1. GENERAL
The Magentus Group is committed to complying with data privacy legislation, including the UK General Data Protection Regulation and the Data Protection Act 2018. Looking after the personal information you share with us is very important to us, and we want you to be confident that your personal information is kept safely and securely. We also want you to understand how we may use personal information we collect before, during and after your relationship with us, how we comply with the law on data protection and what your rights are.
2. WHO THIS NOTICE APPLIES TO
This privacy notice applies to you if you are external to our business and if we process your personal information. This privacy notice does not apply to you to the extent that you are an officer, employee or worker of ours, a prospective candidate, officer, employee or worker of ours or an individual to whom we have provided a different specific privacy notice.
Please note that not all parts or content of this privacy notice may relate to you, as this will depend on your relationship with us. However some parts of this privacy notice will always apply to you, for example the section on your rights and how to make a complaint.
References to you and your in this privacy notice are to either you as an individual or any organisation that you work for.
We may make changes to this notice from time to time, and if we do make changes, we will update this page with the new version.
This notice was last updated on 13 May 2025.
3. WHO WE ARE
References to we, our or us in this privacy notice are to the Magentus Group in EMEA and otherwise referred to below as our group. The Magentus Group in EMEA is made up of the following companies:
- Magentus Software Limited, a limited company incorporated in England and Wales with registered number 08746973 and with its registered office at Second Floor, 75 Farringdon Road, London, England, EC1M 3JY
- Magentus Data Management Services Ltd, a limited company incorporated in England and Wales with registered number 08747031 and with its registered office at Second Floor, 75 Farringdon Road, London, England, EC1M 3JY
- Magentus Maternity Software Ltd, a limited company incorporated in England and Wales with registered number 08747821 and with its registered office at Second Floor, 75 Farringdon Road, London, England, EC1M 3JY
- Magentus EHR Solutions Ltd, a limited company incorporated in England and Wales with registered number 08640238 and with its registered office at Second Floor, 75 Farringdon Road, London, England, EC1M 3JY
We have appointed a Data Protection Officer to oversee our compliance with data protection laws. Contact details for our DPO are set out in the “Contacting us” section at the end of this privacy notice.
For the purposes of data protection laws and this privacy notice, except where we act as a processor only (see below), whichever part of the Magentus Group that is processing your personal information is the controller of your personal information for that processing of your personal information. This will usually be the part of the Magentus Group that you interact with or have a relationship with. More than one part of our group may be a controller of your personal information. Being a controller of your personal information means that we are responsible for deciding how we hold and use your personal information. Regardless of where you are based and regardless of which part of our group may be a controller of your personal information, any queries you have regarding your personal information will be dealt with by our DPO.
Our core business is providing software solutions, technical support, and in some cases hosting, to our customers. In many cases, for the purposes of these activities, we will be processing your personal information on behalf of our customers and therefore we will act as a processor rather than a controller of your personal information. Where this is the case, our customer will be the controller in respect of your personal information processed by us to the extent that we act as a processor and they will decide why and how your personal information is processed by us for these purposes. Please refer to the relevant controller (for example, the relevant NHS trust or your employer) for further details in this regard.
We are only required to set out in this privacy notice details in relation to when we are acting as a controller of your personal information.
4. PERSONAL INFORMATION WE COLLECT
We may collect the following types of personal information about you:
- Contact details: information that allows us to identify and contact you directly such as your name, address, business address, email address and telephone number.
- Publicly available personal information: including any information available at public registries such as Companies House.
- Account information: such as your email address, username and password when you set up an account in relation to one of our products/services.
- Responses to surveys: we keep records of any surveys you respond to.
- IP address and other technical information: this includes your computer’s or device’s IP address which allows us to track your usage of our website or applications, anonymous data collected by the hosting server for statistical purposes, unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, browser type and version, location, time zone setting, browser plug-in types and versions, operating system and platform and other cookie data.
- Usage of IT systems: for example, those that we make available to visitors to our premises such as any visitor internet facilities at our premises.
- CCTV images and other information obtained through electronic means: including swipe card records and access control systems if you visit our premises or images if you visit areas of any of our premises covered by our CCTV system.
