Health Shared Logo whiteHealth Shared Logo dark

Privacy Notice

Last updated: April 2025

1. Introduction

Health-Shared is operated by Axiom Medical Ltd ("we", "us", "our"). We are committed to protecting the privacy, confidentiality, and security of your personal information.

This Privacy Notice explains how we collect, use, store, and protect personal data when you use the Health-Shared website and services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the General Data Protection Regulation (GDPR), and other applicable data protection laws.

This notice may be updated from time to time to reflect regulatory or operational changes.

2. Data Controller

The organisation responsible for processing personal data is:

Axiom Medical Ltd
5 Saint Andrew's Road
London
NW11 0PH
United Kingdom
Email: info@health-shared.com

Axiom Medical Ltd acts as the Data Controller.

3. User Categories and Data Processing

Health-Shared processes personal data based on different user roles:

General Users

  • Browse and interact with the platform
  • Limited personal and technical data collected

Contributors

  • Submit personal stories and experiences
  • May provide health-related (special category) data

Moderators and Community Administrators

  • Access limited user data for moderation and platform management
  • Are bound by strict confidentiality and security obligations

Healthcare Providers

  • May contribute professional or educational content
  • Personal data processed similarly to general users unless additional credentials are collected

4. The Types of Personal Data We Process

We may collect:

Identity Data

  • Name
  • Username

Contact Data

  • Email address
  • Telephone number (if provided)

Location Data

  • Country or region

Technical Data

  • IP address
  • Browser type
  • Device information

Usage Data

  • Pages visited
  • Interaction with features
  • Website activity

User Contributions

  • Written experiences
  • Responses and comments
  • Videos, audio, images

5. Special Category Data (Health Information)

Users may voluntarily share health-related experiences, including medical conditions or personal health journeys.

Under the General Data Protection Regulation, this is classified as special category data.

We process such data only where explicit consent is provided, including when users:

  • Submit stories or interviews
  • Upload media containing health information
  • Respond to health-related questions

By submitting such content, you explicitly consent to its processing and potential publication.

Health-Shared does not provide medical advice, diagnosis, or treatment.

6. How We Collect Personal Data

Information Provided Directly

We collect data when users:

  • Create or manage accounts
  • Submit content or participate in interviews
  • Contact us for support

Automatically Collected Data

We collect technical data through:

  • Cookies
  • Analytics tools
  • Server logs

7. Why We Process Personal Data

We use personal data to:

  • Provide and operate the platform
  • Manage user accounts
  • Publish and display user contributions
  • Communicate with users
  • Improve functionality and user experience
  • Analyse usage trends (aggregated/anonymised)
  • Ensure security and prevent misuse

8. Lawful Bases for Processing

We rely on:

Consent

For health data and voluntary submissions.

Contract

To provide account and platform services.

Legal Obligation

To comply with applicable laws.

Legitimate Interests

To improve services, maintain security, and analyse usage.

Users may withdraw consent at any time via: info@health-shared.com

9. Third-Party Service Providers

We may use trusted third-party providers, including:

  • Hosting providers
  • Analytics providers
  • Infrastructure services

All providers are required to comply with GDPR/UK GDPR and maintain appropriate security standards.

10. Data Storage and Security

Personal data is stored securely within the European Economic Area (EEA).

Some historical data was stored using Google Firebase (United States). We are migrating all data to European infrastructure.

We implement security measures aligned with ISO/IEC 27001, including:

  • Encryption of data in transit
  • Access control (role-based access)
  • System monitoring and logging
  • Regular security reviews

11. International Data Transfers

Where data is transferred outside the EEA, safeguards such as Standard Contractual Clauses (SCCs) are used.

12. Data Retention

Data TypeRetention Period
Account dataWhile account is active
User contributionsUntil deleted or anonymised
Technical logsUp to 12 months
Support communicationsUp to 24 months

After this period, data is securely deleted or anonymised.

13. Your Data Protection Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict processing
  • Object to processing
  • Request data portability

Requests can be made to: info@health-shared.com. We respond within one month.

14. Data Breach Notification

In the event of a data breach affecting your rights, we will notify:

  • Affected users
  • Relevant authorities

as required by law.

15. Age Requirements

Health-Shared is intended for users aged 18 years or older. We do not knowingly collect data from individuals under 18.

16. Cookies

We use cookies to improve website functionality and analyse usage patterns. See our Cookie Policy for details.

17. How to Complain

UK Users

If you have any concerns about our use of your personal data, you can contact our Data Protection Officer:

Data Protection Officer
Usman Jaffer
info@health-shared.com

You may also contact the Information Commissioner's Office (ICO).

U.S. Users

You may contact the Federal Trade Commission (FTC).

18. Updates

We may update this Privacy Notice from time to time. The latest version will always be available on the Health-Shared website.

Date of last review: April 2025