Privacy Policy

Data Protection Laws

There are rules in place that control how your personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the UK without adequate protection

There is stronger legal protection for more sensitive information, such as:

  • ethnic background
  • political opinions
  • religious beliefs
  • health data including sexual health
  • criminal records

The Company

Patchs Health is the trading name of “Spectra Analytics Limited”.

We provide private wellbeing services through our Patchs Health website (www.patchshealth.com) via our partner TELUS Health (https://www.telus.com/en/health).

We provide also healthcare technology solutions, such as Patchs (www.patchs.ai), that power healthcare communications. This is delivered to the NHS in collaboration with our partner Advanced Health & Care (https://www.oneadvanced.com/solutions/solutions-by-sector/health-and-care/).

If you are an NHS patient looking for information about the use of data for Patchs please go to the NHS section below. Please never send personal information directly to Patchs Health or Spectra Analytics, as we can only process your data with instruction from your GP practice.

Patchs Health Website Data

Patchs Health will collect certain information or data about you when you visit the Patchs Health website (www.patchshealth.com)

Who Controls Your Data

Patchs Health is the Data Controller for any data inputted, submitted or generated via our website. You are considered to be the Data Subject.

If you use our private wellbeing services, we share data with our partner TELUS Health (https://www.telus.com/en/health). This is so that they can provide their service to you. TELUS Health is a separate Data Controller, which means that TELUS Health is fully responsible for its own processing of your personal data. Their privacy policy is accessible here (https://help.lifeworks.com/hc/en-gb/articles/209973963).

Payments are processed via Stripe who are a Data Processor on our behalf. This means that we are responsible for ensuring that they protect your personal data appropriately. Their privacy policy is accessible here (https://stripe.com/en-gb/privacy).

What Data Do We Collect

W collect different categories of personal data, which we use for different purposes.

Wellbeing Services

We collect the following personal information if you use the Patchs Health website to book wellbeing services with TELUS Health:

  • Name, telephone number, email address, address, date of birth, modality of counselling, presenting issue, availability for counselling.
  • Payment details including debit or credit card details. We do not store these details. Payments are processed by Stripe.

We pass this data to TELUS Health to enable them to provide their wellbeing services.

General Website Information

This includes:

  • Questions, queries or feedback you leave, including your email address if you send an email to any Patchs Health or Spectra Analytics emails
  • Your IP address, and details of which version of web browser you used
  • Information on how you use the site, using cookies and page tagging techniques to help us improve the website

This helps us to:

  • Review and respond to any feedback you send us
  • Improve the site and our digital services by monitoring how you use them
  • Provide you with information about other services if you want it

We will make every effort to not personally identify you using your data but where this is not possible, your data will be covered by our commitment to this privacy policy and our data protection principles.

Cookies

Our website (www.patchshealth.com) puts small files (known as ‘cookies’) onto your computer to collect information about how you browse the site.

Cookies are used to:

  • measure how you use the website so it can be updated and improved based on your needs
  • remember the notifications you have seen so that we do not show them to you again

These cookies are not used to identify you personally.

You’ll normally see a message on the site before we store a cookie on your computer.

Purpose for Processing the Data

We process personal information that you provide in connection with booking wellbeing services to:

  • Share with TELUS Health to enable them to provide their wellbeing services
  • Collect payment from you

This information is only collected when you submit data to us. We process it on the basis that is is necessary to do so in order for us and TELUS Health to take steps at your request before entering into a contract with you. Where the data includes sensitive data, such as health data, we process it on the basis that is its necessary to do so to provide the wellbeing service that you have requested.

General website information helps us to:

  • Review and respond to any feedback you send us
  • Improve the site and our digital services by monitoring how you use them

Retention Period

Patchs Health retains health data or periods specified by current NHS guidelines. For non-health data we may keep your data on file for up to ten years.

Where Your Data is Stored

We store your data securely within the European Economic Area (EEA).

Data Sharing

We only share your personal information with TELUS Health and Stripe, in order to allow TELUS Health to provide the wellbeing service that you request. TELUS Health will confirm to us when you have booked and appointment with them and who that appointment has been booked with.

We do not and will not share your information with any other organisations for marketing, market research or commercial purposes.

We do not pass on your details to other websites.

NHS Services

If you are using the Patchs Online or Telephone Assistant software – together called ‘Patchs’ – as a patient to communicate with your GP Practice or allied health provider, the full terms and conditions, and details on how we process and use your data, are detailed in the End User License Agreement (EULA) available here (Patchs-Patient-EULA.pdf)

In this section, we summarise the important aspects but please refer to the EULA for full details.

