Privacy Policy

Who we are

Virtually is the brand name of your GP online consultation service.

Your data will be controlled by your GP practice and is held in three ways: – on their clinical system EMIS – in their module on this platform – on NHS paper records known as a Lloyd George folder

You can obtain copies of any of your records by calling them.

This privacy policy sets out how Virtually uses and protects any information that you give us when you use our online consultation module. We are committed to ensuring that your privacy is protected. Any identifying information we ask you to provide will only be used in accordance with this privacy statement.

This website is run by Virtually Health Systems Ltd whose registered office is 14, Windermere Rd, London N19 5SE. VHS Ltd is a data processer. Its employees have no access to your data.

The GP practice you are registered with is the data controller of your data.

This privacy policy sets out how Virtually uses and protects any information that you give us when you use our online consultation module. We are committed to ensuring that your privacy is protected. Any identifying information we ask you to provide will only be used in accordance with this privacy statement.

Your consent

Whenever you submit information in Virtually’s module on this site, you consent to the collection, use, and disclosure of that information in accordance with those Terms of Use and this Privacy Policy.

NHS login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

What we collect

We may collect the following information:

  • Your email address
  • Your chosen password (which will always be encrypted)
  • Personal information, such as your postcode, your home address
  • Your age/date of birth
  • Your sex
  • Previous GP details
  • NHS number
  • Telephone number
  • a picture of your government-issued photo ID

Call recordings

Many GP surgeries use cloud based telephony which allows them to manage call volume, easily call patients back, and also enables their staff to work remotely.

Your GP practice may automatically record incoming and outgoing calls, and a warning to this effect is played to all incoming callers. All call recordings are strictly confidential. Call recordings form part of your patient record; as such, you are entitled to request access to call recordings which are a part of your medical record.

As Virtually calls are recorded on the Virtually platform, this notice only applies to you if you call your surgery directly.

What we do with the information we gather

We will never pass on your information unless you specifically consent to us doing so or we are specifically required to by law. We only use it in your healthcare, to understand your health and healthcare needs and provide you with a better service, and in particular:

  • for internal record keeping
  • to improve our services and ​email you messages related to your health or healthcare
  • to offer you relevant information based on your location
  • to present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in keeping you informed of our services subject to your right to opt-out at any time.

As part of providing you with high-quality preventative health care, we may contact you by SMS, email and/or other means to offer you helpful or important information about your care – this may include invitations to make in-person appointments.

Lawful basis for processing your information

We are required by law to tell you the legal basis that we are using for processing and using your
data. These are GDPR articles 6 (1) (e) and 9 (2) (h):

6 (1) (e):
“processing is necessary for the performance of a task carried out in the public interest or in
the exercise of official authority vested in the controller”
9 (2) (h):
“processing is necessary for the purposes of preventive or occupational medicine, for the
assessment of the working capacity of the employee, medical diagnosis, the provision of
health or social care or treatment or the management of health or social care systems and

If you would like more information on these, please contact the Virtually HelpDesk on 0202 7263 8380.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic procedures to safeguard and secure the information we collect online.

Passive information collection

As you navigate through this site, certain anonymous information can be passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies* and other navigational data collection (such as server logs). Your internet browser automatically transmits to this site some of this anonymous information, such as the URL of the website you just came from and the IP address and the browser version your computer is currently using.

This helps us analyse data about our site traffic, so we can improve Virtually and tailor it more to our members’ needs. All information is anonymous and only used for operational purposes.

*A cookie is a small file which “asks permission” to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of our website. Read more about our Cookies Policy.

Links to other websites

Our website may contain links or references to other websites e.g. the NHS site to which this Privacy Policy does not apply. If you click on these links to leave our site, you should note that we cannot be responsible for the protection and privacy of any information you provide whilst visiting those sites, nor can we be held responsible for the accuracy of this content. We suggest you always look at the privacy statement of any other website you visit.

Controlling your personal information

You may choose to change or restrict the use of your personal information by going to your Profile and amending your registration details.

We will not give your personal information to third parties unless we have your permission or are specifically required to by law.

If you believe that any information we are holding on you is incorrect or incomplete, please contact us using the ‘Message to Practice’ form in the administration section of your dashboard as soon as possible. We will, of course, happily correct any information that’s found to be incorrect.

Content of consultations

All clinical conversations and content entered within consultations remains confidential and will not be accessible by Virtually Health Systems Ltd  staff members. They will be accesible to the clinicians and staff of the GP practice you are registered with.

If you would like a copy of your medical records please contact the practice manager of the practice you are registered with.


If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.