• Our Services
    • beetrootDMARD >> monitoring toxic drugs like DMARDs & IMDs
    • beetrootCANCER >> enabling PSFU & RMS for cancer patients
    • beetrootPSA – prostate cancer PSFU
    • beetrootMH – registering and monitoring lithium and valproate patients
    • beetroot@ >> supporting patient wellbeing through PROMS
    • beetrootCCARD >> supporting CCARD schemes
    • beetrootSTART >> supporting Healthy Living schemes
  • About Us
  • Find Out More & Keep In Touch
  • Get support for beetroot® services
  • Login securely to beetroot® services
  • privacy policy
  • accessibility statement

Call free: 0800 756 1087

beetroot®beetroot®
  • Our Services
    • beetrootDMARD >> monitoring toxic drugs like DMARDs & IMDs
    • beetrootCANCER >> enabling PSFU & RMS for cancer patients
    • beetrootPSA – prostate cancer PSFU
    • beetrootMH – registering and monitoring lithium and valproate patients
    • beetroot@ >> supporting patient wellbeing through PROMS
    • beetrootCCARD >> supporting CCARD schemes
    • beetrootSTART >> supporting Healthy Living schemes
  • About Us
  • Find Out More & Keep In Touch
  • Get support for beetroot® services
  • Login securely to beetroot® services
  • privacy policy
  • accessibility statement

Privacy Policy

beetroot & THERAPYAUDIT Limited

How We Handle Your Data Securely and Safely

1           Why we process personal data

Any personal data we process reflects the varied nature of our role. For example:

  • We host and/or maintain digital health systems that help our customers to provide care and advice to people about their health
  • We work on behalf of healthcare organisations and charities to ensure that doctors, nurses and other health and care professionals have the information they need to provide care to the people
  • We analyse information to provide reports and inform our clinician and commissioning customers

All of the above activity may require processing of personal data. This access is controlled – not all of the people working for us need access to all the information we hold and we only allow access to personal data where it is required for somebody to do their job. We take this seriously and all of our employees are required to be trained on the appropriate use of personal data. Inappropriate access to such information can result in disciplinary action, including dismissal.

2           Types of personal data

In order to provide our services, we collect and/or process a range of personal information. We do not collect or process all of this personal data about all people all of the time. We only collect and /or process the personal data necessary for the particular task that we have been asked to carry out by our customers, or we are carrying out for marketing and communication purposes. Where possible, your information will be pseudonymised (replacing identifiers with codes or ‘keys’) or anonymised (meaning individuals cannot be identified); for example when reports are produced and/or when questionnaires are sent to people and they submit them back to us.

All personal health data stored in our services’ databases is stored within NHS-secure locations, either local hospital Trust and/or the NHS HSCN private network. We do not collect or hold any personal health data in our databases outside the NHS, other than collecting and holding anonymised data in our public-facing Rackspace server with appropriate Information Governance approval from relevant customers.

All of this information is stored and used on behalf of our customer organisations. And in our internal systems.  It includes:

  • Contact details, including names, aliases, addresses, postcodes, telephone numbers and email addresses
  • Identifying details, including date of birth and reference numbers such as NHS numbers
  • Information about peoples’ health and wellbeing including medical history and genetic data.
  • Workplace, education or financial information
  • Information about patients’ family, dependents or personal circumstances (so that professionals know who they can speak to about their care)
  • Private and subjective data including religion, gender and sexual orientation.
  • Online identifiers including IP addresses and cookie identifiers (collected when you visit websites we are responsible for)

 

3           How we use personal data

We process your personal data for purposes directly connected with ensuring that we support doctors, nurses and other clinical professionals, helping them provide high quality health care to patients in hospitals, GP practices and across the community. This includes:

  • Providing you with information on behalf of your healthcare provider that either you have requested or that your healthcare provider deems is of value to you
  • Collecting information from you regarding your health through questionnaires at the specific request of your healthcare provider (Personalised Stratified Follow Up)
  • Handling your enquiries, complaints or concerns
  • Providing access to certain areas of our websites
  • Informing you of services which may be of relevance to you
  • Auditing and improving our IT systems and websites
  • Facilitating stakeholder engagement such as focus groups or surveys

We also process your personal data if you request further information about our services from our public-facing websites.

4           How we obtain your information

We may collect your personal data from a variety of sources, including (but not limited to):

  • Information provided by other NHS organisations
  • Information provided by non-NHS organisations (e.g., Local Authorities)
  • Other sources of UK wide information (e.g., NHS Digital and Office of National Statistics).
  • Information provided by you directly to us

 

5           The lawful basis for what we do

Data protection legislation requires us to tell you the lawful basis for processing personal data in the way we do. Further information is available from the website of the Information Commissioner’s Office. Click here for more information.

We generally rely on the following legal provisions:

  • The provision of care: the processing is required for the purposes of health or social care or treatment or the management of health or social care systems.

Our services always ensure our customers ask your permission to use your information. Permission is also sought from you when you complete requests for information from our public-facing websites.

