Privacy Policy

1.    Introduction

This Privacy Policy (together with our terms of use and any other documents referred to therein) sets out the privacy policy of Imperial College of Science, Technology and Medicine, a charity and UK institution of Higher Education constituted by Royal Charter (with registered number RC000231) of Exhibition Road, London, SW7 2AZ ("Imperial College") in relation to our operation of the website at ("the website").  References to "we", "us" and "our" in this Privacy Policy refer to Imperial College. Terms defined in the website terms of use shall bear the same meaning when used in this Privacy Policy.

For the purpose of the Data Protection Act 1998 ("Act"), the data controller is Imperial College, of the address shown above.  Our nominated representative for the purpose of the Act is Professor Justin Cobb.  We are committed to protecting and respecting your privacy and security.

The Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By providing your personal information to us, you consent to the collection and use of it and any other information provided to us in accordance with this Privacy Policy.  If at any time you wish to change the uses of your personal information to which you have consented, please contact us at

2.    Collection of Personal Information

We may collect and process the following personal information about you:

  • any data which you provide when you complete and submit an application to register for the website or completing any form or questionnaire on the website.  In the case of Patients, this may include certain kinds of medical information (see section 3 below);
  • any data that you provide via postings to forums and blogs and any other posting that you make to the public areas of the website;
  • if you contact us (whether via email, telephone or other means), the details of such correspondence;
  • details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data;
  • information about you received from third parties, for example a friend, Patient, Doctor or other person who wants to tell you about the website;

For all users of the website, general information collected and stored by us might include your name, date of birth, e-mail address, telephone number, postal address, occupation, place of work or other professional information.

3.    Patient Information

For users of the website who are Patients registering for a JointPRO account we might also collect and store the following additional information, based on your submissions to the website (for the purposes of this Privacy Policy "Patient Information"):

  • information relating to:
    • your gender
    • your weight
    • your height
    • your address
    • your living arragements
    • your contact details
    • the names of your "Responsible Care Providers" and their place of work (as defined under Terms & Conditions)
  • Information relating to your medical condition, as may be updated by you from time to time, including as to:
    • your medical condition, including affected joint and type of condition, 
    • treatment details
    • other medical disorders
    • your disability status
    • your mobility
    • self-care
    • levels of pain relating to the condition
    • levels of anxiety arising from the condition
    • personal aspiration relating to the condition and progress as against those aspirations
    • other relevant information relating to the condition, including your usual lifestyle activities, eg work, study, housework, family or leisure activities

4.    IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers.  This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

5.    Storage and Retention of Your Information 

The data that we collect from you may be transferred to, and stored on a single dedicated server based in a UK data centre, run by Rackspace, built to rigorous standards and conforming to ISO 27001 certification. All traffic between users and the server is encrypted using a 256bit SSL (Secure Sockets Layer) certificate. Site is protected by Cisco firewall to preventing network attacks. 

We will take all steps reasonably necessary to ensure that your data is stored securely and in accordance with this Privacy Policy.

All personal information you provide to us will be encrypted using the industry standard AES algorithm (AES has been adopted by the United States government as their approved encryption algorithm and is in use by all the major banking groups). In addition, all traffic between users and the server is encrypted using a 256bit SSL (Secure Sockets Layer) certificate. The website has been built using Linux based industry standard web technologies, using its mature security framework to authenticate every user accessing the site. 

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

6.    Use of your Information

General uses

We may use personal information held about you (subject in each case to the requirements of the Act) in the following ways:

  • to ensure that content from our website is presented in the most effective manner for you and for your computer and for generating aggregated statistics about users, traffic patterns etc of the website;
  • to carry out our obligations arising from any contracts entered into between you and us;
  • to allow you to participate in interactive features of the website, when you choose to do so; and
  • to notify you about changes to the website.

