Who We Are

We are Refero Software Ltd (company number 11110166) and our address is:

4.9 Frimley 4 Business Park,
Frimley,
Surrey.
GU16 7SG (referred to as “we” or “us” or “our”).

We are the providers of the Refero site https://refero.cloud and associated smartphone / tablet applications available in the app stores (referred to as the “Site” and “Applications”). Our VAT number is 284 3307 02.

The Site is for patients and citizens so they can send messages, access symptoms checking services and book appointments online with their designated care provider(s). Appointments that we are able to deal with include: G.P. appointments, district nurse appointments, clinical appointments in primary, secondary, community care and mental health services.

We also provide Apps for this service on our web-site which can be downloaded to your mobile phone.

We are not part of the NHS. We are a private limited company providing electronic communications services for the NHS.

A reference to “you” or “your” is a reference to a user of the Site or any of our services.

Introduction

We are committed to protecting your privacy. This privacy policy (referred to as the “Policy”) explains how and for what purposes we use the information collected about you.

Please read this Policy carefully.

What Personal Data Do We Collect About You?

Information received from third parties who are care providers

What we collect and where it comes from

  • In the course of providing our services, we collect personal data from you but we may obtain data from your Care Provider (or third parties working for them). The data we will receive is personal data such as identity information and addresses, contact telephone numbers and email addresses and we need to keep records of this together with your requests for appointments and within this information will be personal medical record data.
  • Personal medical record data may be information about your health and genetic and biometric composition and comes under the special categories of personal data under the General Data Protection Regulation (GDPR). The GDPR says this is sensitive information and so needs more protection.
  • In order to lawfully process special category data we must identify to you the basis for doing so under the Articles of the GDPR. This is one of the functions our Privacy Policy must achieve and we provide this information in the tabled information set out below.

Why we collect it

  • We will use this information for a number of reasons including:
    • to provide the Refero online portal;
    • to enable our customers to be able to have access to and arrange appointments with their Primary Care Providers;
    • to enable the Primary Care Service to have access to an online appointment service;
    • to allow Care Providers to see records of appointments made and treatments received; and
    • for our own purposes such as to identify age groups using the service and offering surveys on ease of use of the portal to improve the service.

Our lawful basis for processing this personal data

  • The requirements of the GDPR to process data lawfully when the data includes special category data means we have to provide you with two compliance reasons. One under Article 6 and one under Article 9.
  • Under Article 6 we can lawfully process your data where it is for a legitimate interest.
  • We have legitimate interests to process this information. These are:
    • providing a service to our customers by helping them to arrange appointments with their Care Providers;
    • providing a service to the Care Providers by offering an appointment service which enables them to fulfil their statutory obligation to provide health services;
  • Under Article 9 we can lawfully process your data where the service we provide is necessary for the purpose of preventative or occupational medicine:
    • for the assessment of the working capacity of employees,
    • for the provision of health or social care or treatment
    • or management of health or social care systems and services on the basis of European Union or Member State law or pursuant to a contract with a health professional.

How long will we keep it for

  • The information supplied through the use of our Refero Portal and online Apps is held as part of the secure NHS network. The timelines for holding information under this network are not controlled by us. Where information relates to your medical records this information will be required for your lifetime and may be held for longer. Please contact your Care Provider for further details if you have any queries. If we keep any information records for the purpose of our business these will be kept for 7 (seven) years.

Information you give to us

What we collect and where it comes from

We will collect the information that you give to us when using our Site:

  • Registered Users: information that you provide to us when you register as a Refero user and/or request downloads of our Apps will be personal data such as identity information and addresses, contact telephone numbers and email addresses and through our need to keep records of your requests for appointments this will also include personal medical record data; and
  • Communications: information that you provide to us by corresponding with us by phone, e-mail or otherwise;

Why we collect it

We will use the information summarised above:

  • Registered Users:
    • to enable our customers to be able to have access to and arrange appointments with their Care Providers;
  • General Site Use:
    • for our own business purposes;
    • to enhance the services that you select on our Site;
    • to process any queries that you have about the Site;
    • to customise the applications on our Site;
    • to contact you for your views on our services and to notify you occasionally about important changes to our Terms of Use or this Policy or developments to this Site or our services;
  • Communications
    • to process and resolve any queries that you may have;

Our lawful basis for processing this personal data

  • As with information obtained from third parties we have the same requirement under the GDPR to provide you with two compliance reasons. One under Article 6 and one under Article 9.
  • Under Article 6 we have a legitimate interest to process this information. Those legitimate interests are:
    • Registered Users: to provide a service to our members and to you;
    • General Site Use: to gain information about the use of our Site and any improvements that can be made as well as providing advertising space to our members and third parties;
    • Communications: to ensure that your queries are addressed;
  • Under Article 9 we can lawfully process your data where the service we provide is necessary for the purpose of preventative or occupational medicine:
    • for the assessment of the working capacity of employees,
    • for the provision of health or social care or treatment
    • or management of health or social care systems and services on the basis of European Union or Member State law or pursuant to a contract with a health professional.

How long we will keep it for

  • The information supplied through the use of our Refero Portal and online Apps is held as part of the secure NHS N3 or HSCN network. The timelines for holding information under this network are not controlled by us. Where information relates to your medical records this information will be required for your lifetime and may be held for longer. Please contact your Primary Care Provider for further details if you have any queries. If we keep any information records for the purpose of our business these will be kept for 7 (seven) years.

Information we collect about you

What we collect and where it comes from

  • This is different to “information you give us” because it relates to technical data that we collect. We may:
    • collect technical information that has the potential to identify you, such as the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
    • collect information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number;
    • we may combine technical information with other information that we have about you to help us with our processing of your information as set out in this Policy.

Why we collect it

  • We will use the information summarised above:
    • to provide the Refero Site to you;
    • to conduct reviews that assist us in the improvement and optimisation of our Site;
    • to ensure that content from our Site is presented in the most effective manner for you and for your computer;
    • to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • as part of our efforts to keep our Site safe and secure;
    • to provide services and information to third parties and our members, which they can use to benchmark their performance; and
    • to customise and enrich your experience on our Site.

Our lawful basis for processing this personal data

  • We have a legitimate business interest to process this information. Those legitimate interests are:
    • enhancing the service that you receive on the Site; and
    • the ability to provide technical support in the event there is an issue with our service.

How long we will keep it for

  • We will store this personal data for 7 (seven) years.

Use of your Data for Marketing and Communications

Sometimes we may use your personal information to provide marketing messages to you. We will always seek your consent before doing so and you can opt out of marketing and other communications at any time by contacting us:

  • By email: [email protected]
  • By phone: 0203 841 9970
  • In writing: Refero Software Ltd, 4.9 Frimley 4 Business Park, Frimley, Surrey. GU16 7SG

When we obtain consent for sending direct electronic marketing emails to you, we are relying on Regulation 22 of the Privacy & Electronic Communication (EC Directive) Regulations 2003 (as amended) and the definition of consent applicable to that Regulation. You can always make use of the Site without having to agree to marketing. The types of things that we may do include:

  • providing direct marketing advertisements and communications to you via email, text, post or telephone or via our selected third parties;
  • making suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them;
  • providing your information to selected third parties that we believe may be able to offer you goods or services that are of interest so that they can contact you about their goods and services; and
  • monitoring the effectiveness of our direct marketing communications and your responses to it.

Removing Data from The Site

If you have any concerns about the Site, please contact us and we will endeavour to resolve the issue promptly.

Who Has Access to Your Personal Data?

We retain access to all personal information that we have collected from you or about you. Once your information has been passed to one of your chosen Care Providers in the course of providing our services (most typically when you communicate with them through our Site) then that Provider will have a copy of the information that you have provided about the property enquiry and your contact details which they will use to get in touch with you.

The Care Providers (or any third party that acts on their behalf) will be responsible for information in their possession and that information will be subject to any privacy terms or policies that they have in place; we are not responsible for use (or misuse) of your information by any Care Provider.

If our business is sold or merged, or if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. We will make sure that any such transfer is done in a secure way.

If we offer or supply a service to you that is provided on our behalf by a third-party we may have to pass your information to them in order to deliver the service. The categories of third parties (who are acting as data processors) include address augmentation. We may also use third parties to provide services on our behalf which may include processing (but not using themselves) your information e.g. to complete partial addresses or to augment the information we hold about you. In either case, we will not pass your information to anyone who is not also subject to adequate privacy commitments in our contract with them.

We will not otherwise disclose, sell or distribute your information to any third party without your permission unless we are required to do so by law or to obtain professional advice. We will retain your information for as long as is reasonable and necessary and no longer than permitted by law.

Where Do We Store Your Personal Data?

For the purposes of delivering our Refero services on behalf of NHS Care Provider organisations, your data is stored in England.

In addition to your data being stored on the Refero secured portal the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or contractors. Territories outside of the EEA may not have equivalent legal protections to those that apply within the EEA but we are under a duty to make sure that our suppliers and contractors located outside of the EEA continue to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy. By submitting your personal data to us, you agree to this transfer, storing or processing.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We follow strict security procedures to ensure that your personal information is not damaged, destroyed or disclosed to a third party without your permission and to prevent unauthorised access to it. The computers that store the information are kept in a secure facility with restricted physical access and we use secure firewalls and other measures to restrict electronic access. If we are working with third parties, we will require them to have in place similar measures to protect your information.

Only employees who need access to your information to perform a specific job are granted access to personally identifiable information. We may require you to co-operate with our security checks before we disclose information to you. If you are a registered user, you can update the personal information that you give us at any time by viewing your Refero Profile.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Your Rights

You have the right to ask us not to process your personal data at any time.

You have the right to use our Site without consenting to marketing and communication services that we provide. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. We always use the most recently submitted form to be your current consent status. If you are a registered user, but not signed in when you submit a form, we will not be able to use your saved settings so will deem your consent choice to be as per the form you submit at the time. You can exercise your right to prevent such processing by selecting the specific options in the fields or forms when you become a registered user.

You have a right to request access to or rectification of your personal data which we hold about you. You also have a right to erase your personal data, to restrict the processing of your personal data and the right to receive your personal data that you have provided to us, the right to object to our processing of your personal data and a right to request that we transmit your personal data to another data controller.

Where we process your personal data because you have given us your consent to do so, you have the right to withdraw your consent at any time.

To exercise any of the rights, please contact the Data Protection Officer whose contact details are:

  • By email: [email protected]
  • By phone: 0203 841 9970
  • In writing: Data Protection Office, Refero Software Ltd, 4.9 Frimley 4 Business Park, Frimley, Surrey. GU16 7SG

You have the right to complain to the Information Commissioner’s Office if you feel unhappy with the way we process your data. Please visit www.ico.org.uk for more information.

Cookies and Tracking

Like many websites, we use “cookies” to enable us to personalise your visits to our Site, simplify the signing-in procedure, keep track of your preferences and to track the usage of our Site.

Changes to This Policy

Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Policy.