You & Type 2 Data Privacy Policy

The purpose of You & Type 2 is to allow people with Type 2 Diabetes to co-create care plans with their health care professional. Patients will also be given access to an app which will allow the patient to manage care plans and keep them informed between appointments.

The app will take your latest results and allow the setting of goals with your healthcare professional and display this back to you in a user-friendly format. This information will be taken from your GP electronic health record.

The app will also provide access to the education, digital tools and real-world social prescribing resources to enable you, the patient, to better plan and meet goals set. This should enable you to lead a healthier life.

The use of personalised video messaging will further aid you to better manage your symptoms and prevent deterioration of the disease. These videos will use data taken from your GP electronic health record and share it securely with you in a video message which you can receive via a text message or the You & Type 2 smartphone app.

There are a number of organisations involved in this project. Organisations that will have access to Personal confidential data are:

  • GP practices – Act as Data Controllers and have access to the personal data in your health record.
    • For details of your GP Practices privacy policy, please contact your GP, these can often be found on your practice website.
  • Oviva – Act as a Data Controller for people who are using their service, and will store personal data for the people they are supporting.
  • NEL CSU – Act as a Data Processor to help us evaluate the service and have access to personal data.
  • Wandsworth CCG – Act as a Data Processor to help us evaluate the service and have access to pseudonymised data.
    • To see Wandsworth CCG’s privacy policy, click here.
  • EMIS – Act as a Data Processor to provide the software your GP uses to manage your healthcare record. This is where your personal data is stored.
  • Healum – Act as a Sub-Processor to Wandsworth CCG and provide software to enable us to share your data with you via the You & Type 2 smartphone app. This includes your personal data, such as your diabetes test results.
  • Citizen Comms / Idomoo / BT – Act as Sub-Processors to Wandsworth CCG and provide a service to enable us to send personalised video messages to people participating in You & Type 2. These videos are generated automatically by Idomoo so no individual sees your personal data, however, it is used to produce the videos and temporarily stored.



Your GP practice keeps data on you relating to:

  • Who you are, where you live and what you do
  • Your family, possibly your friends
  • Your employers
  • Your habits
  • Your problems and diagnoses
  • The reasons you seek help
  • Your appointments
  • Where you are seen and when you are seen and who by
  • Referrals to specialists and other healthcare providers
  • Tests carried out at your GP and in other places
  • Investigations and scans
  • Treatments and outcomes of treatments, including your treatment history
  • The observations and opinions of other healthcare workers, within and without the NHS as well as comments and aide memoirs reasonably made by healthcare professionals in your practice who are appropriately involved in your health care.

GPs have always delegated tasks and responsibilities to others that work with them in their surgeries, on average an NHS GP has between 1,500 to 2,500 patients for whom he or she is accountable. It is not possible for the GP to provide hands-on personal care for each and every one of those patients in those circumstances, for this reason, GPs share your care with others, predominantly within the surgery but occasionally with outside organisations.

If your health needs require care from others, elsewhere outside your practice, they will exchange with them whatever information about you that is necessary for them to provide that care. When you make contact with healthcare providers outside the practice but within the NHS it is usual for them to send your GP information relating to that encounter. Your GP will retain part or all of those reports. Normally they will receive equivalent reports of contacts you have with non-NHS services but this is not always the case.

Your consent to this sharing of data, within the GP practice and with those others outside the practice is assumed and is allowed by the Law.

People who have access to your information will only normally have access to that which they need to fulfil their roles, for instance, admin staff will normally only see: your name, address, contact details, appointment history and registration details in order to book appointments. The practice nurses will normally have access to your immunisation, treatment, significant active and important past histories, your allergies and relevant recent contacts whilst the GP you see or speak to will normally have access to everything in your record.


You have the right to object to our sharing your data in these circumstances, but we have an overriding responsibility to do what is in your best interests.