Privacy Notice

It is the policy of Healthcode Limited ("Healthcode"), supported by its board of directors, to take steps to ensure that your information is kept confidential and secure and to otherwise protect and respect your privacy. As well as the steps set out in this policy, Healthcode also follows the Code of Practice for Information Security Management Systems as set out in ISO/ISE 27001.

For the purposes of the Data Protection Act 1998 (the “Act”), this policy applies to personal data processed by Healthcode at Swan Court, Watermans Business Park, Kingsbury Crescent, Staines, Surrey TW18 3BA and at the sites of data processors and other third parties appointed by Healthcode.

Healthcode is owned jointly by Aviva, AXA PPP Healthcare, Bupa, Nuffield Hospitals, and VitalityHealth and is aware of the sensitivities of customers who may be competitors of all or any of such companies. The directors of Healthcode, whether they are employees or officers of competitor companies or not, are aware that any information they acquire in their capacity as Healthcode directors must only be used for the purposes of Healthcode supplying products and services to its customers (and otherwise in accordance with this policy) and not be disclosed or used for any other purpose to the detriment of Healthcode's customers.

This policy (together with Healthcode’s terms and conditions and any other documents referred to on it) sets out the basis on which any information Healthcode collects from you, or that you provide to Healthcode, will be processed by Healthcode. Please read the following carefully to understand Healthcode’s views and practices regarding your information and how Healthcode will treat it. By checking the “I accept” box you are accepting and consenting to the practices described in this policy and to ensuring that any of your users of Healthcode products and services comply with it.

Healthcode as a data controller and/or a data processor

In providing products and services, Healthcode may be acting as a data controller and/or as a data processor on behalf of certain third parties (such as medical specialists, hospitals and/or insurers) who will themselves be the data controllers. Where acting as a data controller, Healthcode will comply in full with this policy. Where acting as a data processor, Healthcode will be required to act on the instructions of the data controller (and the data controller’s privacy policy will apply) but, unless inconsistent with the instructions and requirements of the data controller, Healthcode will still endeavour to comply with this policy.

Information Healthcode may collect from you

Healthcode may collect and process the following information about you:

Information you give Healthcode

You may give Healthcode information by filling in forms on its sites at,, or (“Healthcode’s sites”) or by corresponding with Healthcode via its products and services, by phone, e-mail or otherwise. This includes information you provide when you register to use Healthcode’s sites, subscribe to Healthcode’s products and/or services, search for a product, place an order on Healthcode’s sites, participate in discussion boards or other social media functions on Healthcode’s sites, enter a competition, promotion or survey, and when you report a problem with Healthcode’s sites. The information you give Healthcode may include:

  • your name, gender, address, e-mail address and phone number;
  • professional identification details, such as registration numbers and regulatory body information;
  • profile information, such as biography and resume, areas of interest, research interests and publications;
  • practice details, such as current and past post, hospital location, fitness to practice information, specialities and secretary information;
  • patient history;
  • information that is necessary to process invoices including patient demographics, diagnosis information, type of care delivered and treatment details and specialist information;
  • other medical and insurer specific information, such as insurer name, renewal dates, identification details and bespoke notes; and/or
  • financial, bank and credit card information, personal description and photographs.

Information Healthcode collects about you

With regard to each of your visits to Healthcode’s sites, and your use of Healthcode’s products and services, Healthcode may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and/or
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Healthcode’s sites (including date and time); products and/or services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call Healthcode’s customer service number.

Information Healthcode receives from other sources

Healthcode may receive information about you if you use any of the other websites Healthcode operates or the other products and services Healthcode provides, in which case this information may be shared internally and combined with other information Healthcode has collected.

  • Healthcode are also working closely with third parties (including, for example, business partners, hospitals, insurers, regulatory bodies, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers) and may receive information about you from them. Specifically:
  • insurers and hospitals: in the context of administering clinical and financial records; and
  • General Medical Council (“GMC”): Healthcode holds a republication license to the GMC’s database of the List of Registered Medical Practitioners (“LRMP”). Some of the information Healthcode holds about you has been sourced from the LRMP based on your GMC reference number.


Healthcode’s sites use cookies to distinguish you from other users of Healthcode’s sites. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. This helps Healthcode to provide you with a good experience when you browse Healthcode’s sites and also allows Healthcode to improve Healthcode’s sites.

The table below explains the cookies Healthcode use and why

Cookie  Name Purpose More Information 
Google Analytics • _utma
• _utmb
• _utmc
• _utmz
 These cookies are used to collect information about how visitors use Healthcode’s sites. Healthcode use the information to compile reports and to help Healthcode improve the Healthcode sites. The cookies collect information in an anonymous form, including the number of visitors to the Healthcode site, where visitors have come to the Healthcode sites from and the pages they visited. Click here for an overview of privacy at Google
Healthcode Preference site cookie acceptance m4cookiebar   Healthcode Preference site cookie acceptance
Session cookie JSESSIONID These enable you to carry out some essential functions on Healthcode’s sites, such as maintaining log in details for the session or a transaction. They also help by minimising the need to transfer information across the internet. They are not stored on your computer and they expire when you terminate your browser session.  


Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

To opt out of being tracked by Google Analytics across all websites visit

Healthcode also embed videos from its official YouTube channel which may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos. To find out more please visit YouTube’s embedding videos information page.

Uses made of the information

Healthcode use information held about you in the following ways:

Information you give to Healthcode

Healthcode will use this information:

  • to carry out Healthcode’s obligations arising from any contracts entered into between you and Healthcode and to provide you with the information, products and services that you request from Healthcode such as:
    • the facilitation of the processing of electronic medical bills for payment;
    • providing practice management tools; and
    • providing the private practice register;
  • to process medical bills on behalf of various parties, such as medical specialists, hospitals and insurers;
  • for Healthcode’s other business purposes, including by using aggregated and anonymised information for market information purposes;
  • to provide you with information about other products and services Healthcode offer that are similar to those that you have already purchased or enquired about;
  • to notify you about changes to Healthcode’s products and services and to otherwise manage Healthcode’s communications with you; and/or
  • to ensure that content from Healthcode’s sites are presented in the most effective manner for you and for your computer.

