0116 232 2622

Privacy Notice

For Customers; Potential Customers and End Users


(1) We operate Information Security Management with accredited certification to ISO 27001.
(2) We maintain an Information Asset Register (required by ISO 27001), which contains details of all the data (including personal data) that we hold and process.
(3) Our lawful basis for processing personal data is principally to perform contracts.
(a) We process the personal data of employees to perform contracts of employment.
(b) We process the personal data of other individuals to perform commercial contracts.
(4) We do NOT sell our data to, or share our data with, any other organisation or people.

IMPORTANT If we become subject to any legal requirements, which conflict with any other commitments in this notice, we shall comply with the legal requirements.

Alarm Receiving Centre (ARC) – Customers and Lone Workers

(1) We hold the following details of people who work for customers of our ARC:
Names and phone numbers of lone workers;

Where contract requires
Addresses of lone workers;
Name and phone numbers of line managers;
Customers’ escalation phone numbers;
Relevant medical details (i.e. sensitive personal data);
Names and contact details of partners and/or family.

(2) We process this data to perform a contract, to provide a lone worker protection service.
(3) Our customers provide (to us) the details of the lone workers that work for them.
(4) We do not disclose the details of any lone worker to any other organisation or person, unless contractually required to do so, e.g., to escalate an alert to one or more emergency service.
(5) We remove the details of a lone worker when a customer informs us that the person no longer works for them.
(6) We remove the details of the lone workers that work for a customer after our contract with the customer ends. We may retain some or all of the details for an interim period to enable reporting and/or invoicing etc.

Payment Portal

(1) Payment Portal retains and stores the following information:
Order number;
Amount; Transaction Reference;
Payment result;

Card expiry date, where needed for notification of subscription expiry.

(2) Payment Portal does not retain or store the following information:
Postal address;
Email address,
Telephone number
Partial payment card number;
Patient Partner and Repeat Prescriptions,
Voicemail and Auto-attendant

Patient Partner and Repeat Prescriptions, Voicemail and Auto‑attendant

(1) Patient Partner and Repeat Prescriptions are products that we provide to medical practices. Voicemail and Auto‑attendant are products that we provide to a diverse range of customers. These process personal data but belong to the customer. Patient Partner processes telephone numbers and dates of birth. Repeat Prescriptions also processes details of medication. Voicemail records voice messages that callers leave. It is impossible to control the content of these. The owners of these products are legally responsible for the processing of personal data that these products perform.
(2) We must sometimes process personal data to perform a (maintenance) contract to provide technical support.
(3) We do not record any personal data in our permanent records of technical support.
(4) We delete any required personal data after a technical support issue is resolved and closed.
Voice Connect Communications Portal and Medical Messenger

Voice Connect Communications Portal and Medical Messenger

(1) The Voice Connect Communications Portal can send single and bulk SMS text messages, and single and bulk postal messages through VC SmartMail.
(2) Medical Messenger communicates with a medical practice information system, and the Voice Connect Communications Portal, to enable a medical practice to send single and bulk SMS text, email and postal messages, via the cheapest type of message, to patients.
(3) The Voice Connect Communications Portal retains records of messages for the following periods.

Email 14 days (default – this can be changed);

2 months if sent via NHS.net,
6 months if sent via the Voice Connect Communications Portal;

Post three months.

(4) After a customer cancels the service, we delete all of the customer’s data within 30 days.


Do you currently accept card payments?