Privacy & Policy

We are ADDVantage Technologies Ltd, a company registered in England and Wales. Our company registration number is 10592069 and our registered office is at Clive House, Clive Street, Bolton, BL1 1ET. ADDVantage Technologies Ltd is registered with the Information Commissioner’s Office under number ZB289727.

This privacy policy provides information on how ADDVantage Technologies Ltd (“ADDVantage”, “we” or “us”) uses personal data relating to users/patients (“you”) of its website at (“the Website” or “Platform”) its mobile and tablet application or platform and its software (, and to users of any of the services accessible via the ‘healthya’ mobile application.

Our ‘healthya’ app provides an online platform for patients providing access to face-to-face and online/video consultations via a remote link with healthcare providers. In the case of accessing and using our platform through your NHS or Private Healthcare provider, ADDVantage acts as a data processor in its use of your personal data, as described in this privacy policy.

This privacy policy forms part of the healthya ‘Terms and Conditions’ which can be found at Terms & Conditions – healthya. We recommend you read this privacy notice fully to enable you to understand our views and practices regarding your personal data, how we will treat it, your rights and how to contact us.

Access to your personal data
If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number, the health and care organisations can work together more closely to improve your care and support.

Your NHS number is accessed through the NHS England’s service called the Personal Demographic Service (PDS)

A health or care organisation sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in our case management system. These data items are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. Further information is available on our web site.

We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you.

The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS Number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.

You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have.

If you wish to opt-out from the use of your NHS Number in this way, please contact us by telephone on 0208 016 6020 or email Simon Green at

Collection of Data

Registration Details

If you use our healthya website or install the healthya mobile or tablet application, you will be asked to register with the service and provide certain information. This will be minimum information in order to create an account and receive the services of healthya. Registration information may include:

  • Your full name, telephone / mobile number and email address.
  • Your postal address.
  • The telephone number of the mobile device on which you have installed the ADDVantage Technologies Ltd mobile application.
  • Your gender.
  • Your date of birth (which will be used to check you are over the age of 18 years)
  • Details of your registered NHS General Practitioner/GP Practice.
  • Consent for ADDVantage to share your records with your NHS registered GP
  • Allow ADDVantage to access your GEO location. Your location will only be used in an emergency.

Upon receipt of registration, our internal customer service team will conduct a validation check to confirm the accuracy and validity of the information submitted by the user. If the validation check fails to verify the user, their records will remain unverified until valid information is provided. Once validation is successfully completed, the user's record will be updated to "verified."

To ensure that minors do not access the app or services or provide personal data without parental consent, we will apply the same validation process.

Data collected when you use our services:

When you use the services of ADDVantage Technologies Ltd, we may also ask you for and / or collect the below information:

  • Medical information about you (for example, any illnesses, medical history, current medication, allergies, disabilities etc. and other sensitive information)
  • Data relating to the products and services you have accessed via the ADDVantage Technologies Ltd platform, i.e payment information, appointment bookings, medication prescribed, completion of any forms during the services used, physical or cultural characteristics, general identifier i.e. NHS No, profile pictures, photo ID
  • We may use GPS technology to determine your location, this is purely to assist us in arranging medical treatment in an emergency situation.
  • A record of any consultations you have with a clinician via the ADDVantage Technologies Ltd platform, together with details of the care, advice and / or treatment that you receive from our clinicians.

Any medical information that we collect about you is categorised as sensitive personal data under the Data Protection Act 1998 and General Data Protection Regulations and will be dealt with in a strict confidential manner.

Contacting ADDVantage Technologies Ltd:

If you contact ADDVantage Technologies Ltd in relation to any of the services or any part of the ADDVantage Technologies Ltd platform (via email, telephone, post or any other means), we may collect and retain your contact information and details of your communication for the purpose of dealing with your query and keeping accurate records of communications.

Data we receive from other sources:

We work closely with third parties (including for example, business partners, sub-contractors in payment, delivery and technical services, advertising networks, search information providers, credit reference agencies and analytic providers to name a few), and we may sometimes receive information about you from them. This information may be combined with the data you provide to us when you register to access the services of ADDVantage Technologies Ltd and / or when you use our services. The combined data may be used by us for the same purposes outlined in this policy.

Where personal data has not been obtained from the data subject, the controller shall provide the data subject with the following information:

  • the identity and the contact details of the controller and, where applicable, of the controller’s representative;
  • the contact details of the data protection officer, where applicable;
  • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients of the personal data, if any;
  • where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.

