Information we hold
- Client data: for example, (but not restricted to) information on healthcare providers, professionals, staff belonging to the hospital, practice, clinic or other entity;
- Client and Patient Identity data: for example, (but not restricted to) first and last name, username or similar identifier, marital status, title, date of birth and gender;
- Client and Patient Contact information: for example, (but not restricted to) address, email address and telephone numbers.
- Patient healthcare information: depending on the information recorded by our Clients, this may include demographic information, medical records, prescriptions, test results, correspondence between Patients and Clients, and other medical information;
- Client Financial information: including invoicing and payment information;
- Client Profile data: including your username and password and other information relating to your account with us;
Use of information
- Contract: where we need to perform the contract we are about to enter into or have entered into with Clients: o to provide our Services (without personal data being provided we may not be able to provide our Services).
- Legitimate interests: where it is necessary for our legitimate interests (or those of a third party) and the data subjects’ interests and fundamental rights do not override those interests: o the personal data we obtain is used to operate our business efficiently. We use it for billing, identification, authentication, service improvement, research, and also for contacting you when necessary. o we may also use your personal data to advise you of new or updated products or services or special offers or promotions that you may be interested in. You can contact us at any time to let us know that you do not want us to use your information for this purpose.
- Where we need to comply with a legal or regulatory obligation. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We may disclose personal data, when it is required to assist with a lawful investigation or comply with the law, if we believe disclosure is necessary to protect our rights, or if some or all of the assets and operations of our business are or may be transferred to another party. We integrate with third party healthcare providers (such as laboratories) and other third party service providers as required, and may share personal data with those third party providers, to enable Clients to access their services (for example for Patient tests, as instructed by our Clients). We encourage Clients to read the privacy policies of these third party services, as required. We will not sell, rent or share your personal data or personal data collected by our Services with third parties in other ways without appropriate lawful bases, unless we are entitled by law to do so. By providing your personal data to us, you understand our business needs to transfer this information to third party IT providers, including our website host and back-up service provider. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Storage and protection
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. We take all reasonable steps to keep any personal data we hold secure and have adopted technical and organisational measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use two-factor authentication to increase the security of Client accounts. Data is replicated continuously, with multiple copies stored between security centres to ensure immediate failover. Data in transfer is fully encrypted using the most secure cryptographic technologies available. This means that when you access your data via the internet, the server will negotiate a secure link with the end user via a process called SSL. This is the same technology used for online banking and credit card transactions and is known to be the most secure system available. We restrict access to personal data to our employees, contractors and agents who require that information in order to operate and develop our application and services. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under certain circumstances, you have rights under data protection law, in relation to your personal data, including to: request access, correction, erasure, restriction of processing and data portability. If you wish to exercise any of these rights, please contact us, using the contact details below.
Changes to this policy
We may review and amend this Policy from time to time. We will post updated versions of the Policy on our website.
Questions or complaints
If you have any questions about this Policy or the way that we handle your personal data, please let us know. We have appointed a data privacy manager, who is responsible for this Policy.