- Any other personal information you provide to us.
5. SPECIAL CATEGORIES OF PERSONAL INFORMATION
We may also in some cases collect and process more sensitive “special categories” of personal information about you including information about your health for example where you inform us about any ill-health, injury or disability, dietary requirements when you attend our events or you are involved in an accident (for example at our premises).
6. SOURCES WE COLLECT YOUR PERSONAL INFORMATION FROM
We will collect personal information from a number of sources. These may include the following:
- Directly from you: when you complete forms we provide to you, when you receive or use our products and/or services or use our website, when you make a claim or complaint or communicate with us directly in some way.
- Our customers and suppliers (including contractors and subcontractors): our customers and suppliers may provide us with personal information (including your personal information) so that we can perform our contracts with them or for the purposes of the relationship between us.
- Our website and applications: this includes personal information collected automatically through our websites or other applications which provide us with information about how you use them and the devices that you use to connect to them.
- Our group companies: other companies within the Magentus Group may provide us with your personal information.
- Your employer or the organisation you work for: they may provide us with your name, position and contact details in connection with us providing our products and/or services to them or them providing us with products and/or services.
- Your professional advisors: such as lawyers, accountants, financial advisors, consultants and other advisors.
- Governmental or public bodies, law enforcement agencies, or relevant regulators or courts/tribunals: usually to assist with investigations, for example the Information Commissioner’s Office or health and safety bodies.
If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us. Such individuals have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in the “Your rights in relation to personal information” section below.
7. WHAT WE USE YOUR PERSONAL INFORMATION FOR
Special category personal information:
As stated in the “Special Categories of Personal Information” section above, we may collect and process certain information about your health.
The main purposes for which we process such personal information are to comply with our legal obligations (e.g. our health and safety obligations to visitors to our premises) and to arrange and manage our insurance policies as well as making claims under such policies. In processing such information for these purposes, we are likely to rely on one or more of the following lawful bases in order to process such personal information: (i) your explicit consent; (ii) complying with our legal obligations (such as those in relation to health and safety); (iii) the provision of health treatment; or (iv) protecting your vital interests (or someone else’s vital interests) depending on the applicable circumstances (for example, if you suffer an injury at our premises, then we may need to process your health information in order to protect your vital interests). Such processing may also be necessary for our legitimate interests. For example, we have a legitimate interest in ensuring that all visitors to our premises and anyone else for whom we have responsibility are safe and that appropriate medical attention is obtained by anyone who suffers injury and we have a legitimate interest in maintaining appropriate insurances regarding our activities and in making claims under such insurances (for example, when an injury occurs on our premises).
Other personal information:
The table below describes the main purposes for which we process your other personal information (being information which is not special category personal information). The types of personal information involved and our lawful basis for being able to process such data for the relevant purpose stated below are also set out. Which will apply will depend upon the nature of your relationship and interactions with us. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your personal information.
| Purpose | Personal information used | Lawful basis including (where relevant) the legitimate interest pursued |
| To provide products and/or services to customers and customer management | Name and contact details, publicly available information, information provided to us (e.g. on order forms), contractual details (e.g. services provided). | Necessary for our legitimate interests. We have a legitimate interest to properly perform contracts with customers and to manage our relationships with customers. |
| To receive products and/or services from suppliers and contractors and supplier management | Name and contact details, publicly available information, information provided to us (e.g. on service proposals), contractual details (e.g. services received). | Necessary for our legitimate interests. We have a legitimate interest to properly perform contracts with suppliers and contractors and to manage our relationships with suppliers. |
| To manage relationships with data subjects other than those who are customers or suppliers (e.g. website users) | Name and contact details, website user activity, information provided to us. | Necessary for our legitimate interests. We have a legitimate interest in corresponding and dealing properly with all third parties with whom we come into contact with or with whom we have a relationship, not just our customers and suppliers. |
| To deal with enquiries or complaints, claims, legal disputes or raise queries, claims, legal disputes or complaints with you or the organisation you work for | Name and contact details, publicly available information, contractual details (e.g. services provided or received,), information provided to us.
| Necessary for our legitimate interests. We have a legitimate interest to improve the services and/or products we provide, to ensure that we operate efficiently and to deal with any enquiries, complaints or other communications received. We also have a legitimate interest in being able to raise queries, claims or complaints of our own and to ensure that all legal claims are managed effectively. To defend, bring or establish legal claims. |
| To deal with requests from data subjects in relation to exercising their rights | Name and contact details any other information processed by us for the purposes listed elsewhere in this table which is relevant to the request received. | To comply with our legal obligations under data protection laws. Necessary for our legitimate interests. We have a legitimate interest in ensuring that requests are dealt with properly and expediently. |
| To maintain our website, including conducting data analytics in connection with our website and to monitor the use of our website and to support the security of our website. | Website user activity details, browser and browsing details, publicly available information, electronic identification information and other information collected through cookies. | Necessary for our legitimate interests. We have a legitimate interest to maintain and improve our website and the user experience and to monitor the use of our website and to ensure the security of our website. |
| To carry out general business administration and business management, including audits | All personal information that we process under the other processes mentioned in this table. | To comply with legal obligations, for example in relation to taxation. Necessary for our legitimate interests. We have a legitimate interest to ensure that we operate our business properly and efficiently way and to expand our business. |
| To prevent, detect or prosecute criminal activity or to gather evidence in connection with legal cases | Name and contact details, publicly available information, CCTV images, premises or site access logs, location information, information you provide to us, customer activity, supplier activity or website user activity details, , contractual details (e.g. services received or provided), browser and browsing details, location details, electronic identification information such as IP address and information collected through cookies. | To comply with legal obligations. To defend, bring or establish legal claims. Necessary for our legitimate interests. We have a legitimate interest in preventing, detecting or prosecuting criminal activity that is or may be harmful to our business or our staff and in ensuring that all legal claims and cases are managed effectively. |
| To hold or conduct events | Name and contact details, dietary or other health information, information provided to us (e.g. on attendance forms), CCTV images, premises or site access logs, location information. | To comply with legal obligations, for example in relation to health and safety. Necessary for our legitimate interests. We have a legitimate interest in holding events and tracking attendance and ensuring that attendees to our events are appropriately catered for. |
| To comply with legal obligations (e.g. data protection laws, health and safety when visiting our premises) or to assist third parties to comply with their legal obligations | Name and contact details, publicly available information, dietary or other health information, information provided to us, contractual details (e.g. services provided or received), CCTV images, premises or site access logs, location information, information you provide to us, website information. | To comply with legal obligations, for example in relation to data protection laws and health and safety. Necessary for our legitimate interests. We have a legitimate interest in complying with legal obligations. |
| To arrange and manage our insurance policies as well as making claims under such policies | Name and contact details, publicly available information, information provided to us, contractual details (e.g. services provided or received), CCTV images, premises or site access logs, health information, location information, information you provide to us. | To comply with legal obligations, for example in relation to required insurances and health and safety. Necessary for our legitimate interests. We have a legitimate interest to maintain appropriate insurances regarding our activities and to make claims under such insurances. |
| To keep records e.g. for general business purposes | All personal information that we process under the other processes mentioned in this table. | To comply with legal obligations, for example in relation to health and safety or taxation. Necessary for our legitimate interests. We have a legitimate interest to keep proper records in relation to all of our activities. |
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or we are legally permitted to use it for another purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates.
For some of your personal information, there will be a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the required personal information, we may not be able to properly perform our contract with you, continue our relationship with you or comply with legal obligations. For other personal information, whilst you may not be under an obligation to provide it to us, if you do not provide it then we may not be able to properly perform our services for you or provide you with our products or we may be unable to continue our relationship with you.
You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and we do not usually rely on consent as a basis for processing your personal information. However if we have asked you for consent, and you have given us your consent to use your personal information, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below. Please note however that the withdrawal of your consent will not affect any use of your personal information made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to carry out certain activities or continue our relationship with you.
8. WHO WE SHARE YOUR PERSONAL INFORMATION WITH INTERNALLY
Your personal information may be shared internally with our staff involved in your relationship with us. We only provide access to your personal information to those of our staff who need to have access to your personal information.
