Privacy Notice
Categories of personal data processed by eRedbook:
- Demographic and user generated and supplied data, including name, contact information, NHS number, child’s name, date of birth, postcode
- Health and social care data concerning your child
The Data Controllers of your and your child’s personal data:
The data controller for all the clinical health and social care data about your child processed in the eRedbook will be the clinical health and care providers who generated that data for the purposes of clinical health care and social care.
Should the service user change their data controller option from NHS to Sitekit, the data controller for all the clinical health and social care data about your child processed in the eRedbook from 1st January 2024 will be Sitekit.
The data controller for all demographic data and user content data generated by the application user will be the service user (i.e. the person/people using the eRedbook application and supplying the data)
Sitekit, the supplier of the eRedbook application is acting as a data processor on behalf of the above two categories of data controllers.
Legal basis:
The legal basis for the processing of your and your child’s personal data within the eRedbook is based on your consent. You can withdraw your consent at any time by closing your account. To do this open your account settings via the cog icon and click on the Delete account link.
Your clinical health and care data will be processed by Sitekit for as long as you keep an account open with eRedbook and will be deleted once an account is closed.
For further information about the retention periods of the data held in the health and social care providers systems please contact the respective data controllers. These will be the services that provide your health and social care. The NHS has published a data controller catalogue where you can see who is providing information to Digital Redbook applications. The link is available here: https://nhsconnect.github.io/Events-Management/controller_catalogue.html
Sitekit will only process demographic data and user content data generated by you to enable Sitekit to provide the eRedbook service. This data will be processed in eRedbook for as long as you keep an account open with Sitekit and will be deleted once an account is closed.
Purposes for which the personal data is being processed:
Enable Health Professionals to vouch for and authorise eRedbook subscriptions;
- Link your child’s NHS Health Record to your eRedbook account, allowing you to receive data from the NHS Health Record;
- Provide you with guidance articles that are relevant to you or your child’s health, as posts on your eRedbook account timeline wall.
- Provide you with reminders about important health events that are part of the Healthy Child Programme.
Sitekit Ltd also use your information as follows:
Sitekit stores your information securely, gives you secure access to it through your eRedbook account, and provides support and service improvements.
From time to time, Sitekit may send you service announcements, which are part of the service.
From time to time, Sitekit may send you news and related information about eRedbook, either as emails, push notifications, or notifications on your timeline wall if you have opted into this service. You can unsubscribe from receiving this information at any time in your account settings.
From time to time, Sitekit may contact you to invite you to participate in research projects undertaken by the NHS, academic institutions and trusted third party research organisations. You can choose whether or not you would like to be contacted for this purpose in your eRedbook account settings.
Sitekit may gather anonymous information on which pages on the eRedbook website are visited and how long they are used for, in order to help your Health Authority and Sitekit improve the service.
Sitekit may collect aggregated and anonymised usage statistics for the purpose of providing eRedbook reports to your Health Authority.
The eRedbook website uses Cookies stored in your web browser, which are required for the correct operation of the site. Cookies do not themselves contain any personally identifiable information.
Sitekit may employ web beacons from third parties in order to compile aggregated statistics and to determine the effectiveness of promotional campaigns. These third parties are prohibited from using these web beacons to collect or access your personal data.
Your information may be disclosed to other parties not stated in this privacy statement if there is a legal requirement to do so.
The information you provide is not used for any automated decision-making.
Your rights in relation to your and your child’s personal data:
To contact the Data Protection Officer of the data controllers of the clinical data processed on the application please contact those organisations. The link is available here: https://nhsconnect.github.io/Events-Management/controller_catalogue.html
You can contact the data controller to request access to and rectification or erasure of
- personal data
- restriction of processing data concerning yourself or your child
- to object to processing
- data portability
You can request that Sitekit
- Cease processing your eRedbook information
- Request that a child profile is securely deleted from your eRedbook account
- Request that your eRedbook account is closed and all information in it securely deleted
To request Sitekit carry out any of the above please email support@eredbook.org.uk
If you are concerned about the way your information is handled, you also have the right to a lodge a complaint with the Information Commissioner’s Office, who are the supervisory authority for data protection matters in the UK. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.
Information security
Your information is stored securely on servers based in the United Kingdom. When your account is closed, your information is permanently deleted, once deleted it cannot be recovered.
NHS login
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a "processor" only and we must act under the instructions provided by NHS England (as the "controller") when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
Changes to this Privacy Notice
Sitekit reserves the right to update this Privacy Notice from time to time.
