My Health Assistant (MYHA) is a company registered in England and Wales whose registered address Strawberry Fields Digital Hub, Euxton Lane, Chorley, PR7 1PS(“we”, “us”, “our”) is committed to protecting the privacy and security of personal information. This privacy policy together with any other documents referred to our mobile application (“the App”) and website outlines how we collect and use the information that we collect from you through your use of the App and the website. It makes you aware of how and why personal information will be used, namely through the obtaining of user consent and as required for the functionality of the App, and how long it will usually be retained for. It provides you with certain information that must be provided under the UK General Data Protection Regulation (UK GDPR).
This policy primarily covers how we use information relating to users of the App and the website. It is important that you read this policy, together with any other privacy notice or privacy policy we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
We are a “data controller” for the purposes of the Data Protection Act 2018 and the UK GDPR for any information gathered for registering as a new user of the App or website, the management of account details and for any personal information inputted into the App or website by users.
We collect, store, use and process the following personal information about users of the App and the website:
We may also collect, store and use the following "special categories" of more sensitive personal information:
Most of the information we collect will come directly from users.
We will collect personal information through different methods including:
We will collect, store and use your personal information for the following purposes:
Any use of the information you load into the App and the website is bound by our end user terms and conditions.
We will only use personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We will use your special category data for the following purposes:
We will only use personal information when the law allows us to. Most commonly, we will use personal information in the following circumstances:
We will only use your special category data when the law allows us to. We may process special categories of personal information in the following circumstances:
We may use the personal information of users of the App and website to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications). Users of the App and website may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing.
You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time.
Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to contact you in relation to the services we provide.
If you do not provide the personal information requested, or you withdraw your consent for the processing of your personal information, where this is necessary for the App or website functionality, we will not be able to provide our services to you. You are not under any obligation to provide the information requested and you can delete the App at any time.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Where you provide your consent for us to do so, we will share your personal information with:
We may also share personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Third party providers we may share your information with include:
Any third parties will be bound by contractual provisions with us and only have access to personal data to perform the described purposes and may not use it for other purposes.
We require all third parties to respect the security of personal information and to treat it in accordance with the law. We do not allow any third-party service provider to use personal information for their own purposes and only permit them to process personal information for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and the Information Commissioner’s Office of a suspected breach where we are legally required to do so.
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.
We may retain some of the information you provide in the App or the website for statistical or medical research purposes. We will anonymize any information used for research purposes so that you are not identifiable.
The personal information that we collect is stored within the UK and EEA. However, it may be necessary to transfer and store personal information at a destination outside the UK or the EEA. Personal information may also be processed by organisations operating outside the UK or the EEA who work for us, on our behalf or for one of our suppliers. Such suppliers maybe engaged in, among other things, the fulfilment of our obligations to users and customers in regards to the provision of our services. We will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with this policy and, in the event that personal information is transferred outside the UK or the EEA, shall ensure that this is carried out subject to the requirements of the UK GDPR.
Under certain circumstances, you have the following rights under data protection laws in relation to your personal information:
You can request a copy of your information which we hold (this is known as a subject access request).
You can require us to correct any incomplete or inaccurate information.
This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it.
You have the right to object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email us at contact us using the details below.
You have the right to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us using the contact details below.
In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, individuals have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
There may be circumstances where we will refer your request to our customer as a data controller and therefore the party responsible for the processing of personal information.
If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by e-mailing info@myha.co.uk
Alternatively you can make a complaint to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
If you have any questions about this privacy policy or how we handle personal information, please contact us by emailing info@myha.co.uk.
We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy when we make any substantial updates.