Printed from CheckTick DSPT Compliance Documentation
Lawful Basis & Consent Statement
Date: 29/11/2025 Reviewer: [SIRO Name]
1. Our Role
CheckTick is primarily a Data Processor for patient-related health data. We process this data strictly on the instructions of our customers (Healthcare Providers).
2. Lawful Basis for Processing
| Data Category | Data Subject | Lawful Basis (GDPR) | Lawful Basis (Common Law) |
|---|---|---|---|
| Account Info | App Users | Art 6(1)(b) - Contract | N/A (Business data) |
| Health Responses | Patients | Art 6(1)(b) - Contract (Processor) | Managed by Controller (Consent/Public Task) |
| Payment Info | App Users | Handled by GoCardless | N/A |
3. Transparency & Choice
While the Data Controller (the healthcare org) chooses the legal basis for their survey, CheckTick provides the following technical safeguards:
- Participant Summaries: Mandatory header fields for surveys to explain data use.
- Withdrawal of Data: Built-in tools for users to delete specific responses upon patient request (Right to Erasure).
- Anonymization: Feature to collect responses without PII, removing the "Confidentiality" burden where possible.