6           Who your information is shared with

Personal data is only shared with other organisations where it is necessary to do so. Owing to the range of services we provide information is shared with a variety of organisations and agencies including:

  • NHS organisations in England, Scotland, Northern Ireland and Wales such as Trusts, Health Boards, GPs and Pharmacists
  • Other care providing organisations, such as local authorities
  • Third sector organisations including charities

We will share personal data if we are required to do so by law – for example, by court order or to prevent fraud or other crimes.

We will not:

  • sell or rent your personal data to third parties
  • share your personal data with commercial companies for marketing purposes

7           How long we keep your information

We keep personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and to comply with our legal and regulatory obligations. If the data relates to personal health, we are expected by our customers to ensure the data is available for 8 years. If it is data that we store for non-personal health reasons it will be deleted immediately on request.

8           Security and storage of information

We recognise that your personal data is very valuable and so we take its security very seriously. We have set up systems and processes to prevent unauthorised access or disclosure of your data through the use of:

  • Auditing – we keep records of those who access personal information
  • Access controls – members of staff are provided with their own username and password to access your information
  • Electronic records management – all healthcare records are stored confidentially and in secure locations
  • Computer controls – We have complex security controls to ensure our computers cannot be accessed by those not authorised to do so – such as hackers
  • Encryption – computer devices that hold personal information such as laptops are encrypted in case the device storing the data is lost or stolen

All THERAPYAUDIT staff must complete Information Governance training. This training makes staff aware of the importance of confidentiality and security of your personal data and makes clear that they are personally responsible for the security of any information, which they are processing. This training must be completed every two years. We also make sure that any third parties we deal with keep all personal data they process on our behalf safe and secure.

9           Your rights

Data Protection legislation provides various individual rights for data subjects including:

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

Not all of these rights are absolute, which means we often have to balance your wishes against other requirements. For example, it is unlikely that a request from an individual to delete their entire health record would be agreed. We are always guided by our clinical customers and their data security advisors when considering requests for deletion of data. This may be because there are other legal reasons that such records need to be kept and, if future treatment is required, the individual could be at risk of harm as a result of information not being available. Some rights are unlikely to apply in the context of the work we do, for example, the right to erasure and right to portability. For an explanation of all your rights please see the ICO’s guidance, which you can access here. If you wish to exercise any of these rights or have any queries or concerns regarding our processing of your personal data, please contact us using the contact details provided below.

10       Our websites 

Our public-facing websites use SSL encryption to secure any data you may submit to us in a contact form or request for information.

Google Analytics

Our websites may use Google Analytics (external website), a web analytics service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’ and JavaScript code to help analyse user activity on websites. The information generated about your use of the website (including your IP address) will be transmitted to and stored on Google servers in the United States. Google will use this information to produce user activity reports for the website visited. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data previously held. You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note that if cookies are disabled, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Read Google’s Full Privacy Policy (external website) and Terms of Service (external website) for detailed informatio

Use of cookies

Cookies are small files that websites put on your computer hard disk drive when you visit. Cookies pass information back to websites each time you visit. They are used to uniquely identify web browsers, track user trends and store information about user preferences. You can restrict/disable cookies on your browser; please note that some website features may not function properly without cookies

Use of search engine technology

Our website may contain search facilities. Search queries and results may be logged anonymously to help us improve our website and search functionality. No identifiable personal information will be collected by us.

11       Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our websites and to constantly aim to improve the sites and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

12       Links to other websites

Our websites and websites hosted by us may contain links to other websites. This policy only applies to the Informatics Service and does not cover other organisations websites. These organisations should have their own terms and conditions.

13       Changes to this policy

We keep our privacy policy under regular review to ensure it remains relevant, accurate and up to date. Any changes to this privacy policy will apply to you and the information held about you immediately.

14       Contact us

Please contact the Data Protection Officer for further information regarding this policy, including how to exercise your rights:

Data Protection Officer

THERAPYAUDIT Limited

Unit 4 Century House

Swavesey

Cambridge CB24 4QG

[email protected]

15       Right of complaint

You have the right to lodge a complaint in relation to this privacy notice or our processing activities with the Information Commissioner’s Office, which you can do through the website or their telephone helpline.

https://ico.org.uk/global/contact-us/

Contact Us

Send us an email and we'll get back to you, asap.

Send Message

from THERAPYAUDIT Limited

www.therapyaudit.com

beetroot® is a THERAPYAUDIT brand

See our Terms & Conditions of Business

 

         

Contact Us

Sales & Support: 0800 756 1087

 

Suite 4 Century House, Swavesey, Cambridge CB24 4QG

&

SME Centre of Excellence

17 Main Street, Ponteland

Newcastle Upon Tyne NE20 9NH

 

 

 

News

  • New beetrootCCARD customer
  • beetroot®CANCER arrives
  • beetroot®. Really?

copyright © 2025 · THERAPYAUDIT Limited All rights reserved beetroot® is a Registered Mark

  • Find Out More & Keep In Touch
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT