Last updated: 16 July 2025
SMARTconsult is committed to protecting your privacy and meeting our responsibilities under the UK General Data Protection Regulation (UK GDPR). This policy explains how we collect, use, and safeguard personal data when you visit our website or use our services, including the SMARTconsult econsultation platform.
Who we are
SMARTconsult is a clinically structured econsultation platform developed by the Fuller and Forbes Healthcare Group for use in UK general practice. It enables patients to submit relevant clinical information online and supports practices in triaging and managing consultations safely and efficiently.
What information we collect
We may collect personal data in the following contexts: When a patient uses SMARTconsult, we collect information relevant to their consultation such as age, symptoms, and answers to clinical questions. We do not require account registration, and we do not use patient data for marketing or profiling. When a GP practice or business representative contacts us, we collect contact details such as name, organisation, email address, and telephone number. When you browse our website, we may collect anonymised data on usage patterns, your browser, and device type. We do not knowingly collect data from children without the direct involvement of a registered GP practice.
How we use your information
Patient-submitted data is used solely to support their consultation with their GP practice. Once submitted, the consultation is securely delivered to the practice, which takes responsibility for reviewing and acting on it. SMARTconsult does not make clinical decisions. Practice and business contact data is used to manage support enquiries, technical onboarding, and service delivery. Usage data from the website helps us improve performance and usability. We never use patient data for advertising or non-clinical profiling.
Legal basis for processing
Under UK GDPR, our lawful reasons for processing personal data include: Legitimate interests, such as delivering econsultation services and ensuring platform security. Contractual necessity, where data is required to deliver our services to subscribed practices. Legal obligation, particularly in meeting NHS compliance standards and audit requirements. Explicit consent, where required (for example, if a user voluntarily signs up for communications).
Data security and storage
All personal data is processed and stored securely using modern technical safeguards, including encryption, access control, and system monitoring. Data is hosted in the UK or within NHS-approved environments. Access is limited to authorised personnel only. We retain personal data only for as long as is necessary. Patient consultation data is held for a limited period and then securely deleted once it is successfully delivered to the practice. GP practices are responsible for retention of clinical records according to NHS and regulatory guidance.
Sharing your data
We only share personal data where necessary and lawful. This includes: GP practices who receive and review submitted econsultations. Trusted UK-based service providers under strict data processing agreements. Public authorities, where required by law or regulation (e.g. safeguarding, court orders).We do not sell personal data, nor do we share it with advertisers or unrelated third parties.
Cookies and tracking
We use minimal cookies on our website to support essential features and monitor usage. These cookies do not store personal identifiers unless you actively submit them. You can manage your cookie preferences via your browser settings.
Your rights
As a data subject under UK GDPR, you have the right to: Access the personal data we hold about you. Request that inaccurate data be corrected. Ask for your data to be erased, in certain circumstances. Object to or restrict the way we process your data. Lodge a complaint with the Information Commissioner’s Office (ICO) if you are dissatisfied with how we handle your data. For patient data submitted via SMARTconsult, please contact your GP practice directly. For other enquiries or concerns, you may contact us using the details below.
Controller responsibilities
GP practices using SMARTconsult act as Data Controllers for the consultations they receive and are responsible for how they manage those records. SMARTconsult Ltd acts as a Data Processor, providing the secure infrastructure and tools required to transmit and manage consultations. For website visitors or business users contacting us directly, SMARTconsult is the Data Controller.
Contact us
If you have any questions about this policy or wish to exercise your rights, please contact:
SMARTconsult
Email: ben@smartconsult.co.uk
Address: Bramley Village Health and Wellbeing Centre
We are committed to handling your data with care and in line with NHS and legal standards.
This policy may be updated from time to time to reflect regulatory changes or improvements to our service. The most recent version will always be available on our website.
.jpg)