Privacy Centre
Data Protection & Security
We take our responsibilities as custodians of your data very seriously. The tabs below explains what personal information we collect, how we use it and your rights with regards to this data.
The UK Data Use and Access Act (DUAA) 2025
The UK General Data Protection Regulation (UK GDPR) sets out some of the important rules about how we treat your personal data. This sits alongside the UK Data Protection Act 2018 (DPA 2018) and The UK Data Use and Access Act (DUAA) 2025.
As we work in the healthcare sector, we are also guided by another set of principles, called the Caldicott Principles which are specifically designed to protect patient data in the UK. We follow a ‘privacy by design and default’ approach to ensure that our systems and processes continue to meet or exceed the standards that are expected of us by both the UK data protection laws and the Caldicott Principles.
Recognised legitimate interests under the The UK Data Use and Access Act (DUAA) 2025 – where applicable, for activities such as service improvement, analytics, or customer engagement, provided your rights and freedoms are not overridden.
Privacy Notice
Introduction
This Privacy Notice explains how we collect, use, and protect your personal data when you use our website and the Lifelight Application.
We are a ‘data controller’ in certain circumstances – e.g. personal data submitted to us through our website. For patient data, Xim is what is known as the ‘data processor’ and not the ‘data controller.’ The healthcare organisation is the data controller for patient data.
Who are we?
Xim’s registered office is: The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP
We are a company registered in England and Wales under company number: 3699022
Our Information Commissioner’s Office (ICO) Registration number is: ZA24174
We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
The individual responsible for data protection is Claire Robinson who can be contacted at: The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP.
How do we collect your information?
We collect your information when you provide it to us through the website contact form or when you communicate with us in other ways. Whenever you subscribe to our newsletter or fill out a form, we may also collect and process data to carry out any services you use. We will also process data to answer support requests.
Cookies
Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server. Please refer to Lifelight’s cookie declaration for information about the cookies we use.
Change your consent here.
Sharing and disclosing your personal information
We do not sell your information. We may share it with service providers acting on our behalf (e.g. IT support, Royal Mail), or where required by law or regulation (e.g. with the ICO or other regulators).
If Xim Limited is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred to the acquiring organisation as part of that transaction. We will ensure that the receiving party agrees to handle your data in a manner consistent with this Privacy Notice and applicable data protection laws.
Safeguarding Measures
We apply security controls and best practices including SSL, encryption, access restrictions, and firewalls to protect your personal data.
Transfers outside the UK/EU
We only transfer your data outside the UK/EEA where adequate safeguards are in place.
How Long We Keep Your Data
We retain data only as long as necessary. We are required to retain some personal data for 6 years for tax purposes. For marketing, we retain data until you withdraw consent.
Special Categories Data (including patient data)
Where we process special category data on behalf of healthcare providers (such as NHS Trusts), we do so under a data processing agreement. The controller typically relies on Article 6(1)(e) – public task – and Article 9(2)(h) – healthcare purposes. Xim, as processor, follows the controller’s lawful basis and instructions, and does not independently determine the lawful basis. Similarly, controllers are responsible for applying the national data opt-out. Where instructed by a controller, Xim complies with their direction.
Product images shown on our website are for illustrative purposes only and not an exact representation of the product.
Lifelight is compatible with a range of validated mobile devices. Please contact us for a complete list.