UPDATES TO THIS POLICY
WHO ARE WE?
Push Dr Limited, registered in England and Wales with company number 08624572, (Push Doctor, we, us), respects the privacy of every person and is committed to protecting all of your personal data, including sensitive personal health and medical information (Personal Data).
Push Doctor is a platform via which individuals in the UK (Customer, Customers, you, your, yourself) may connect in real time, via streaming video, chat, instant messaging and picture messaging, to participating doctors registered with the UK General Medical Council: www.gmc-uk.org, (the GMC) (known as Practitioners), and may purchase the Services (as defined below).
together, the Platform, and any of the services accessible via the Platform (Services).
For the purpose of the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 or any successor legislation (together the Data Protection Legislation), the data controller is Push Dr Limited, Arkwright House, Parsonage Gardens, Manchester, M3 2LF. Our Data Protection Officer can be contacted by email at firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please Contact Us in the first instance.
PERSONAL DATA WE COLLECT ABOUT YOU
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
LAWFULNESS OF OUR PROCESSING
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
Where we rely on consent as a legal basis for processing your personal data (for example, to process your Sensitive Personal Data or to send direct marketing communications to you you have the right to withdraw consent to marketing at any time by Contacting Us.
HOW WE USE YOUR DATA
ESSENTIAL USES OF PERSONAL DATA:
We need the Personal Data we collect in order to provide you with the Services and to send you essential information about the Services (where you ask us to send you such information) and to help us with the operation of the Platform. We could give lots of examples; here are some typical examples:
ESSENTIAL USE AND DISCLOSURE OF SENSITIVE PERSONAL DATA
We need the Sensitive Personal Data we collect for the purposes of providing treatment and medical service provision in connection with the Services, as described in more detail below:
You have the right to ask us to restrict processing of your Personal Data (including Sensitive Personal Data) and a right to object to our processing of your Personal Data (including Sensitive Personal Data) in this way, but if you do either of these, it may impact on your use of the Services and/or we may not be able to provide you with information about the Services that you have requested us to provide to you.
For example, we may send you email feedback forms to complete about us or any aspect of the website and/or the Services. We may also use it to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. We will only contact you for such purposes if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please Contact Us.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us, purchased Services from us or signed up to our Membership services and if you have not opted out of receiving that marketing.
THIRD PARTY MARKETING
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may have to share your personal data with the parties set out below for the purposes set out in the section above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
If you grant us access we may be able to collect information from third party services when you use them, such as smart devices, mobile health applications, Microsoft HealthVault or Google Health and any other data storage connection points to which you provide us access to.
A cookie is a small text file that may be placed on your computer or Device when you visit the Platform. When you next visit the Platform the cookie allows us to distinguish you from other users. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or Device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or Device until you close your browser, when they are automatically deleted.
The cookies Push Doctor uses:
The importance of security for all your Personal Data including, but not limited to, Sensitive Personal Data is of great concern to us. At Push Doctor, we have gone to great lengths to manage the security and integrity of the Platform and to ensure that we use best–in-class services when providing secure transmission of information from your computer or Device.
Personal Data collected via the Platform is stored in secure environments that are not available or accessible to the public; only those duly authorised people, officers, employees or agents of Push Doctor who need access to your information in order to do their jobs are allowed access. Anyone who violates our privacy or security policies is subject to disciplinary action, including possible termination of their contract with Push Doctor and civil and/or criminal prosecution.
Push Doctor uses the latest technologies to ensure utmost security, including utilising several layers of firewall security and encryption of Personal Data to ensure the highest level of security.
We may collect and store Personal Data on your Device using application data caches and browser web storage (including HTML 5) and other technology.
Certain features of the Platform link to social networking. Ensure when using these features that you do not submit any Personal Data that you do not want to be seen, collected or used by third parties.
Security when using the Platform:
When using the Platform, all your Personal Data, including but not limited to your debit or credit card number(s), are transmitted through the internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your entered information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent a third party from capturing and viewing your Personal Data. Push Doctor also takes the following measures to protect your Personal Data online:
You are required to go through a two-step verification process to create and restore your Account. Online access to your Account is protected with a password that you create. We strongly recommend that you do not disclose your password to anyone. Push Doctor will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls, email or text messages). You will only ever be able to reset your password using a two-step process.
Since any information you provide to us on the Platform will be transmitted using a secure connection, if your web browser cannot support the required level of security you will not be able to use the Platform properly. The most recent versions of Google Chrome, Safari and Firefox can support a secure connection and can be downloaded for free from their respective websites. Should you choose to download and/or install any such package such actions are at your own risk.
No data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your Personal Data from unauthorised access, use or disclosure, Push Doctor cannot ensure or warrant the security of any information you transmit to us via the Platform. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under certain circumstances, you have the following legal rights in respect of your Personal Data:
Accessing Your Personal Information:
We believe that patients should have access to their medical information without charge where possible, to enable patients to take a more active role in their own health future. You can access your EMRs on Push Doctor any time by signing in to your Account and selecting the option to ‘Release Your Notes’. We do not charge for releasing notes.
For access to other Personal Data please see “Accessing Information Held By Us” below.
Right to Amend:
We do not allow ANYONE to AMEND EMRs created or held by Push Doctor. We only ever allow authorised contributors (that is, Practitioners and the Customer) to ‘add to’ records, making an update to the information without deletion of the original record. We believe this approach is for everyone’s benefit and best ensures the integrity of the information we hold. If you would like to update your medical information or EMRs please Contact Us and direct your query to a member of our Clerical Team.
Push Doctor may, in circumstances such as these, deny your request to update your record (this is a non-exhaustive list):
HOW LONG WE KEEP PERSONAL INFORMATION
Patient Personal Data gathered during the consultation process will be retained for 30 years in line with the CQC’s retention policy. Personal Data about registered users who have not used our consultation services will be deleted after 5 years of inactivity on the Platform, unless we are required to retain such information for any legal or regulatory reason.
If you agree to be added to our mailing list, we will keep your personal information for that purpose for two years after you register your interest or latest use of our Services (unless you tell us that you would like to continue hearing from us). If you advise that you do not want to be added to our mailing list or you ask to be removed, we will delete your Personal Data (aside from keeping a record that you have asked us not to send you marketing information).
Social Media Sharing:
Accessing Information Held By Us:
If you would like a copy of all of the Personal Data, we hold about you please Contact Us.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.