Legal

Privacy Notice UK

Last updated: April 2026

1. Who We Are

We are a supplier of clinical software, including the product Axana MDT, used by healthcare professionals and administrators to support multidisciplinary team (MDT) processes in the UK.

Our role under data protection law depends on the context in which we process personal data:

  • When we process personal data through our website or in our business operations, we act as a Data Controller.
  • When our software is used by hospitals to process patient data for direct clinical care, we act as a Data Processor on behalf of the hospital, which is the Data Controller.
  • We also act as a Data Controller when our software processes patient data in hospitals with the explicit purpose of generating and extracting fully anonymised, aggregated statistical reports that do not contain personal data and cannot be used to identify any individual.

2. Contact Details

Data Controller

Axana B.V.

Plantage Kerklaan 18-O, 1018 TB Amsterdam, Netherlands

Company Registration Number 94041938 (Dutch Chamber of Commerce)

gdpr@axana.com

+44 203 451 9479

Data Protection Officer (DPO)

Mrs Sarah Smith

We are registered with the UK Information Commissioner's Office.

3. When We Act as a Data Controller (Website and Business Operations)

We collect and process personal data in the course of our own business operations. In these cases, we are the controller of the data.

3.1 What Data We Collect

  • Contact information (name, email address, phone number)
  • Professional details (job title, organisation)
  • Communications (emails, messages via our website)
  • Technical data, such as IP addresses (collected via website server logs)
  • Survey responses or other voluntary submissions

3.2 How We Collect Personal Data

  • When individuals contact us via email or the contact forms on our website
  • When users register interest in our services or request a demo
  • Through optional surveys or forms
  • Automatically via our website (e.g., IP addresses, device data)

3.3 Legal Bases for Processing

  • Consent (e.g., when individuals sign up for updates or participate in optional surveys)
  • Legitimate interests (e.g., business development, responding to enquiries, and maintaining and improving our products and services)
  • Contractual necessity (e.g., to take steps at the request of a prospective customer or employee application)

3.4 How We Use the Data

We use the personal data we collect to respond to enquiries, to send relevant updates about our products, to improve our services, and to transact business with third parties.

3.5 Who We Share It With

We do not sell personal data. We may share it with:

  • Trusted third-party service providers (e.g., email hosting, CRM systems)
  • Legal or regulatory authorities where required

3.6 Data Retention

We retain personal data only for as long as necessary. In the event that it is no longer being used, any personal data collected will always be deleted after a maximum of five years. Automatically collected data, such as IP addresses in website logs, will be retained for no longer than one year.

4. When We Act as a Data Processor (Use of Axana MDT in Hospitals)

We process sensitive and some special category data via our software, installed in hospitals, in accordance with the written instructions provided by the relevant Data Controller.

4.1 Who Controls the Data?

When hospitals use our software (Axana MDT) to process patient data for direct clinical care, the hospital is the Data Controller, and we act as the Data Processor.

4.2 Types of Data Processed

  • Special category (sensitive) personal data, such as health data
  • Identifiers linked to patients and clinicians
  • Administrative and operational data required for MDT activities

4.3 How and Where Data is Processed

  • Data is processed either on-premise within a hospital's own secure network or via the public cloud, through a secure, encrypted connection.
  • If processed in the cloud, it is always hosted in data centres approved for healthcare use by the relevant authority (e.g., NHS England for NHS hospitals in England).
  • No personal data is transferred or processed outside of the UK unless it complies with all UK data protection legislation safeguards.

4.4 How Your Data is Used

  • All personal data will be recorded within the Axana system which is installed inside a secure network approved by the Data Controller. It is used only in the process of providing clinical care to patients.
  • The Axana team will provide IT support to users of the system to ensure that it runs smoothly and to maintain the software with regular updates.
  • We do not access or use patient-level data for any purpose other than providing and supporting the service in accordance with the Data Controller's instructions.

