We will only use the information that we collect about you lawfully and in accordance with the EU General Data Protection Regulation 2018.

Under the terms of the GDPR legislation, we are required to clearly and concisely explain to you how we will treat any personal and/or private data collected from you.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes policies and practices of Stalis Ltd (Stalis) regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.


Who we are?

Stalis Head Office is in Oxfordshire, England. We are registered as Stalis Ltd in England (Companies House registration number 02585206) and we are registered with the Information Commissioner’s Office under registration number Z9204321.
We are not statutorily required to appoint a Data Protection Officer. To facilitate any data privacy related queries, we have appointed an internal Compliance Administrator for you to contact if you have any questions or concerns about our personal data policies or practices. Our Compliance Administrator’s contact details are as follows:

Shelley Hawley
Stalis Ltd
Unit 11, Oasis Business Park, Stanton Harcourt Road
Eynsham, Witney
Oxfordshire OX29 4TP
Telephone: 01608 810015

If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Compliance and Administration Officer who will ensure that your complaint is investigated.

If you are not satisfied with our handling of your queries or complaints on data protection, you can call the Information Commissioner’s Office on 0303 123 1113


The data we collect and process

  • Client data
  • Patient and healthcare data
  • Visitors to our website
  • Marketing data


Client data:

We collect personal information about our clients and customers to provide them with Data Services as well as related consultancy services primarily in the areas of Health and Social Care.


We will hold the following information about clients:

  • Name and contact information.
  • Personal information contained in business communications
  • Transaction data including details about services you have purchased from us
  • Usage data including information about how you use our product and services
  • Marketing and Communications data including your preferences in receiving marketing material from us and your communication preferences.


How is your personal data collected?

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • engage us to provide services;
  • subscribe to our publications;
  • request marketing material to be sent to you;
  • enter a competition, promotion or survey;
  • complete one of our enquiry forms; or
  • provide us with feedback.


When and how we share information with others

Your information may be shared with:

  1. IT service providers who provide data storage, processing, back-up and retrieval services
  2. Sub-contractors or associates who are asked by Stalis to deliver all or some of the services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.


Patient and healthcare data

We process patient and healthcare data provided to us by other Data Controllers like NHS Trusts, private hospitals and healthcare organisations. We process this data strictly on instructions of the Data Controllers who provide us with access to such data and abide by the privacy and security requirements as per the contractual arrangements with the Data Controllers. Stalis do not keep a record of any patient data processed by it in the course of providing its services. We follow, and are fully committed to fulfil, our obligations as a Data Processor for data privacy, data security, and breach notifications.


Visitors to our Website

When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. The information is only processed in a way which does not identify anyone.

When you complete a contact form on our website or use the email for enquiries, we will use the information provided by you only for the purpose of providing you with an appropriate response.

We provide website visitors and email recipients the option of opting-in to receive our newsletters. We will send you the newsletters only if you have provided your explicit consent and will provide you with an unsubscribe option in each newsletter if you don’t wish to receive them any longer.


Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.


Automated Decision Making

We collect technical data automatically by using cookies and third party analytics providers, such as Google. No other data we collect from you is processed in an automated manner.


Data subject rights

This Privacy Policy is intended to provide you with information about what personal data Stalis collects about you and how it is used.
The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

If you have any questions, please contact us at

If you wish to confirm that Stalis is processing your personal data, or to have access to the personal data we may have about you, please contact us at

You have a right to request correction of inaccurate information, deletion of information, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements. If you would like more information or would like to make such a request, please contact us at


Security of your information

To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis.

We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

We also get our systems independently assessed to ensure that we have good security measures in place.


International Transfers

We do not transfer your personal data outside the European Economic Area.


Data storage and retention

Your personal data is stored by Stalis on its servers, and on the servers of the cloud-services providers we engage, as well as in physical forms in our office. We retain data for the duration of the customer’s business relationship with us and as per the regulatory, legal, or reporting requirements.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at

This privacy policy was last updated on 10/01/2019