Privacy Notice – iBox Healthcare Limited
Introduction

This Privacy Notice explains how iBox Healthcare Limited collects, uses, stores, and protects personal data. It is designed to help you understand what data we process, why we process it, and what your legal rights are.

iBox Healthcare Limited takes its responsibilities under data protection legislation very seriously. If there is anything in this notice you do not understand, or if you have any questions, please contact us using the details provided at the end of this notice.

This Privacy Notice covers our activities:

  • As a Data Controller for personal data relating to our staff, contractors, customers, suppliers, and website users
  • As a Data Processor when we process data on behalf of our healthcare customers, including NHS organisations
Who are we?

We are iBox Healthcare Limited , a private limited company registered in England and Wales.

  • Company Registration Number: 07997180
  • Registered Address:
    Nexus
    Discovery Way
    Leeds
    LS2 3AA
    United Kingdom

Throughout this notice, iBox Healthcare Limited may be referred to as “we”, “us”, or “our”.

What Personal Data Do We Collect?

We only collect and process personal data where it is necessary to deliver our legitimate business services.

Data Subjects and Categories
Data subjects: Categories of Personal Data:
Our staff, including temporary or agency staff Name, address, telephone number, email address, employment and education history, occupational health information, limited financial information
Customers, prospective customers, and suppliers Name, organisation, job title, address, telephone number, email address
Visitors to and users of our websites Technical data such as IP address, browser type, device information, and website usage data
Processing of Patient Data

In the course of providing software and technical support services to our healthcare customers (including NHS organisations), our staff may incidentally view patient data , for example when:

  • Providing technical support
  • Troubleshooting system issues
  • Assisting with configuration or system faults

Where this occurs:

  • iBox Healthcare Limited acts as a Data Processor
  • Our staff are trained in information governance and confidentiality
  • Access is limited to what is strictly necessary
  • Activity is supervised or authorised by the customer organisation
  • We follow customer instructions and contractual obligations at all times

We do not use patient data for our own purposes.

Why We Collect and Process Personal Data

We process personal data for the following purposes:

  • To manage and administer our business
  • To employ and manage staff and contractors
  • To communicate with customers, prospective customers, and suppliers
  • To deliver, support, and improve our products and services
  • To operate and improve our website
  • To meet legal, regulatory, and contractual obligations
Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Legitimate Interests – for running and managing our business and maintaining professional relationships
  • Contractual Necessity – where processing is required to fulfil a contract
  • Legal Obligation – where we are required to process data by law
  • Public Interest / Healthcare Purposes – where applicable for processing health data on behalf of NHS customers

Special category data (such as health data) is processed only where permitted by law and subject to appropriate safeguards.

Who We Share Personal Data With

We may share personal data:

  • Where required to comply with legal or regulatory obligations
  • With law enforcement agencies where legally required (e.g. fraud or serious crime)
  • With trusted third-party service providers who support our operations (e.g. hosting or infrastructure providers)

All third parties are subject to appropriate contractual, confidentiality, and security obligations.

In the event of a business sale, merger, or reorganisation, personal data may be transferred, but appropriate safeguards will be applied to protect your rights.

Where Your Data Is Stored

Our systems and infrastructure are hosted using secure cloud and hosting providers, including:

  • IONOS
  • DigitalOcean

Data is stored in accordance with UK GDPR security requirements and industry best practices.

How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected.

Data subjects: Retention Period:
Staff and contractors For the duration of employment/engagement and for a legally required period afterwards
Customers, prospective customers, and suppliers For as long as the business relationship exists and where necessary thereafter
Website users In accordance with operational and analytical needs
Your Rights

Under UK data protection law, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Object

You may object to certain types of processing, particularly where we rely on legitimate interests.

Right to Data Portability

You may request that data you provided to us is transferred to you or another organisation in a machine-readable format.

Right to Complain

If you are unhappy with how we handle your data, please contact us first so we can investigate. You also have the right to complain to the Information Commissioner’s Office (ICO) :

Contact Details

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us: