Privacy policy

Health Innovation East is a business name of Eastern which is registered in England as a company limited by guarantee with company number 08530726. Registered office is at Unit C, Magog Court, Shelford Bottom, Cambridge, CB22 3AD, England.


1.   Overview

This privacy policy covers any information and personal data which Eastern Academic Health Science Network Limited (Eastern AHSN), also referred to as ‘we’ or ‘us’ or ‘our’, processes in the course of its duties as an organisation. Eastern AHSN is the responsible and legal entity for the information and personal data it processes and has created the following privacy policy to describe how Eastern AHSN uses this information. This policy also relates to the website, which is intended for use by the general public, healthcare professionals, healthcare entrepreneurs, partner organisations and service providers. The policy does not cover all sites linked from this website. We encourage you to check when you are moving to another site and read the associated terms and conditions.

Eastern AHSN takes the privacy of your personal data and the responsibilities under the UK GDPR and Data Protection Act 2018 seriously. If you send us any of your personal data, we are committed to collecting, maintaining, and securing it in accordance with our internal data protection policies and in-line with data protection legislation.

There are 15 Health Innovation Networks (formerly AHSNs) across regions of  England, established by NHS England in 2013 to spread innovation at pace and scale – improving health and generating economic growth. Health Innovation Networks bring together the NHS, industry, academic, third sector and local organisations. The resulting collaboration ensures innovations, improvements and best practices benefit more patients faster. Health Innovation East is one of the 15 regional networks, our purpose is to turn great ideas into positive health impact. Our focus is the East of England, and being part of the Health Innovation Network national network enables us to deliver at scale.

Citizens, academia, health services and industry will achieve more working together than they will in isolation. Our job is to make this happen. We do this by helping innovators to navigate complex systems, generate value propositions and connect stakeholders to overcome challenges together. Sometime this involves sharing information with the Health Innovation Network or other Health Innovation Networks around the country. Therefore, our communications to you are an essential part of achieving our objectives.

2.     What information do we collect and why?

Personal data from the Eastern AHSN website

When using the Health Innovation East website, from time to time you will be asked to submit personal information about yourself in order to receive or use services. Such services include but are not limited to newsletters, events, toolkits, training, videos, updates, downloadable content and other email updates. Eastern AHSN collects information when you voluntarily complete forms or surveys via our website, make an enquiry, or provide feedback. Personal data Eastern AHSN may collect include:

  • your name and other submitted contact details;
  • records of your correspondence if you contact us, such as emails;
  • details of your use of this Site; and
  • other technical data, such as IP address, browser type and operating system (see below).

When you visit this site, Eastern AHSN automatically collects information using cookies, such as your browser type and operating system, websites you visited before and after visiting our website, standard server log information, and internet protocol (IP) addresses. We pool this information and may combine it with other information to produce anonymous, aggregated statistical information which is helpful to us in improving our products and/or services by offering a better customer experience or tailoring how we communicate with you. This information includes:

  • the total number of visits to our websites and mobile applications;
  • the number of visitors to each page of our websites and mobile applications; and
  • the domain names of our visitors’ internet service providers.

For further information on the cookies this site collects please refer to the Eastern AHSN cookies policy.

Personal data through our business operations

As well as information collected from you through our website, we may obtain personal data in other ways, such as by phone, email or in paper form during the course of our business operations. In most instances, Eastern AHSN is the data controller for such activities. In addition to the personal data we receive directly from you, we may also receive personal information from our business contacts or from others (about themselves or about other individuals) during our business operations.

Personal data through collected for the purpose of our business operations will be used for the purposes of:

  • administering a contract we have entered into with you;
  • providing you with information, including in response to queries regarding our programmes and/or services;
  • understanding our business needs and improving services; and
  • holding discussion forums and events.

as well as the use(s) set out in the other sections of this privacy notice.

In entering into a contract or business relationship with us, if you fail to provide certain information when requested, we may not be able to perform the contract we have entered with you, or we may be prevented from complying with our legal obligations. We will notify you if this is the case at the time.

Through the course of our business operations, we may also be required to use your personal data to comply with certain laws, or other specific uses for which you have given your consent. In any case where you have given your consent, you will be provided specific information about the nature of the processing at the time of the collection.

Personal data collected through social media pages

Eastern AHSN uses the contact data we hold relating to your social media platforms. Any data we hold is treated in line with this privacy policy. Please check the policy of the relevant social media provider for its privacy statement when using its services.

Eastern AHSN uses social media data to help you:

  • keep up to date with the latest news and the organisation’s views or response to important and informative topics related to the organisation’s work;
  • receive the latest updates about our programmes and projects including resources available to support colleagues across the health and care system; and
  • understand key developments around the organisations impact, successes and strategy.

As such, you may receive a communication from Health Innovation East (Eastern AHSN) via LinkedIn, Twitter, Facebook, Instagram or other such platforms. By participating in social sharing on our social media pages, you may disclose personal information about yourself. Any information you post or disclose in this way will become public information and may be available to visitors to these pages and to the general public. You should be careful when deciding to disclose your or any third party’s personal information, or any other information, on social medial pages or in any communications with us. You may also disclose personal information if you include third parties in your electronic communications with us.

Information collected through employment applications

In processing applications for employment Eastern AHSN collects resumes, references, certificates of qualification and other personal information about candidates. A member of our human resources team will review your application. Alternatively, we may provide your application to a recruitment agency or contractor who assists in reviewing applications that we receive.

Resumes sent as part of an application for an advertised position or sent generally to ascertain whether any positions are available, will be used to match applicants with available opportunities. If we consider that your application may be suited to our requirements, we, or a party acting on our behalf, will contact you to request that you attend an interview. We may also ask you to provide us with contact information for individuals who will act as referees. We may contact these individuals and ask them questions we feel are relevant to your possible employment with us. We may contact you again to request that you attend further interviews or to inform you of whether we are able to offer you a position with us.

If your application is not suitable to our current requirements, but we feel that there may be a position in the future for you with us, we will a keep a record of your application and may contact you again if a suitable position becomes available.

Newsletters: Eastern AHSN uses your contact details to send newsletter subscribers only the following kinds of information

  • updates about our programmes and projects including innovation exchanges, events, patient safety and resources to support partners in their work
  • occasional updates about local and national funding opportunities
  • initiatives across England’s 15 Health Innovation Networks (formerly AHSNs);
  • advice and expertise across the pathway of innovation.

Sharing this knowledge across the region and beyond is a key part of our mission and helps you understand the opportunities available to participate in.

Understanding the organisation you represent, and the role you have in that organisation also means we can support you by serving you communications that are specific to your work.

Events: The data Eastern AHSN collect when users register for the company’s events (online or by any other means) will be utilised for the smooth running of the event. This includes the provision of:

  • providing you with necessary information and inviting you to the event
  • updates or cancellation of an event
  • name badges and sign-in sheets for the event
  • your name and any dietary requirements (if supplied), to the venue hosting
  • event security, where applicable; and
  • further information about Eastern AHSN’s work and invites to further events that may be of interest.
  • Payments.

There may be photographers or film crews at Health Innovation East events. If there are, it is our policy to request your consent for photos or videography during event registration or on the day of the event. If you do not consent the photographer / videographer will avoid capturing you and we will obscure your identity post-event as necessary.

Podcasts: If you contribute to a podcast that Eastern AHSN records and / or publishes, it is our policy to request your consent to record you (and capture personal information required to support promotion) before recording begins.

Corporate meetings: If you are involved in any of our corporate meetings e.g. Advisory Panels, or our Innovation Review Panel we will hold your contact details to inform you of upcoming meetings and any updates you may need to know about. We will need to maintain our records in line with our retention policy.

Surveys: The data Eastern AHSN collect when participants complete surveys developed and captured by the organisation (online or by any other means) will be utilised to help analyse survey results and inform recommendations. Where at all possible surveys will be anonymous and will not collect personal data. However, from time-to-time Eastern AHSN (occasionally alongside trusted partners) will collect personal data via surveys. Where this is the case, all appropriate cautions are taken to secure and protect participant information. Survey data is collected to:

  • to form a better insight into the subject matter of the survey
  • Help NHS, healthcare or commercial partners enhance services for patients and end users
  • Understand and react to the feedback and opinions of respondents relating the Eastern AHSN’s work or our work alongside other organisations
  • Inform the development of products or services with the intention of turning great ideas into positive health outcomes.

Customer Relationship Management (Zoho One / CRM): We capture information on event attendees, social media users, newsletter subscribers and other marketing campaign or business-related communications in Eastern AHSN’s customer relationship management system. The data are used internally to help the organisation understand how we can serve stakeholders better. Capturing data in such a way enables us to have more informed and considerate relationships with our stakeholders. CRM data on Eastern AHSN stakeholders is held in line with Eastern AHSN’s data retention policy.

Project management platform (Verto): Your personal information may also be recorded (in a limited way) by Eastern AHSN’s project management office via the software we use to support PMO. In this instance the data captured will be limited to your name and primary email contact. The data are used internally to help the organisation understand how we can serve stakeholders and helps to run our projects and programmes more efficiently.

