You can contact us at firstname.lastname@example.org if you have any questions about this policy or generally on how your personal data is processed by us.
Personal data means data from which you may be identified, directly or indirectly, in particular by reference to an identifier such as your name or any user id that we allocate to you. We may process the following types of personal data about you:
The Data Protection Laws define certain personal data as falling into 'special categories of personal data' such as personal data regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning your health (including mental and physical health), or data concerning your sex life or sexual orientation.
Your Health Data will therefore be classed as "Special category data". When you have used our services either you or your provider of Health Data have provided us with the data that we need in order to diagnose and prescribe safe and effective treatment for you. We have only used this personal data for this purpose, and for the purposes of keeping your NHS record up to date, to enable us to improve the service we have given you, and to improve the service the NHS provided to both you and other patients.
We have only processed such data (in accordance with Data Protection Laws) where it has been necessary for the purposes of medical diagnosis, the provision of health care or treatment, the management of our health system, or for scientific research purposes.
We have only used your personal data when the law has allowed us to. Most commonly, we have used your personal data in the following circumstances
There may also have been circumstances in which we have only used your personal data with your consent. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
We have only used your personal data for the purposes for which we have collected it, unless we have reasonably considered that we have needed to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will contact you and explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above, where this is required or permitted by law.
Personal data is kept for no longer than necessary in order to fulfil the purpose for which it was collected (including the purpose of fulfilling our legal obligations). To determine the appropriate amount of time for which we will keep your personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we have to retain your information for a minimum period required by law (such as retaining records for HMRC purposes) we comply with that minimum period plus a period of up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.
Since our service has ceased to trade, any medical records including all identifiable data would be held for 24 months from the date the service ceases, in August 2020. After this date it will be securely destroyed, provided this is in line with applicable legislation.
Once personal data is no longer needed for the purpose it was collected we may anonymise the data and retain it for business development research into automised healthcare. Anonymised data can no longer be traced back to you, and we may use such data without further notice to you. Data which has been properly anonymised is not considered to be personal data and is not subject to the Data Protection Laws.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Details of these measures are available upon request.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You are entitled to withdraw your consent for the processing of personal data which is based on your consent.
You are entitled to information if we process your personal data, if such personal data is transferred to a third country and, if relevant, who has received your personal data.
You are entitled to have any incorrect information about you corrected. In certain circumstances, including when it is confirmed that we are processing personal data without legal grounds or if the processing is no longer necessary in order to fulfil the purpose, you will be entitled to have the data deleted (the right to be forgotten). If the accuracy of the personal data or the legal basis for data processing is questioned, you can request that data processing be restricted.
You are entitled to object to data processing that takes place on the basis of Docly's legitimate interests. In case of such an objection, we are obliged to show legal grounds for continued processing of the personal data.
You can state at any time that your data may not be used for marketing purposes and we will then cease to process it for such purposes.
You are entitled, in certain circumstances, to receive any of the personal data you have provided to us in a commonly used electronic format, and to request that we transmit this data directly to another controller. You are also entitled to transfer such data to another controller yourself.
We are obliged to conduct our activities in accordance with the principles as set out above in order to ensure that the confidentiality of your personal data is protected and maintained.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you have any questions, want to exercise your rights or need further information about what we do with personal information, we can be contacted by email at email@example.com.
In order to update, correct or delete data we have about you, exercise your rights according to the above, or to get in touch with our personal data compliance officer, please contact us at firstname.lastname@example.org.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request made by you, or would otherwise like to make a complaint, please contact us at email@example.com so that we can do our very best to sort out the problem.
You can also contact the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk.