Information Management Policy

Last updated: January 2022

 

This policy defines how information is held and managed by MyConsultant and is registered with the Information Commissions Office (ICO); Reference number ZA518627 first registered on 7th May 2019. Please take the time to read it as it includes important details about how we secure and process your data.

 

If you are not happy for your information to be used in the ways described here, you should stop using the MyConsultant app/platform and cancel any appointments you have with our Consultants. If you have any questions about the use of your data please get in touch with us at dpo@myconsultant.me

 

This privacy notice tells you what to expect us to do with your personal information when you contact us or use one of our services. It applies to everyone who uses MyConsultant.

 

Personal information is any information that can be linked to you or another living person.

 

This notice is split into sections:

  1. Our details

  2. What does MyConsultant use my personal information for?

  3. How does MyConsultant get my personal information?

  4. What personal information about me does MyConsultant use?

  5. Who does MyConsultant share my personal information with?

  6. Where is my data stored?

  7. How long does MyConsultant keep my personal information for?

  8. What rights do I have over my personal information?

  9. Contact us

  10. Complaints

  11. Updating this notice

  12. Cookies

 

We have used links to help you get to the information you are interested in.

In some places we have provided links to other websites, for example the Information Commissioner's website. We are not responsible for the accuracy of any other websites.

1. Our details

 

MyConsultant is responsible for keeping the personal information we use safe and making decisions about how it can be used. Our formal name is MyConsultant Ltd and our headquarters are at

 

58 Clayhills Drive

Dundee

United Kingdom

DD2 1SX

You can contact our Data Protection Officer at dpo@myConsultant.me or by writing to the Data Protection Officer, at the address above for any queries about your personal information.

2. What does MyConsultant use my personal information for?

 

We use your personal information to:

  • provide you with MyConsultant services

    • For example we may use your personal information to:

      • send you a text message requesting that you validate your MyConsultant account and/or to reset your username and password if required

      • administer our site, for example to allow you to log in and log out of your account

      • notify you about changes to this privacy notice or our services

      • ensure that content from our website or apps is presented in the most effective manner for you

      • allow you to use our interactive features

      • respond to any queries you raise with us and to provide customer support

      • ask for feedback from you, if you have agreed to this

 

  • help maintain the quality of and improve MyConsultant services

    • For example we may use your personal information to:

      • create anonymous information that we can use to help develop our services or provide to other organisations with an interest in our services, like regulators

      • anticipate demand for our services

      • monitor the performance of our website and applications

      • quality assure the services provided by MyConsultant Consultants and members of MyConsultant staff.

 

If you have agreed, we may also use your personal information to let you know more about our services and offers, or those of third parties and to understand the effectiveness of our advertising.

 

 

We may sometimes need to use your personal information to:

  • co-operate with regulators, like the Care Quality Commission or Health Improvement Scotland.

  • comply with a legal obligation, like a court order requiring us to release information

  • deal with disputes and legal claims, for example if you make a legal claim against one of our Consultants

  • deal appropriately with any risk to public health

 

If you request, we can write a letter to another Consultant or service or your GP. In that case, such personal information will be handled in accordance with your GP surgery's policies or the policy of the Consultant to whom we are referring.

 

Under data protection laws, each purpose for which we use your personal information must comply with one of the conditions for processing. You can find out more about the conditions we rely on below

 

The Information Commissioner's Office (ICO) is responsible for ensuring that organisations comply with data protection rules. You can find out more about what the conditions for processing are on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing.

 

When we are using personal information we must meet one of the conditions set out in Article 6 of the General Data Protection Regulation (GDPR).

Under the GDPR there is some personal information that is so sensitive that it gets extra protection. This special data is any personal information about someone's:

  • health (including mental health);

  • sex life;

  • sexual orientation;

  • racial or ethnic origin;

  • political opinions;

  • religious or philosophical beliefs

  • trade union membership.

 

It also includes genetic data and biometric data if that information is used to identify an individual.

