Applicable only if you accessed services directly provided by eMed on or before 17th March 2025. As of today, eMed does not offer private medical services directly.
Welcome to the eMed privacy policy.We take your privacy seriously. We want you to know why we need certain information from you, what we're doing with it, and how we keep it secure.
This policy explains how we use your data to deliver our healthcare app, websites and services. This includes:
We provide these services through 2 companies in our group:
When we talk about eMed, us or we in this policy, we mean these 2 companies.
BHSL is the controller of any health and medical data we may collect from you when you use our services, and may share this data with eMed UK as a processor on behalf of BHSL (for more information on this, see how and why we share your data below).
This means that we're responsible for how your personal data is handled and what it's used for through these 2 companies. If you wish to exercise any of your rights, both companies act as one.
Our NHS service is called GP at Hand. GP at Hand offers a digital-first primary care service to its registered patients.
These services are provided by BHSL under a subcontract arrangement with the NHS.
Read more about GP at Hand.
See more about our registered companies.
Personal data is any information we have that can identify you, such as your name, medical history or credit card details.
When you register with us, we'll ask you for your:
The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorised to do so.
When you use our services, we collect information about your health, including:
Some of this information comes directly from you, but it can also come from third parties, such as your GP.
If you use GP at Hand, we'll get your medical history from your previous GP.
If you use our private service, we'll send your appointment notes to your NHS GP, if you give us your consent.
We share children's appointment notes with their NHS GP, in line with current medical guidelines.
We also keep a record of your consultations and your conversations with us. This is so we have an easy way to access your consultations to monitor the quality of our service and healthcare.
And, if you have consented, so that we can use them to improve our services. This includes:
We keep your health and medical data secure by applying technical and organisational measures to protect it.
Find out how long we keep your data.
We might also receive some data about you and your health from other apps, devices and services.
This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a smartwatch with our app.
If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.
We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.
When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:
We work with other companies that provide us with analytics and advertising services. This is to:
We also use 'cookies'. Cookies are files saved on your phone, tablet or computer when you visit a website. They collect information about how you use the website and the pages you visit.
You can find out more about how we use cookies in our cookie policy.
It's possible to connect your social media accounts, or your wearable device (like a smartwatch) with our services. For example, you can sign up for eMed using your Facebook login details. If you choose to do this, we'll receive the following information about you from the third party:
If you use login details from third parties, they will also process your login data, and they are solely responsible for handling this.
We may also get information from other sources, such as companies who offer information on consumer trends.
We use this information to help us make our services better. We comply with data protection laws when we do this. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
This is how we use your data and the legal reasons for using it.
We need your personal information to enter into a contract with you and deliver services.
We use your financial details to charge you if you use our paid service or buy our products.
We use your health and medical information to provide you with a healthcare service. This includes:
This information is based on:
The health and medical information we use includes information from your:
We might share this information with other health services. This is so we can give you the right care, including when it's in your vital interests. These services include:
We use your location to recommend services near you, like pharmacies and hospitals.
Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.
If you've given explicit consent, we use your health and medical information to improve our services. This helps us deliver better healthcare to you and other eMed users.
We remove details that could identify you from this information, such as your name, address and contact details. These are called 'personal identifiers'.
The health and medical information we collect (with your personal identifiers removed) includes information from your:
This doesn't involve making any decisions which would have a big effect on you. We only use this information to deliver a better experience to you and other eMed users. This explicit consent relates to when we use your personal data.
As part of our work with the NHS we occasionally partner with universities, academic institutions and research organisations, to further medical science and ultimately improve healthcare for all.
As part of these partnerships, we may use your contact details to invite you to take part in clinical trials. You are not under any obligation to partake and can opt out of receiving information by contacting our support team via our contact us page.
More information can be found on the NHS GP at hand FAQ website.
We sometimes analyse your data and how you use our products to help us manage our business better.
This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future.
This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
We may contact you when marketing our service. This includes sending you product updates, surveys and marketing information. You can opt in or out at any time by going to 'Me', 'Settings' and 'Privacy Controls' in the app. You can also choose if you want to get app notifications in your device settings.
As part of providing you with a healthcare service or public service, we may send you health information by text message, email or in other ways. For example, we may send you public health messages or invite you to book an appointment for a free screening programme, such as cervical cancer screenings.
We use your health and medical information for safety, training, regulatory, and compliance purposes.This means that:
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.
Your personal health and medical information is stored on secure servers. This includes information like:
We don't store any of this information on your mobile device.
If you've chosen a password or authentication method to access the app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.
We encrypt data transmitted to and from the app. Once we have your information, we use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to make sure that your data is treated securely.
We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.
Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).
Your health data will be stored and processed in the UK only. We may sometimes need to work with companies outside of the UK or European Economic Area (EEA), including eMed affiliate companies, to help us deliver services to you.
This will always be in line with applicable data protection laws and will include using appropriate safeguards such as the execution of appropriate data transfer agreements incorporating European Commission approved Standard Contractual Clauses along with other safeguards where appropriate or confirming other controls to comply with UK data protection requirements.
To help us deliver our services we may share your personal data with other parts of eMed, such as GP at Hand, eMed affiliate companies or partner organisations (including our NHS partners) who we work jointly or in connection with to provide you a service.
Some companies provide services to you on our behalf, such as the live chat. We may share your personal data with them so that they can process it to provide these services.
These companies can only use your data based on our instructions and they cannot use the data for their own purposes.
They also have to act in line with data protection laws and contractual terms that specify how they can process data on our behalf.
If you use our services through your health insurer or one of our partners, which may be your employer, we may share some of your information with them. This could include your:
We may also share with them the fact that you have registered with us and used our services. But we will not share any details about your consultations or medical records, unless you consent to this.
If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:
By law, we may need to share information with these services to safeguard either you or others, or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
We might process your health data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
We may show on our website or share with our commercial partners data that does not personally identify you, but which shows general trends. This is 'aggregated' data and is not personal data.
This might include, for example, the number of users of our service or trends in a particular location.
We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in the Royal College of General Practitioners Research and Surveillance Scheme.
We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge and help our members and the general public.
We may need to share your personal data to help the NHS manage their medicines. This is because clinical commissioning groups (CCGs) use pharmacists and prescribing advice services to support local GP practices. And they may need information that identifies you to be shared.
These pharmacists work with GP at Hand to provide advice on medicines, and to make sure that medicines are right for your needs, safe, and cost-effective.
Where we need to ask for specialist prescribing support as part of your care, the CCG medicines management team may help us to get medications on behalf of GP at Hand.
We collect your information to make sure you get the best possible care and treatment. The information we collect when you use our GP at Hand services can also be used for things beyond your individual care and if the law allows it. This could include improving quality and standards of care, research into the development of new treatments, and planning services. Most of the time, any data used for research and planning is anonymised, so that you cannot be identified. If this is the case, it means that we don't use your confidential patient information.
You have a choice about whether you want your confidential patient information to be used in this way. To find out more, or to register your choice to opt out, please visit this information page from the NHS. If you choose to opt out, your patient information will still be used to support your individual care.
If you are a GP at Hand patient, we will share your records with North West London Whole Systems Integrated Care or other systems for other locations in which GP at Hand operates.
This gives other members of the scheme like NHS Trusts and the ambulance services access to your data. We do this to provide 'integrated care' for you. This is healthcare that's delivered to you by different organisations that work separately.
It also helps with research and statistical studies, based on medical and public interest research.
Your summary care records are an electronic record of important patient information, created from GP medical records.
Your summary care records data can be seen by authorised staff in other areas of the health and care system involved in your direct care. If you're based in Birmingham, Sandwell and Solihull, this will involve the use of Your Care Connected (YCC).
More information on YCC.
You can choose not to share this data at any time. To do this, complete and send an SCR opt-out form.
We may keep or share information about you, if we need to:
We follow advice from the Department of Health and the British Medical Association on how long to keep information found in your medical records. This is called a 'retention period'.
We might also keep some information that doesn't identify you to help improve our business and our services.
In some circumstances, we might keep data longer if the law says we have to.
Your information
How long we keep it (its 'retention period')
GP records
This includes medical records, consultations with GPs and symptom checker interactions
We keep your GP records for 10 years after your death or after you've permanently left the country.
We may keep your records longer if there are genetic implications for your family.
We work on the advice from clinicians in this situation.Electronic patient records can't be destroyed or deleted for the foreseeable future.
Video consultations
If we keep your video consultations, they are kept in the same way as your GP records (although that period of time could change if our product changes).
Voice (or audio) consultations
We keep your voice consultations in the same way as your GP records (although that period of time could change if our product changes).
Symptom Checker
We keep your interactions with our Symptom Checker in the same way as your GP records.
They are also available in the app for 1 month (although that period of time could change if our product changes). After 1 month we can provide them if you ask us for them.
Health check
We keep your records from these services for 2 years after you close your account, unless you agree to them being a part of your medical record. If you do, we will store them in the same way as your GP records.
Participation in one of our programmes
Relevant clinical data will be transferred to your medical record and will be kept in the same way of your GP records (see above).
Information that does not form part of your medical record, will be kept in the same way as Healthcheck data (above).
Communications with support teams
Including phone calls, emails and live chats
1 year after you leave the service.
Maternity records
We keep your records for 25 years after the birth of your last child.
Records on any treatment for a mental disorder
(as described in mental health legislation)
We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner.
You're in control of your personal information. Under data protection law, you have the right to:
To exercise your rights, please complete our online webform here.
If you have any general queries about how we process your information, please contact us at DPO@babylonhealth.com
Or write to us at eMed Healthcare UK, 184, 192 Drummond St, London, NW1 3HP
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
We might update this policy from time to time.
If we make any important changes, we'll let you know, and give you the chance to review them.
If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.
Last Modified: April 2025