Our legal status
We are a “data controller” for the purposes of the Data Protection Act 2018 and the UK GDPR for any information gathered for registering as a new user of the App or website, the management of account details and for any personal information inputted into the App or website by users.
What information is collected from users?
We collect, store, use and process the following personal information about users of the App and the website:
- Information that you provide by registering to use the App or the website. This includes information such as name, email, address, password and other identification details provided at the time of registering to use the App or the website;
- Information that you provide when using the App or the website. This includes information relating to your health, the enquiries you make, the consultations you book and information relating to any future appointments;
- Information about your device. This includes technical information about the type of mobile device you use, a unique device identifier, mobile network information and your mobile operating system;
- Information about payments that you make when using the App or the website;
- Records of your correspondence with us, either through the App, website or by telephone, e-mail or post;
- Details of your location; and
- Details of your use of the App and the website including, but not limited to, cookies, traffic data, location data and other communication data and the resources and services that you access via the App.
What special category data is collected from users?
We may also collect, store and use the following "special categories" of more sensitive personal information:
- Information about your health that you provide when using the App or the website. This includes information you provide to search, select a professional, send an enquiry or book an initial consultation and future appointments;
- Details of any referrals for treatment made as a result of the information you provide when using the App or the website.
Where do we collect user’s information from?
Most of the information we collect will come directly from users.
How do we collect user’s information?
We will collect personal information through different methods including:
- Direct interactions via the App;
- Direct interactions via the website;
- Through the service we provide to our users in accordance with our end user terms and conditions; and
- Automated technologies or interactions. As users interact with the App or the website, we may automatically collect technical information about your equipment, browsing actions and patterns.
How will we use information about users?
We will collect, store and use your personal information for the following purposes:
- To manage user accounts and account details;
- To ensure that content on the App and the website is presented in the most effective manner for users;
- Where you agree, to provide you with information, products or services that you request from us or which we feel may interest you;
- To carry out our obligations arising from any contracts, if applicable, entered into between us and you;
- To allow you to participate in interactive features of our services, when you choose to do so;
- To notify you about changes to our services or the App or the website; and
- To operate and improve the App and the website.
Any use of the information you load into the App and the website is bound by our end user terms and conditions.
We will only use personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How will we use your special category data?
"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We will use your special category data for the following purposes:
- To allow you to search, select a professional, send an enquiry or book an initial consultation and future appointments via the App or the website;
- For research and statistical purposes, provided any information is anonymised.
Why do we need this information?
We will only use personal information when the law allows us to. Most commonly, we will use personal information in the following circumstances:
- Where we have obtained your consent. You have the right to withdraw this consent at any time.
- Where we need to perform a contract we are about to enter into or have entered into with users and customers.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Why do we need your special category data?
We will only use your special category data when the law allows us to. We may process special categories of personal information in the following circumstances:
- With your explicit consent. You have the right to withdraw this consent at any time.
- Where it is needed in the public interest.
- Where it is needed in relation to legal claim.
- Where it is needed to protect your interests (or someone else’s interests) and you are not capable of providing consent.
- Where it is required for archiving, historical or statistical purposes in the public interest.
Our marketing communications
We may use the personal information of users of the App and website to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications). Users of the App and website may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing.
You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time.
Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.
What happens if users fail to provide personal information?
If you do not provide the personal information requested, or you withdraw your consent for the processing of your personal information, where this is necessary for the App or website functionality, we will not be able to provide our services to you. You are not under any obligation to provide the information requested and you can delete the App at any time.
Are users subject to automated decision-making?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Disclosures of Personal Information
Where you provide your consent for us to do so, we will share your personal information with:
- To healthcare providers or other professionals involved in your care in the course of providing our services to you;
- Your health insurer;
- Your GP.
We may also share personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Third party providers we may share your information with include:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Analytics and search engine providers that assist us in the improvement and optimisation of the App;
- Auditors, accountants and financial organisations;
- Medical research partners;
- Insurers, solicitors, professional advisers and consultants
- Central and local government;
- Health care professionals;
- Police forces, courts and tribunals.
Any third parties will be bound by contractual provisions with us and only have access to personal data to perform the described purposes and may not use it for other purposes.
We require all third parties to respect the security of personal information and to treat it in accordance with the law. We do not allow any third-party service provider to use personal information for their own purposes and only permit them to process personal information for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and the Information Commissioner’s Office of a suspected breach where we are legally required to do so.
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.
We may retain some of the information you provide in the App or the website for statistical or medical research purposes. We will anonymize any information used for research purposes so that you are not identifiable.
Where personal information is stored
The personal information that we collect is stored within the UK and EEA. However, it may be necessary to transfer and store personal information at a destination outside the UK or the EEA. Personal information may also be processed by organisations operating outside the UK or the EEA who work for us, on our behalf or for one of our suppliers. Such suppliers maybe engaged in, among other things, the fulfilment of our obligations to users and customers in regards to the provision of our services. We will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with this policy and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR.
Under certain circumstances, you have the following rights under data protection laws in relation to your personal information:
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request).
Right to correct any mistakes in your information
You can require us to correct any incomplete or inaccurate information.
Right to request erasure of your personal information
This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it.
Right to object to processing
You have the right to object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email us at contact us using the details below.
Right to request the restriction of processing
You have the right to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to request the transfer of your personal information to another party
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us using the contact details below.
Right to withdraw consent
In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, individuals have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
There may be circumstances where we will refer your request to our customer as a data controller and therefore the party responsible for the processing of personal information.
If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by e-mailing email@example.com
Alternatively you can make a complaint to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.