Contact Us

Privacy Policy

Privacy Policy

Who we are
Primary Care Management Solutions Ltd (“PCMS Ltd”) is a company registered in England and Wales (Company No. 6520851) with its registered office at 86–90 Paul Street, London, EC2A 4NE. PCMS Ltd provides consultancy, recruitment, healthcare services under NHS contracts, and technology solutions for general practice and primary care.

PCMS Ltd operates under a number of trading names, including Mandeville PracticeChiltern Medical Centre, and GPChatBot, together with any other trading names we may adopt in future. References in this policy to “we”, “us”, or “our” mean PCMS Ltd and its trading names.

PCMS Ltd is registered with the Information Commissioner’s Office (ICO) as a data controller (Registration No: ZA289500)

What data we collect

We may collect and process the following types of personal data, depending on the service provided:

  • Names, contact details (email, phone numbers), and professional information for business and consultancy services
  • Recruitment information (CVs, employment history, references)
  • Patient information when providing NHS GP services under APMS contracts
  • Website visitor data, including cookies and analytics information
  • GPChatBot interactions, which may include:
    • Name (if entered by the user)
    • IP address and approximate location
    • Chat transcript content
    • Technical usage data (e.g. time, duration, session ID)

How we use your data

We use personal data for the following purposes:

  • To provide consultancy and recruitment services
  • To deliver healthcare services under NHS GP contracts (APMS)
  • To manage and improve GPChatBot services for practices and patients
  • To communicate with clients, suppliers, and partners
  • To meet legal, regulatory, and contractual obligations

Lawful basis for processing

Processing is carried out under one or more of the following lawful bases:

  • Contract– where processing is necessary to deliver a contract or service
  • Legal obligation– where processing is required by law (e.g. NHS or employment law)
  • Legitimate interests– where processing is necessary to support our business operations, provided those interests are not overridden by your rights

Where we process special category data (e.g. health information entered into GPChatBot), this is managed under Article 9(2)(h) – the provision of health or social care.

Who we share data with

We may share data with:

  • NHS England, Integrated Care Boards (ICBs), or other statutory bodies where required by NHS contracts
  • Carefully selected third-party providers who support the operation of our services, including secure cloud hosting for GPChatBot
  • IT service providers, auditors, or regulators as necessary to support compliance
  • Other parties where required by law

A current list of sub-processors used in connection with GPChatBot is maintained separately and made available on request as part of our compliance documentation.

How long we keep data

  • Consultancy and business records: typically 6 years
  • Recruitment records: in line with employment law requirements
  • GPChatBot data: retained for 30 or 90 days, depending on the setting chosen by the practice
  • Website cookies: in line with our Cookie Policy

After these periods, data will be securely deleted unless we are legally required to retain it longer.

GPChatBot – Additional Information

GPChatBot is a trading name of PCMS Ltd. It is a non-clinical digital assistant designed for NHS GP practices. GPChatBot is not a clinical tool and must not be used for medical advice.

When using GPChatBot, we process the following data:

  • Name (if entered)
  • IP address and approximate location
  • Chat transcript content
  • Session/usage data

Data is hosted securely in the European Union (AWS EU region). Retention is limited to 30 or 90 days, depending on the practice’s preference. Access to transcripts is restricted to authorised practice staff via secure login.

Full details of sub-processors and technical measures are available in the GPChatBot compliance pack.

APMS Practices – Mandeville and Chiltern

PCMS Ltd is the contract holder and legal data controller for NHS GP services delivered at:

Each practice publishes its own detailed patient privacy notice, which should be read alongside this corporate policy.

Your rights

Under UK GDPR, you have the following rights:

  • Right of access – to request a copy of your data
  • Right to rectification – to correct inaccurate information
  • Right to erasure – to request deletion where appropriate
  • Right to restrict processing
  • Right to object to certain types of processing
  • Right to data portability

If you wish to exercise these rights, please contact us using the details below.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data has not been handled lawfully.

Review of this Privacy Policy

We may update this Privacy Notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

If you have any questions regarding our Privacy Policy, please contact us.

For any questions about this policy or your data, please contact:

Data Protection Officer
Primary Care Management Solutions Ltd
86–90 Paul Street
London EC2A 4NE
Email: info@pcmsolutions.co.uk

PCM Solutions

Typically replies in a day

Hi there 👋,

Feel free to message us if you have any questions.

Start Live Chat