9. WHO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY
When using your personal information we may share it with third parties, but we will only do so when it is appropriate and we have a lawful basis for doing so. Third parties that we may share your personal information with include:
- Any third party approved by you.
- Our customers when we have entered into a contract to provide products and/or services to them.
- Service or product providers to our business and other business in our supply chain, for example information technology services suppliers and equipment suppliers.
- Third parties that process personal information on our behalf and in accordance with our instructions.
- Another company within the Magentus Group, especially if you have a relationship with that part of the Magentus Group.
- Purchasers, investors, funders and their advisers if we sell all or part of our business, assets or shares or we restructure whether by merger, re-organisation or in another way.
- Our legal and other professional advisers, including our auditors or any professional advisors appointed by you, for example your legal advisors.
- Governmental or public bodies, law enforcement agencies relevant any regulators or courts/tribunals.
- Health/medical authorities or service providers, if an accident occurs at our premises for example.
- Insurers and insurance brokers.
We also use Google Analytics which sets cookies to collect information about how visitors use our website.
We do not disclose personal information to anyone else except as set out above unless we are legally entitled to do so.
10. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
It is sometimes necessary for us to share your personal information outside of the UK, for example, where we need to share your personal information with another part of our group of companies based outside of the UK. These transfers are subject to special rules under data protection laws.
If we transfer your personal information outside of the UK, we will ensure that the transfer will be compliant with data protection laws and all personal information will be secure. Our standard practice is to assess the laws, practices and security measures of the destination country and the recipient and we use standard data protection clauses, such as the UK’s Information Commissioner Office approved contractual clauses, where required. This means that when a transfer such as this takes place, you can expect a similar degree of protection in respect of your personal information.
Our directors and other key staff working for us may in limited circumstances access personal information from outside of the UK if they are working or are on holiday abroad outside of the UK. If they do so they will be using our security measures and the same legal protections will apply that would apply to accessing personal information from our premises in the UK.
If you would like any more details about how we protect your personal information in relation to international transfers then please contact our DPO by using the details set out in the “Contacting us” section below.
Please note that where we only process your personal information on behalf of our customers and therefore where we act as a processor rather than a controller of your personal information, we will not transfer your personal information outside of the UK unless we are instructed to do so by our customer and any such transfers will be carried out in accordance with data protection laws.
11. SECURITY
We are committed to keeping your personal information safe and secure and so we have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures will protect information in all cases. We do, however, take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
12. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR
We will keep your personal information for as long as is necessary for the purpose for which it has been obtained and then for an additional period to cover the risk of a potential dispute or claim arising. The limitation period for claims is typically either 6 years or 12 years depending on the type of claim, and therefore we have determined that the additional period for which will be retain your personal information will typically be a period of either 7 or 13 years, the extra year being necessary to ensure that relevant personal information is available if claims are initiated before the applicable 6 or 12 year limitation period, but not received by us until afterwards. Longer retention periods may apply where we are under a legal duty to retain records for a longer period of time, for example, in relation to some aspects of health and safety.
We do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period.
However where any personal information becomes relevant to legal proceedings or an investigation, then it may be retained for longer periods than those set out above and retained for as long as it remains relevant to the legal proceedings or investigation.
To the extent that we act as a processor, we will only process personal information required to be processed pursuant to that role for as long as is necessary in order for us to carry out our duties and obligations as a processor and we will on retain such personal information where we are legally required to do so.
13. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
You have the following rights in relation to your personal information:
- the right to withdraw any consent you have given to us in relation to our use of your personal information;
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to object to us sending you direct marketing materials;
- the right to request that we transfer elements of your information either to you or another service provider in certain circumstances; and
- the right to object to certain automated decision making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your information to another service provider or the right to object to automated decision making, may not always apply, as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. However some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the UK Information Commissioner Office’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact our DPO by using the details set out in the “Contacting us” section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. For complaints to the Information Commissioner’s Office, please see https://ico.org.uk/make-a-complaint/. However, we are here to help and we encourage you to contact us to resolve your complaint first. If you are based outside of the UK, you may have the right to complain to your local data protection regulator.
