Data Security & GDPR

The Information Commissioner’s Office (ICO) has established clear rules on which parties are the data controller when providing certain services to end consumers. A party does not choose to be a data controller; it becomes defined as the data controller and bears its obligations when it provides the services that puts it within the ICO’s definitions, which usually involve any type of decision-making (whether manual or automated) with user data.

The rules and regulations can be found here.


All confidential or private customer data is stored within the UK and is encrypted using 2048-bit next generation universally compatible SSL certificates, as used by companies and organisations such as NHS, BBC, and Vodafone. Data is securely backed up nightly in multiple locations for security. In addition, all repeat prescription orders and patient consent nomination forms are also sent to relevant pharmacy partners via email for additional back up.

Data Protection

BeWell is GDPR compliant. We are listed on the NHS apps library, which means that BeWell exhibits care and security over patient data management to the standards of NHS Digital. Our app is also tested and assured by NHS Digital for public use.

BeWell takes your and your customers’ privacy and data protection very seriously. Every effort has been made to make sure our databases are secure and can only be accessed by you and trusted BeWell staff. 

Using NHS Login

Please note that if you access our service using your NHS login details the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.