Your personal information and what we do with it


  1. Why do you collect my information?

Somerset NHS Health Checks is delivered by Thrive Tribe. We collect your information for our Health Checks programme for 40 – 74-year-olds. Our service is commissioned by Somerset County Council. Your data will be processed to enable us to perform Health Checks, assess your health and wellbeing and contact you.


  1. Who do you get my data from?

We get your information from self-referral via our website or telephone service. We also receive data from the NHS Digital, detailing eligible service users, which we use to contact you.


  1. How does data protection law allow you to use my data?

When self-referring we ask for your consent (Article 61a) and explicit consent (Article 92a) to collect, process and store your data.


When contacting you about our services from the data provided to us by the NHS we rely on the lawful basis of (Article 61e) performance of a public task carried out in the public interest and (Article 92h) processing is necessary for the purpose of preventative care. You can opt out of this communication.


  1. What information of mine do you use?

The personal data we use for you includes Age, Gender, Ethnicity, Smoking Status, Blood Pressure, Pulse, Body Mass Index, Waist Circumference and Physical Activity Levels. We also use more sensitive special category data including Health Records, Genetics and Biometric Data.


  1. Do you share my information with anyone?

We share the results from your NHS Health Checks with your GP and anonymised data with Public Health. We also use Booking Bug (JRNI), a scheduling, and booking system to process appointments.


  1. Does any of my information get sent outside of the UK?

When referring your information may get sent outside of the UK by the Booking Bug (JRNI) system. All our other systems are UK based.


  1. How long do you keep my information?

We keep your information for eight years in line with the NHS Records Management Code of Practice 2021.


  1. What about my rights under Data Protection law, how can I activate them?

Under Data Protection law you have the right to:

  • Be informed how your data is used (which is what this leaflet is doing).
  • Access to your information.
  • Rectification of errors.
  • Erasure (in certain circumstances).
  • Restriction of processing (in certain circumstances)
  • Objection to processing.
  • Data Portability.
  • Understand whether profiling or automated decision-making is being used (see Section 9).


If you would like to request or discuss any of these, please contact our Data Protection Officer using the details at the end of this leaflet.


  1. Do you use any automated decision-making or profiling on my information?

We use your information to make automated decisions about your or profile you. Including your Body Mass Index, Cholesterol, Glucose Levels and Q RISK score.


  1. What do I do if I am concerned about how you are using my information? 

In the first instance we would be grateful for the opportunity to respond to your concerns ourselves and hopefully sort out any issues for you. To help with this, please write to our Data Asset Owner at the following address


If you are not satisfied with the outcome of our support, you may take your complaint to the Information Commissioner’s Office, which regulates Data Protection. Its address is Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. It can be contacted by telephone on 0303 123 1113 or by email on