Who Controls Your Data

The GP Practice is the Data Controller of Your Personal Data and any other data inputted or submitted via Patchs. You are considered to be the Data Subject. Accordingly any requests by you for information will be dealt with by the GP Practice pursuant to their own privacy policy.

Advanced Health & Care are the Data Processor (they are contracted to deliver the service), and Patchs Health are the Data Sub-Processor (they develop and maintain the software), in delivering the Patchs services.

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

What Data We Collect

Patchs collects basic ‘personal data’ about you such as your name, address and contact details. It might also hold your email address, marital status, occupation, place of birth, preferred name or maiden name and power of attorney, advocate or carer information. This information would be held in digital form. In addition to the above it may also process more sensitive personal data, called ‘special category data’ which could include:

  • Notes and reports about your health, treatment and care
  • Medical condition
  • Results of investigations, such as x-rays and laboratory tests
  • Future care you may need
  • Personal information from people who care for and know you, such as relatives and health or social care professionals
  • Smoking status and any learning disabilities
  • Your religion and ethnic origin
  • Whether or not you are subject to any protection orders regarding your health, wellbeing and human rights (safeguarding status)
  • Sexual history including partners, sexual orientation where relevant
  • School information and information about your family health or social history
  • Images and recordings
  • Medical Documents
  • Any special needs or preferences for receiving information
  • Any of the above for a child for whom you have parental responsibility or a third party who has given you consent to act as their proxy

Our services are not intended for use by those under the age of 16 but data and information about such individuals may be processed by the GP Practice and the Patchs pursuant to the legitimate and vital interest of providing and managing health and care services to all the GP Practice’s patients, service users and clients. Accordingly if you have parental responsibility at your GP Practice for a child (or act on behalf of a third party with consent as their proxy) their personal data will also be processed in the same manner as Your Personal Data.

Purpose for Processing the Data

Your GP’s legal basis for processing your personal information falls under one of the following legal bases:

  • legitimate interests of providing and managing health and care services to the GP Practice’s patients, service users and clients;
  • performance of a task carried out in the public interest or in the exercise of official authority
  • necessary for a legal obligation such as responding to a request from a coroner
  • necessary for reasons in the area of public health such as in the event of an outbreak of a disease or pandemic

Your GP’s legal basis for processing special category data falls under one of the following legal bases:

  • the provision of health or social care;
  • social protection law for safeguarding purposes;
  • where it is necessary to protect your vital interests when you are physically or legally incapable of providing consent.

Your GP Practice itself does not require your consent to process Your Personal Data. However, you do have the right to say “no” to our processing of your information but this could have an impact on your GP Practice’s ability to provide you with care. Your GP Practice wishes to share Your Personal Data with us solely to ensure that their services can meet patient needs in the future, to develop better quality services, provide more flexible arrangements for communicating with you and maximise technology to assist with the workload of its clinicians at the GP Practice.

We will ensure that we only process Your Personal Data in accordance with the terms of the End User Licence Agreement and any lawful instructions received from the GP Practice. Should you wish us to stop processing your data please contact your GP Practice to request it.

Retention Period

For GP Practices using Patchs we retain your data for periods specified by current NHS guidelines.

If your GP practice stops using Patchs we may retain the data for up to 12 months and then it is securely deleted. The period of 12 months is necessary to ensure all data is transferred to the GP practice and any outstanding requirements have been resolved.

If your GP practice requests that we remove your data – following a request from yourself – we will delete the data as soon as possible. This is usually the same day but may be up to 1 week.

Where Is Your Data Stored

We store data with Amazon Web Services in the London region. By using Patchs you are deemed to consent to Amazon Web Services a sub-processor. Data is held encrypted in transit and at rest to keep the data secure. Encrypted backups are also held in additional locations.

We will ensure that Amazon Web Services complies in full with our commitments in this End User Licence Agreement (and Advanced Health & Care and Patchs Health are liable for any non-compliance by Amazon Web Services or any other permitted sub-processor in relation to the obligations under the End User Licence Agreement and/or the Data Protection Legislation)

We will not transfer Your Personal Data outside of the UK (other than to and from the EEA) unless your GP Practice has given us its prior written consent and the relevant conditions in the Data Protection Legislation are fulfilled. You acknowledge that it is technically possible for hosted systems to be accessed by you from outside the UK or EEA.

