This is the Statement of Information Practices Policy for Pavilion Health, accessible from

Pavilion Health is a specialist software products and services business focused on the quality and integrity of activity and costing data within the healthcare industry.

Who is collecting the data?
Pavilion Health collects personal information to conduct our business and to provide services under contract to our customers.

What data is being collected?

  • Data we collect directly to conduct our business

We collect and store identifiable personal information for our employees, our contractors, agents and our customers to conduct our business and to manage and support our staff. Pavilion Health only collections information that is needed, collected information is treated as confidential and is stored securely.

  • Data we have access to on behalf of our customers

Under contract from our customers, we have access to anonymized personal health information. Where-ever possible we endeavour to avoid copying and storing data within our systems, preferring to access data within the customer’s infrastructure. If we store within the Pavilion Health infrastructure is required, we use aggregated data where ever possible and further anonymise and encrypt data to ensure identification of individuals is not possible.

What is the legal basis for processing the data?
The information we collect directly is collected with the consent of the data subject.  The information we access on behalf of our customers is collected under the remit of that customer

Will the data be shared with any third parties?
No, data will not be shared with third parties

How will the information be used?
The personal information we collect to conduct our business will only be used to manage our business. The personal information we access on behalf of our customers will be used in accordance with customer contracts.

How long will the data be stored for?
Personal data we collect to conduct our business will be stored for the duration of the specific business purpose

What rights does the data subject have?
For information, we collect to run our business, data subjects have the following rights (under GDPR):

  • to be notified of any data protection breaches within 72 hours of Pavilion Health becoming aware of any such data breach
  • to access the personal information Pavilion Health store about that data subject
  • the right to be forgotten (in certain circumstances)

How can the data subject raise a complaint?
Please contact the Data Protection Officer, Pavilion Health at: