Our approach to GDPR and data protection

Veyas-AI is committed to full compliance with UK GDPR, the Data Protection Act 2018, and Caldicott principles. All patient data is processed only for direct care purposes. A Data Processing Agreement is executed with every practice before go-live. Patient data is never shared with third parties.

Our commitments

  • All patient data processed under UK GDPR and the Data Protection Act 2018
  • Data Processing Agreement (DPA) executed with every practice before go-live
  • Caldicott principles observed — patient data used only for direct care purposes
  • Patient data never sold, shared, or disclosed to third parties
  • Encryption in transit and at rest for all patient data
  • Role-based access controls ensuring minimum necessary access
  • Regular security audits and vulnerability assessments
  • ISO 27001 aligned information security management
  • Data stored within UK/EU jurisdictions
  • Right to erasure honoured upon request

Data subject rights

We support, all data subject rights under UK GDPR including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Requests can be submitted to hello@veyas-ai.co.uk.

Questions?

For GDPR-related enquiries, contact our data protection team at hello@veyas-ai.co.uk.

UK GDPR AlignedCaldicott PrinciplesWest EU Data ResidencyEncrypted InfrastructureBuilt for NHS Primary CareNo patient data shared with third parties