Privacy Policy

Last updated: 9th April 2026

1. Who we are
i2i Health Portal (“we”, “us”, “our”) operates the website at i2ihealthportal.com. We connect NHS professionals and leaders with industry partners, education providers, and healthcare policy organisations to facilitate speaking engagements, advisory boards, and collaborative opportunities.
Our registered address is:128 City Road, London, EC1V 2NX
If you have any questions about this policy or how we handle your personal data, please get in touch with us at: info@i2ihealthportal.com

2. What data do we collect
We collect and process the following personal data depending on how you interact with the platform:
Account and profile data. When you register and create a profile, we collect your name, email address, job title, organisation, areas of expertise, regional information, availability, and, optionally, a profile photograph.
Request and engagement data. When you submit a request or participate in an engagement, we collect details about the opportunity, including budget, audience, dates, and the expertise required.

Matching and scoring data. Our platform uses a matching engine to connect requests with suitable NHS professionals. We store match scores, breakdowns, and status information to facilitate and improve the matching process.

Consent records. When you provide consent through our forms, we record the type of consent given, a hashed version of your IP address, and the date and time. We do not store your full IP address.

Agreement records. When you accept an engagement agreement through the platform, we store the agreement text, your identity, and the date of acceptance.

Communications data. If you opt in to email notifications, we use your email address to send you updates about matches, engagements, and platform activity.

Technical and cookie data. We use essential cookies to operate the site and optional cookies to understand how the site is used. Our cookie banner gives you control over non-essential cookies. We also use Google reCAPTCHA to protect against spam, which sets its own cookies as described in Google’s privacy policy.

3. How we use your data
We process your personal data for the following purposes:

To operate the platform and provide our services – creating your profile, processing requests, running the matching engine, facilitating engagements, and calculating commissions. Legal basis: performance of a contract.

To communicate with you – sending notifications about matches, engagement updates, and platform activity when you have opted in. Legal basis: your consent.

To maintain the platform, audit logging, security monitoring, and resolving technical issues. Legal basis: our legitimate interest in operating a secure and reliable service.

To comply with legal obligations, maintain financial records related to commissions and engagements. Legal basis: legal obligation.

To improve our services, understanding how the platform is used and improve the matching engine. Legal basis: our legitimate interest in improving our services, balanced against your rights.

4. Who we share your data with
Matched parties. When the matching engine connects an NHS professional with a request, limited profile information (name, expertise, organisation, job title, availability, and photograph if provided) is shared with the requesting party to facilitate the match. Similarly, request details are shared with matched NHS professionals.

Platform administrators. Our team has access to platform data to manage engagements, resolve issues, and provide support.

Service providers. We use the following third-party services to operate the platform:
Website hosting provider – to serve the website
Email delivery service – to send notifications
Google reCAPTCHA – to protect forms from spam
We do not sell your personal data to any third party. We do not share your data with advertisers.

5. How long we keep your data
We retain your data for as long as your account is active and you have an active profile on the platform. Specifically:
Profile data – retained until you delete your profile or request data deletion

Engagement and agreement records — retained for 7 years after the engagement is completed, in line with financial record-keeping requirements

Consent records – retained for the duration of your account plus 3 years, to demonstrate compliance. Audit logs – retained for 2 years, then anonymised
Communications preferences – retained until you withdraw consent or delete your account

6. Your rights
Under UK data protection law, you have the right to:
Access your data – request a copy of the personal data we hold about you. You can do this through WordPress’s built-in data export tool or by contacting us directly.
Correct your data – update your profile at any time through the portal, or ask us to correct any inaccuracies.
Delete your data – request deletion of your personal data. You can do this yourself using the “Delete my data” page in the portal, or by contacting us. Please note that some data may be retained where we have a legal obligation to do so (such as financial records related to completed engagements).
Withdraw consent – where we process your data based on consent (such as email notifications), you can withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
Restrict processing – ask us to limit how we use your data in certain circumstances.
Data portability – receive your data in a structured, commonly used format. The platform supports WordPress’s personal data export feature.
Object to processing – object to processing based on our legitimate interests.
To exercise any of these rights, please contact us at info@i2ihealthportal.com or use the self-service tools available in the portal. We will respond within one calendar month.

7. Data security
We take appropriate technical and organisational measures to protect your personal data, including:
Encrypted connections (HTTPS) for all data transmission
Access controls restricting who can view profile and engagement data
Nonce verification and capability checks on all form submissions and API endpoints
Input validation and sanitisation on all user-submitted data
Audit logging of significant actions on the platform
Regular software updates and security monitoring

8. International transfers
Your data is processed and stored within the United Kingdom / European Economic Area. If any of our service providers process data outside this area, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

9. Children
Our platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us, and we will delete it promptly.

10. Changes to this policy
We may update this privacy policy from time to time. We will notify registered users of significant changes by email. The “last updated” date at the top of this page indicates when the policy was most recently revised.