Personal data collected from other sources

We may collect personal data from other third parties who act as data controllers. Where we are a data processor of that personal data, we will only use the personal data in accordance with the instructions of the data controller. Our contracts with such third parties require that they are legally able to provide the personal data to us. Such parties include:

  • The Health Innovation Network – England and other Health Innovation Networks

Eastern AHSN may collect or share your personal data with the other members of the Health Innovation Network (see above) for the purposes of improving patient and population health outcomes by translating research into practice, developing and implementing integrated health care services, supporting knowledge exchange networks, sharing best practice and providing for rapid evaluation and early adoption of new innovations.

The legal basis for using this data

At Eastern AHSN we have extensively reviewed how we collect, store and process data for compliance with the applicable data protection legislations (including the Data Protection Act 2018 & UK GDPR).

Where Eastern AHSN are acting as a data controller for the personal data it processes, we rely upon the following lawful bases to process personal data under the UK GDPR:

Non-special category data:

Article 6(1)(a) – Consent

 Article 6(1)(b) – Performance of a Contract

Article 6(1)(c) – Legal obligation

Article 6(1)(e) – Performance of a task carried out in the public interest

Article 6(1)(f) – Legitimate Interests

Special category data:

Article 9(2)(b) – Employment, social security and social protection

Article 9(2)(j) – Scientific or historical research purposes

Eastern AHSN is jointly commissioned by the NHS and Office for Life Sciences.  Where Eastern AHSN carries out tasks on their behalf, such as facilitating research, development and innovation of healthcare in the region, we will often do so as a Data Processor. In such circumstances, we will not directly will not rely upon a lawful basis for the processing, as the organisation who is commissioning Eastern AHSN for the processing will rely upon the lawful basis as the Data Controller.

3.   Who do we share your personal data with, and where is it stored?

Eastern AHSN does not and never will sell your personal data to third parties unless we are required or permitted to do so by law. In those cases, we will have to share your personal data with law enforcement agencies, regulators, courts or other public authorities.

We mainly use the personal data internally to be able to effectively respond to your requests. However, in order for us to provide our services, there are some organisations we are required to or may share personal data with. This is primarily to either store the data with other companies, offer trouble shooting or consultancy services for external platforms, or to work with other AHSN bodies in England.

Third Party Name Location of Third Party Data Storage Function of Third Party
Microsoft Limited United Kingdom Cloud storage, email service provider
The Health Innovation Network United Kingdom National network commissioned by the NHS to support the adoption and spread of innovation across the NHS. Your data would only very rarely be shared with the Health Innovation Network.
Zoho Corporation Pvt. Ltd. European Union Provides Eastern AHSN’s ‘business operating system, Zoho One – which includes Zoho CRM and a range of applications that Eastern AHSN uses. The instance in which persona data might be shared is during support and troubleshooting for applications within the suite of applications.
Verto European Union Provides Eastern AHSN project management platform, The instance in which personal data is captured is in a record of project stakeholders held for each project or programme recorded.
Clareti Ltd United Kingdom External expert consultants for Zoho One and its constituent applications. The instance in which personal data may be available as follows: consultant has login access to system to be able to offer support and trouble shooting services.
Stripe United States To collect online payment for services such as Eastern AHSN events, training or event consultancy services (among others) Eastern AHSN does not hold any of this information in its systems. Stripe processes:

–           Participant name

–           Billing address and post code

–           Type of credit card used e.g. Visa

–           Care expiry date

–           Last four (4) digits of payment card number

–           Eastern AHSN are also able to see if a payment is accepted or not.

Using Stripe means customers agree to the privacy terms and conditions for the platform, which are also available here.

Data Connectivity United Kingdom Provides Eastern AHSN’s IT infrastructures and operating system – including support and troubleshooting

Eastern AHSN stores your data from our main website on secure servers.

Some of the personal data collected using this site and third-party sources may be stored or processed by our associates and carefully selected third parties using computers and servers located in other countries, including by means of cloud computing. Such computers and servers may be located both inside and outside of Europe, where data protection laws may differ from the country you live in. We are only permitted to transfer personal data outside of the European Economic Area where there is a legal basis for the transfer under Article 46 of the UK GDPR – for example, the country of the recipient(s) ensures an adequate level of protection or there are suitable contractual protections are in place (including approved Standard Contractual Clauses).

Where possible, Eastern AHSN ensures that all security measures and appropriate safeguards are put in place to protect your information and ensures that all data transfers of personal data comply with the data protection legislation. The companies we work with have been selected carefully and checked that they fulfil the necessary requirements.

4.   How long do we keep your personal data?

Your personal data will be kept in line with our internal retention policy and schedules and any legal obligation placed on the Eastern AHSN. We will not keep your personal data for longer than is necessary. In some instances, we might be required to keep the personal data to fulfil our legal obligations. Otherwise, we delete or anonymise (where we have the appropriate lawful basis to anonymise) your information once this is no longer needed.

