Effective Date: 11 January 2019
Providing personal information is an act of trust and something which we take seriously. Unless given consent to do otherwise and/or otherwise permissible by and/or required by law, iDHS.HealthWise will only collect and use personal information as set out below.
We use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), and Switzerland to which the GDPR applies.
PERSONAL INFORMATION THAT WE COLLECT
iDHS.HealthWise does not collect personal information beyond the limited data we need for you to use our services on the Website.
iDHS.HealthWise collects personal information provided directly by the User or Practitioner when the User or Practitioner registers an account, performs any activities and transactions on the Website and uses our Services. We may receive the following personal information:
* information provided during account registration, including, without limitation: personal details, user name, address, phone number and email address;
* health and medical information: information about health, symptoms, treatments, consultations and sessions, medications and procedures;
* financial information provided during transactions, including, without limitation, bank account numbers;
* location data;
* any other personal information which you directly provide to iDHS.HealthWise; and
* any other personal information requested or required by the Website.
We may also automatically collect certain information about User’s or Practitioner’s computer device, browsing activities, statistical information, information on visits and use of the Website and Services. We may receive certain data automatically collected by our software, for example: IP address, cookies data, performance specifications of the User’s or Practitioner’s hardware and software, date and time of access to the Website, the URL of the page requested. This information is aggregated to provide statistical data about our Users' or Practitioner’s browsing actions and patterns, and does not personally identify individuals.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract and “legitimate interests”.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer at firstname.lastname@example.org
. Please title your email as “DPO”.
HEALTH AND MEDICAL INFORMATION
The main type of information we hold about you is health and medical information: information about User’s health, symptoms, treatments, consultations and sessions, medications and procedures. We may receive such information as a result of User’s consultations with Practitioners, and interactions with our digital services, or any other use of our healthcare services. All health and medical information is held securely in accordance with our data retention rules.
We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us.
YOUR DEVICE AND LOCATION
When you visit or leave our Website, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location based on your phone settings.
USE OF PERSONAL INFORMATION
Personal information will be collected, held, used and disclosed for the following primary purposes jointly and/or severally:
* to provide you with Services requested, complete your transactions, and address your inquiries;
* to use your medical information to provide you with healthcare or treatment;
* to give you a medical diagnosis;
* to identify you and personalize your experience with us;
* to process registration and log in to the Website;
* to facilitate our communication and contact you about our Services or other matters;
* to provide you with newsletters via mail and e-newsletters;
* to process any requests, complaints and applications;
* to record statistical data for marketing analysis and to conduct market research;
* to share personal information with our healthcare practitioners and other trusted third parties in the manner described below;
* to the extent permissible or necessary by law, for any other purpose as may be deemed reasonably necessary by iDHS.HealthWise in the circumstances;
We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. We may need to disclose certain information in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
The personal information is available and accessible by our employees who we believe reasonably need to come into contact with that information to provide services or in order to do their jobs. iDHS.HealthWise uses all necessary means to monitor and limit the administrative access to personal information of the Users and Practitioners.
COOKIES AND OTHER TECHNOLOGIES
DISCLOSURE OF THE PERSONAL INFORMATION
The protection of the personal information and your privacy is important to us. We do not disclose the personal information to any third parties except on a limited and strict need to know basis when we need to disclose such information to:
* Practitioners, pharmacies and other service providers engaged by us to perform some functions on our behalf on a confidential basis;
* legal and regulatory authorities;
* our employees.
We may share the minimum amount of your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data for the relevant purposes in the ways specified by us. Those we share your information with are not allowed to use it to try to sell their own services to you.
Where you access our services through your health insurance provider, and where you have given your consent, we will need to let your insurance company know your name, email address, policy number, location (based on IP address), demographic information, that you had an appointment with us, the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us.
We will, where necessary for your treatment or care, share your information with your other health and social care providers.
THE RIGHT TO EDIT PERSONAL INFORMATION
You may access your personal information held by us to correct, update and remove inaccurate or incorrect data. You have the following rights:
- delete some or all personal information that we hold about you;
- change or correct your personal information which we hold about you;
- object to, or limit or restrict, use of your personal information;
- right to access and/or take your personal information: you can ask us for a copy of your personal information and can ask for a copy of personal information you provided in machine readable form.
If you want your personal information to be corrected, updated or removed, please contact our customer support or send us your email at email@example.com
. Please provide us with enough information to identify and verify you in your written request, and allow 30 days for this request to be processed. We may collect the fee as provided by law.
We use certain technologies to ensure the confidentiality of your personal information and to secure your sensitive data. iDHS.HealthWise uses several security measures, including Socket Layer protocol (SSL), Encryption, Secure password requirements, Advanced security monitoring, Malware prevention, Extended Validation SSL Certificatewhich are industry-leading technologies to ensure that your information is fully encrypted.
However, no method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
You are responsible for maintaining the accuracy and completeness of your personal information. You shall inform us in relation to any changes to your personal information.
We retain your personal information while your account is in existence or for as long as it is necessary or your user account is active or as needed to provide you with the Services on the Website or as provided by the applicable laws. The data retention of your medical records is provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association.
As required by applicable law we retain information as follows:
- Communications online if recorded are stored for 3 months in case of dispute between the User and a Practitioner, thereafter it is deleted if there is no dispute within this period;
- GP records are retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
- Maternity records are retained for 25 years after the birth of the last child.
- Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation are retained for 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
If you no longer want us to use your personal information to provide you with the Services, you may close your account. However, we may retain and use your personal information as necessary to comply with our legal obligations and resolve disputes.
MERGE OF COMPANY
CROSS-BORDER DATA TRANSFERS
We process information both inside and outside of Designated Countries and rely on legally-provided mechanisms to lawfully transfer information across borders. Countries where we process data may have laws which are different, and potentially not as protective, as the laws of your own country.
From time to time we may send you messages that are service-related and required for our Users and Practitioners, including newsletters and other alerts. We may also send you email relating to your personal transactions, about special promotions, featured investments and other news of the Website and Services. We may also send you news and updates about changes to our Website and Services.
We would like to get in touch with you, by post, email and text message, about products and services which we, our group companies and selected partners provide and think you would be interested in, and to let you know about relevant offers and news. We will only do this if you have given us permission (you must tell us if you want to receive this information). If you no longer want to receive marketing information in a particular way, or receive any marketing at all, you can change your mind at any time. You can change your preferences by logging into ‘Your Account’ or visiting www.іdhshеаlthwіsе.соm. You can also unsubscribe from further emails by clicking on the unsubscribe link at the end of every email we send you.
DATA CONTROLLER PERSON
To communicate with our Data Protection Officer, please contact us at firstname.lastname@example.org