4.5 Patients' Rights

  • Patients cannot opt out of the processing of their personal data within the hospital's system, as this processing is based on Article 6(1)(e) – public task and Article 9(2)(h) – healthcare and treatment purposes.
  • Patients retain all GDPR rights (access, rectification, erasure, etc.), but these are managed by the hospital, not by us.
  • We will support the hospital, upon request, in fulfilling data subject rights.

5. When We Act as a Data Controller (Anonymised Statistical Data)

Always with the permission of hospitals using our software, Axana will extract anonymised, statistical reports from the data collected in the Axana MDT software for its own business purposes. This makes Axana a distinct, independent controller of the data for its analytical activity.

5.1 What Data We Collect

We generate and extract aggregated statistical outputs derived from data within the system. No patient-level, pseudonymised or directly or indirectly identifiable data is extracted, stored, or reused for this purpose. All outputs are subject to strict anonymisation and statistical disclosure control techniques.

5.2 Legal Bases for Processing

The generation of anonymised statistical outputs is carried out under our legitimate interests (Article 6(1)(f)). Where the underlying processing involves special category data, we additionally rely on Article 9(2)(j) (statistical and research purposes). Once data has been irreversibly anonymised, it no longer constitutes personal data under UK GDPR.

5.3 Patients' Rights

We recognise that some patients may prefer not to have their data analysed, even if the extracted reports contain no personal, identifiable data. In such cases, patients have the right to opt out. Hospitals can record this opt-out in the MDT system.

5.4 How We Use the Data

Any anonymised, statistical reports extracted from hospitals using the Axana MDT software will be used to generate insights on clinical care processes of interest to researchers, administrators, institutions and other third parties. These outputs may also be used for product development, benchmarking, service improvement, and commercial activities, provided they remain fully anonymised.

6. International Data Transfers

All personal data related to patients is typically processed within the country where the hospital itself operates, in full compliance with applicable regulations. We will only ever transfer personal data outside of the UK or EEA for reasons of operational efficiency, when adequate safeguards are in place (as set out in data privacy legislation) and the relevant Data Controller (hospital) has fully approved the transfer.

7. Data Security

We apply appropriate technical and organisational measures to safeguard all personal data. This includes:

  • Encryption (to industry standards) of data at rest and in transit
  • Access controls, based on the principles of least privilege and secure authentication
  • Regular staff training on information security, risk awareness and incident management
  • Hosting of data in secure data centres with full backup and business continuity plans

8. Your Rights Under the GDPR

Data protection laws provide you with a range of rights:

Right to be Informed

Right to be informed about the collection and use of your personal data.

Right of Access

Right to request copies of your personal information.

Right to Rectification

Right to request correction of inaccurate, incorrect or incomplete data.

Right to Erasure

Right to request deletion of your personal data.

Right to Restrict Processing

Right to request restriction of how your data is processed.

Right to Data Portability

Right to request transfer of your personal data.

Right to Object

Right to object to processing of your personal data.

Right to Withdraw Consent

Right to withdraw consent for data processing at any time.

Automated Decision-Making

Rights related to automated decision making including profiling.

These rights are not absolute — under certain circumstances they can be restricted or not applicable. When we are acting as the Processor, these rights can be exercised directly with our customers (e.g. the NHS hospital). If we are the Controller, you may contact us directly using the details in Section 2.

9. Cookies and Website Analytics

Like most websites, we may use cookies or analytics tools on our website to understand usage patterns and improve the user experience. Our Cookie Notice is available on our website.

10. Complaints

If you have a concern about how we handle your personal data, please contact us directly in the first instance and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO) if you are unhappy about how we process your personal data. The ICO Helpline number is 0303 123 1113.

11. Changes to This Privacy Notice UK

We may update this Privacy Notice UK from time to time. Any significant changes will be communicated via our website. The date of the latest update is shown at the top of this notice.

12. Contact Us

If you have any questions about this Privacy Notice UK or your personal data, please contact us using the details in .

Axana Logo

From the makers of Aidence.
Previously deployed AI solutions in over 100 UK & EU hospitals

Privacy Notice UK

Website by BlueWorks Studio

© 2026 Axana. All rights reserved.