How we use your data

We use the data that you provide us when you register to with ADDVantage Technologies Ltd and the data we collect when you use our services or contact us, as follows:

  • To validate your account when you initially set this up utilising your email address and mobile number. These will also be used as the primary means to reset your username and password.
  • To provide you with the services that you request from us in accordance with our obligations under any agreement entered into with you.
  • To communicate with you in the event that any services or products you have requested are unavailable or if there is a query or issue with any services or products.
  • For record keeping purposes.
  • Where you have provided your explicit consent, your name, email address and contact number may be used to provide you with information about goods or services we feel may interest you either from ADDVantage Technologies Ltd or from selected third parties (you may unsubscribe from this at any time by contacting us using the contact details for the organisation).
  • In the event of a privacy policy amendment, you will be directed from the app to review and accept the updated privacy policy and consent to continue to be able to utilise the service.
  • To ensure that the content of the ADDVantage Technologies Ltd platform is presented in the most effective manner for your device (i.e., mobile, tablet, laptop, MacBook).
  • To notify you of any changes to the ADDVantage Technologies Ltd services or the platform itself.

We may also use and disclose your personal data:

  • To track and analyse activity on the ADDVantage Technologies Ltd platform;
  • For internal operations, including troubleshooting, data analysis, testing, measuring advertising effectiveness, research and / or survey purposes;
  • To perform a range of other business intelligence functions to optimise the services and introduce new products and services;
  • For the administration and maintenance of the ADDVantage Technologies Ltd platform and the services.
  • For compliance with legal obligations, or protection and enforcement of legal rights by regulatory bodies including the General Medical Council or Care Quality Commission for example.
  • To detect or prevent fraudulent activity.

Using our services as an NHS patient

If you are using this service as an NHS Patient; information will also be available to your GP Practice. Information will be recorded in your medical records, for information only and to inform your GP of what was discussed in your consultation.

If you are using our service through your NHS registered GP Practice, any data entered by a patient or a healthcare professional, ADDVantage Technologies will uphold its responsibilities as a data processor in accordance with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

Legal Basis for Processing Your Data

As the controller of your data, we are unable to offer the option to opt out due to the following reasons:

In the case of patient data, which includes the data pertaining to the recipients of social care, the basis for processing is the provision of health care or social care services.

Where we act as the controller of patient data, the purpose of processing of the data by ADDVantage is the management of health care or social care systems or services (Schedule 1, Part 1, 2(f) Data Protection Act 2018 and Schedule 2, Part 2, 15(2) Jersey Data Protection Law 2018). According to Article 9(3) GDPR and s. 11(1) Data Protection Act 2018, such processing must be by or under the responsibility of one or more health professionals.

Our other legal bases for processing this data are to perform our contract to provide a service provided the contract is with you (GDPR Art. 6 (1)(b)), or our legitimate interests having provided care or medication, provided they are not overridden by your individual interests, rights and freedoms surrounding data protection (GDPR Art. 6 (1)(f).

Sharing your data

ADDVantage Technologies Ltd will never sell information that can be used to personally identify you to a third party. However, you agree that ADDVantage Technologies Ltd may share and disclose your personal data for the purposes outlined above to third parties, including: your personal data with third parties as follows:

  • Disclose to third parties
    ADDVantage Technologies Ltd may share and disclose your personal data for the purposes outlined about to third parties, including:
    -   Our service providers and professional advisers
    -   Any investor, lender, purchaser or (on terms of confidentiality) likely investor in, or purchaser of, ADDVantage Technologies Ltd’s business.
    -   Other third parties where required or permitted by law.
  • Disclosure for the purposes of law and enforcement
    Where we are legally required to do so, we will share your information with any authority to prevent fraud, cybercrime or to prevent the intellectual property of the ADDVantage Technologies Ltd platform or personal safety rights of any individual. This includes information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • To prevent incidents and protect you
    ADDVantage Technologies Ltd may use and disclose your personal data to the extent required to prevent a serious threat to your health and safety or that of others (including but not limited to instances of childabuse or neglect). In such circumstances, ADDVantage Technologies Ltd will only disclose your personal data to public bodies or officials who can help prevent the identified or possible threat as permitted by the Data Protection Act 2018.
  • To prevent public health risks
    ADDVantage Technologies Ltd may share your personal data for public health activities, as required by departments or parties duly authorised by the UK Government. Examples are:
    -   To report reactions to medicines or problems with products;
    -   If a clinician believes that you may have been exposed to or may be at risk of spreading certain specified serious diseases or conditions.