 

When we are using special data we must also meet one of the conditions set out in Article 9.

 

We have set out in the table below which conditions we are relying on when we use your personal information.

 

We have set out below the conditions that we are relying on in order to use your data.

 

 

 

Purpose

Article 6 condition

Article 9 condition

All patients

co-operate with regulators, like the Care Quality Commission or Healthcare Improvement Scotland (HIS)

Article 6(1)(e) – public task

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(g) – substantial public interest

comply with a legal obligation, like a court order requiring us to release information

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(f) – establishment, exercise or defense of legal claims

Article 9(2)(g) – substantial public interest

deal with disputes and legal claims, for example if you make a legal claim against one of our Consultants

Article 6(1)(f) – legitimate interests (we have a legitimate interest in being able to deal with disputes and legal claims)

Article 9(2)(f) – establishment, exercise or defense of legal claims

deal appropriately with any risk to public health

 

Article 6(1)(e) - public task

Article 6(1)(c) – compliance with a legal obligation

Article 9(2)(h) – healthcare and social care purposes

Article 9(2)(i) – public health

All patients

provide you with MyConsultant services

Article 6(1)(e) - public task

Article 9(2)(h) – healthcare and social care purposes

help maintain the quality of and improve MyConsultant services

 

Article 6(1)(e) - public task

Article c(1)(f) – legitimate interests (we have a legitimate interest in maintaining and improving the quality of MyConsultant services)

Article 9(2)(h) – healthcare and social care purposes

Provide information back to your NHS GP surgery if you request or agree

Article 6(1)(e) - public task

Article 9(2)(h) – healthcare and social care purposes

We may also use your information to help other organisations delivering NHS or social care to provide you with services.

Article 6(1)(e) - public task

Article 9(2)(h) – healthcare and social care purposes

Let you know more about our services and offers

Article 6(1)(a) - consent

Article 9(2)(a) – consent

Let you know more about the products and services of third parties that may be relevant to you

Article 6(1)(a) - consent

Article 9(2)(a) – consent

Carry out credit checks

Article 6(1)(b) – performance of a contract

No special data used

Obtain payment from you for our services

Article 6(1)(b) – performance of a contract

No special data used

Let you know more about our services and offers

Article 6(1)(a) - consent

 

 Article 9(2)(a) – consent

Let you know more about the products and services of third parties that may be relevant to you

Article 6(1)(a) - consent

Article 9(2)(a) – consent

 

 

 

There are extra rules that apply to information about criminal allegations and convictions. We do not use this type of information very often, for example you might tell us about a drug-related conviction or time in prison. Our use complies with Article 10 of the GDPR because it meets the condition set out in the Data Protection Act 2018, Schedule 1, Part 1, paragraph 2 (health or social care purposes).

 

 

3. How does MyConsultant get my personal information?

 

Most of the personal information we use is provided to us directly by you so that you can access our services. For example, you provide us with your contact details. Please let us know if there are any changes to your personal details while you are registered with us.

 

This includes personal data you provide when you:

  • search for one of our apps or our website

  • download one of our apps

  • create a MyConsultant account online;

  • purchase services through our website or one of our apps;

  • log in to MyConsultant and use the Services;

  • report a problem with a MyConsultant app or website;

  • request marketing to be sent to you;

  • enter a competition, promotion or survey; or

  • give us some feedback.

 

We also gather technical information about your visit, like what device you are using to access MyConsultant services. More detail about what we collect is set out in the section below (What personal information about me does MyConsultant use?)

 

We automatically collect this personal data by using cookies, server logs, application data caches, browser web storage and other similar technologies. We may also receive data about you if you visit other websites that use our cookies.

 

Please see our cookie policy for further details.

 

You can stop us using your location information at any time by turning off the GPS setting in your device.

 

We cannot access NHS systems; this means that we cannot see your full medical record. This means that we cannot see any information that your NHS GP can see. This will include contact information and detailed health information like family health history, past diagnoses, treatment plans, medication, body measurements and test results. The only way we can access this information is if you tell us in written form on the app or if we are referred the details from another healthcare practitioner.

