Unwritten Health LTD ("we", "us", "our") is committed to protecting the privacy and security of personal data. We specialise in generating patient insights to improve health equity, clinical trial inclusivity, and healthcare outcomes.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our platform, services, and website (collectively, the "Services"). It also explains your rights in relation to your personal data.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the common law duty of confidentiality, and the Caldicott Principles where applicable.
This Privacy Policy applies to:
Data Controller: Unwritten Health LTD, registered in England and Wales, company number 16561594, whose registered office is at Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UK.
Data Protection Officer (DPO): Ashish Rishi, CEO Email: [email protected] Postal Address: Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UK
For any questions about this Privacy Policy or our data practices, please contact our DPO using the details above.
We may collect and process the following categories of personal data.
We recognise that much of the data we process constitutes special category data under the UK GDPR, including:
We apply enhanced protections to all special category data and only process it where we have identified a valid legal basis and an additional condition under Article 9 of the UK GDPR and Schedule 1 of the DPA 2018.
We process personal data for the following purposes, each linked to a specific lawful basis:
Providing our platform and services to users Lawful Basis: Performance of a contract
Collecting and analysing patient insights to improve clinical trial design and health equity Lawful Basis: Legitimate interests / Consent Special Category Condition: Explicit consent / Substantial public interest / Scientific research purposes
Conducting health equity research and producing anonymised or aggregated reports Lawful Basis: Legitimate interests Special Category Condition: Scientific research purposes (with appropriate safeguards)
Reimbursing patients and participants for their contributions Lawful Basis: Performance of a contract
Creating anonymised or pseudonymised datasets for clients Lawful Basis: Legitimate interests Special Category Condition: Explicit consent / Scientific research purposes
Communicating with you about our services, updates, and opportunities Lawful Basis: Legitimate interests / Consent
Complying with legal and regulatory obligations (e.g., adverse event reporting) Lawful Basis: Legal obligation Special Category Condition: Substantial public interest
Protecting our legal rights and resolving disputes Lawful Basis: Legitimate interests Special Category Condition: Establishment, exercise, or defence of legal claims
Improving our platform, services, and user experience Lawful Basis: Legitimate interests
Marketing and promotional communications (with consent) Lawful Basis: Consent
Website analytics and performance monitoring Lawful Basis: Legitimate interests
Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override the rights and freedoms of data subjects. Details of these assessments are available upon request.
Given the sensitive nature of patient insights, we apply the following additional protections.
If, during the collection of patient insights, we become aware of an adverse event, product complaint, or special reporting situation, we have procedures in place to report this to the relevant pharmaceutical company and/or regulatory authority (e.g., MHRA) in accordance with applicable regulations and BHBIA/ABPI guidelines.
We may share personal data with the following categories of recipients:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your data for their own purposes and only permit them to process your data for specified purposes and in accordance with our written instructions.
We will never sell your personal data to any third party.
We will never share identifiable patient data for marketing or insurance purposes.
We primarily store and process personal data within the United Kingdom and the European Economic Area (EEA).
Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, including:
You may request a copy of the safeguards we have in place by contacting our DPO.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
Patient insight data (identifiable): 7 years from the date of collection, or until consent is withdrawn, whichever is sooner
Anonymised/aggregated insight reports: Retained indefinitely (as they no longer constitute personal data)
Platform user account data: Duration of the account plus 3 years
Contractual and financial records: 7 years from the end of the contract (in line with HMRC requirements)
Marketing consent records: Duration of consent plus 7 years
Website analytics data: 12 months
At the end of the retention period, personal data will be securely deleted or anonymised.
We have implemented appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or destruction. These measures include:
In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours and will inform affected individuals without undue delay where required.
Under the UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact our DPO at [email protected]. We will respond to your request within one calendar month. In certain circumstances, we may extend this by a further two months, and we will inform you if this is the case.
If you are dissatisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk
By using our website or platform, you consent to the use of essential cookies. For non-essential cookies, we will ask for your explicit consent before they are placed on your device.
Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. Cookies are widely used to make websites work more efficiently and to provide information to website owners.
Cookies may be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain on your device until they expire or are manually deleted).
Similar Technologies
In addition to cookies, we may use similar technologies such as:
For simplicity, this Cookie Policy refers to all these technologies collectively as "cookies."
We use cookies to:
We categorise cookies into four types based on their purpose and function.
These cookies are essential for the website and platform to function properly. They enable core functionality such as security, network management, authentication, and accessibility.
