The Health Agency

The Health Agency Privacy Notice

The Health Agency is a registered charity in Scotland regulated by OSCR. This Privacy Notice sets out how The Health agency will obtain, use, and protect your personal data in accordance with the General Data Protection Regulation 2018 and the Data Protection Act 2018.

This Privacy Notice may change from time to time, the most up to date version will be available on our website, and at your request.

How does The Health Agency collect information about you?

The Health Agency receives personal information about you from:

  • You (for example, in person, by phone, email, online form, or letter)
  • The NHS (for example, a referral from your GP)
  • Third sector organisations (for example, a referral from another organisation you are involved with)

What personal information may The Health Agency collect about you?

The Health Agency collects and processes the following categories of personal information:

  • Your contact information including your name, address, telephone number, email address, IP address (if you use the website);
  • Your date of birth;
  • Your signature;
  • Special category data (for example, race, religion, health, sexual orientation etc);
  • Other details that you or a representative acting on your behalf may tell The Health Agency about you through correspondence with us; and
  • In the case of third party representatives (including legal guardians), details including their name, date of birth, signature and that person’s relationship with you.

If you do not want to give us certain information, you do not have to. For example, if you want to stay anonymous, we will only record information about your problem and make sure you are not identified. You should be aware that if you choose to remain anonymous, the help we can offer you is limited and will not be specific to your circumstances, although we will advise you as best as we can.

Tracking Technologies and Cookies

We may use Cookies and similar tracking technologies to store certain information. Information on how we use these technologies and how you can decline certain cookies can be found on our Cookie Policy.

This Website also uses Google Maps Platform APIs which are subject to Google’s Terms of Service. Please find the Google Maps Platform Terms of Service here. More information about Google’s Privacy Policy, can be found here.

How may The Health Agency use your personal information?

The Health Agency uses your personal information for the purposes of:

  • Contacting you on the provided email address or telephone number to set up access to our services; and in the case of third-party referrals, to confirm you wish to access our services;
  • Administrating your client record including, allocating appropriate staff and, offering appointments for requested services;
  • Communicating with you;
  • Keeping a note of our communications with you including telephone calls and written correspondence;
  • Sending you marketing communications about new services within The Health Agency that we think would be of interest to you. The Health Agency will only contact you in ways that you have given us permission to do so, and you can withdraw your consent at any time. This is in accordance with the Privacy and Electronic Communications Regulations 2019 (PECR);
  • Evidencing diversity, service attendance and other relevant areas to our funders for reporting purposes and funding application purposes. The Health Agency uses special category data (for example race, sexuality, religion etc) for these purposes anonymously (information that can identify you is not attached to this information), and will only use your personal information in this way if you have given us permission to do so. You can withdraw your consent at any time;
  • Evaluating and improving our services.

On what legal basis does The Health Agency use your personal information?

The Health Agency uses your personal information:

  • With your consent in relation to some of the services offered such as Community Link Worker.
  • To meet its legitimate interests including:
    • Offering you the services you requested, or were requested for you by a 3rd party referrer, communicating and co-operating with third parties (for example processing a referral from a GP);
    • With your explicit consent – performing business functions such as reporting on special category data (race, religion, gender etc),
  • In your vital interest for example in the case of an emergency where you have given details of an emergency contact, or if emergency services need to be contacted
  • In the vital interest of others where you have shared information that we are legally obliged to share with the police and/or social work.

How does The Health Agency keep your information safe?

Protection of your personal information is important to us, The Health Agency takes all necessary steps to protect your personal information in line with data protection law.

How long will The Health Agency keep your personal information?

The Health Agency will only keep your personal information for as long as it is necessary to comply with applicable laws. Whether you contact us face to face, over the phone, in writing, or online, your information will be stored on Salesforce. Some of your information might also be kept within our secure email and IT systems. In most cases this will be 6 years from the date you last accessed our service. In the case of accessing complimentary therapies it is 7 years. After this period The Health Agency will erase your personal information.

Who may The Health Agency share your information with?

With your permission, we might share your information with other organisations – we will always tell you when we do this. For example, this could be because you have asked us to act on your behalf, to accommodate transitions between services, or to monitor the quality of our services. Organisations we share your data with must store and use your data in line with data protection law.

The Health Agency shares your information:

  • with third parties where you have given us permission;
  • with third parties whom we have a data sharing agreement and/or service level agreement in place;
  • when legally obligated (for example if you are an immediate danger to yourself or others, or
  • if you are endangering a population that cannot protect itself, such as the case of child or elder abuse).

Children’s Privacy

The Health Agency website does not address individuals under the age of 16. We do not knowingly collect personal data from anyone under that age. If you are a parent/guardian and you are aware that your child has provided any Personal Information using our website, please contact us. If we become aware that we have been provided with data from anyone under the age of 16 without their parents/guardians’ consent, we would immediately take steps to delete that information.

Links to Other Websites

The Health Agency website includes links to other sites that The Health Agency does not own or manage. We do our best to make sure these links are safe, but we cannot control how the sites collect information or what they do with it. We strongly advise that you review the Privacy Policy of every site you visit and every company whose services you use.

We have no control over and take no responsibility for the content, privacy policies, or practices of any third-party websites or services.

Processing data outside the United Kingdom

In order for The Health Agency to administer your client record we use a cloud service customer relationship management tool (Salesforce). Your information is processed and stored on servers outside of the UK as a result of this. Whilst these servers are not in an EU member country the company (Salesforce) adheres to the GDPR and ensures all appropriate data protection. You can request a copy of their privacy policies/notices from The Health Agency, or access them here.

What are your rights in respect to your personal information?

Under applicable law, you have the right to:

  • Request a copy of your personal information;
  • Request the correction and/or deletion of your personal information, request the restriction of the processing of your personal information or object to that processing. Please note that if we cannot collect or process your personal information me may not be able to complete your client record/offer you our services.
  • Request receipt or transmission to another organisation, in a, machine-readable form, of the personal information that you have provided to The Health Agency.
  • Complain to the Information Commissioner’s Office if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information; and
  • Object to direct marketing. Where The Health Agency collects your consent to send you marketing communications you have the right to withdraw your consent at any time.


If you have questions or comments about this notice or you would like to exercise any of the rights you have regarding your personal information that The Health Agency processes contact us by filling out the form here.

email us at:

or by post to:

Data Privacy
The Health Agency
The Wester Hailes Healthy Living Centre
30 Harvesters Way
EH14 3JF

Or phone the reception on 0131 453 9400 and ask to speak to someone from Senior Management.

You can also contact the ICO (Scotland) by writing to:

Information Commissioner’s Office
45 Melville St

Was this article helpful?