Terms of Use
eRedbook Terms of Use Agreement V2.0
1.0 Definitions
In these Terms of Use, the following words and expressions shall bear the following meanings unless the context otherwise requires:
“Agreement” Means this Terms of Use Agreement;
“Commencement Date” Means the date on which the service is made available by Sitekit for use by the Licensee, as agreed between the parties;
“Intellectual Property” Means any and all intellectual property rights anywhere in the world, including (without limitation) patents, rights in patentable inventions, registered designs, unregistered design rights, copyrights. Database rights, trademarks, trade names, logos, trade secrets and know-how, moral rights, applications for any of the above and the right to make applications therefore; which, in each case, exist now or at any time in the future, whether registerable or otherwise;
“License Fee” Means any and all applicable fees payable for the licence to use this service;
“Licensee” Means the party to which this Agreement is addressed;
“Materials” Means user manuals and another documentation supplied by Sitekit to the Licensee relating to the service including any made available online;
“Operating Environment” Means the operating environment (including hardware, networking facilities and peripherals within which the service is capable of being run;
“Sitekit” Means Sitekit Applications Ltd, (a company incorporated in England (number 08194698) and having its registered office at Sitekit Health Ltd, 17-21 Ashford Road, Maidstone, England, ME14 5DA or any of its companies which may be a subsidiary of Sitekit Applications Ltd companies from time to time;
“Service” Means Sitekit’s software application (in object code form) known as the eRedbook, which is accessed via the internet and mobile devices, and which is used to manage healthcare data and other content made available via the service;
“Website” Means the eRedbook website maintained by Sitekit on the World Wide Web having a URL address of www.eredbook.org or such other addresses as may be designated by Sitekit;
In this Agreement, unless the context requires otherwise:
Headings are for convenience only and shall not affect interpretation;
The singular shall include the plural and vice versa;
References to any statute or other regulation shall include any amendment, extension, consolidation, re-enactment or replacement of such statute or regulation and any subordinate legislation made under it;
References to Clauses are to Clauses in this Agreement.
2.0 Grant of License
2.1 Sitekit hereby grants the licensee a non-exclusive, non-transferable license to use the Service and Materials; no right to sub-license is granted to the licensee.
2.2 Upgrades to the Service will be provided to the Licensee in accordance with this Agreement; Service upgrades will be automatically applied.
2.3 The Licensee acknowledges and agrees that it shall be solely responsible for obtaining any and all licenses or other permission that may be required in respect of other software, hardware, or other computer or telecommunications equipment other than the Service notwithstanding that any of the same may be used by the Licensee in conjunction with the Service.
2.4 Save as expressly set out in this Agreement, the Licensee is not permitted:
2.4.1 To make copies of the whole or any part of the Service or any and all Materials relating thereto other than as permitted by law;
2.4.2 To rent, lease, sub-license or loan the whole or any part of the Service or any and all Materials relating thereto except and to extent previously permitted in writing by Sitekit;
2.4.3 To use, reproduce or deal in the Service and/or any and all Materials relating thereto in any way;
2.4.4 To alter, remove, obscure, conceal or otherwise interfere with any markings on or written in the Service or Materials which refers to Sitekit, or in any way to interfere with any other copyright notices;
2.4.5 To reverse engineer, disassemble, reverse translate, or in any way decode the Service or any copy or part of it in order to derive any source code, save only as is permitted by applicable law.
3.0 Sitekit’s Obligations
3.1 Sitekit shall use reasonable endeavours to provide the Service in a professional manner using all reasonable skill and care and shall use reasonable endeavours to comply with all applicable laws and regulations from time to time.
3.2 Sitekit shall not be liable for any breach, non-performance or delay of performance of its obligations under this Agreement to the extent Sitekit is unable to comply with or perform the same because of (whether directly or indirectly) the Licensee’s delay in performance, breach of this Agreement and/or negligent acts and/or omissions.
3.3 Sitekit shall provide the Services on a non-exclusive basis.
4.0 Licensee Obligations
4.1 The Licensee shall cooperate with Sitekit and provide such assistance and information as Sitekit shall reasonably require to enable Sitekit to provide the Service. The Licensee shall ensure that such information is accurate and up to date in all material aspects.
4.2 The Licensee warrants that they are the legal guardian of all children for whom profiles are created in their eRedbook account, and have the legal right to access the health information of all such children.
4.3 The Licensee shall at all times keep their login details secure and shall not share them with any other person or cause or allow another person or application to access their eRedbook account with their login details.
4.4 The Licensee shall not circumvent any restrictions or security measures designed to control access to services.
4.5 The Licensee shall be responsible for all activity in their eRedbook account accessed with their login details.
4.6 The Licensee shall immediately inform Sitekit, their Health Professional or NHS England if they have reason to believe that their eRedbook account has been accessed without authorisation, or that their login details have been disclosed.