Legal Basis: These cookies do not require consent under UK PECR because they are strictly necessary for the service you have requested.
Duration: Session or persistent (up to 12 months)
session_id — Maintains your login session — Session csrf_token — Protects against cross-site request forgery attacks — Session load_balancer — Distributes traffic across servers for performance — Session cookie_consent — Records your cookie preferences — 12 months
You cannot refuse these cookies if you wish to use our platform. You can block them by changing your browser settings, but this may prevent you from accessing parts of our website or platform.
These cookies collect information about how you use our website and platform, such as which pages you visit, how long you spend on each page, and any errors you encounter. We use this information to improve website performance and user experience.
Legal Basis: Your explicit consent is required under UK PECR.
Duration: Typically 12–24 months
_ga — Google Analytics — Distinguishes unique users and tracks site usage — 24 months _gid — Google Analytics — Stores and counts page views — 24 hours _gat — Google Analytics — Throttles request rate — 1 minute
We use Google Analytics to analyse website traffic. Google Analytics collects information such as your IP address (anonymised), browser type, device type, pages visited, and time spent on pages. For more information about how Google uses data, please visit: https://policies.google.com/technologies/partner-sites
Analytics data is retained for 26 months, after which it is automatically deleted.
These cookies allow our website and platform to remember choices you make (such as your username, language preference, or region) and provide enhanced, personalised features.
Legal Basis: Your explicit consent is required under UK PECR.
Duration: Typically 12 months
language_pref — Remembers your language preference — 12 months dashboard_layout — Saves your dashboard customisation settings — 12 months notification_settings — Remembers your notification preferences — 12 months
These cookies are used to deliver content and advertisements that are relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of marketing campaigns.
Legal Basis: Your explicit consent is required under UK PECR.
Duration: Typically 12–24 months
_fbp — Meta (Facebook) — Delivers and measures the effectiveness of Facebook advertising — 3 months _linkedin_data_partner_id — LinkedIn — Tracks conversions and website visitors for LinkedIn advertising — 90 days
We may work with third-party advertising networks to display relevant advertisements. These networks may track your browsing activity across multiple websites to build a profile of your interests.
You can opt out of targeted advertising by visiting:
We do not use targeting or marketing cookies by default. We will only set these cookies if you give us your explicit consent.
When you first visit our website, you will see a cookie consent banner that allows you to:
Your consent choices will be saved for 12 months. After this period, you will be asked to confirm your preferences again.
You can change your cookie preferences at any time by:
If you withdraw consent for analytics or marketing cookies, any cookies previously set will be deleted, and no new cookies of that type will be placed on your device.
Most web browsers allow you to control cookies through their settings. You can configure your browser to:
How to manage cookies in common browsers:
For more detailed instructions, visit your browser's help pages:
Please note: Blocking or deleting cookies may affect your ability to use certain features of our website or platform.
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals.
At present, our website does not respond to DNT signals. However, you can control cookies through the methods described in Section 5.
We may update this Cookie Policy from time to time to reflect changes in technology, legislation, our business practices, or for other operational reasons.
When we make significant changes, we will notify you by:
We encourage you to review this Cookie Policy periodically.
If you have any questions or concerns about our use of cookies, please contact us:
Data Protection Officer Unwritten Health LTD Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UK Email: [email protected] Telephone: +44 (0) 161 524 8800
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk
Some cookies may collect personal data (such as your IP address or device identifiers). Where this is the case, the data is processed in accordance with our Privacy Policy and the UK GDPR.
Where cookies are used in connection with the collection of patient insights or health-related data:
Some third-party cookies (such as Google Analytics, Meta, LinkedIn) may transfer data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as EU-US Data Privacy Framework participation, Standard Contractual Clauses (SCCs), and adequacy decisions. For more information about international data transfers, please see our Privacy Policy.
This Cookie Policy was last reviewed on 16 March 2026
Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without parental or guardian consent. Where patient insights are collected from or about individuals under 16, we ensure that appropriate consent is obtained from a parent or guardian.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Where changes are significant, we will notify you by email or through a prominent notice on our website.
We encourage you to review this Privacy Policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Data Protection Officer Unwritten Health LTD Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UK Email: [email protected] Telephone: +44 (0) 161 524 8800
This Privacy Policy was last reviewed on 16 March 2026.
Questions about this document? Contact our Data Protection Officer at [email protected] or write to us at Swan Buildings, 20 Swan Street, Manchester, M4 5JW, UK.