CLEAR and data privacy
Last updated Apr 2026 (version 04)
Welcome to 33n Ltd’s (“33n”, “we”, “us”, “our”) privacy notice. 33n is the controller of your personal data for the purposes described in this notice. This means we decide how and why your personal data is used.
We have appointed a Data Protection Officer (DPO). If you have any questions about this notice or your personal data, you can contact:
Email: dpo@33n.co.uk
You have the right to complain to the Information Commissioner’s Office (ICO).
We respect your privacy and are committed to protecting your personal data. This notice explains how we collect, use and protect your personal data as part of:
- consultancy and advisory services
- analytics, modelling and insight generation
- service impact, evaluation and improvement activities
- workforce and operational analysis
- client relationship and service delivery
This includes work carried out with clients, partners and collaborators.
Where 33n acts as a processor, the client’s privacy notice will usually apply instead.
This notice should be read alongside any more specific privacy information we provide where needed.
We do not make significant decisions about individuals based solely on automated processing.
A significant decision is one that produces legal effects concerning you or has a similarly significant impact on you.
We may use analytical methods and AI-enabled tools to support:
- data analysis
- modelling and forecasting
- reporting and insight generation
- quality assurance and security monitoring
These tools:
- are used to support human analysis and judgement
- do not replace human decision-making
- are subject to controls to minimise risk, bias and inappropriate use
- are not used to make decisions about individuals without meaningful human involvement
We do not use special category data (such as health data) for significant solely automated decisions unless this is permitted by law and appropriate safeguards are in place.
We store and process personal data in the UK and do not transfer project personal data outside the UK.
We take appropriate technical and organisational measures to protect personal data, including:
- role-based access controls
- restricted access to authorised personnel
- secure systems and environments
- encryption in transit where appropriate
- data minimisation and pseudonymisation
- project-specific safeguards
Access is limited to those who need it for their role.
We retain personal data only for as long as necessary for the purposes of the project and to meet legal or contractual requirements.
In general:
- identifiable data is retained only as long as necessary
- data is deleted or anonymised when no longer required
- anonymised data may be retained for longer
- data may be retained longer where required for legal or regulatory purposes
Retention is governed by project documentation and data sharing agreements.
You have rights under data protection law, including:
- access to your personal data
- correction of inaccurate data
- deletion in certain circumstances
- restriction of processing
- objection to processing
To exercise your rights, contact:
dpo@33n.co.uk
In some cases, your request may need to be handled by the organisation that originally collected your data.
If you have concerns about how your data is used, contact:
dpo@33n.co.uk
You can also complain to the ICO: https://ico.org.uk
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose. If this applies, we will explain the legal basis where required.
Privacy notice for CLEAR projects
Last updated Apr 2026 (version 04)
We use personal data relevant to the project and the services being delivered.
Personal data
This may include:
- demographic data (eg age, gender)
- service activity data (eg appointments, pathways, activity)
- operational and performance data (eg measures of service delivery or outcomes)
- pseudonymised identifiers
We may also create derived data, such as aggregated analysis, models and insights.
Special category data
This may include:
- health or care data
- racial and ethnic origin data
Derived data
We may also generate information from the data we use, such as:
- aggregated analysis
- statistical outputs
- models and insights
This information is anonymised or aggregated so that individuals are not identifiable.
We do not usually collect data directly from you. Personal data is typically provided by:
- healthcare providers or service organisations
- systems used to deliver care or services
Data is shared with 33n securely under formal agreements.
Lawful bases
- Legal obligation – to comply with legal or regulatory requirements
- Legitimate interests – to deliver projects’ purposes
Where we use special category data, we rely on:
- Health or social care
- Public health
We only use special category data where it is necessary for the purposes of the project and permitted by law. We apply additional safeguards, including restricted access and data minimisation.
Purposes of processing
We use your personal data for the following purposes:
| Purpose | Description | Lawful basis |
|---|---|---|
| Service analysis and improvement | Understanding service demand, pathways and outcomes | Legitimate interests, and health or social care and / or public health |
| Evaluation and reporting | Producing insights and recommendations | Legitimate interests, and health or social care and / or public health |
| Improving 33n services | Improving methods, tools and approaches (using anonymised/aggregated data) | Legitimate interests, and health or social care and / or public health |
| Anonymised outputs and case studies | Using anonymised or aggregated information to demonstrate, explain or improve our services | Legitimate interests |
| Legal and regulatory requirements | Meeting legal or regulatory obligations | Legal obligation |
We do not sell your personal data.
We may share personal data where necessary with:
- authorised 33n staff
- project partners and collaborators (where required)
- approved service providers (eg secure systems used for analysis)
- regulators or public authorities where required
This is limited to what is necessary and subject to safeguards. We only share data where necessary and require third parties to protect it and use it only for agreed purposes.
Information shared with clients is typically:
- aggregated
- anonymised
- or otherwise prepared so individuals are not directly identifiable
Join the CLEAR
programme
Get in touch with us if you would like to discuss
a potential project and/or opportunities for your
clinical staff.
