Privacy Policy

Website Privacy Policy 

Purpose of this Privacy Policy 

Welcome to the Health Data Insight (HDI) CIC website We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our website. 

How we obtain personal information 

We use different methods to collect data from you including through: 

  • Direct interactions You may give us your personal data by filling in the enquiry form on our website, corresponding with us by phone, email, social media or otherwise, when you sign up to our newsletter or register for an event, training session or meeting. 
  • Automated interactions As you interact with our website, we collect technical data by using cookies or similar technologies. Please see our cookie policy for further details. 
  • Third parties. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.  We are not responsible for the privacy practices of these websites, therefore please review their privacy policies. 

Data we collect about you 

Personal Information 

We may collect personal information such as: 

  • Identity data including first name, last name, job title, other identity data 
  • Contact data such as your email address, address, telephone number and social media address 
  • Communications data including your communication preferences 
  • Technical data such as internet protocol (IP) address, browser type and version and operating system and platform. 

How we use your information 

We will only use the collected information for the following purposes: 

  • Responding to your enquiries or requests 
  • Providing and improving our services. 
  • Monitoring use of our website. We use information to help us monitor, improve, and protect our products, content, services and websites, both online and offline. 
  • Complying with legal and regulatory obligations. 
  • Where you give consent, we may also provide you with information and updates about our work, which may use your identity data and contact data (e.g. personalised emails). 

We follow the six principles of data protection described in Article 5 (1) of the UK General Data Protection Regulation (GDPR). This requires that personal data shall be: 

  1. Processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’);
  1. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
  1. Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed (‘data minimisation’);
  1. Accurate and, where necessary, kept up to date (‘accuracy’);
  1. Kept for no longer than is necessary for that purpose or those purposes (‘storage limitation’);
  1. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (‘integrity and confidentiality’);

In addition, as data controller HDI will be responsible for the personal data being handled and able to demonstrate compliance with the six principles, above (‘accountability’). 

Disclosure of Personal Data 

We will never share your personal data with third parties without your explicit consent unless required by law. We will not share your information with any other organisations for their own marketing, market research or commercial purposes. 

Data Security 

We implement robust security measures to protect your information from unauthorised access, disclosure, alteration, and destruction. These include: 

  • Technical Measures: Such as firewalls, encryption, intrusion detection systems, and secure access protocols. These are designed to prevent unauthorized digital access. 
  • Physical Measures: secured facilities, access control systems, and surveillance, these prevent physical tampering or access to servers and data storage. 
  • Administrative Measures: Policies and procedures guiding employee behaviour, access privileges, and response protocols for potential breaches. Regular training and awareness programs are part of these measures. 

Your Rights  

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including: 

Your right of access – You have the right to ask us for copies of your personal information (called a “Subject Access Request” – see below). 

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances. 

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

Subject Access Request 

An individual has the right of access to a copy of their own personal data held by HDI. This subject access right is communicated to HDI as a subject access request (SAR). 

A SAR must be made in writing and contain sufficient information to verify the identity of the data subject and locate the information requested. Individuals wishing to exercise this right should make their request in writing to HDI via or in writing to: 

Health Data Insight CIC, CPC4, Capital Park, Fulbourn, Cambridge, CB21 5XE  

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

Changes to this Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices.   

Cookie Policy 

We only use cookies to protect against spam.  

We still track use of our website, but this use is entirely anonymous as we use Cabin – see further details of Cabin’s privacy principles 


Contact Us 

If you have any questions or concerns about our privacy practices, please contact us at or by writing to: 

Health Data Insight CIC
CPC4, Capital Park,
CB21 5XE 

Last edited: 07/03/2024 13:28