 

The medical record of your appointment (including any diagnosis or treatment prescribed by the MyConsultant Consultant) will be stored in our records. MyConsultant logs the following information with MyConsultant:

  • Patient's name

  • Patient's date of birth

  • Patient's mobile phone number

  • Patient's email address

  • The start time, end time and duration of the Online Appointment

  • Details of any unscheduled end to the Online Appointment, for example if an emergency caused the Online Appointment to end

  • Any failure by a Patient to attend the Online Appointment

  • Cancelled appointments

  • Any patient feedback

  • Name [and MyConsultant reference number] of the MyConsultant Consultant.

 

We may access information about you from credit referencing agencies, advertising networks and partner organisations that help us process payments.

 

 

4. What personal information about me does MyConsultant use?

 

We use the following personal information:

  • Your contact details and account details

    • This includes the information that you provide us with when you register and other profile information

    • This includes:

      • Your name

      • Your title

      • Your address

      • Your email address

      • Your mobile telephone number

      • Your username

      • Your password

      • Answers to security questions to check your identity

      • Any personal and medical descriptions provided by you

      • Any photograph provided by you

      • Any personal interests or occupation provided by you

      • Any feedback or survey responses provided by you

        • This is information like your date of birth, nationality, gender, marital status and dependents

      • Information about your health and social circumstances

        • This includes:

        • Notes and reports relevant to your health, including any information you have told us about your health.

        • Details of your treatment and care, including any diagnosis, medical advice, comments and care plan from your MyConsultant Consultant and other staff who have cared for you.

        • Results of investigations, such as laboratory tests and x-rays that you have had and told us about.

        • Relevant information from health and social care professionals, relatives or those who care for you.

        • Information about your ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data where this is relevant to your care or is information that you have provided to us as part of your care.

 

  • Information about your next of kin and carers

    • This includes their contact details, relevant medical history if required and emergency contact information.

  • Communications with or about you

    • This includes referrals, prescriptions and fit notes

  • Information about your use of the MyConsultant app or the website

    • This includes:

      • Whether you are using a computer, mobile phone or tablet to access our services.

      • Your mobile operating system, the type of mobile internet browsers you use and data about the way you use our app and/or website

  • Information that identifies the computer, mobile phone or tablet that you use to access our service.

    • This includes your I.P. address, any unique device identifiers placed by us or our service providers, the unique identifier assigned by MyConsultant to your computer, mobile phone or tablet

  • Information about your visit.

    • This includes full uniform resource locators (URL); clickstream to, through and from the MyConsultant app and website (including date and time); services you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks and mouse-overs); methods used to browse away from the page

  • Consultation length, how often you visit, and any phone number used to call our customer services

  • Information stored on your mobile phone, tablet or computer that you choose to share with your MyConsultant Consultant during your on-line appointment

  • If you are using a computer, tablet or mobile phone that has GPS enabled, your location.

 

  • We use information about your location to advise you where your nearest medical services are.

  • You can stop us using your location information at any time by turning off the GPS setting in your device

  • If you provide us with feedback, we will use information from feedback information and survey responses from you.

    • This may include demographic information, such as where you live and your occupation, should you choose to provide it. It may also include your opinions about our services.

 

We anonymize this information before we use it to improve our services.

  • Payment and financial information

    • This includes your purchases and orders, the charges you have incurred, payments you have made, your payment card details, any credit reference checks and any information from debt collection agencies

•          Your marketing preferences

 

5. Who does MyConsultant share my personal information with?

 

To provide you with MyConsultant services we need to share your personal information with MyConsultant Consultants and our support and admin team.

 

MyConsultant doctors work in partnership with MyConsultant as self-employed contractors. This is very similar to the way that many GPs work in independent GP practices in partnership with the NHS, across the country and the way Private Consultants work in partnerships with Consulting rooms and Private Hospitals.

 

MyConsultant consultants are responsible for maintaining the privacy of your personal information.

