Security Page | Suvera Ltd
At Suvera, we believe data protection should never be an afterthought but should be at the center of everything we do. We have a commitment to every patient under our care and we strive to keep your data safe and are constantly making improvements to be more secure. Find out more below how we use your data:
Who are we?
Suvera partners with GP practices to provide care for patients with long term conditions from home.
Suvera is CQC registered. This means we get audited by the Care Quality Commission. You can read more on the standards the CQC enforces here.
We follow GDPR (General Data Protection Regulation) and are data processors for GP practices.
We have a Data Protection Officer (DPO) who oversees and advises us on data management and data protection.
Suvera has achieved Cyber Essentials certification and meets the NHS Data Security and Protection Toolkit standards.
What data do we have?
We have the following personal data on our patients:
name, date of birth, NHS number, email, demographic data, health data from their electronic health records.
Why do we need this data?
We need your personal information to give you the best possible care and help you achieve the best possible health outcomes.
How we obtain your data
We partner with GP practices to support long term patient care. The personal data we have on patients come from one of the two following ways:
- GP practices share electronic health records of the patients whose care we support
- You directly provide health data through our website (for example blood pressure readings)
How we keep your data safe
Your data is stored in a safe way
Our data is stored in a database which is encrypted. This means no one can have access to this data which isn’t permitted. The data is stored in Amazon Web Services (AWS) facilities (eu-west-2) in the UK.
All of our data is backed up regularly to ensure it is never lost.
Your data travels in a safe way
All data sent to or from Suvera is encrypted. This means that only authenticated users with the necessary permission can access this data.
Your data is only accessed by a limited number of trained employees
Only a limited number of people can access your personal data: you, our employees in charge of your care and potentially our engineers if they are attempting to fix, or improve our service offering.
Access to data is only given to staff who need it and access is removed as soon as the employee no longer needs it.
All our employees complete GDPR and information governance training.
We only use third party tools we trust
To give the best possible service we use third party tools as part of our data processing (sub-processors). Before starting to use a third party tool we follow a process including conducting a data protection impact assessment. This helps us assess the risks of the new third party tool and put controls in place. If we find the risk too high or our Data Protection Officer (DPO) does not approve the third party tool, we find another solution.
We never sell your data to anybody.
We abide by UK data protection laws and in particular we follow GDPR.We are CQC registered.
For more information you can have a look at our privacy notice.
We’re constantly thinking about data security and improving our processes, code and architecture. If you have any feedback please let us know by contacting us on firstname.lastname@example.org