HEALTH MONITORING ONLINE (HMO) APPLICATION – TMC PRIVACY NOTICE
(Privacy Notice. Last updated June 2018)
For the purpose of the Data Protection Act 1998 the data controller is:
Tooting Med Centre Ltd trading as Tooting Medical Centre (hereinafter referred to as “TMC“, “we“, “us“, “our“), which is a company registered in England and Wales with company number 07758028 and having its registered office at 5 London Road, London SW17 9JR.
We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office (“ICO”, the UK data protection regulatory body) our ICO registration number is ZA008395.
Please read this Notice carefully.
Please read this Notice in conjunction with the information about the HMO App features on our website.
You are in control of the features you choose, and within these features, the level of information you provide and if/who you wish to provide it to.
By opening an account within the HMO App you are acknowledging that you have read this Privacy Notice and you are agreeing (you are giving consent) to the collection, use, storage, sharing and disclosure of your personal data, medical records and other health data (“Personal Health Data”) in accordance with this Notice.
PROTECTING YOUR PRIVACY
We are committed to respecting and protecting your privacy. This Notice sets out the terms on which we will collect and process your Personal Health Data (provided by you through our HMO App, collected by us or received from other sources). The Data will be processed for the purpose of the efficient operation of the HMO App and its features as chosen by you.
We will keep your Personal Health Data safe, secure and private. It will be protected by a password and encrypted and processed in accordance with the current data protection legislation. We comply with the General Data Protection Regulation (EU) 2016 “GDPR”; we are also following NHS Data Standards (e.g. Data Security and Protection Toolkit) along with International Data Management Standards (ISO).
DATA WE COLLECT ABOUT YOU
Data you give us. This is information that you give us by filling in our forms on the HMO App site, website and the Services or by communicating with us including information you provide when you register and/or create an Account with us, when you download the HMO App, subscribe to any of the Services, search for any app or service, use wearables/devices connected with the HMO App, share data via the HMO App (at your choice) with doctors, hospitals, clinics, friends or family or enter a promotion or survey(if any) and when you report a problem with the HMO App, our services or any of our sites. If you contact us we will keep a copy of that correspondence.
The main categories of information that you will give us will be your Personal Health Data, which we will retain only for the purpose of using the HMO App and in accordance with your preferences in the Share feature. For example, the data you give us may include:
Your medical history – your conditions, injuries, allergies and other health problems that you have previously suffered, including any personal medical information that is disclosed to you by your GP or other healthcare professional; including any photos that you upload that relate to the condition;
Your body measurements and tests results, such as height, weight, waist to hip ratio, muscle mass percentage, body fat percentage, visceral fat rating, cholesterol, blood pressure, blood glucose, pulse, peak expiratory flow rate, oxygen saturation and respiration rate;
Your medication including the frequency in which it needs to be taken and the medical condition that it seeks to address and any historical medications that you have taken previously;
Your NHS number;
Vaccinations details, such as the name, date, place where it was administered and any reminders for re vaccinations and boosters;
Names and contact details of other people (friends, family) that you choose to give us through use of our Share feature.
Other third parties contact details such as GP, specialist, therapist, dietician;
Any documents you upload, including appointment letters, referral letters, reports, results or any other document you have chosen to upload;
Share feature– other than your name, profile picture, the first line of your address and your next of kin, people you have shared your Personal Health Data with via the Share feature will only be able to see any information you have chosen to share with them. They will not be able to see or access your security information and other information you choose to withhold. You can at all times edit any information that they add to your Personal Health Data;
Updates through the Share feature that you or any person you choose, make to any of the above information.
Your registration information your name, address, email address, telephone number, date of birth, gender, user name, password, other registration information, personal photos that you choose to upload;
Details of any support queries that you raise about technical issues you are experiencing with the application;
Any other data that you choose to provide us with, other than through the usual functionality of the application.
Data we collect about you and your device. Each time you visit one of our Sites or use one of our apps we will automatically collect the following information:
- technical information, including the type of mobile device you use, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting;
- information stored on your Device, including login information, photos, videos or other digital content, check ins;
- details of your use of any of Our apps or your visits to any of Our sites including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (Log Information).
- Unique application numbers: when you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.
Data we receive from other sources (Third Party Information). We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
HOW WE USE YOUR DATA
We use information held about you in the following ways:
- Submitted and collected Personal Health Data:
For example, one of the features available on the HMO App will be “Wellness & Lifestyle”. If you select it on the HMO App choice we can create a profile based on the overall specific features use and medical history, conditions, symptoms, treatment, medications, vaccinations, measurements, health goals, achievements and concerns, referred to within your Personal Health Data, for use, as follows:
We will set up your fitness goals; we will send you diet and other recommendations to achieve your goals. We will inform you about other apps, or devices, products and services relating to the management, measurement, monitoring, diagnostics, testing and care of the relevant health or medical condition or stated wellbeing. They may be those of TMC itself, its affiliate companies within the TMC group of companies, or third parties selected by TMC – We will never provide them with your Account information or Personal Health Data, we will merely direct you, by way of notification to the device against which the Application is registered, or email or SMS to the email address/ mobile number we have for you, to the relevant website, for example by way of hyperlink.
Your visit will be according to the terms and conditions and privacy Notice for their website so please read these carefully as soon as you arrive at their website.
Occasionally we will send you articles, developments and studies of health organisations, professionals, practitioners, academics and researchers. Again, we will not provide your personal details, we will merely direct you or provide a link to the relevant website.
- Device information: this is used for the purpose of checking the correct operation of the HMO App, updating and improving the App;
- Content Information: it is used for the purpose of preparing and providing you with health scores based on combined data stored on your APP, providing diet tips and other guidance on your physical condition and how to improve it.
- Log information: it is used for the creation of your account, user identification and enabling you to view the data you have stored on the App;
- Unique application numbers: they are used to enable us to send information about any updates to the system.
We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Notice for as long as it is combined.
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which the HMO App or the Services are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that you may give them or may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries (if any), as defined in section 1159 of the Companies Act 2006.
We will disclose some or all of the data (depending on the purpose it is needed for) we collect from you to the following third parties:
- People you choose to add/share with through the HMO App
- GP, practitioners, therapists and other third parties whose services and/or advice you choose to use through our HMO App
- Our third party service providers who help us to provide the application and website to you – we will impose appropriate obligations to protect the security and privacy of your information;
- Our professional advisors including our lawyers and accountants (and those of any prospective purchasers of our business – see below) when required for them to provide us (or prospective purchasers of our business) with professional advice – we will disclose only data that are necessary to be disclosed for the purpose and we will impose appropriate obligations to protect the security and privacy of your information;
- The police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the courts and any other government or regulatory authority based in any jurisdiction if they ask us to do so or if we wish to provide it because we think it appropriate to protect our business, staff, premises and users, or if we are obliged to do so, such as by court order;
- We will disclose and/or transfer your personal information to third parties:
- In the event that we sell, transfer, buy, re-organise, re-structure any business or assets, in which case we will disclose your personal data including your Personal Health Data to the prospective transferee or buyer of such business or assets for them to continue to use it in the same or similar way as we have prior to the transfer.
- If We are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- In order to:
- protect the rights, property or safety of TMC, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We do not disclose information about identifiable individuals to our advertisers or insurers, but we may provide them with anonymous aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW11).
We will use the personal data we have collected from you (without disclosing them) to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your anonymous information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org
Clinical research. We will ask you for an express consent if we intend to use your data for clinical research purpose.
If you are only a Visitor
If you are only a Visitor and have not subscribed to the HMO App, then we will not usually ask you to provide any health, wellbeing or medical data. If we do, we will make it clear to you why we are asking for it and as appropriate, seek your agreement to use it. Please note that if you or someone on your behalf makes any public posts to message boards or social media about your health, wellbeing or medical circumstances, you will be regarded as having agreed to such publication.
