OccuPain™ will protect the privacy of users of our services, and enquirers and visitors to our website, in accordance with the General Data Protection Regulation (GDPR) 2018, Privacy and Electronic Communication Regulations 2003, and the Data Protection Act 2018.OccuPain™ is committed to protecting your privacy. On this page we set out:
What personal data we hold and how we get it
What we do with your personal data
Sharing your personal data with others
What your rights are
(Personal information includes any data that can be used to identify you as an individual.)
1. What personal data we hold and how we get it
We use the following categories of personal data:
When you register with us, you will be asked to complete forms and provide us with basic information about yourself, such as your name, email address, date of birth, and optionally your physical address and phone number. You may also in time be asked to provide us with a copy of identification documentation or “ID” for identification checks to be carried out by us or your NHS registered trust. You are responsible for the accuracy of the information that you provide to us.
You may also be asked questions about your physical characteristics such as your height and weight, and this is so we can link this data with your health and medical information. This information will only ever be used when fully anonymised to help us train our machine learning models and to provide you with a better service through data analysis. All your data analytics will be made available to you through our services. All the data we gather will never be used for any other reason without your explicit consent.
Health and medical information
The primary type of information we hold about you is your health and medical information: information about your health, conditions, treatments, consultations or appointments, medications and any related procedures. This includes details of your consultations with our registered Physicians, and interactions with our digital services, including interactions with our medical assessments, analytics and condition related questionnaires, general health-related questionnaires and condition management services. Your interactions with our digital services may be shared with our Physicians in order to provide you with a better experience and for the purposes of providing you with health care assistance. You can refuse this service at any time if you so choose. We get some of this information directly from you, when you register with us and when you use our services.
We retain recordings of our sites consultations and interactions with you. This includes your use of our messaging service to communicate with your physician. This is in order to provide you with an easy way to check your consultations and communications where you wish to so that we can ensure high-quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams via email or phone . Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations, communications or interactions with us (depending on the format) for a limited time through the site or from us. Please refer to the ‘Retention’ section of this policy.
Technical information and analytics
When you use our Platform, we may automatically collect the following information where this is permitted by your device or browser settings:
technical information, including the address, used to connect your mobile phone or another device to the internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
information about your visit (such as when you first used the Platform and when you last used it), including products and services you viewed or used, Platform response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the Platform or otherwise) and any phone number used to call our customer service number.
Information obtained from third-party services
You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name.
What we do with your personal data
2. What we do with your personal data
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
Providing you with a service
We obtain and use your personal details and financial details (if applicable) in order to establish and deliver our contract with you and charge you correctly.
We obtain and use your medical information because this is necessary for medical purposes, including medical analysis and the provision of our healthcare services. This includes the information collected through our interactions with you, such as questionnaires, assessments, consultations and imagery, our digital services. It may also include sharing information with other healthcare professionals and physicians as necessary when you choose for the provision of care for you.
Keeping you up to date
We use your email address, phone number and/or details to contact you or present you with occasional updates on our services and updates from your physician where you have not opted out, based on our legitimate interest in our services to you and subject to your right to opt-out at any time.
As part of providing you with high-quality services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make consultations, for example with your linked and authorised physician.
Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within our Platform, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you, it is only about improving our Platform so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details (where applicable) for the purposes of fraud prevention and detection.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
3. Sharing your personal data to others
We may share your personal data with our partners (such as the NHS Trusts, where you access our NHS service). This is to help us deliver our services to you.
We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us and our policies. Unless required we will anonymise all your key identifiers from your data.
Where you access our services through your health insurance provider or any of our commercial partners (including your employer) we may share with such a partner your name, date of birth, email address, identification numbers, location, and the fact you have registered/used the service (and any other similar information). We will not without your explicit consent, share any details relating to the content of your condition or communications with us or your health/medical records. With your consent, we may share the date of the consultations, details of your conditions, any prescriptions, whether or not you had a referral made and other similar information about your consultations with us.
Information sharing with other healthcare service providers
We will, with your permission and where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP (if he or she is linked with you as your Physician) and other NHS bodies, specialist referral services, if these are the services that you signed up through. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
If you are a patient linked to a physician, this may also include sharing your anonymised data to support medicines usage and management relating to our patients and their conditions.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
We retain your medical records in accordance with national best practice guidance – in particular, the advice provided by the Department of Health (2016) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you under the GDPR classification of, “legitimate interest”, for purposes such as managing, improving or planning our business, or records for other periods as required by law or regulation.
Analytics performed on image or video data
Retained as Physicians Records above. Available via our Platform for a limited period (currently 12 months, subject to change and feature availability), after which available upon request.
Communications with our support teams
One year after exiting from our Platform.
5. What your rights are
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw this consent at any time by accessing the privacy settings in the Platform.
You also have specific rights under the GDPR and DPA to:
wherever we process data based on your consent, withdraw that consent at any time. You can do this via your settings and privacy section of our Platform;
understand and request a copy of the information we hold about you. Subject to our retention periods and other medical records that can be accessed via the Platform. For other information, you can make a request by email; and
ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical and health records stated in Retention periods above;
ask us to restrict our processing of your personal data or object to our processing; and
ask for your data to be provided on a portable basis.