5.0 Limitation of Liability
5.1 Sitekit shall endeavour to ensure that the Service is accessible by the Licensee at all reasonable times. The Licensee acknowledges and agrees that the Service may not be available from time to time due to maintenance (scheduled and unscheduled), repairs and updates carried out as part of maintenance services by Sitekit or third parties and that Sitekit shall have no liability for such unavailability.
5.2 The Licensee acknowledges that the Service will not be error free and agrees that the existence of errors of whatever nature shall not constitute a breach hereof.
5.3 Sitekit does not make and hereby excludes to the fullest extent permitted by law all warranties and liabilities whether expressed or implied relating to:
The Service, including without limitation any warranty of merchantability or fitness for any particular purpose notwithstanding that such purpose may have been known or become known to Sitekit;
The performance of its obligations under this Agreement;
Arising whether in contract or tort or delict or otherwise by law.
5.4 Sitekit shall have no liability where failure of the Service and/or website is due directly or indirectly to the Licensee’s negligence or fault and/or the Licensee’s failure to follow the instructions provided by Sitekit or as otherwise detailed in the materials. It is the users responsibility to keep their username and password secure, and not share them with anyone else.
5.5 It is the licensee’s responsibility to test, for computer viruses (of whatever description) its own information systems and networks, and the Licensee agrees that it shall not hold Sitekit responsible for any damage caused from any such virus.
5.6 Sitekit expressly excludes liability for all consequential and indirect loss or damage (including without limitation, loss of use, interruption of business, loss of profits, business or opportunity, the cost of substitute goods or services or expenditure, investment or other commitments made in connection with the business contemplated by this Agreement, corruption of the Licensee’s hardware regardless of the form of action whether in contract, tort or delict, strict product liability or otherwise, even if Sitekit has been advised of the possibility of such a loss.
5.7 Sitekit does not exclude liability for death or personal injury to the extent only that the same arises as a result of the negligence of Sitekit, its employees, agents or authorised representatives.
6.0 Intellectual Property Rights
6.1 The Licensee acknowledges and agrees that any and all Intellectual Property in the Services or Materials provided by Sitekit or developed through the performance of Sitekit’s obligations under this Agreement is and shall be the sole property of Sitekit (or Sitekit’s licensors as applicable).
6.2 The Licensee acknowledges that, where Sitekit does not own the Intellectual Property in some part of the Materials or Service, the Licensee’s use such Materials or Services is conditional on Sitekit obtaining a written licence (or sub-licence) from the relevant licensor or licensors on such terms as will entitle Sitekit to license such rights to the Licensee, which may mean additional charges being payable by the Licensee.
7.0 Force Majeure
7.1 Neither party shall have any liability to the other party under this Agreement if it is prevented from or delayed in performing its obligations under this agreement or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control including but not limited to strikes, lock-outs or other industrial disputes (whether involving its own workforce or another party), failure or disruption of a utility service or server farm operator, or upstream bandwidth provider, or denial of service attack, or transport network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, catastrophic system failure, breakdown of plant or machinery, fire, flood, storm, pandemic or default of suppliers or sub-contractors.
8.0 General
8.1 This Agreement constitutes the entire agreement and understanding between the parties regarding its subject matter (excepting any prior confidentiality or non-disclosure agreement which shall continue in accordance with its terms) and none of its provisions may be modified or varied in any way unless agreed in writing between the parties.
8.2 Any omission by either party to exercise any available right shall not be interpreted as a waiver of it nor of any future right.
8.3 If any provision of this Agreement is declared to be void or unenforceable by any judicial or administrative authority in any jurisdiction, such provision will be deemed to be severable and the remaining provisions of this Agreement shall remain in full force and effect.
8.4 All formal notices required under this Agreement shall be sent by fax and confirming letter or by recorded delivery (or its equivalent) posted within 24 hours of such fax to the address of the party in question as stated above (or as otherwise notified) and shall be deemed to have been received thirty six (36) hours after the time of despatch of the letter.
8.5 Sitekit may assign the benefit and/or the burden of the Agreement at any time without the prior written consent of the Licensee. For the avoidance of doubt, Sitekit shall be entitled to sub-contract its obligations under this Agreement at any time without the consent of the Licensee. The Licensee acknowledges and agrees that it shall not assign the benefit and/or burden of the Agreement without the prior written consent of Sitekit.
9.0 Rights of Third Parties
9.1 A person who is not a party to this Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce or enjoy the benefit of any term of this Agreement. This Agreement is made solely for the benefit of the parties to it and is not intended to benefit, or be enforceable by, any other person.
10.0 Applicable Law & Jurisdiction
10.1 The parties hereby agree that this Agreement shall be construed in accordance with and governed by English Law and both parties hereto hereby agree to submit to the non-exclusive jurisdiction of the English Courts in all matters pertaining hereto.