myGP® App Privacy Policy

iPLATO Healthcare Ltd (“we”, “us”, “our”, ” iPLATO “), a company registered in England & Wales with company number 6131747 with registered offices at One King Street, 1 – 15 King Street, Hammersmith, London, W6 9HR.

 We are committed to protecting and respecting your privacy. We are a data controller under UK law with registration number ZA074488. This means we are responsible for determining the purposes for which and the manner in which the personal data provided through the myGP® mobile application is processed. Please note that the App interacts with other third parties (including GPs, healthcare providers and NHS central services). In some cases we are simply processing your personal data on their behalf. Such third parties may also be data controllers in their own right and have their own privacy policies.

What does this policy relate to?

This policy applies to your use of the myGP® mobile application software (“App”), from the site from which you downloaded the App (“App store”), once you have downloaded or streamed a copy of the App onto your mobile or handheld device. This policy also applies to any of the services accessible through the App (“Services”).

This policy sets out the basis on which any personal data we collect from you, or that you provide to us or that is provided to us by other third parties will be processed by us. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

For the avoidance of doubt, by registering with, or using the myGP® App any iPLATO website, or supplying data or information through the myGP® App or on any iPLATO website, you consent to the collection, use and transfer of that data and your information under the terms of this Privacy Policy.

What personal information does myGP® collect?

Information you give us. This is information you give us about you when filling in forms/screens on the App or registering for Services through myGP®, any interactions you undertake or services you request or source through myGP® and via any health or monitoring device you connect to myGP® or by corresponding with us by phone, e-mail or otherwise.  It will be clear at the time what personal data we are requesting from you. You don’t have to provide data and can simply choose to stop using the App at any time.

Information we collect about you and your device.

Each time you use myGP® we automatically collect the following information:

technical information, including the type of mobile device you use, a unique device identifier, mobile network information, your mobile operating system, and time zone setting;

information either accessed through your device or stored on your device which you have explicitly consented to sharing, and the providence of that data including the device used to collect that data, time, date; and details of your use of myGP®.

Information we receive from other sources.

We may receive information about you from third parties to facilitate provision of the Services. This may include information provided from your GP or other healthcare professional such as your name, NHS number and relevant contact details as well as sensitive information about you including your medical records and booked GP appointments. They provide such data to us to enable us to provide the services to you.

How does myGP® use your personal information?

We DO NOT use your data for marketing purposes.

Any personal information you submit through myGP® or that is accessed by myGP® is only required for the purpose of providing the services to you. Specifically, we use information held about you in the following ways:

To manage your account and for our own internal administrative purposes and, in respect of the Service, to help us to verify your identity where appropriate by cross-checking the records kept at the relevant GP Practice.

To review and enhance the quality of our services and products.

To ensure that myGP® presents the correct version and data for your device.

To make disclosures as required by or in compliance with reasonable requests by regulatory bodies including the General Medical Council or Care Quality Commission, or as otherwise required by law or regulation.

To administer myGP® and for internal operations, including troubleshooting, detection of fraud, log data analysis, testing, security, audit and statistical purposes.

When will myGP® share your personal information?

We will not sell your personal information.

We may disclose your personal information: If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation; or

To enforce or apply our Terms and other agreements or to investigate potential breaches of such Terms; or to protect the rights, property or safety of iPLATO, our customers, or others.

How does myGP® store your personal information?

We will store your personal information at our secure data centre which is located within the United Kingdom. All data will be encrypted when being transferred to and from your device to myGP® or to our data centre. It is your responsibility to keep any passwords or pin codes used to access myGP® confidential.

We take all steps reasonably necessary to ensure that your data is treated securely through strict procedures and security features to prevent unauthorised access to your personal information. However, we cannot guarantee the secure transmission of information via the internet due to security threats outside our control and as such, any transmission of information is at your own risk.

What about third party sites?

myGP® or any other Service we offer may contain links to other independent third-party websites or mobile applications (“Third-party Sites”).

These Third-party Sites are not under our control, and we are not responsible for and do not endorse their content or their privacy policies (if any). You will need to make your own independent judgement regarding your interaction with any Third-party Sites, including the purchase and use of any products or services accessible through them.

What rights do you have?

You have certain rights under relevant data protection law.

To access data held about you:

you have the right to access personal information that we hold about you. Your right of access can be exercised in accordance with the terms of the Data Protection Act 1998 by making a ‘subject access request’;

if you would like to make a subject access request, then you must make that request in writing to:

One King Street

1 – 15 King Street

Hammersmith

London

W6 9HR

 

Any access request may be subject to a reasonable fee (as notified to you upon request) to meet our costs in providing you with details of the personal information; and

if we hold information about you then following a subject access request, we will:

describe it to you;

explain why we are holding it;

tell you who it could be disclosed to; and

let you have a copy of it.

To make a complaint to the ICO email or call:  casework@ico.org.uk or 030 3123-1113 

Changes to this App Privacy Policy

We update our privacy policy from time to time and any changes we may make to our privacy policy in the future will be posted online and, where appropriate, notified to you when you next open myGP®.

The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of myGP®.

 

Last Updated: April 2017