • Your Organisation: Administrators within your NHS Trust can view staff profiles and audit logs.
  • Legal Requirements: If required by law, regulation, or court order.

6. Data Retention

Account data is retained for the duration of your organisation's subscription plus 12 months. Audit logs are retained for 7 years in compliance with NHS record-keeping guidance. You may request earlier deletion subject to legal retention requirements.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request)
  • Rectify inaccurate data
  • Erase your data (right to be forgotten), subject to legal retention requirements
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner's Office (ICO)

8. Security

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), role-based access controls, audit logging, and regular security assessments. All data is processed within UK/EEA data centres.

9. Contact

For any privacy-related requests, please contact: dpo@dischargeiq.co.uk

If you are not satisfied with our response, you may contact the ICO: ico.org.uk