5.     How do we protect your personal data?

We ensure that anywhere your personal data is stored or processed has adequate organisational and technical controls to ensure that the integrity and confidentiality of your data is upheld. Eastern AHSN has put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

6.     Transmissions using the internet

Unfortunately, the transmission of information via the Internet is not completely secure. Although Eastern AHSN will use reasonable commercial efforts to protect your personal data, we cannot guarantee the security of your data transmitted using the InternetAnything you send by email or using the internet is at your own riskOnce Eastern AHSN has received your personal data, we will secure your information in accordance with our security procedures and controls to try to prevent unauthorised access, alteration or loss.

7.     Your data subject rights

As a data subject, where we have processed your data, you have various rights under the UK GDPR about how your personal data is used, which are as follows:

The right to be informed: You have a right to be informed about the processing of your personal data. This privacy notice serves as Eastern AHSN’s transparency materials to provide the data subject with the information necessary to have them understand how their data is collected and used. A link to the Eastern AHSN privacy policy is on each page of the website to ensure transparency around the data the organisation holds and the purpose for which they are used.

The right of access: Anyone has the right to access and request a copy of the information held about them as individuals. Any requests for information must be sent to The information will be provided to the data subject without undue delay and within one month of receipt in an accessible, concise and intelligible format and will be disclosed in a secure way. Exceptions to this are possible in circumstances where Eastern AHSN is allowed to extend the time limit by law.

The right to rectification: As a data subject, you have the right to rectify inaccurate personal data which we hold on you. If any data held is incorrect, it is our objective that we will correct this within 2-working days of being notified. Rectification requests must be sent to

The right to erasure: In certain cases, you have the right to obtain from us the erasure of your personal data. Any requests for erasure to be sent to As a data subject, you can only request the personal data is erased where it is no longer necessary for the purposes Eastern AHSN collected it, if you provided the information by consent and you withdraw your consent, the Eastern AHSN has processed the information unlawfully, the erasure is in line with a legal obligation. Within 10 working days Eastern AHSN will notify the requestor of what will happen; either explaining that erasure is not possible/appropriate (given the legal basis for processing) or confirm the action that will be taken to ensure they can be forgotten. If the decision is not to erase, the requestor should also be notified of their ‘Right to Object’ to this decision.

The right to restrict processing: You have the right to obtain from Eastern AHSN restriction of processing, applicable for a certain period and/or for certain situations. Any requests for restricted processing to be sent to A restriction is only possible where the accuracy of personal data is contested and is being verified, the data has been unlawfully processed, the personal data is no longer needed by the Eastern AHSN but you need the Eastern AHSN to keep it in order to establish, exercise or defend a claim.

The right to data portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes; “to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.” The right to portability only applies where the Eastern AHSN has collected this information via consent or for the performance of a contract and where the processing of data happens by automated means. Any requests for data portability to be sent to

The right to object: In certain cases, you have the right to object to processing of your personal data, including with regards to profiling. You have the right to object at further processing of your personal data in so far as such data have been collected for direct marketing purposes. You also have the right to object to the processing of your data where a data controller processes personal data for purpose of a public task or under legitimate interests. Any objection to use, or decisions taken to be sent to

Rights in relation to automated decision making and profiling:  We do not undertake any automated decision-making based on your data.

Right to withdraw consent: Where the data processing is based on your consent, you have the right to withdraw the consent at any given time, which will result in Eastern AHSN stopping the processing based on consent if no other lawful basis is present. To withdraw consent, you can email us at, outlining from what you wish your consent to be withdrawn.

Right to filing complaints: You have the right to file complaints with the applicable data protection authority about Eastern AHSN’s processing of your personal data (see section 8 below) below)

For further information see

You can unsubscribe or update your preferences from our mailing lists at any time by clicking the links at the bottom of the newsletters, campaigns or events correspondence you receive or by emailing us at Please note that the data we process for events is essential to their running. If you need to object after registering for an event, this may result in you being unable to attend the event.

8.   Making a complaint

If you wish to lodge a complaint, you may contact Eastern AHSN at  If you are not satisfied with the organisations response or believe it is not processing your personal data in accordance with the law, you can also complain directly to the ICO at We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

9.   Contact Details of Data Protection Officer (DPO)

Eastern AHSN has a DPO. You can contact them directly by emailing:

10.     Changes to this privacy policy

Eastern AHSN regularly reviews our privacy policy. Any updates to the privacy notice will be clearly marked on the Eastern AHSN website. The last update to this privacy notice was 14th July 2023.


Health Innovation East is a business name of Eastern which is registered in England as a company limited by guarantee with company number 08530726. Registered office is at Unit C, Magog Court, Shelford Bottom, Cambridge, CB22 3AD, England.