Data Sharing

We conduct research to evaluate the use of Patchs as a tool in primary care for triage and workflow optimisation. This is to ensure it is safe to use and it is benefitting patients and GP Practices. This research is conducted internally and in partnership with the University of Manchester. We collect consent for sharing the data during Patchs registration but only share the data where NHS ethical approval is in place. Patients can remove consent at any time from the settings in their Patchs account or by emailing datasharing@patchs.ai.

What data do we share?

  • Personal Data: the only personal data we share with the University of Manchester is patient contact details when patients’ opt-in to sharing them. Patients can opt-out of sharing this information at any time and the information can be removed.
  • Anonymised Data: ‘Anonymised’ means that patients who have shared data cannot be identified. Information such as name, address, date of birth are all removed. Anonymised data may include information such as age, sex, ethnicity, and medical information. This may be reviewed by researchers and external GPs evaluating the software’s safety and effectiveness.

Whilst Anonymised data is not subject to the same restrictions placed on the processing of personal data under the General Data Protection Regulation (GDPR), we want to be completely open with patients how we are using data and allow them to opt out of anonymised data sharing. Patients can remove consent from the settings in their Patchs account or by emailing datasharing@patchs.ai. It is not possible to remove consent retrospectively because the data is anonymised we are unable to identify it ourselves to remove it.

Links to Other Websites

www.patchshealth.com and www.patchs.ai contain links to and from other websites. This privacy policy applies to this website and the services and products that we offer. It does not cover other services and transactions that we link to.

Following a link to another website:

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

Following a link to www.patchshealth.com or www.patchs.ai from another website:

If you come to www.patchs.ai from another website, we may receive personal information about you from the other website. You should read the privacy policy of the website you came from to find out more about this.

Disclosing Your Information

We may pass on your personal information if we have a legal obligation to do so, or if we have to enforce or apply our terms of use and other agreements. This includes exchanging information with government departments or agencies for legal reasons.

Your Rights

You can find out what information we hold about you, ask us not to use any of the information we collect, ask us to correct any inaccurate personal data we hold, and ask us to delete your data. To do this:

  • Patchs Health Customers: please email SAR@patchshealth.com
  • Patchs Patients: You must contact your GP practice and they will inform us. Your GP practice is the Data Controller for your data and we can only comply with their instructions.

You can opt in to or out of data sharing from the settings in your Patchs account or by emailing datasharing@patchs.ai.

If you are not happy with this response then you can make a complaint to the Information Commissioner’s Office (ICO) – See Section below.

Making a Complaint

If you think your data has been misused or that the organisation holding it has not kept it secure, you should contact them and tell them.

If you are unhappy with their response or if you need any advice you should contact the Information Commissioner’s Office (ICO).

ICO Helpline: 0303 123 1113

Call charges may apply. You can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who has misused personal data.

Marcus Ong PhD FIMA

Marcus Ong PhD FIMA

Chief Executive Officer

Marcus is the CEO and Co-Founder of Patchs Health. He is passionate about the positive impact which advanced technology can bring to the field of healthcare, and founded Patchs Health in order to help both patients and care providers realise these benefits.

He is an external academic supervisor and Advisory Board Member at the University of Warwick and a Fellow at the Institute of Mathematics and its Applications (IMA), where he holds a Charter in Mathematics. In his early career Marcus worked in Capital Markets for Citigroup. He has also spent time as an NCA Special for the National Crime Agency, where he advised on the applications of Machine Learning and Data Science.

Marcus holds a PhD in Complexity Science with Finance and an MSc in Complexity Science, both from the University of Warwick. He also has a BSc in Physics from the University of Durham.

Outside of work Marcus loves to travel, watch football and horse ride when he can.

Youssef Taleb PhD


Youssef Taleb PhD

Lead Data Scientist

Youssef is the Lead Data Scientist at Patchs Health. He manages the development and delivery of all our Artificial Intelligence and analytics projects, working closely with our CTO to identify – and ensure we achieve – our objectives in these fields.

With a PhD and an MSc in Statistics from Imperial College London, as well as a Diplôme d’Ingénieur (MEng) from Telecom SudParis, Youssef continues to be a regular participant in university research projects. He is a GradStat member of the Royal Statistical Society, and supervises Patchs Health internships with PhD candidates. These internships help us to maintain strong links with the most pioneering thought in the academic world.

With a flair for technical complexity and a real enjoyment of the diverse nature of the role, Youssef finds the positive impact which his work has upon patients’ access to healthcare inspiring. He is committed to finding creative ways to solve the problems facing the healthcare industry.

