We have completed the website migration to Health Toolbox. Please find the same page here.

Logout

Sign in
Create account
Frequently asked questions
Help centre
Email support -> mailto:support [snail] dr-toolbox [period] com

Data privacy statement

For any questions about this Data Privacy Statement, please contact Dr Will Barker, Director and Data Protection Officer, at support@dr-toolbox.com.

General Data Protection Regulation (GDPR)

We are committed to the principles inherent in the GDPR and comply with it. We aim to ensure:

transparency with regard to the use of data
that any processing is lawful, fair, transparent and necessary for a specific purpose
that the data is accurate, kept up to date and removed when no longer necessary
that the data is kept safely and securely.

For the purpose of the The General Data Protection Regulation (GDPR) (EU) 2016/679, the Company’s Data Protection Officer is Will Barker, support@dr-toolbox.com.

Data collected about you

Data collected about you includes your professional email address (required, verified), and optionally your name, job role and specialty (all optional, not verified), network protocol and connection information, and interaction with the app (pages viewed, commented or edited, files uploaded, search terms).

The data will not be used for Clinical research.
The data is used for the purposes of authentication, accountability, analytics, and software troubleshooting.
The analytics information is processed locally, without transmitting it to external providers.
The processed data may be available to Toolbox administrators from your trust (usually people from the PGME or Library departments).
This data may be shared, with your explicit consent, only when you check the checkbox that you accept our Terms and conditions and Privacy policy.
Your password is only stored on your device, not shared, and not stored on our server. We only store a one-way cryptographic hash of the password which allows us to mathematically verify you know the password but the hash does not allow to guess the password.
If you edit a page, post a comment, or upload a file, your professional email address will remain attached to your contribution in the page history indefinitely, for legal purposes (accountability). You can contact the support team if you wish to pseudonymise this information.
Data other than your password is stored on a secure disk space we rent at our internet hosting provider (OVH.co.uk within the EEA). Email address, optionally name, job role, specialty (if you provide these) are preserved until your account exists, and you can change them at any time. Connection / activity information is retained for 12 months, after which only the syndicated analytics data is preserved (total number of users, or pages visited, not identifying each of your actions individually).

Security / industry standards

All information exchange between the app and the server is done using recognised secure communication protocols: SSL/TLS 1.3 (RFC 8446), HTTPS (RFC 2818). The data is always encrypted in transit.
Personal data on the server is compliant with recognised International Data Management Standards: ISO/IEC 9075 standard: "Information technology - Database languages - SQL (Structured Query Language)".
Personal data on the server is stored using recognised secure data storage technologies. All access to the database is performed securely using "Templates" and "Prepared statements". The name (encrypted) and professional email are contained in one table, while all other tables with activities and logs use pseudonymous numeric identifiers.
If your Trust requires it, we have worked with your Information Governance (IG) team to complete and document a Data Privacy Impact Assessment (DPIA).
In case of Data confidentiality breaches, we will notify the affected users within 10 days of discovery, with the scope and the practical implications.