- However, we will collect the following:-
- Contact information, including your name and email address in the event that you register interest in using our application;
- Any queries that you raise with us, for instance you may submit a question by email to us about our application;
- Any interactions that you have with us on any of our chosen social media platforms. For instance, you may decide to like our Facebook page or send us a tweet on Twitter.
- All other information that you choose to provide us.
- We may use the data that we collect about you for the following purposes:
- Respond to your queries that you submit through our website or via any other communication medium such as email or letter;
- Contact you about the launch of the application where you have registered an interest in hearing about this;
- Help us to improve our website, including its content, layout and navigation;
- To verify your user credentials when you attempt to login to the application.
- Analyse user traffic and other metrics relating to the use of our website.
WHERE WE STORE YOUR PERSONAL DATA
The data that We collect from you will be transferred to, and stored on our servers and/or on our service provider’s servers in a member state (within the European Economic Area (EEA)) that has signed up to the General Data Protection Regulation (EU) 2016 “GDPR” and complies with all the relevant regulations. It will also be processed by staff operating within the EEA who work for us or for our third party service providers. These staff may be engaged in the fulfilment of your request, order or reservation and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
TMC will take all steps reasonably necessary to ensure that the service provider’s servers are located in the jurisdictions which comply with the provisions of the GDPR and your data is treated securely and in accordance with this Privacy Notice.
Where We have given you (or where you have chosen) a password that enables you to access certain parts of Our sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to Our sites; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
We will collect and store personal data on your Device using application data caches and browser web storage (including HTML 5)
This information is encrypted and any information we store is held on secure servers located within the countries that have EU standards for the protection of personal information.
The suppliers and advisers we engage to help us run and deliver our business, may have servers or data centres located outside the EU in which your personal information including that within your Personal Health Data, for example in the US or in cloud-based solutions. Storing might be different depending on the territory of collecting the information and the applicable legislation, but we always strive to store the information only as long as it is needed for the purposes of providing, improving or personalizing our Services.
Naturally, we expect our suppliers to take information security as seriously as we do so we will put appropriate measures in place requiring suppliers to treat the information to EU standards for the protection of your personal information. Even so, any transfer of information to other countries in this way could result in that information being available to the government and other authorities in those countries under their laws.
Providers and third parties with which you interact. We are not responsible or liable for your interaction with Providers and third parties, the information requests initiated by them, or the subsequent use, treatment or dissemination of information you voluntarily choose to provide to them.
YOUR RIGHT OF ACCESS TO INFORMATION
The Data Protection Act 1998 gives you the right to access information held about you. Any Data Subject Access Request will be subject to a fee of up to £50.00 to meet our costs in providing you with details of the information we hold about you. Please use our address as shown at the top of this Privacy Notice or email us at email@example.com if you wish to make a request or to request rectification of any of your personal details that you consider we hold and are inaccurate.
We have to insure that we store your information for 10 years or as long as required to provide our Service (whichever is the longer). When the information is no longer needed, we will delete it using reasonable measures to protect the information from unauthorized access or use.
We will, upon your request (which has to be made within 30 days of the termination) delete all of your Personal Health Data that you have supplied to us during your use of the Services within 30 days of your request.
Within a reasonable period of time following the 10 years’ limit or later termination (but no earlier than 30 days following termination) we shall use our reasonable endeavours to delete your Personal Health Data from our servers.
Following deletion, we will be unable to return your Personal Health Data to you.
CHANGES TO PRIVACY NOTICE
Any changes we may make to our Privacy Notice in the future will be posted on this page and we will notify you of the changes. The new terms will be displayed on-screen and you will be required to read and accept them to continue your use of the HMO App or the Services.
YOUR OTHER RIGHTS AND OUR CONTACT DETAILS
Under the GDPR, you also have a right to ask us to rectify your data, restrict processing or object to processing.
If you have any concerns, comments or questions about this Privacy Notice, please do feel free to email us at: firstname.lastname@example.org
If we cannot resolve your complaint or answer your questions regarding this Notice you can contact the ICO at Wycliffe House, Water Lane, Wimslow, Cheshire SK2 5AF.