Privacy Policy

A Few Definitions

“Us” or “Our” or “We” or “Company” refers to Mayden, “You” or “Your” or “Customer” refers to your organisation and its staff. “Staff refers to employees of Mayden. “Software” and “the Service” refers to bacpac. “Your Content” and “Your Data” refers to information owned by You.

Mayen is committed to protecting and respecting your privacy.

This policy together with our Terms and Conditions sets out the basis on which any personal data We collect from You, or that you provide to Us will be processed by Us.

This Policy explains when and why We collect personal information about individuals who visit the bacpac website, how We use it, the conditions under which We may disclose it to others and how We keep it secure.

We may change this Policy from time to time so please check occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy and our Terms and Conditions.

Any questions regarding this Policy and our privacy practices should be sent by email to or by writing to the Data Protection Officer, Mayden, 1 Widcombe Crescent, Bath, BA2 6AH.

Who are we

Mayden provides end-to-end managed web applications and bespoke system development to the healthcare sector. We specialise in innovative, flexible and cloud-based software solutions.

The registered address is 1 Widcombe Crescent, Bath, BA2 6AH. Registered in England with company number 4005808.

We are registered with the Information Commissioner’s Office as a data controller under registration number Z5351045.

Lawful Grounds for the Company’s processing activities

The legal basis for Our use of Your personal data will be because this is necessary in order for Us to supply the Services to You and perform Our contract with You, and for the purposes of our legitimate interests.

Information you provide

This Privacy Policy sets out the basis on which any personal information that We collect from You, or that you provide to Us, will be processed by Us. Some of this information will be personal data, which is specifically protected under Data Protection Legislation..

Where you are a Customer of Us, we will be the Data Controller in respect of certain Personal Data which You may supply to Us or which We collect from You when you access the bacpac website.

When You subscribe to use the Service You are responsible for the input of Your Content and Your Data which may be collected, stored and processed as a result of Your use of the Software, You will be the Data Controller, and We will be a Data Processor acting on Your instructions.

Where You are collecting, storing and processing Your Content, You will determine the purposes for which and the manner in which that Personal Data will be processed. You will own all rights, title and interest to all of Your Content and will have sole responsibility for the legality, reliability, integrity, accuracy and quality of Your Content. You will also be responsible for:

  • Ensuring that You are entitled to transfer the relevant personal data to Us, so that We may lawfully process and transfer such personal data on Your behalf.
  • You will ensure that the relevant third parties have been informed of, and have given their consent to such use, processing and transfer as required by all data protection legislation;

We may send and store data about You to a destination outside the European Economic Area (“EEA”) which may be processed by staff operating outside the EEA who work for Us or for one of our suppliers (third parties). We will ensure that the appropriate due diligence and safeguards are in place with the relevant third parties to protect Your data in accordance with applicable laws.

When you input Your Content into the Software Your Content is stored in data centres located in England. None of Your Content is transferred outside of England. The data centres are managed by our hosting partner with 24/7 manned security, CCTV, keycard access to the facility and restrictive access to the internals of the building based on authorisation levels.

Our hosting partners are assessed against the international standards ISO90001 – Quality Management, ISO20000 – IT Service Management, ISO27001 – Information Security Management, ISO27017 – Security Controls for Cloud Services, ISO27018 – Personal Data in the Cloud Security and Cyber Essentials.

We may hold Your personal information in electronic databases, such as our Case Management System (CMS). We take all reasonable steps to keep any personal information we hold about you secure.

By accessing and browsing our website, you confirm that you accept and give your consent to the processing of your personal data as described in this Policy.

You are advised to read this Policy carefully before using our website.

Conditions for Processing

Personal Information Mayden collects from you

There are a number of ways in which you may explicitly and intentionally provide Mayden with consent to the collection of certain personal information.

We will only collect and process data about you in the following circumstances:

  • When you fill in our ‘contact us’ form to request information about our products and services We will require your name, telephone number and email address.
  • When you contact Us to make requests or report faults. We may keep a record of our correspondence.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data.
  • e may collect information about your computer, including where available, your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns and is collected for system administration purposes and is not personalised to you. This is carried out using Google Analytics.

The anonymous information generated by Google Analytics cookies about your use of this website is transmitted to Google. This statistical information is processed to compile statistical reports on website activity for this site. This information helps us to optimise our content to better meet the needs of our customers.