Chris Crowther SIRA


Chris Crowther PhD SIRA

Chief Information Officer

Chris is our Chief Information Officer. He oversees information assurance and security at Patchs Health, ensuring that, amongst other things, the sensitive data contained within the Patchs system remains safe from online threats.

Chris has a first degree in Computer Science, an MA in Defence Studies and International Affairs, and a PhD in Cybersecurity. With over twenty-five years of leadership and management experience, he is CESG-certified as a Professional Lead Security and Information Risk Advisor (SIRA).

Chris set up the cyber security practices at KPMG and Airbus. He has also held senior roles within the UK Military (as well as in other UK Government departments), the US Military, the US Federal Government, and the United Nations, KPMG and Airbus.

Chris thrives when working on complex projects. He is committed to helping clients achieve digital transformation, and also enjoys passing on his expertise by mentoring more junior colleagues.


Sean Conner

Shareholder Representative

Sean is an experienced financial professional, who has worked in the capital markets for over 30 years. He represents and looks after the interests of shareholders on the Board.

Robert Brady PhD


Robert Brady PhD

Non-Executive Director

Robert advises Patchs Health on Business Development. He has extensive business experience, having previously listed his company, Brady PLC – the largest European supplier of software for global commodity trading – on the London Stock Exchange.

With both a PhD and an MA in Physics from the University of Cambridge, Robert is presently an Industrial Fellow at the University’s Computer Laboratory. He is also Treasurer of the Cambridge Angels, and was formerly an Honorary Fellow of the Cambridge Judge Business School.

Rob Eyre PhD


Rob Eyre PhD

Head of Software Development

Rob is the Head of Software Development at Patchs Health. A full-stack developer with extensive experience across multiple industries, he manages our team of developers and ensures that our software products are of the highest possible quality.

With both an MSc and a PhD in Complexity Science from the University of Warwick, as well as an MSci in Theoretical Physics from University College London, Rob originally joined us as a data scientist. He now works closely with our CTO, CMO and Product Manager in order to define and realise Patchs Health’s long-term vision.

Rob is fascinated by the interconnections between multiple systems. Using complex statistical models, his research has explored a range of public health issues – including the nature of behaviour contagion across friendship networks, and how fertility rates are calculated. His most recent publication sought to determine the causes of food insecurity in rural South Africa.

Joe Withers

Joe Withers

Data Engineer

Joe is a Senior Data Engineer at Patchs Health. He designs, builds and maintains the infrastructure which supports the way we store and process data. He also develops our back-end code, adding new features to Patchs to ensure that our functionality is always evolving.

The lead developer on one of Patchs Health’s most exciting features, the Telephone Assistant, Joe has both a degree and a masters in Computer Science (MComp) from the University of Bath.

He is a keen footballer – both 11-a-side and 5-a-side – and also enjoys climbing and bouldering in his free time.

Gwynneth Derere


Gwynneth Derere

Product Manager & Employee Representative

Gwynneth is the Product Manager and Head of Service Delivery for Patchs Health. She makes sure that our users have a smooth onboarding experience, and offers training and continuous support should they encounter any problems.

With over fifteen years of experience in the field, Gwynneth is a specialist in products for clinical systems. She has expertise across requirements management, implementation, software training and sales support, including product demonstrations. She has worked in the UK, Europe and overseas.

Before joining Patchs Health, Gwynneth worked in a diverse range of other care settings. She has also been a teacher, and has a PGCE in Primary Science and Technology. She has a BEng in Electrical Engineering, and spent a decade working in software development.

In her free time Gwynneth enjoys crochet, knitting and sewing, and walking her dog. She is a keen gardener and gains especial satisfaction from growing her own tomatoes.

Dr Ben Brown, MBChB


Dr Ben Brown PhD

Chief Medical Officer

Ben is Co-Founder and Chief Medical Officer of Patchs Health, as well as a practicing GP and Clinical Senior Lecturer at The University of Manchester. With his frontline knowledge of the challenges facing GPs and patients, he helps ensure that Patchs is as helpful, efficient and safe as it can possibly be.

Ben’s work has been published in over 60 peer-reviewed scientific papers, and he has won awards from the International Medical Informatics Association, British Computer Society, and the Royal College of General Practitioners – amongst others. In addition to his medical training, he has qualifications in Health Informatics (PhD), Public Health (MPH), and Leadership (MSc).

