Privacy Policy

DXS International plc (“DXS”) is committed to protecting and respecting your privacy as defined in the Data Protection Act 1998 (the “DPA”) and now the Data Protection Regulation (GDPR) (EU) 2016/679.

When processing medical records, the healthcare organisation to who the personal data has been provided shall be the Data Controller and DXS shall be the Data Processor (as defined in the DPA and GDPR).

This privacy policy will explain how DXS International plc uses the personal data collected from you when you use our services.

Topics:

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• Marketing
• What are your data protection rights?
• What are cookies?
• How do we use cookies?
• What types of cookies do we use?
• How to manage your cookies
• Privacy policies of other websites
• Changes to our privacy policy
• How to contact us
• How to contact the appropriate authorities

1. What data do we collect?

We may collect and process the following information about you:

• Information you give us. You may give us information by filling out forms on the Application, our websites, or by corresponding with us by phone, email, or otherwise. This includes information you provide when you register to use DXS applications or websites. The information you give us may include your name, date of birth, NHS number, address, email address, and phone number (“Registration Information”).
• Information we collect about you. Each time you use the DXS Point-of-Care (BestPathway) application, Aios, ExpertCare, or our personal website, we may automatically collect the following information: technical information, including the internet protocol (“IP”) address used to connect your computer to the internet or local area network, your login information (excl. passwords), browser type and version, time zone settings, browser plug-in types and versions, operating system, and platform; and
• Information about your visit to or usage of one of our web platforms or applications, including the full Uniform Resource Locators (“URL”) clickstream to, through, and from our applications or website (including date and time) and page response time.

(Collectively referred to as “Usage Information”) DXS applications may from time to time, contain links to third-party applications or websites. If you follow a link to any of these applications or websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

2. How do we collect your data?

Registration and usage information is collected during the use of the products and submitted to our content update servers which reside in the EU.

3. How will we use your data?

We use information held about you in the following ways:

• Your personal information will be used to provide you with the DXS services relevant to you as well as information about our services that we believe may benefit you.
• Information you give us. We will use your Registration information to manage your account, subscribe you to opt-in services, and for our own internal administration purposes.
• Information we collect about you. We will use your Usage information to monitor, gather, and use “usage” statistics to gauge where future enhancements should be focused. We do not disclose information about identifiable individuals and “usage” statistics will always be anonymised.
• To improve the Online Portal to ensure that consent is presented in the most effective manner for you and your computer; and
• As part of our efforts to keep the Online Portal safe and secure.
• We will never sell your data to third parties, and it will only be used to provide you with the service you have agreed to and to keep you informed about our products and services.

4. How do we store your data?

We utilise multiple secure data storage systems to handle different types of user data, ensuring the highest levels of security and privacy:

Registration and User Data: All data collected during the registration process and general user account data is stored on servers located in the Netherlands. This data is encrypted at rest using industry-standard encryption algorithms to ensure it remains secure even in the unlikely event of a data breach. Access to this encrypted data is tightly restricted to authorised personnel only.

Support Information: Data generated through support requests, including support messages, logs, and any troubleshooting information provided by users, is also stored on our Netherlands-based servers. This allows our support team to quickly access relevant information when addressing user inquiries, while still ensuring the data remains protected within the European Union's robust privacy framework.

Application Data: Sensitive information collected and processed within our application is stored on secure servers provided by an NHS Digital approved cloud provider. This data is only accessible through the Health and Social Care Network (HSCN), ensuring that it remains isolated from the public internet.

Access to this data is strictly limited to authorised users of the system who have been granted the appropriate rights to view and interact with the data relevant to their roles. All data transfers occur over secure, encrypted communication channels to maintain the integrity and confidentiality of the information.

All data centres we utilise employ strict physical and digital access controls, ensuring that only authorised individuals can interact with the servers storing user data. We also implement redundant backup systems to protect against data loss in the event of hardware failures or catastrophic events.

Our company will handle the retention and deletion of data as follows:

Sensitive Application Data: We will retain your sensitive data for a period of 6 months after the completion of the associated form. This allows the practice to easily look up historical forms when necessary. After the 6-month retention period, the sensitive data will be automatically deleted from our systems.

Registration Data: The personal information you provide during the registration process, such as your name, email address, and other account details, will be kept indefinitely. This allows us to maintain your account, provide a streamlined registration process should you need to register again in the future, and comply with any applicable legal obligations. However, if you wish to have your registration data deleted, you may request its removal by contacting our Support team at support@dxs-systems.com.

Support Information: Data generated through your interactions with our support services, including support requests, communication logs, and any troubleshooting information you provide, will be retained indefinitely. This enables us to maintain a historical view of our support services, assess our efficiency in addressing user inquiries, and improve our support processes over time. If you prefer to have your support information removed, please reach out to our Support team at support@dxs-systems.com with your specific request.

Please note that in certain circumstances, we may be required to retain specific data for longer periods to comply with legal obligations, resolve disputes, or enforce our agreements. In such cases, we will retain the data only for as long as necessary to fulfil those specific requirements.

5. Marketing

DXS would like you to stay informed about our products and services by sending you information, including information about our trusted partner companies.

If you have agreed to receive marketing communications, you may always opt out at any time.

You have the authority to stop DXS from reaching out to you for marketing purposes or to share your data within our company group.

If you wish to no longer be contacted for marketing purposes, please unsubscribe from communications distributed by DXS.

6. What are your data protection rights?

DXS would like to ensure that you are fully aware of all your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request DXS for copies of your personal data. We may charge a small fee for this service.
The right to rectification – You have the right to request that DXS correct any information you believe is inaccurate. You also have the right to request DXS to complete information you believe is incomplete.
The right to erasure – You have the right to request that DXS erase personal data, under certain conditions.
The right to restrict processing – You have the right to request that DXS restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object DXS’ processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that DXS transfer the data that we have collected to another organisation or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: support@dxs-systems.com 

7. What are cookies?

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit allaboutcookies.org.

8. How do we use cookies?

The data we collect is solely aimed at improving user experience and generating insightful reports.

9. What types of cookies do we use?

• Count of users
  
• Session statistics
  
• Approximate geolocation
  
• Browser and device details

10. How to manage your cookies

You can set your browser no to accept cookies, and allaboutcookies.org tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

11. Privacy policies of other websites

Our websites may contain links to other websites. Our policy only applies to our services and websites, so if you click on a link to another website, you should read their privacy policy.

12. Changes to our privacy policy

DXS keeps its privacy policy under regular review and places any updates on this website page. This privacy policy was last updated on 7 May 2024.

13. How to contact us

Get in touch with DXS (dxs-systems.co.uk)

14. How to contact the appropriate authorities

Should you wish to report a complaint or if you feel that DXS has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.