Information Healthcode collect about you

  • Healthcode will use this information:
  • to administer the Healthcode sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve the Healthcode sites to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of Healthcode’s products and/or services, when you choose to do so;
  • as part of Healthcode’s efforts to keep Healthcode’s sites safe and secure;
  • to measure or understand the effectiveness of advertising Healthcode serve to you and others, and to deliver relevant advertising to you; and/or
  • to make suggestions and recommendations to you and other users of Healthcode’s sites about products or services that may interest you or them.

Information Healthcode receive from other sources

Healthcode may combine this information with information you give to Healthcode and information Healthcode otherwise receive about you. Healthcode may use this information, and the combined information, for the purposes set out above (depending on the types of information Healthcode receive).

Disclosure of your information

Healthcode may share your information with selected third parties including:

  • any member of its group, which means its subsidiaries, ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
  • business partners, suppliers, insurers, hospitals and sub-contractors for the performance of any contract Healthcode enter into with them or you;
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Healthcode do not disclose information about identifiable individuals to advertisers, but Healthcode may provide them with aggregate information about users (for example, Healthcode may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). Healthcode may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). Healthcode may make use of the personal data it has collected from you to enable Healthcode to comply with its advertisers' wishes by displaying their advertisement to that target audience; and
  • analytics and search engine providers that assist Healthcode in the improvement and optimisation of the Healthcode sites.

Healthcode may also disclose your information to third parties:

  • in the event that it sells or buys any business or assets, in which case Healthcode may disclose your information to the prospective seller or buyer of such business or assets;
  • if Healthcode or substantially all of its assets are acquired by a third party, in which case information held by it about its customers will be one of the transferred assets; and/or
  • if Healthcode are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply the Healthcode terms and conditions and other agreements; or to protect the rights, property, or safety of Healthcode, its customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

In accordance with the above, certain information that you provide to Healthcode when using its products and/or services will be passed to third parties (including insurers and hospitals) who will then become data controllers of this information. As such, the processing of the information by these third parties will be undertaken in accordance with the privacy policies of these third parties. Despite this, however, Healthcode undertakes that certain categories of information that you provide to Healthcode will be deemed to be “non-publishable” by either Healthcode or certain of these third parties. Healthcode will tell you (via such means as Healthcode deems appropriate, such as in the terms and conditions) of the categories of information that are to be “non-publishable”.


Healthcode takes all reasonable steps to protect your information. All information collected and processed by Healthcode is stored on a secure server. Healthcode’s security includes the use of user authentication (username and password) 256-bit encryption and, where applicable, the use of FTP connection with insurers insurers and applicable third parties.

In addition, Healthcode takes the following security measures:

  • implementing procedures to comply with all relevant statutory requirements and monitoring internal procedures periodically to ensure that there is such compliance;
  • implementing and complying with the Act;
  • making all officers of Healthcode, its employees and sub-contractors aware of the rules and procedures laid down by Healthcode from time to time in respect to the security of information and the importance of confidentiality. Officers of Healthcode, employees and sub-contractors have a duty to follow the rules laid down by Healthcode and to co-operate with Healthcode to ensure that this policy is effective. Healthcode will, where it considers it appropriate, take disciplinary action against any officer or employee who fails to comply with these rules and procedures;
  • taking measures to ensure the proper training, supervision and instruction of employees dealing with your information;
  • requiring all sub-contractors to enter into confidentiality agreements in respect to information they acquire from Healthcode;
  • not retaining information for longer than is necessary for the purposes set out in this policy; and
  • establishing a committee chaired by a Healthcode director to review confidentiality and security arrangements on a regular basis and to put in place measures to maintain and, where possible, improve information security.

Unfortunately, the transmission of information via the internet is not completely secure. Although Healthcode will do our best to protect your information, Healthcode cannot guarantee the security of your data transmitted to Healthcode’s sites; any transmission is at your own risk. Once Healthcode has received your information, it will use the above procedures to try to prevent unauthorised access.

Where we store your personal data

The data that we collect from you will only be stored and processed by Healthcode within the United Kingdom. However, other third parties that are not acting as data processors for Healthcode, but who receive your data from Healthcode (such as insurers or hospitals), may transfer and store your data at a destination outside the European Economic Area. You should carefully check the privacy policies of those third parties to see how and where your data is being processed.

Your rights

You have the right to ask Healthcode not to process your personal data for marketing purposes. Healthcode will usually inform you (before collecting your data) if it intends to use your data for such purposes or if it intends to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms Healthcode uses to collect your data. You can also exercise the right at any time by contacting via the methods set out in the “Contact” section below.


Where there are links to third party sites from the Healthcode sites, Healthcode emphasises that it has no control over these third party sites, their content or the way in which they collect or use information. If you follow links to third party sites from the Healthcode sites, your information will be subject to the privacy policies of those sites. Healthcode therefore strongly advises users to check the privacy policy on any third party site they visit.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet Healthcode’s costs in providing you with details of the information Healthcode holds about you.

Changes to the policy

Any changes Healthcode may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or via a messaging system / pop-up (as appropriate) within the Healthcode product that you use. Please check back frequently to see any updates or changes to this policy.


Questions, comments and requests regarding this privacy policy are welcomed and should be made to:
Healthcode Limited
Tel: +44 (0) 1784 263150
Fax: +44 (0) 01784 263 155
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.