 

We employ a clinical team, who are part of MyConsultant. They may need to access your personal information so that we can provide you with services, for example if you have a query or concern about your consultation or treatment, or if the information is needed to assist our Chief Medical Officer with quality assurance. Only those employees of MyConsultant who need access to information in order to do their jobs are allowed access.

 

We also need to share information with partner organisations that help administer MyConsultant accounts.

 

For example:

  • Our IT suppliers, including suppliers of data storage services

  • Contractors who provide our telephone services

  • Suppliers of web hosting services

  • Organisations that we use to obtain feedback from patients who have agreed to do this

 

We have vetted these organisations to ensure that they will deal with your personal information responsibly.

 

We do not allow these partner organisations to use your personal information for their own purposes. We only permit them to use your personal in accordance with our instructions.

 

We may also share information with our partner organisations who provide data analysis services, to help improve our services. This does not include information about your health.

Sometimes we need to share information with regulators like the Care Quality Commission, Health Improvement Scotland, the General Medical Council, NHS Digital, the Information Commissioner's Office and the Health Service Ombudsman.

 

With your agreement, information can be shared with relatives, partners or friends who act as a carer for you. We will only share information once the person you have asked us to share the information with has provided us with proof of their identity. We may share information with anyone you have given as an emergency contact, for example your next of kin. You can find out more by contacting us at dpo@myconsultant.me, or writing to us at

MyConsultant, 58 Clayhills Drive, Dundee, United Kingdom, DD2 1SX

 

We may also share information with anyone else that you authorize us to. However, MyConsultant consultants will not discuss individual cases with employers, insurers or other third parties unless specifically asked to do so.

 

There are some other rare occasions where we may share your data with other organisations.

 

We may share information with the police, fire and rescue services if:

  • There is an immediate risk of harm to you or other people

  • There is a legal requirement to do so e.g. where a road traffic offence has been committed or the police have obtained a court order requiring us to provide information

  • We may share information with bodies with public health responsibilities such as local councils and Public Health England to control infectious diseases such as meningitis, tuberculosis (TB) or measles and manage public health incidents.

  • We may share information with our professional advisors, including lawyers and accountants, if this is necessary to take and receive professional advice (including legal advice), or to bring or defend a legal claim or threatened claim.

  • We may share information with our insurers and the insurers of other organisations (including NHS Resolution) where this is necessary to investigate insurance cover and to handle a claim or threatened claim.

  • We may share information with individuals or organisations if we are legally required to, for example if this is specified in a warrant or court order.

  • Where we, or substantially all of our assets, are merged or acquired by a third party, in which case this information may form part of the transferred or merged assets

 

The other organisations that we may share information with include:

  • Your GP practice if you ask us to, for example so that they have a record of your on-line appointment. If you would like to know more about what your GP practice does with the information we share with them you should look at your GP practice's patient privacy notice. This is normally available on your GP practice's website.

  • NHS hospitals if you asked to be referred to an NHS Consultant or service

  • Organisations that help deliver NHS services outside of hospital if you ask us to refer to this.

  • Private sector organisations that deliver healthcare such as private hospitals, dentists, opticians and pharmacists

  • Out-of-hours providers e.g. organisations providing out of hours GP services if you ask us to.

  • Voluntary sector organisations that deliver healthcare such as charities if you ask us to.

  • Organisations that provide diagnostic tests if you ask to be referred.

  • Organisations that provide ambulance or patient transport services such as NHS Ambulance Trusts if you are severely unwell and our Consultant is worried about you.

  • Other organisations involved in the delivery of NHS care, social care or the protection of public health.

 

 

Our app and the website include some social media features, such as the Facebook button and the 'Share This' button. You can use these features to share information about your use of MyConsultant through social media. The relevant social media site(s) control how these features work. If you want to find out more about this you should read the privacy policy of the relevant social media site.

 

6. Where is my data stored?

 

The app includes software developed by people other than the MyConsultant company, that is connected to secure online servers. Your data is stored on secure multi-level encrypted servers.

 

7. How long does MyConsultant keep my personal information for?

 

Your personal information is stored indefinitely during the time you are registered with MyConsultant. Details of any consultations you have will be stored regardless for at least 5 years for record keeping purposes and will not be accessed unless necessary in the case of an investigation – if this occurs, you will be informed.

 

8. What rights do I have over my personal information?

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

 

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which mean you may not always receive all the information we have about you. You can read more about this right here (https://ico.org.uk/your-data-matters/your-right-of-access).

To access a copy of your electronic medical records or other information that MyConsultant holds about you, please contact us at wecare@myconsultant.me

 

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here (https://ico.org.uk/your-data-matters/your-right-to-get-your-data-corrected).

We will not amend medical records. This is because it is important that we have a copy of the information available to doctors at the time they are treating you. Instead we usually add a note to your record to highlight the information you consider being incorrect.

 

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here (https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted).

Again, we will not normally delete information from medical records. This is because it is important that we have a copy of the information available to doctors at the time they are treating you.

 

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here (https://ico.org.uk/your-data-matters/your-right-to-limit-how-organisations-use-your-data/)

 

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of public tasks or is in our legitimate interests.

 

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

 

Your right to withdraw consent

 

You are not required to pay any charge for exercising your rights.

Please contact us at dpo@myconsultant.me if you wish to make a request.

 

We may ask you to provide us with identification so that we can be sure that we are dealing with the right person. This is a security measure. We may also contact you to ask you to put your request into writing and/ or for further information in relation to your request to speed up our response.

 

We try to respond to requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In these cases, we will notify you and keep you up to date about when we expect to be able to respond.

 

9. Contact us

 

If you have any questions, want to exercise your rights or need further information about what we do with personal information, our Data Protection Officer can be contacted by email at dpo@myconsultant.me

 

You can find also out more about our legal obligations and your privacy rights from the Information Commissioner's Office ("the ICO"). The ICO oversees compliance with privacy laws in the UK.

 

The ICO can be contacted at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113

www.ico.org.uk

 

10. Complaints

 

You have the right to make a complaint at any time to the ICO if you are not happy with the way that we have dealt with your personal data or a request from you to exercise your privacy rights.

We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us at wecare@myconsultant.me in the first instance.

 

12. Updating this notice

 

We may update this notice from time to time. If we plan to update the policy we will let you know through the MyConsultant website or the MyConsultant app or email. When you log on to your account we will also let you know if the notice has been updated since you last accessed MyConsultant services. You should stop using our website and apps if you do not agree to any changes.

 

This notice was most recently updated on 14th August 2020.

 

12. Cookies

 

A cookie is a small text file that may be placed on your computer or Device when you visit the Platform. When you next visit the Platform the cookie allows us to distinguish you from other users. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or Device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or Device until you close your browser, when they are automatically deleted.

 

The cookies MyConsultant uses:

  • Essential cookies are required for the operation of the Platform and without them the Platform can’t operate properly.

  • Performance cookies allow us to see and count the number of visitors to the Platform and what they do during their visit. We use the information from these cookies to improve the Platform’s performance. The data from these cookies doesn’t allow us to identify you.

  • Experience cookies allow the Platform to remember your choices, which means we can personalise your experience of the Platform. Data collection by experience cookies is used by our analytics systems (including third party systems) to monitor and enhance the Platform’s user-friendliness.

  • Marketing cookies track and record your visits to the Platform, including but not limited to the actual pages you visit and the links you have clicked or followed. We use this data to make the content of the Platform more relevant to/for you based on what we know about you. We do share information about your activity on the Platform that is stored by these cookies with our agents, agencies and other third party ad networks and this information can be used to advertise products to you on other sites. Any data we share is anonymous and cannot be used to identify you.

  • Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

  • You can REFUSE cookies, by activating settings of your chosen browser(s). If you alter your browser settings to refuse cookies your access to the Platform could be restricted.