Get in touch

We'd love to hear from you!

Ready to take the next step? Learn more about Aire logic, chat to the team or one of our consultancy experts. Let’s see how we can help you.

+44 (0) 113 468 8527
info@airelogic.com
Close up partially opened MacBook

Patient and citizen data privacy policy

Updated: 04 Jun 2024
Version: 3

Privacy policy

Aire Logic Limited (‘we’ ‘us’) is a privately owned company and not part of any other group of companies.

Our privacy policy pertains only to Aire Logic Limited and explains what we do with personal information we process or collect about you when you use one of our products.

Please email compliance@airelogic.com for more information on the solution used to manage your data or the full functionality of our products. 

There are laws allowing us to collect and keep personal information to:

  • meet our contractual obligations
  • provide products to you
  • protect our systems
  • detect and prevent fraud

The law also gives you certain rights relating to information we collect and use. See this guidance for more information.

We provide IT Solutions to customers. Our customers will have their own privacy policies in relation to their use of your data, which should be read alongside this policy.

For the purpose of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 1998 2018 (the Act), our customers are the 'data controller' as they determine the purposes of 'why' and 'how' your personal data should be processed. We are the 'data processor' as your personal data will pass through or be stored in our systems.

As the data processor we adhere to the following principles:

  • Unless the law requires it, the controller’s documented instructions are the only instructions the processor must act on.
  • The processor must ensure that the people processing the data are subject to a duty of confidentiality.
  • Appropriate measures need to be taken to ensure the security of the processing.
  • Under a written contract, the processor must only engage a sub-processor with the controller’s prior approval.
  • Appropriate measures must be taken to help the controller respond to requests from individuals to exercise their rights.
  • The data controller needs the help of the processor in meeting its obligations concerning security of processing, declaration of personal data breaches and data protection impact assessments.
  • At the end of the contract, the processor must return all personal data to the controller. If the law requires it, the processor must also destroy existing personal data unless stated explicitly that data needs to be held in storage.
  • The processor is required to submit audits and inspections. The processor needs to give the controller all the information to ensure they meet their obligations in line with their GDPR Article 28 obligations.

If you have any questions about how Aire Logic uses your information please email compliance@airelogic.com.

Why we use your personal information

We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing).

We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies.

Please see below for more information about this and the reasons why we may need to process special category information. By law, we must have a lawful reason for processing your personal information.

We process standard personal information about you if this is:

  • necessary to provide the services set out in a contract
  • in our or a third party’s legitimate interests, or
  • required or allowed by law.

We process special category information about you because:

  • it is necessary to provide a medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems
  • it is necessary for reasons of public interest in the area of public health, or
  • we have your permission.

How we handle your data

When you use a service that one of our products is integrated with, we process your data in line with our customer’s requirements. The processing is completed securely, in line with internal and external data security requirements.

Protection of information

Aire Logic is committed to ensuring the security of your personal information. We use commercially reasonable technological, physical, and administrative security safeguards, such as firewalls and carefully developed security features — to protect the confidentiality and security of your personal information within our products, services, and sites.

When you enter confidential information (such as login credentials or information submitted from within the Service) we encrypt the transmission of that information using secure socket layer technology (SSL).

These technologies, procedures, and other measures are used in an effort to ensure that your data is safe, secure, and only available to you and to those you authorised to access your data.

However, no internet, email, or other electronic transmission is ever fully secure or error-free, so you should take care in deciding what information you send to us in this way.

Aire Logic is not responsible for the functionality or security measures of any third party.

Other websites

Our products may be contained within other systems, apps, or websites. This privacy policy only applies to our products alone, so when you link to other systems, apps, or websites you should read their privacy policies.

Aire Logic does not endorse and is not responsible for the practices of third parties or their websites or applications. We do not determine and are not responsible for the privacy practices or the content of websites or applications operated by third parties.

Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies.

We are not responsible for and do not control any third parties that you authorise to access your user content. If you are using a third-party website or service and you allow such a third-party access to your user content, you do so at your own risk.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

Aire Logic products that collect patient/citizen data do not use cookies.

