Last updated: 23rd October 2024

1. Who we are

GPnav by Tower Family Practices (“we”, “us”, “our”). GPnav is a software tool designed to help GP practices guide reception staff through patient contacts with GP-approved prompts and customised care-navigation workflows. 

If you have questions about this privacy policy or how we handle your data, you can contact us at: hello@gpnav.net. 

2. What data we collect

Depending on how GPnav is used, we may collect and process:

  • Account and practice information: when a GP practice signs up for a demo or subscription, we collect business / practice name, contact name, email, phone number, address — the data needed to set up and service the account.

  • User credentials and usage data: for practice administrators, reception staff or other users of GPnav, we collect login credentials (e.g. username, password), role identifiers (e.g. role_id stored in user table), and log activity to manage usage, permissions, and provide support.

  • Support and communication data: when you contact us (for support, demo booking, feedback etc.), we may store your communication (email content, contact details) to respond and manage our services.

  • Cookies and tracking data: we may use cookies or similar technologies on gpnav.net to enable authentication, keep you logged in, remember preferences, or analyse usage of the website.

We do not routinely collect personal “patient health data” about individual patients via this website. GPnav acts as a software tool for practices; any patient-identifiable data handled by the practice remains under their control, not ours.

3. Why we collect and use your data

We process the data we collect for the following reasons:

  • To provide our software service to you (account setup, login, user management, billing, support).

  • To enable you to access, configure, and use GPnav, including supporting custom workflows, permissions, and subscription management.

  • To communicate with you regarding your account, service changes, support, and any updates.

  • To improve our website and service (e.g. analyzing usage, troubleshooting, maintenance, security).

We rely on lawful bases such as performance of contract (providing a service you requested), legitimate interest (improving and securing service, support), and consent (e.g. for cookies, communications) where appropriate.

4. How we store and protect your data

  • We store data using secure database(s) with access limited to authorised personnel only.

  • We implement reasonable technical and organisational measures to protect your data from unauthorised access, accidental loss or disclosure — for example, encrypted storage, secure connections (HTTPS), regular backups, and restricted access.

  • We will retain your account data for as long as your subscription is active, and for a reasonable period after closure (e.g. to comply with legal / accounting requirements, or in case of re-activation).

  • If you request deletion of your account, we will remove or anonymise your personal data, except where we are legally required to retain parts (e.g. billing records).

5. Cookies, tracking and external tools

Our website may use cookies (or similar technologies) to:

  • Enable login sessions;

  • Remember site preferences;

  • Analyse site usage — in an aggregated, anonymised form, to help us improve the site and service.

You can configure your browser to block or alert you about cookies. However, disabling some cookies may limit functionality (e.g. login, session persistence).

6. Third-party access / data sharing

We do not share your personal account data with third parties except in the following cases:

  • With service providers or contractors who support us (e.g. hosting providers, payment processors, technical support) — only when necessary and under confidentiality obligations.

  • If required by law (e.g. to respond to a lawful request from authorities).

  • If you explicitly give consent (e.g. for marketing communications or data transfer).

We will never share any patient data from GP practices (if entered or managed within GPnav) to external parties beyond what is agreed and permitted by the practice itself.

7. Your rights

Under applicable data protection laws (e.g. UK GDPR / Data Protection Act 2018), you have the following rights regarding your personal data we hold:

  • Right to access — you may request a copy of your data;

  • Right to correction — you may ask us to correct inaccurate or incomplete data;

  • Right to deletion — you may request that we delete your personal data (subject to legal/accounting retention);

  • Right to object or restrict processing — where lawful basis allows (e.g. for marketing, analytics);

  • Right to withdraw consent — if we rely on consent (e.g. for cookies or marketing), you can withdraw it at any time;

  • Right to data portability — to receive or transfer data in a structured, machine-readable format, where applicable.

To exercise any of these rights, contact us at hello@gpnav.net.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example, to reflect changes in law, GDPR requirements, or our services). We will note the “Last updated” date at the top. We encourage you to review this page periodically.

9. Contact Us

If you have any questions, concerns or requests regarding this privacy policy or how we handle your data, please contact us at:

hello@gpnav.net