Privacy Policy

Who we are

Virtually is the brand name of Archway Medical Centre’s online consultation service. When you register through Virtually you will be registering with Archway Medical Centre whose address is 652, Holloway Road, London N19 3NU. It is an NHS GP Practice registered with the Care Quality Commission

Your data will be controlled by Archway Medical Centre and is held in three ways:
– on their clinical system EMIS
– in their module on this platform
– on NHS paper records known as a Lloyd George folder

You can obtain copies of any of your records by calling Carole Hubbard, Assistant Manager of Archway Medical Centre whose direct line is 020 7561 5856 or calling the patient support desk on 020 7263 8380. You may prefer to use the form “Request your medical records” in the administration section of your dashboard.

This website is run by Virtually Health Systems Ltd whose registered office is 652, Holloway Rd. London N19 3NU. VHS Ltd is a data processer. Its employees have no access to your data.

This privacy policy sets out how Virtually uses and protects any information that you give us when you use our online consultation module. We are committed to ensuring that your privacy is protected. Any identifying information we ask you to provide will only be used in accordance with this privacy statement.

Your consent

Whenever you submit information in Virtually’s module on this site, you consent to the collection, use, and disclosure of that information in accordance with those Terms of Use and this Privacy Policy.

NHS Login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

What we collect

We may collect the following information:

  • Your email address
  • Your chosen password (which will always be encrypted)
  • Personal information, such as your postcode, your home address
  • Your age/date of birth
  • Your sex
  • Previous GP details
  • NHS number
  • Telephone number
  • a picture of your government-issued photo ID

Call recordings

Like many GP surgeries, the Archway Medical Centre uses the X-On phone system. This is a cloud-based phone system which allows us to manage our call volume, easily call our patients back, and also enables our staff to work remotely.

X-On automatically records incoming and outgoing calls, and we have a warning to this effect which is played to all incoming callers. All call recordings are strictly confidential. Call recordings form part of your patient record; as such, you are entitled to request access to call recordings which are a part of your medical record.

After 36 months, all call recordings are automatically, and permanently, destroyed. As Virtually calls are recorded on the Virtually platform, this notice only applies to you if you call our surgery directly, or when you are contacted by a non-clinical member of our surgery staff.

What we do with the information we gather

We will never pass on your information unless you specifically consent to us doing so or we are specifically required to by law. We only use it in your healthcare, to understand your health and healthcare needs and provide you with a better service, and in particular:

  • for internal record keeping
  • to improve our services and ​email you messages related to your health or healthcare
  • to offer you relevant information based on your location
  • to present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in keeping you informed of our services subject to your right to opt-out at any time.

As part of providing you with high-quality preventative health care, we may contact you by SMS, email and/or other means to offer you helpful or important information about your care – this may include invitations to make in-person appointments.

Lawful basis for processing your information

We are required by law to tell you the legal basis that we are using for processing and using your
data. These are GDPR articles 6 (1) (e) and 9 (2) (h):

6 (1) (e):
“processing is necessary for the performance of a task carried out in the public interest or in
the exercise of official authority vested in the controller”
9 (2) (h):
“processing is necessary for the purposes of preventive or occupational medicine, for the
assessment of the working capacity of the employee, medical diagnosis, the provision of
health or social care or treatment or the management of health or social care systems and

If you would like more information on these, please contact Carole Hubbard.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic procedures to safeguard and secure the information we collect online.

Passive information collection

As you navigate through this site, certain anonymous information can be passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies* and other navigational data collection (such as server logs). Your internet browser automatically transmits to this site some of this anonymous information, such as the URL of the website you just came from and the IP address and the browser version your computer is currently using.

This helps us analyse data about our site traffic, so we can improve Virtually and tailor it more to our members’ needs. All information is anonymous and only used for operational purposes.

*A cookie is a small file which “asks permission” to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of our website. Read more about our Cookies Policy.

Links to other websites

Our website may contain links or references to other websites e.g. the NHS site to which this Privacy Policy does not apply. If you click on these links to leave our site, you should note that we cannot be responsible for the protection and privacy of any information you provide whilst visiting those sites, nor can we be held responsible for the accuracy of this content. We suggest you always look at the privacy statement of any other website you visit.

Controlling your personal information

You may choose to change or restrict the use of your personal information by going to your Profile and amending your registration details.

We will not give your personal information to third parties unless we have your permission or are specifically required to by law.

​You may ask us to provide details of the personal information we hold about you, under the Data Protection Act 1998. To request this information, please call Carole Hubbard, Assistant Manager of Archway Medical Centre whose direct line is 020 7561 5856 or call the patient support desk on 020 7263 8380. You may prefer to use the form “Request your medical records” in the administration section of your dashboard.

If you believe that any information we are holding on you is incorrect or incomplete, please contact us using the ‘Message to Practice’ form in the administration section of your dashboard as soon as possible. We will, of course, happily correct any information that’s found to be incorrect.

Content of consultations

All clinical conversations and content entered within consultations remains confidential and will not be accessible by Virtually Health Systems Ltd  staff members. However, Virtually clinical staff who are employed and managed by Archway Medical Centre will access consultation information, for legitimate healthcare reasons.


If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

COVID-19 supplementary information

14 June 2020. This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice.

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on here.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However, in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs, we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency, we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require, and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.