PRIVACY POLICY

DOCLY UK LTD, 38 BERKELEY SQUARE, LONDON, W1J 5AE, ("Docly", "we" or "us") is a company established in England and Wales, and as such, we comply with applicable data protection legislation in the UK, comprising the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (the 'Data Protection Laws'). We believe that personal privacy is important and we take your privacy extremely seriously. This policy shall apply in the situations where we are the controller of your information which means that we are responsible for looking after it. We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the Data Protection Laws. This privacy policy outlines how we will use, store and share your personal data. We also explain the lawful basis for our processing of personal data and your rights in relation to the personal data we process.

In some circumstances however, Docly acts as a data processor or as a data sub-processor on behalf of a third party, a data controller, like an insurance company, pathology and diagnostics centers or the like ("Service Providers") for the processing of personal data necessary to provide the technical platform and related services. This means that data related directly to your medical- or healthcare consultation is processed by Docly according to the instructions of the Service Provider since it is their privacy policy and not the privacy policy of Docly which applies in relation to the processing of personal data when providing you with medical- and/or healthcare.

SCOPE OF THE PRIVACY POLICY

Please note that this privacy policy relates to the processing of personal data for which Docly is the data controller. This privacy policy applies when you register with us or share your personal data directly or indirectly with Docly when you visit our website at www.docly.uk or use any of our services via mobile and/or tablet application (together, the 'Platform'). This privacy policy applies to your use of the Platform whether you register with us or not, and is supplemental to our Terms of Service at www.docly.uk/tos. Please note that this privacy policy also applies to the personal data of any child for whom you have parental responsibility and to your use of the Platform on their behalf.

You can contact us at privacy@docly.uk if you have any questions about this policy or generally on how your personal data is processed by us.

PERSONAL DATA THAT IS PROCESSED

Personal data means data from which you may be identified, directly or indirectly, in particular by reference to an identifier such as your name or any user id that we allocate to you. We may process the following types of personal data about you:

  • Contact details ("Account Information") such as name, e-mail address and telephone number which you provide to us on registration.
  • Users' online behaviour including digital behaviour (for example, behaviour within the app, how you use the search functions) ("Digital Behaviour").
  • Technical data (for example, your device's ID and IP address) ("Technical Data").
  • Where applicable, details about your previous physical and mental health ("Health Data"), including information in relation to diseases or conditions from which you may be suffering, your physiological or biomedical condition, the health profile provided to us by you or your GP, information stored in your NHS record (including your NHS number), the medical record of your appointment (including any diagnosis or treatment prescribed by the Docly service), and any summary information about your online appointment.

SPECIAL CATEGORIES OF PERSONAL DATA

The Data Protection Laws define certain personal data as falling into 'special categories of personal data' such as personal data regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning your health (including mental and physical health), or data concerning your sex life or sexual orientation.

Your Health Data will therefore be classed as "Special category data". When you have used our services either you or your provider of Health Data have provided us with the data that we need in order to diagnose and prescribe safe and effective treatment for you. We have only used this personal data for this purpose, and for the purposes of keeping your NHS record up to date, to enable us to improve the service we have given you, and to improve the service the NHS provided to both you and other patients.

We have only processed such data (in accordance with Data Protection Laws) where it has been necessary for the purposes of medical diagnosis, the provision of health care or treatment, the management of our health system, or for scientific research purposes.

BASIS FOR USING YOUR INFORMATION

We have only used your personal data when the law has allowed us to. Most commonly, we have used your personal data in the following circumstances

  • Where we have needed to provide you with the services you have requested (and therefore perform our contract with you).
  • Where we have needed to comply with a legal obligation.
  • Where it is has been necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those legitimate interests. We may also have used your personal data in the following situations, which are likely to be rare:
  • Where we have needed to protect your vital interests (or someone else's interests) or
  • Where it has been necessary for the performance of a task in the public interest.

There may also have been circumstances in which we have only used your personal data with your consent. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

We have only used your personal data for the purposes for which we have collected it, unless we have reasonably considered that we have needed to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will contact you and explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above, where this is required or permitted by law.

STORING DATA

Personal data is kept for no longer than necessary in order to fulfil the purpose for which it was collected (including the purpose of fulfilling our legal obligations). To determine the appropriate amount of time for which we will keep your personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Where we have to retain your information for a minimum period required by law (such as retaining records for HMRC purposes) we comply with that minimum period plus a period of up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

Since our service has ceased to trade, any medical records including all identifiable data would be held for 24 months from the date the service ceases, in August 2020. After this date it will be securely destroyed, provided this is in line with applicable legislation.

Once personal data is no longer needed for the purpose it was collected we may anonymise the data and retain it for business development research into automised healthcare. Anonymised data can no longer be traced back to you, and we may use such data without further notice to you. Data which has been properly anonymised is not considered to be personal data and is not subject to the Data Protection Laws.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Details of these measures are available upon request.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

YOUR RIGHTS

You are entitled to withdraw your consent for the processing of personal data which is based on your consent.

You are entitled to information if we process your personal data, if such personal data is transferred to a third country and, if relevant, who has received your personal data.

You are entitled to have any incorrect information about you corrected. In certain circumstances, including when it is confirmed that we are processing personal data without legal grounds or if the processing is no longer necessary in order to fulfil the purpose, you will be entitled to have the data deleted (the right to be forgotten). If the accuracy of the personal data or the legal basis for data processing is questioned, you can request that data processing be restricted.

You are entitled to object to data processing that takes place on the basis of Docly's legitimate interests. In case of such an objection, we are obliged to show legal grounds for continued processing of the personal data.

You can state at any time that your data may not be used for marketing purposes and we will then cease to process it for such purposes.

You are entitled, in certain circumstances, to receive any of the personal data you have provided to us in a commonly used electronic format, and to request that we transmit this data directly to another controller. You are also entitled to transfer such data to another controller yourself.

We are obliged to conduct our activities in accordance with the principles as set out above in order to ensure that the confidentiality of your personal data is protected and maintained.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

CONTACT US

If you have any questions, want to exercise your rights or need further information about what we do with personal information, we can be contacted by email at privacy@docly.uk.

In order to update, correct or delete data we have about you, exercise your rights according to the above, or to get in touch with our personal data compliance officer, please contact us at privacy@docly.uk.

If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request made by you, or would otherwise like to make a complaint, please contact us at privacy@docly.uk so that we can do our very best to sort out the problem.

You can also contact the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk.

CHANGES TO THIS PRIVACY POLICY

We will take all measures necessary to communicate any changes to this privacy policy to you, and will post any updated privacy policies on this page.

The Docly Service will cease to exist by August 1, 2020 and this Privacy Policy will only be applicable to receivers of medical services from Docly up until this date.

Please call 111 for urgent medical problems, or 999 for emergencies.

© 2020 Docly is part of Docly Healthcare AB