An expert in developing clinical software that uses cutting-edge data science techniques, Ben witnesses daily the benefits that digital interventions can bring. He is particularly excited when he sees these benefits in the lives of patients and healthcare staff in his own practice.

Outside of work, Ben ‘enjoys’ watching football (he is a long-suffering Leeds United supporter), listening to music, and playing the talkbox. He has two young sons – identical twins – and, when he gets the chance, is not entirely averse to a good Scotch whisky.

Charlotte Watson PhD


Charlotte Watson PhD

Software Developer

Charlotte is a Full-Stack Developer at Patchs Health. She builds all parts of the Patchs’ platform – and fixes things when they go wrong (which doesn’t happen often!). Working across back-end processes, infrastructure, design and usability, she is responsible for the complete end-to-end life cycle of each new Patchs feature.

With a BSc in Biomedical Science and a PhD in Computational Statistics, both from the University of Manchester, Charlotte originally came to Patchs Health as a data scientist. However, once here she fell in love with development, and she hasn’t been able to stop doing it since.

A keen traveller and regular theatre-goer, Charlotte also enjoys playing ice hockey.

Dr Daniel Sprague


Dan Sprague PhD

Chief Technology & Science Officer

Dan is the Co-Founder, Chief Technology Officer, and Chief Science Officer of Patchs Health. He leads our Technology and Data Science teams, overseeing Artificial Intelligence and software development, as well as our technology infrastructure.

He is an external academic supervisor at the University of Warwick, and previously worked as a consultant for USAID, helping them design immunisation programmes in Africa.

Dan is fascinated by the impact which people’s behavioural choices can have upon public health outcomes – including upon epidemics. His focus during his PhD was mathematical modelling and statistical methods to study those choices and their effects. Dan holds an MPhys in Physics from the University of Oxford as well as an MSc and PhD in Complexity Science from the University of Warwick.

Outside of work Dan enjoys climbing and playing the trumpet.

Lea Luders

Lea Luders

Software Developer

Lea is a Front-end Developer at Patchs Health. She helps to design and create the Patchs’ interface, so that our users have as positive an experience as possible.

With her background in Business Economics, Lea did not initially expect to work in software development – however, once she started coding she found that the combination of the technical aspect of the work with creativity was compelling. What she most enjoys is being able to make ideas come to life through the element of design.

Originally from the South of Germany, in her free time Lea enjoys reading and horse-riding. She is also a keen traveller.

Fowziya Begum

Quality Assurance Analyst

Fowziya is Patchs Health’s Quality Assurance Analyst. She thoroughly tests every aspect of our software, including our regular feature updates, to ensure that Patchs users experience as glitch-free a service as possible.

With a degree in Biomedical Engineering and Sciences, before joining us Fowziya worked in other healthcare organisations which, similarly to Patchs Health, place technological innovation and patient care at the forefront of their work. She has always been fascinated by the field, and actively seeks out the latest advancements in healthcare IT in order to improve her skills in the industry.

Beyond her professional role, Fowziya likes to volunteer for local community organisations. She lives with her husband and young son, and regularly helps out at children’s play clubs.

Mohibur Rahman

Customer Support Analyst

Mohib is our Customer Support Analyst. He provides a first point of contact for users who get in touch, and works hard to make sure that they get the support they need. Mohib also keeps track of all Patchs Health activity. He provides the team with daily data reports, so that we can understand how we are doing.

Prior to joining us, Mohib worked with Vision Health. Before that, he specialised in operational business support at a central government institution.

Mohib is passionate about helping those in need. Outside of work, he is an active charity volunteer and fundraiser. He also participates in field trips with the 13 Rivers Trust, an organization committed to helping provide basic livelihood essentials to the poor in Bangladesh, particularly orphans, widows and the elderly.


Martin Hickman


Chief Financial Officer

Martin is a senior finance professional whose early career was spent in a number of financial and operational roles in FTSE 250 PLCs. For the last 15 years Martin has worked in a financial capacity with a number of early stage and high growth technology companies..

Steve Williams

Business Development Advisor

Steve is our Business Development Advisor. He brings more than 3 decades of global experience in technology and data infrastructure to Patchs Health, as well as his extensive management and risk/compliance experience.

Steve has held many senior roles in America, the UK, and in Japan. Previously the Global COO Equity Electronic Trading at Citi, he has also been Head of Trading for BNP Paribas in Japan. As General Manager of Fixnetix, a DXC technology company, Steve focussed on enhancing the operational efficiencies of Investment Banks and trading companies worldwide.