We will do our best to respect your privacy when using our websites and online applications.
We will use your data only in connection with providing the services offered by our online applications.
We recommend that you choose a password for your account which is different from other accounts you may have on other websites.
Our procedures comply with the European Union General Data Protection Regulation (GDPR), which is enforced in the UK by the UK Information Commissioner's Office (ICO). If you are not happy with the way we process your data you have the right to complain to the ICO.
Impax Systems Ltd
30 Ropery Walk
York, East Yorkshire YO42 2BF
Company number: 07836058
Data Protection Officer
Our registered Data Protection Officer is Steve Shaw, Business Development Director.
For technical queries about our applications please contact Richard Borie, IT Director.
Processing of your personal data
Our LocumBee online applications (also deployed as BookingsBee and PracticeBee) bring together GP practices, GP locums and other health professionals, and GP Chambers and other healthcare organisations. They allow service providers and GP practices to request working sessions, and GPs and others to offer availability to work sessions.
In order to provide the services offered by our LocumBee applications we:
Process personal data (contact data) relating to staff of GP Medical Chambers and other provider organisations who offer health services in a geographic area.
Process personal data (contact data) relating to staff at GP practices and other healthcare settings who request sessions.
Process personal data (contact data and payment details) of doctors and health professionals who have registered to offer sessions.
In the majority of cases our member and practice systems are provided at no direct cost to the user, as a result of contractual arrangements with GP chambers and other organisations who are offering booking services.
Therefore our lawful basis for processing this data derives from two separate bases under GDPR:
Contractual obligations with GP chambers and other provider organisations.
A legitimate interest derived from arrangements between locum GPs and health professionals, GP practices and similar healthcare locations, that are using our applications while working with GP chambers and provider organisations that we have contracts with.
Impax Systems Ltd is the “data processor” for all these applications.
Impax Systems Ltd is the “data controller” for GP Practices and other healthcare settings that use our online Practice system to request sessions.
Impax Systems Ltd is the “data controller” for doctors and health professionals who use our Member system to declare availability for sessions and manage bookings.
Impax Systems Ltd makes an Administration system available to GP Medical Chambers and other provider organisations, and these organisations are the “data controllers” in respect of their use of these applications. However Impax Systems also operates GP Medical Chambers in its own right in some cases, in which case we are the “data controller”.
ImpaxCPD is an online application which allows healthcare professionals to record activities relevant to their continuing professional development (CPD).
Impax Systems Ltd is the “data processor” and “data controller” of the Impax CPD application.
We process personal data (contact data and CPD data).
Impax CPD is currently a free service and is available without contract. Our lawful basis for processing this data is legitimate interest. Member’s must sign-up to use the service.
Usage of our websites and online applications
The GDPR states:
“... the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.
Our applications are all essentially closed user group / membership systems and not open to the general public. All users must first register and accept terms and conditions.
All our applications are hosted on the Microsoft Azure cloud. We do not use any sub-processors.
All data is processed within the European Union.
Our databases and backups use transparent data encryption.
Backups are made approximately every 10 minutes and retained for 35 days.
Data within our applications is retained for at least 10 years after it was current.
If you have registered on our websites or online applications we record which pages you visit. This allows us to provide assistance in the event of problems. We do not share this data with anyone else. This data is retained for a maximum of 3 years, but usually deleted after 18 months.
We also use website "cookies" to facilitate the smooth working of our applications. Cookies are small files which are sent to your browser when you visit our websites or online applications, and allow us to distinguish you from other users. If you do not wish to accept these cookies you can delete them and/or block them in your browser - all the major browsers have options in their security settings to let you do this. However you will not then be able to use some of our online applications.
We only use "first-party" cookies, in other words cookies set by us for the direct operation of our website. We do not use "third-party" cookies which could allow your details to be passed to third-party marketing organisations. The names of the cookies we use are as follows:
Our website is hosted on an industry-standard Microsoft webserver, which issues a default cookie called asp.net_sessionid. This cookie is set as soon as you visit our site but expires automatically after you leave it.
Some of our websites and applications include plug-ins from social networking sites such as Facebook and Twitter, and these sites may also set or retrieve cookies on your browser, if your browser is already signed-in to them. These social networking cookies are exchanged between your browser and the social networking sites you belong to, they are not accessible by us.