We confirm that We do not provide, sell or otherwise disclose personal information We hold about you to third parties without your express permission or where we are under duty to do so by applicable law.

The only members of Our team that will have access to Your personal information, are those that need to be directly involved in technical support, maintenance or system administration.

Mayden will use personal information in the following ways:

  • for internal record keeping
  • for the performance and administration of the Services and Software
  • to provide you with information to improve our Services and Software
  • to notify You about new features, products, special offers or other information which We think You may find interesting
  • to maintain back-ups of our databases

Disclosure of your information

You agree that We have the right to share Your personal information as well as Your Content or Your Data with:

  • third party services who assist Us with Our activities, such as hosting providers or payment service providers.

How long will Mayden store Personal Data

We will retain Your personal data for as long as it is required in connection with the Services we are supplying to you. We may retain Your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.,

We will retain Your Content for as long as it is required in connection with the subscription to the Services we are supplying to you, and following termination of the subscription of the Services for a maximum of 90 days from the date the Services end.

Your choices

You have a choice about whether or not you wish to receive information from Us. If you do not want to receive direct marketing communications from Us about our products and services, then you can select your choices by ticking the relevant boxes situated on the form on which We collect your information. If you wish to stop receiving marketing communications from Us by email you have the option to unsubscribe at any time.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior explicit consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: or telephone 01249 701100.

Your rights

Under Data Protection Legislation, you have the rights as an individual which you can exercise in relation to the information We hold about you.

You have a right to access and obtain a copy of the personal data that We hold about you and to ask Us to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask Us to restrict the processing of your personal data until any errors are corrected. You have the right to object to the processing of your data where the organisation is relying on legitimate interests as the legal ground for processing, and you have the right to have your personal data erased which is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. You can obtain further information about these rights from the Information Commissioner’s Office at: or via their telephone helpline (0303 123 1113).

If you would like to exercise any of these rights you can do this by sending an email message to or by writing to Us at 1 Widcombe Crescent, Bath, BA2 6AH.

You have the right to lodge a complaint if you believe that We have not complied with your data protection rights. You can complain to the Information Commissioner’s office through their website or via their telephone helpline.

How you can access and update your personal information

The accuracy of your information is important to Us. Mayden complies with all applicable regulation when giving people access to their personal information. You can find out if We hold any personal information by making a ‘subject access request’ under Data Protection Legislation. If We do hold information about you, We will;

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

If you would like to access any of the information We hold about you or have any concerns regarding the way We have processed your information then please email

If We do hold information about you, you can ask Us to correct any mistakes by, once again, contacting Us on the email above.


We are committed to ensuring that your information is secure. We have a number of security measures in place to protect against the loss, misuse and alteration of any personal information We receive from you via this website.

We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy. For example, our website uses an encrypted connection to make it difficult for unauthorised people to view information travelling between our server and your device.

Unfortunately, the transmission of information via the internet can never be guaranteed to be 100% secure. As a result, while We strive to protect your personal information, We cannot guarantee the security of any information you transmit to Us, and you do so at your own risk. Once We receive information, We make our best effort to ensure its security on our systems. Once We have received your information, We will use strict internal procedures and security measures to try to prevent unauthorised access.

We have ISO27001:2013 and our Information security policies and procedures are subject to regular external assessments by a UKAS accredited certification company.

How do we use cookies?

The Mayden website uses ‘cookies’ to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise Mayden pages, or register with the Mayden site or services, a cookie helps us to recall your specific information on subsequent visits. This helps Us to improve our website and deliver a better more personalised service.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer

The below list details the cookies used in our website.

viewed_cookie_policyThe GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
CookieLawInfoConsentCookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSIDThis cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
_GRECAPTCHAGoogle Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
_hjIncludedInSessionSample_1553Description is currently not available.
VISITOR_PRIVACY_METADATADescription is currently not available.
YSCYoutube sets this cookie to track the views of embedded videos on Youtube pages.
VISITOR_INFO1_LIVEYouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
yt-remote-device-idYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::requestsYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::nextIdYouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt-remote-connected-devicesYouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
_gaGoogle Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gidGoogle Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_hjSessionUser_*Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjFirstSeenHotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.
_hjSession_*Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
CONSENTYouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
_hjAbsoluteSessionInProgressHotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.
_gatGoogle Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website, so We encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition if you linked to our website from a third-party site, We cannot be responsible for the privacy policies of the owners and operators of the third-party site and recommend that you check the policy of that third party site.


We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy.