Privacy
The Company is a Healthcare and Health Digital Solutions business which provides staffing solutions and digital platforms in the health sector. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
Circumstances where the company is not the data controller
The Company is not the data controller when providing NHS funded services (i.e. Checkup online & Video consultations), the data controller is the organisation who buys & uses the services. Checkup Health Platform will always be the data processor in this scenario.
NHS England Products
Please note that if you access our service using your NHS login details the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provide to NHS England to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
What this policy covers:
This policy explains how we use your data to deliver our healthcare app( CheckUp Health), websites and services. This includes:
- Private services
- NHS service, BAME Projects
- Our app, CheckUp Health, including any beta versions
- Our websites (www.checkuphealth.co.uk and www.theflamelily.co.uk)
Services are provided through the following:
The Flame lily Healthcare Limited, the company that provides the services CheckUp Health, the technology software brand for Digital health services. When we talk about “we”, “The Company”, we mean The Flame Lily healthcare limited and CheckUp Health.
This means The Flame Lily Healthcare limited is using CheckUp Health and is the data “controller” of your personal data. Some services we offer with our partners, or on behalf of them may use the CheckUp Health technology.
You may give your personal details to the Company directly, such as on an application or registration form or via our website and or apps or we may collect them from another source such as other health services providers and platforms.The Company must have a legal basis for processing your personal data. For the purposes of providing you with healthcare and medical services and/or information relating to support relevant to you, we will only use your personal data in accordance with this privacy statement. At all times we will comply with current data protection laws.
Contents
- Collection and use of personal data
- Purpose of processing and legal basis
- Legitimate interest
- Statutory/contractual requirement
- Recipients of data
- Information to be provided when data is not collected directly from the data subject
- Categories of data
- Sources of data
- Overseas transfers
- Data retention
- Your rights
- Automated decision making
- Cookies
- Login files
- Links to external sites
- Sale of the business
- Data security
- Changes to this privacy statement
- Complaints or queries
1. Collection and use of personal data
a. Purpose of processing and legal basis
The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with required services. We collect information directly from you when you choose to participate in our offers and programs, create an account on our websites or in our mobile applications to access services, call or email us, or otherwise provide information directly to us and developing and managing our services and relationship with you and our clients.
Individuals are made aware of risks, rules, safeguards and rights in relation to the processing of personal data and how to exercise their rights in relation to such processing. In particular, the specific purposes for which personal data are processed is explicit and legitimate and determined at the time of the collection of the personal data. If you have opted-in we may also send you marketing information and news via email/ text. You can opt-out from receiving these at any time by clicking “unsubscribe” when you receive these communications from us.
In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
We must have a legal basis to process your personal data. The legal bases we rely upon to offer our services to you are:
- Your consent
- Where we have a legitimate interest
- To comply with a legal obligation that we have
- To fulfil a contractual obligation that we have with you
b. Legitimate interest
This is where the Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
- Managing our database and keeping you and clients records up to date
- Individual care and treatment
- Providing services to you and our clients
- Contacting you to seek your consent where we need it
- Giving you information about similar products or services that you have used from us recently
- Improving how we deliver services to you to suit your needs
- We sometimes analyse your data and how you use our products to help us manage our business better
- This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future
- This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights
c. Statutory/contractual requirement
The Company has certain legal and contractual requirements to collect personal data (e.g. to comply with Regulation and in some circumstances safeguarding requirements.) We use your health and medical information for safety, training, regulatory, and compliance purposes.
This means that:
If we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council, Medicines and Healthcare Products Regulatory Agency or Care Quality Commission
We may audit how you use our services, for example to review the quality of results provided by our products
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.
d. Recipient/s of data
The Company will process your personal data and/or sensitive personal data with the following recipients:
- Your pharmacy of choice if you choose one and save them in your app
- Your GP, if you use our private service
- NHS or clinical service partners
- Referral services like specialists,therapists, pharmacists and hospitals
- We use your location to recommend services near you, like pharmacies and hospitals
Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address or from organisations we are contracted with to provide you services.
Data we hold and collect from you
Personal Data
When you register with us, we'll ask you for your:
- First Name
- Last Name
- Date of Birth
- Gender
- Address
- Ethnicity
- Email address
- Mobile number
- A copy of your ID (identity documentation) such as a driving licence
- A copy of your address proof such as utility/ energy bill
The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorised to do so.
Personal Demographic Service (PDS)
If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number the health and care organisations can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS England service called the Personal Demographic Service (PDS). A health or care organisation sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in our case management system. These data are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. Further information is available on our web site https://checkuphealth.co.uk/.
We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you.
The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS Number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.
You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have.
If you wish to opt-out from the use of your NHS Number in this way, please contact us on +44 345 565 2081 or email to [email protected].
Sensitive Personal Data
When you use our services, we collect information about your health, including:
- General health
- Symptoms, treatments and medications
- Consultations, such as notes and recordings
- Procedures, such as surgery, scans or X-rays
- Interactions with our services, like using our monito health at home modules or other digital services. These interactions may be shared with our clinical staff so that we can provide you with healthcare, and so that we can provide a better experience
- Some of this information comes directly from you, but it can also come from third parties, such as your GP
If you use our private service, we'll send your appointment notes to your NHS GP, if you give us your consent.
Details of your conversations with us
- We also keep a record of your consultations and your conversations with us. This is so we have an easy way to access your consultations to monitor the quality of our service and healthcare
- And, if you have consented, so that we can use them to improve our services. This includes:
- Your information you input in your Personal Health Records(PHR) and MyHealth
- Your conversations in app
- Your emails, calls or live chat conversations with our support team
- Video and/or audio recordings from consultations
- We keep your health and medical data secure by applying technical and organisational measures to protect it
How long do we keep your data?
We follow advice from the Department of Health and the British Medical Association on how long to keep the information found in your medical records. This is called a 'retention period'.
We might also keep some information that doesn't identify you to help improve our business and our services that we offer.
In some circumstances, we might keep data longer if required by the law
Your information | How long we keep it (its 'retention period') |
---|---|
GP records: This includes medical records, consultations with GPs and monitor health at home modules interactions | We keep your GP records for 10 years after your death or after you've permanently left the country. We may keep your records longer if there are genetic implications for your family. We work on the advice from clinicians in this situation. Electronic patient records can't be destroyed or deleted for the foreseeable future |
Video consultations | If we keep your video consultations, they are kept in the same way as your GP records (although that period of time could change if our product changes). |
Voice (or audio) consultations | We keep your voice consultations in the same way as your GP records (although that period of time could change if our product changes). |
Communications with support teams, including phone calls, emails and live chats | 1 year after you leave the CheckUp Health service. |
Maternity records | We keep your records for 25 years after the birth of your last child. |
Records on any treatment for a mental disorder (as described in mental health legislation) | We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner. |
If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: Support [email protected]
Data from other sources
We might also receive some data about you and your health from other organisations we are contracted with, apps, devices and services.
This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a health monitoring device that linked to our app.
Credit and debit card information
If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.
We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.
Technical information and analytics
When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:
- The IP address used to connect your mobile phone or other device to the internet
- Your browser information, such as Google Chrome or Apple Safari
- Login and operating system
- The make and model of your device
- Resettable device identifiers
- Time zone, language and location settings
- Your mobile network provider and your location (based on your IP address)
- Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited
- Information about the products or services you viewed or used
- App response times and updates
- Information about your interactions, like what notifications you opened
- Any phone number used to call our customer service number
- We work with other companies that provide us with analytics and advertising services
- This is to:
- Help us understand how people interact with our services
- Provide the adverts for our services on the internet
- Measure the performance of our services and our adverts
- Your health information is not used for these advertising services
Source of Personal Data and Who we may Share it with
Other healthcare providers
If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:
- Our clinical partners (including our NHS partners) who we work jointly or in connection with to provide you a service
- Accident and emergency services, Hospitals
- Diagnosis centres chosen by you for things like X-rays and other imaging
- Other health and care bodies
- Your NHS GP
- Pharmacists
- Specialist referral services
- Therapists
- Testing service providers
By law, we may need to share information with these services to safeguard either you or others, or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
Overseas Transfers
The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with optimum uptime services.We work with third parties servers which may be hosted outside UK to deliver efficient services.We take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. This will always be in line with applicable data protection lawful mechanisms (such as appropriate contractual terms) and subject to strict safeguards.
For further information on how we protect your data if we transfer it outside of the EEA, contact us by email at: [email protected]
Protecting public health
We might process your data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics. and in cases where such an activity is a legal requirement.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
- GPs
- Local authorities
- Health organisations
- NHS England
- NHS England and Improvement
- Public Health England
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
Aggregated or anonymous data
In situations where we may need to show on our website or share with our commercial partners data that does not personally identify you, which shows general trends. This is 'aggregated' data and is not personal data may be shared.
This might include, for example, the number of visitors to our websites, number of App downloads, users of our service or trends in a particular location.
Statistical data in the public's interest
We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in such schemes from time to time. These schemes may be project-related or government-related schemes.
We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge on how we support you in service delivery and help our members and the general public.
You can contact us directly if you do not want your data to be used in this way by email at: [email protected]
Your rights
Please be aware that you have the following data protection rights and you are in control of your records:
- The right to be informed about the personal data the Company processes on you
- The right of access to the personal data the Company processes on you
- The right to rectification of your personal data
- The right to the erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data
- The right to data portability in certain circumstances
- The right to object to the processing of your personal data that was based on a public or legitimate interest
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time
Making changes within your App
Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:
Going to the the website, under Privacy Policy, Under Your consent and use the given email address to advise us of your choices, you can:
Ask for a copy of the personal data we hold about you. Your data is stored securely on a server database with 256-bit encryption in line with our legal and medical obligations. User data is encrypted using SSL between the device and external host storage. Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.
Ask us to restrict any automated (computer-made) decisions made with your data.
Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
Where you have consented to the Company processing your [personal data/[and]sensitive personal data] you have the right to withdraw that consent at any time by contacting us using the methods below.
Email [email protected]
Write to us: Data Protection officer.
The Flame Lily HQ.
CheckUp Health
144 Penn Road,
Wolverhampton,
WV3 0EE
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
Cookies
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
Cookies and Other Technologies
The Flame Lily and our third-party service providers use a variety of technologies to assess how our sites or mobile applications are used, to personalize your experience and to deliver you marketing, including online content, tailored to your interests. Some technologies we may use include the following:
Cookies
A cookie is a small file placed on your device when you visit a site that can be understood by the site that issued the cookie. We use the information collected by cookies to remember who you are to log you in and your preferences, to provide you with advertisements, offers or other content tailored to your interests and to assess how our sites are used. You can accept or decline cookies through your browser settings. To learn more, please look at the cookie settings available in your specific web browser(s). Please note, however, that without cookies, you may not be able to use all of the features of our Sites or other websites and online services.
We use cookies and other technologies to collect information when you visit our sites, view our online advertisements or promotions, or use our mobile applications or other services. The following are examples of information we may collect with these technologies:
- Information about your device browser and operating system.
- IP address
- Web pages you view
- Links you click
- The Flame Lily/CheckUp Health emails you open
Other Technologies
We may use third-party web analytics services on our Sites, such as those of Google Analytics. These service providers help us analyse how visitors use the Sites. The information obtained for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers. To learn more about Google Analytics and how to opt-out, please click here.
The providers of third-party plug-ins and widgets on our Sites, such as embedded videos and social media sharing tools, may use automated means to collect information regarding your use of the Sites and your interactions with the plug-ins and widgets. We may also receive information you have made available to those third-party services, including the geographic location of your mobile device and other information about you (such as name, email address, gender, locale, time zone, languages, social media profile URL, personal website URL, biographical information, birthday, photo, list of devices, education history, work history, hometown, interests, current city, political views, favourite athlete and teams, relationship status and information, religion, name of significant other, and certain security settings information) and your contacts on those services. This information is subject to the privacy policies or notices of the third-party providers of the plug-ins and widgets.
Links to external websites
The Company’s website may contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
Data Security
The Company takes every precaution to protect our users’ information.The company uses security measures in relation to the personal data processed, e.g. firewalls, browser certification technology, encryption, limited access, use of passwords.Only users who need the information to perform a specific task (for example, consultations, our clinical team) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/ the Internet.
If you share a device with others we recommend that you do not select the “remember my details” function when that option is offered.
If you have any questions about the security at our website, you can email [email protected]
Changes to this privacy statement
We will update this privacy statement from time to time. We will post any changes on the statement with revision dates. If we make any material changes, we will notify you and give you a chance to review them.If you agree to the changes, you don't need to do anything. Just keep using our services as when and you need them with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.
Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
Email: [email protected]
Write to us: Complaints department, Dr Serena Jones, Clinical Safety Officer, The Flame Lily HQ. CheckUp Health 144 Penn Road WV3 0EE
How the NHS and care services use your information
CheckUp Health Healthcare is one of many organisations working in the health and care system to improve care for patients and the public)1.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation ‘is / is not currently’ compliant with the national data opt-out policy.2
1. This paragraph to be inserted by national organisations such as ALBs 2. It is recommended that this is included to be clear to patients whether your own organisation is currently compliant with the policy for applying national data opt-outs.