Storage and security of your personal data

Your personal data is stored in electronic records maintained by ADDVantage Technologies Ltd. The security of all personal identifiable information associated with you is taken very seriously by the Organisation and all data supplied is treated with the upmost care and confidentiality. We therefore have several security measures in place to try to protect against the loss, unauthorised use and corruption of any personal data that is under our control. All our security and privacy policies are reviewed regularly and improved where it is reasonably possible to do so. Unfortunately, we cannot guarantee that loss, unauthorised use, corruption and/or alteration of information will never occur, however, we will use all reasonable efforts to prevent it.

We recommend that you never leave your device logged in to our services or use the ADDVantage Technologies Ltd platform or our services in a public place where others can potentially see your details. Additionally, we would suggest optional security measures to protect your data, i.e. you could set additional passcodes to access the app

We have additional security measures in place for clinicians. Our systems are configured to automatically lock portal access after a short period of inactivity requiring the user to re-authenticate to then access the portal. We expect all portal users to follow our internal Clear Desk policy.

At ADDVantage Technologies Ltd all applications are run in HTTPS apart from the video conferencing.

The data which is collected by the healthya app and during video consultations is stored securely in a cloud server located in London in a AWS data centre. When data is in transit and at rest it is stored in the cloud server. All relevant firewalls, antivirus and encryption is active, when customers are connecting the use of HTTPS, AES (Advanced Encryption Standard) and end to end encryption is applied to all data collected.

Data Retention Schedule

CustomerPersonal data, including customer names, addresses, order historyFrom a minimum of 6 years after last interactionThe 1980 Act allows an action to be brought on a contract for up to six years from the event (e.g. breach) that gave rise to the claim.

Transfer of personal data outside the EEA

No personal data will be transferred outside the EEA unless the patient wishes to transfer their own data.

External Links

ADDVantage Technologies Ltd only looks to include quality, safe and relevant external links on our website and the ADDVantage Technologies Ltd platform, however, users should always adopt a policy of caution before clicking any external web links which may be advertised on our platform. If you follow a link, please be aware that these external websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. We recommend that before you submit any personal information to these websites you read and understand their policies.

Social Media Platforms

Communication, engagement, and any actions taken through external social media platforms (including but not limited to Facebook, Instagram, Twitter, LinkedIn) are subject to the Terms and Conditions as well as the privacy policies of those social media platforms.

We recommend that the use of social media platforms to communicate and participate in, is done so with due care and caution with regard to your personal information. We will never ask for personal or sensitive information through any of our social media platforms and we encourage our users who wish to discuss any sensitive information, this be done through primary communication channels.

The ADDVantage Technologies Ltd platform may make use of social sharing buttons which make sharing web content from our web pages to social media quick and easy. If you decide to utilise this, you do so at your own discretion. Please note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Again, all social media platforms have their own privacy policies and ADDVantage Technologies Ltd does not accept any responsibility or liability for these policies. We recommend you read and understand these policies prior to submitting any personal information to any social media platforms.

Your rights

You have the following legal rights in respect of your personal information:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
  • SAR (Subject Access Request) – usually provided within one month, dependant on the complexity of the request, could be extended up to 3 months.

If you wish to discuss or make a request in respect of any of the above rights, please contact our Data Protection Office, Simon Green at

NHS login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately."

Right to amend your personal data

Only authorised personnel are able to amend any part of your personal data created or held by ADDVantage Technologies Ltd. If you would like to update your personal or medical information, then please contact a member of the Customer Service Team.

Removal of your details

You can request the deletion of your account at any time by contacting the Data Protection Officer. Any such requests will need to be made in writing via email to Simon Green Please be aware that certain aspects of your account may be retained for the purposes of maintaining records of our dealings with you, analysis, and statistics. When using your data for these purposes, we will anonymise all personal information. Any deleted data will be non-identifiable, ensuring complete anonymisation.

Changes to this Privacy Policy

Privacy laws and practise are constantly changing and developing and as an Organisation we aim to meet and maintain high standards. Our policies and procedures are under continual review. From time to time, we may update our security and privacy policies and we recommend you check this page periodically to stay up to date with our latest policies.


By accessing and using the ADDVantage Technologies Ltd platform along with our services and products you acknowledge your acceptance of our privacy policy. If you do not agree with this policy, you should not access or use our platform, services, or product.

How to contact us

If you have any questions, comments, and requests regarding this Policy, you can contact us at:

ADDVantage Technologies Ltd
Clive House, Clive Street, Bolton, BL1 1ET
Tel: 0208 016 6020
Data Protection Officer (DPO):

If you are not satisfied with our response to your complaint, or think we aren’t complying with data protection law, you can make a complaint to the Information Commissioner’s office (ICO) on +44 303 123 1113 or on their website

Last Updated: May 2024

Need Help?

© 2024 Healthya Ltd. All rights reserved