Who we share your information with

Your data will be shared with the Data Controller. The Data Controller is the organisation deploying Aire Logic’s products to provide you with a service. This may be your local health or social care provider or a provider of other services (e.g. education).

If Aire Logic (or substantially all of its assets) is sold to another organisation, the information we hold about our users and customers will become one of the transferred assets. We may share your information if we are under a duty to disclose or share your personal data to:

  • comply with a legal obligation
  • apply or enforce our terms and conditions of supply and other agreements
  • protect the rights, property or safety of Aire Logic, our customers or others — this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction

We will never sell your information to other organisations.

Where we store your information

We use a number of cloud-based products to help us process the information we collect. By submitting your personal information, you agree for it to be transferred to, stored in or processed by these products. All of our data processing takes place within Amazon Web Services (AWS) in the ‘eu-west-2 region (London)’ in multiple availability zones.

We review what information is being processed and ensure your information is treated securely and in accordance with our privacy policy.

How long we keep your information

The Data Controller typically determines the length of data retention and this will be specified through contracts or other documentation. Aire Logic maintains a Data and Record Management Policy that outlines how we manage the data we process.

We comply with our legal obligations in relation to the retention and deletion of data.

We store personal information and medical information only for as long as is necessary, for the purpose the data was collected or to comply with applicable legal, tax, or regulatory requirements.

Please email compliance@airelogic.com with any queries regarding this.

You rights

You have the right to:

  • request a copy of the information that we hold about you
  • correct inaccurate or incomplete data that we have about you
  • ask for information about you to be deleted, in certain circumstances
  • restrict how we use your information, where certain conditions apply
  • ask us to transfer information about you to another organisation
  • object to having your information used in certain ways
  • object to automatic processing, including profiling
  • not be subject to solely automated decisions that affect your legal status or rights

Access to your information and your right to correct your information

You have the right to request a copy of the information that we hold about you. Typically this request should be submitted through your service provider (e.g. your GP Practice).

Alternatively, you can request a copy of your information directly from Aire Logic. This can be done by completing our patient/citizen information request form or by writing to us via the details below.

Email compliance@airelogic.com

Write to:

Compliance Team
Aire Logic Limited
Aireside House
24-26 Aire Street
Leeds
LS1 4HT

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You also have the right to ask us to delete all of the data we hold on you.

We will acknowledge receipt of your request within two working days of receipt of the request. We will provide you with the information you requested within one calendar month of receipt of the request.

In instances where the request is assessed as complex, we may take an additional two calendar months (three calendar months total) to process the request in line with ICO guidance. If we assess your request as complex and require an extended timescale we will inform you of this within one calendar month.

How to exercise your rights

To exercise any of these rights, please email compliance@airelogic.com. We will forward any requests you make to other organisations that may be involved in processing your information.

We will acknowledge receipt of your request within two working days of receipt of the request. We will provide you with the information you requested within one calendar month of receipt of the request.

In instances where the request is assessed as complex we may take an additional two calendar months (three calendar months total) to process the request in line with ICO guidance. If we assess your request as complex and require an extended timescale we will inform you of this within one calendar month.

How to complain

If you are unhappy about how your information has been handled by Aire Logic or an organisation involved in how we use your information, you can make a complaint to our Data Protection Officer or the Information Commissioner’s Office:

Aire Logic Limited Data Protection Officer

Andrew Martin
Aire Logic Limited
Aireside House
24-26 Aire Street
Leeds
LS1 4HT

Email: compliance@airelogic.com

Information Commissioner's Office
Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Web: ico.org.uk/make-a-complaint

Telephone: 0303 123 1113

Changes to our privacy policy

This policy was last updated on 04 June 2024.

We will post any future changes on this page and, where appropriate, notify you by email. Please check this page frequently for updates.

Contact us

Please contact us if you have any questions, comments or requests in relation to this privacy policy or information we hold about you by emailing compliance@airelogic.com or in writing to:

Conpliance Team
Aire Logic Limited
Aireside House
24-26 Aire Street
Leeds
LS1 4HT