National Health Online – Legal & Governance

These documents explain how National Health Online operates, how we use your data, and what you can expect from us as a telehealth provider.

Privacy Policy

Last updated: 15 November 2025

This Privacy Policy explains how National Health Online ("NHO", "we", "us") collects, uses, stores and protects your personal information, including health data, when you use our telehealth services.

1. Data controller

NHO acts as the data controller for the personal data you provide when using our platform. Our details and contact email should be inserted here once finalised.

2. What information we collect

  • Registration data (name, email address, contact details).
  • Health information (symptoms, medical history, medications, allergies, consultation notes).
  • Technical data (IP address, device, log data) for security and auditing.
  • Payment-related data (payment status and references) where applicable.

3. How we use your information

  • To provide clinical consultations and follow-up care.
  • To share necessary information with clinicians and pharmacies involved in your care.
  • To maintain clinical records and audit trails.
  • To improve and monitor the safety of our service.
  • To comply with legal and regulatory obligations.

4. Legal basis for processing

We process your personal data under UK GDPR and the Data Protection Act 2018, including the provisions relating to health data (special category data). Typical bases include the provision of healthcare, compliance with legal obligations, and your explicit consent where required.

5. Sharing your information

We may share your information with:

  • Clinicians working with NHO to deliver your care.
  • Partner pharmacies that dispense prescriptions issued via NHO.
  • Service providers who support our IT, security and hosting infrastructure, under appropriate data processing agreements.
  • Regulators or authorities where required by law or in the public interest.

6. Data retention

Clinical records are retained for the period required under applicable UK healthcare guidance and regulations. Non-clinical data is kept only as long as necessary for the purposes described in this policy.

7. Your rights

You have rights in relation to your personal data, including the right to access, rectify, in some cases erase, and restrict or object to certain processing. You also have the right to complain to the Information Commissioner's Office (ICO).

8. Security

We use technical and organisational measures to protect your data, including encryption in transit, access controls, and audit logs. No system can be completely secure, but we continuously work to reduce risk.

9. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact us using the details that will be provided on our main site.