Skip to main content

Privacy Policy

DigiBete Website Privacy Policy

 
Last updated: January 2026
Next review: January 2027

This privacy notice applies to people who visit and use the DigiBete public website (the “Website”). It explains what personal information we collect, how we use it, who we share it with, and the choices you have.


Important: This notice is for the public Website only. If you also offer a mobile or tablet application, you should provide a separate App privacy notice covering any additional data processing specific to the app (for example, account features, health tracking, authentication).
 

1) Who we are (Data Controller)

DigiBete is responsible for deciding how and why your personal information is used (the “data controller”).
 
Registered details:
DigiBete (Company No. 10371773)
Registered office: Platform, 3rd Floor Tech Hub, New Station Street, Leeds, England, LS1 4JB.
 
Contact (general): https://www.digibete.org/contact-us/
Email: hello@digibete.org
 

Website vs App roles:

DigiBete acts as a data controller for personal data collected through this public Website.

Separately, DigiBete may act as a data processor in relation to personal data processed through the DigiBete mobile application when access is provided by a healthcare professional. That processing is covered by a separate App Privacy Notice and relevant data processing agreements with healthcare organisations.

This Website Privacy Notice does not apply to the DigiBete app.

 
2) Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee data protection compliance and act as a contact point for users and the Information Commissioner’s Office (ICO). This supports the governance and accountability expected for secure digital services. 

DPO contact details:
· Role/Name: Data Protection Officer (DPO) / John Hughes
· Email: john@digibete.org
· Address: Platform, 3rd Floor Tech Hub, New Station Street, Leeds, LS1 4JB 


3) What information we collect (Open Website – No Accounts)

Because our Website is open and does not require logins or accounts, we generally collect only limited data.
 
A. Information you provide to us
If you contact us via a Website form or by email, we may collect:
· Your name (if you provide it)
· Your email address
· The content of your message and any information you choose to include
· The date and time you contacted us 

Please do not include health information in your message. If you choose to include health or other special category information, this may be treated as special category data under UK GDPR and handled with additional care and appropriate safeguards.

B. Information collected automatically when you browse the Website
When you visit the Website, our servers may collect:
· IP address
· Browser type and device information
· Pages visited and time spent on pages
· Referring page/website and links clicked
This helps us maintain Website security and understand how the Website is used.

 
4) Cookies and analytics (including Google Analytics 4)
 
Our Website uses cookies (small files saved on your device) and similar technologies. Cookies help us:
· make the Website work and keep it secure (strictly necessary cookies)
· measure how the Website is used (analytics cookies

We use Osano as our consent management platform to manage and record users’ cookie preferences.

The law says we can store cookies on your device if they are strictly necessary to make the Website work. For all other cookies (including analytics cookies), we will ask for your permission first.
You can change your cookie choices at any time using the “Cookie settings” link on the Website.

For information onhow we manage cookies please see our Cookie Policy.

Google Analytics 4 (GA4) – consent-based analytics (no advertising)

We use Google Analytics 4 (GA4) to understand how visitors use our Website so that we can improve content, performance and user experience. GA4 measures things like which pages are visited, how long pages are viewed, and how visitors navigate through the Website.

We will only use GA4 if you give us your permission through our cookie banner/settings. If you do not consent, GA4 will not run and GA4 cookies (or similar analytics technologies) will not be set on your device. You can change your choice at any time using the “Cookie settings” link on our Website.

We use GA4 for website measurement only and do not use Google Analytics advertising features. This means we do not use GA4 for targeted advertising and do not enable Google Signals or remarketing/advertising audiences based on your activity on our Website.

Google processes analytics data on our behalf as a data processor, in accordance with our instructions and applicable data protection law. 


5) How we use your information

We use personal information to:
· Respond to enquiries and provide support where you contact us
· Maintain Website security (for example, to help detect malicious activity)
· Measure and improve the Website (where you consent to analytics cookies)
· Produce aggregated statistics that help us understand Website usage patterns

 
6) Our lawful bases for processing (UK GDPR)

A. Responding to enquiries and communications

Article 6(1)(f) – Legitimate interests: to respond to enquiries, manage communications, and operate our organisation effectively.
We have balanced this against your rights and freedoms and consider this processing to be proportionate and low risk.

Article 6(1)(b) – Contract (where applicable): where your enquiry relates to taking steps at your request prior to entering into a contract.

B. Website security and technical operation

Article 6(1)(f) – Legitimate interests: to protect the Website, systems, and users from security threats or misuse.

C. Analytics and website improvement

Article 6(1)(a) – Consent: where you consent to analytics cookies and Google Analytics 4.
You can withdraw your consent at any time using the Website’s cookie settings.

D. Legal and regulatory obligations

Article 6(1)(c) – Legal obligation: where we are required to comply with applicable laws or regulatory requirements

.
7) Who we share information with

We do not sell your personal information.

We may share personal information only when necessary, for example:
· With trusted suppliers who provide website hosting, IT, or analytics services (acting under contract)
· If required by law or to comply with a regulatory request in appropriate circumstances 
· To protect the rights, property, or safety of DigiBete, our users, or others 

Embedded content and third-party websites

Our Website may include embedded content (for example, videos) or links to third-party websites. Those providers may collect information via their own cookies or technologies. Where this happens, their privacy policies apply to their processing. 
 
 
8) International transfers
 
Some of our suppliers (for example, Google) may process personal data outside the UK.

If this happens, we ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual protections (for example, the UK International Data Transfer Agreement).


9) How long we keep your information (Retention)

We keep personal information only for as long as necessary for the purpose it was collected, including legal, regulatory, security and operational reasons. Where relevant, we take account of NHS and public-sector information governance best practice.
 
Typical retention periods:
· Website enquiries: kept up to 24 months after resolution
· Security logs: kept up to 12 months
· Analytics data: retained for 14 months (often aggregated)

 
10) Your rights
 
You have rights under UK GDPR, including:

  • to access your personal data
  • to correct inaccurate data
  • to request deletion (where applicable)
  • to object to or restrict processing (where applicable)
  • to withdraw consent at any time (where processing is based on consent)
  • to data portability (where applicable)
  • to complain to the ICO

To exercise your rights, contact us via https://www.digibete.org/contact-us/ or email hello@digibete.org. NHS privacy notices also emphasise clear routes for rights requests.

 
11) Security, NHS alignment, and incident management

We take security seriously and use appropriate technical and organisational measures to protect personal information.
 
NHS Service Standard 9 (security and privacy)
We design and operate this Website with reference to NHS Service Standard 9:
 
Create a secure service which protects people’s privacy, including identifying and managing security risks and protecting personal information appropriately.
 
Encryption (HTTPS)
Our Website is delivered over HTTPS, which encrypts data in transit between your browser and our web servers. This supports the expectation that services protect information appropriately and manage security risks.
 
Security incidents
If a security incident occurs that affects personal information, we will assess it promptly and notify individuals and/or regulators where required by law.

 
12) Children’s privacy

This Website is not directed specifically at children.

We have a specific Children’s Privacy Policy which explains how we conform to the Information Commissioner's Office (ICO's) code standards, and demonstrates that our services use children’s data fairly and in compliance with data protection law. The code is a set of 15 flexible standards that provides built-in protection to allow children to explore, learn and play online by ensuring that the best interests of the child are the primary consideration when designing and developing online services.

 
13) Changes to this notice
 
We may update this privacy notice from time to time. The latest version will always be published on this page, with the “Last updated” date shown at the top. 


DigiBete, January 2026