Use and disclosure of Patient Information

If you are a Patient with a registered JointPRO account by registering for a JointPRO account you consent to Imperial College researchers viewing your clinical profile and the information contained on such profile (which will include the information referred to in section 3 above (Patient Information) in pseudonymised form).  We may allow some or all of the following categories of persons to view your clinical profile and the information contained on such profile (which will include the information referred to in section 3 above (Patient Information)).  We will only do so where you have expressly consented to such sharing (either via your account privacy settings or by virtue of your invite to such persons to access your profile). In some cases you may access the website using a code which indicates that you are being cared for by a particular institution and/or you are participating in an [academic/clinical] study ("site-specific code"). In such cases, the site-specific code will allow for your information to be shared (in pseudonymised form) with the institution which is providing your care and/or conducting the [academic/clinical] study in question:

  • Your Responsible Care Providers (namely GPs, Consultants and Physiotherapists); 
  • Other Clinical Team Members who are assisting your Doctor or Physiotherapist with your clinical care (as verified by your Doctor or Physiotherapist); 
  • (where you access the website using a site-specific code) the managers and senior administrative staff at the institution providing you with care (such as your hospital), whether that institution is a private healthcare provider or an NHS organisation;
  • (if you are signed up to a specific academic/clinical study), to the Academic Researchers who are involved on such study; and
  • (if you are an NHS Patient or a Patient in private care who has explicitly consented to this), the relevant national records system that monitors all admissions, appointments and attendances at NHS hospitals and/or private hospitals, as applicable (such as the Hospital Episode Statistics (HES) database administered by the Health & Social Care Information Centre (HSCIC), the National Joint Registry (NJR) or such other replacement national records system, and/or the database administered by the Private Healthcare Information Network (PHIN) concerning private healthcare, as applicable).

For the avoidance of doubt, where a Patient is involved in a specific academic/clinical study or you have accessed the website using a site-specific code, the Patient Information will be stored in pseudonymised form.  Imperial College researchers will also only be able to access Patient Information in pseudonymised form.  

This means that each Patient's data will be categorised by way of a specific numeric/code-based Patient ID rather than the Patient's name.  For [academic/clinical] studies, only the Lead Investigator for the relevant study (and the super-administrator responsible for the administration of the website) will hold the key enabling this Patient ID to be linked to the Patient's name. Where you have accessed the website using a site-specific code, only a single lead administrator at the institution providing you with care (and the super-administrator responsible for the administration of the website) will hold the key enabling this Patient ID to be linked to the Patient's name.

We may use Patient Information in anonymised or aggregated form for any purpose provided that such use does not enable the Patient Information to be linked to a named individual (and therefore no longer comprises personal data for the purpose of relevant Data Protection legislation, or confidential information).  Such use might include:

  • use in aggregated form (ie collected together with similar data from other Patients) to provide information to other users of the website regarding certain metrics relating to specific medical conditions (such as average time for recovery, for example);
  • sale or licensing of part or all of the aggregated data-set created from Patient's contributions to the website for commercial purposes (for example to manufacturers of implants or prosthetics) although we would normally only do so where such use or exploitation had the potential for improving the health and wellbeing of patients.

Other disclosures

In the event that Imperial College is acquired by or merges with another legal entity, or transfers its operations to a new legal entity, your personal information may be passed to the purchasing/merging/new legal entity amongst the transferred assets and activities.  This will enable your use of the website to continue despite the change of ownership.  

Our third party contractors (for example, web developers) who assist us with the operation of the website may also have access to your JointPRO account although only for the purpose of operation and maintenance of the website.  Such third party contractors are bound by strict obligations of confidentiality in relation to such access.

Where you have consented to the disclosure of Patient Information to the relevant national records system that monitors all admissions, appointments and attendances at NHS hospitals and/or private hospitals, as applicable, your information will be disclosed to the Health and Social Care Information Centre and/or the National Joint Registry in accordance with the terms prescribed by the Department of Health from time to time and/or (if applicable) your information will be disclosed to the Private Healthcare Information Network (PHIN) in accordance witht the terms you have agreed with your private hospital or other independent healthcare provider. This includes the right for your personal details and health information to be held and used by contractors working on behalf of the Health and Social Care Information Centre, Department of Health and/or the National Joint Registry and/or (if applicable) the Private Healthcare Information Network (PHIN) for this project. Imperial College may pass your information to such contractors in order to facilitate this.

We may also disclose your personal information to third parties if and to the extent that we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use; or to protect the rights, property, or safety of Imperial College, our staff, users of the website or others. 

7.    Your Rights

The Act gives you the right to access information held about you.  Your right of access can be exercised in accordance with the Act.  Any access request may be subject to a fee of Ten Pounds (£10) to meet our costs in providing you with details of the information we hold about you.

You have the right to ask us to not to process your personal data for any of the above purposes at any time by emailing

8.    Changes

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e mail.  Please ensure that you check this website from time to time to review the then current Privacy Policy and to update your preferences.

This Privacy Policy was last updated on 12/11/2013.


Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to

If you do not agree with this Privacy Policy you should not submit your personal information on this website.