We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
Managing Patient Requests
Our practice uses a digital assistant service provided by QuantumLoop Technologies Ltd to help manage patient contacts, support access to care and improve the safety and efficiency of our telephone and online systems.
Patients may interact with this service when they call the practice, use an online form or web chat, or receive a message from the practice asking for further information.
Any information you provide through this service is used solely for the purposes of delivering your care or managing the services we provide to you.
QuantumLoop processes this information only under our instruction, and does not use it for marketing, profiling or any non-care purpose.
All information is processed securely and stored within the UK in accordance with NHS data protection requirements.
Lawful basis for processing
We process this information under Article 6(1)(e) of UK GDPR (task carried out in the public interest) and Article 9(2)(h) (management and provision of health and social care).
QuantumLoop acts as our Data Processor, and we remain the Data Controller for all patient data.
More information about your rights and how we use your data can be found in the full Practice Privacy Notice.
Personal Data
The following categories of personal data are processed:
Identity Data
Name, date of birth, address, postcode, contact telephone number, email address, sex, NHS number, registered practice
Health Data (Special Category)
Description of symptoms, duration, severity, associated factors, past medical history if volunteered, medication details if volunteered
Administrative Data
Appointment bookings and changes, fit note requests, registration queries, change of contact details, prescription queries, results queries
Technical Data
Call metadata, timestamps, request identifiers, language selections, audio recordings, call transcriptions
Staff Data
User IDs, email addresses, access logs for practice staff using the system
Authorised Sub‑processors
The Controller provides general written authorisation for QuantumLoop to engage the sub‑processors listed below. QuantumLoop shall ensure that each sub‑processor is bound by data protection obligations that are materially similar to those set out in this DPA.
Microsoft Azure
- Purpose: Cloud hosting and OpenAI services
- Location: UK
- Data Retention: As per QuantumLoop retention schedule
Twilio
- Purpose: Telephony platform
- Location: UK/EU
- Data Retention: No data retention
LiveKit
- Purpose: Call optimisation
- Location: UK/EU
- Data Retention: No data retention
Deepgram
- Purpose: Speech to text
- Location: Europe (stateless)
- Data Retention: No data retention; stateless processing
Google STT
- Purpose: Speech to text
- Location: Europe (stateless)
- Data Retention: No data retention; stateless processing
ElevenLabs
- Purpose: Text to speech
- Location: Belgium (EU)
- Data Retention: No data retention
xycare Limited
- Purpose: GP system integration and PDS lookup
- Location: UK
- Data Retention: Audit logs for contract duration or 8 years
Call recordings and request summaries are retained as follows:
a. Audio recordings
- Retained for 30 days by default.
- The default extension to 90 days applies only where a complaint, incident, or legal hold is in place.
b. Transcripts
- Retained for 30 days by default.
- By default, retention may be extended to 90 days only if linked to a complaint, incident, or an ongoing investigation.
c. Summaries (at QuantumLoop)
- Retained until delivery is confirmed.
- If delivery fails, retained only until the support case is closed, with a maximum retention period of 90 days.
d. Audit/transaction logs
- Retained for 8 years.
- Contains metadata only (no clinical content).
- Cryptographic hash and downstream reference IDs are stored to evidence what was sent.
e. Telephony system records
- Retained for 1 year.
After these retention periods, data is automatically deleted from the system in line with the retention policy and to comply with the Records Management Code of Practice.
XYCare maintains audit logs of calls made to the GP EHR and xyPDS for the duration of the contract or 8 years, whichever is shorter.
Safe Surgeries
Proud to be a
parkrun practice
