This is our CURRENT policy and was Last Revised on the 16/08/2016. For further information on our policies please Contact Us.
Push Dr Limited, registered in England and Wales with company number 08624572, (Push Doctor, we, us), respects the privacy of every person and is committed to protecting all of your personal data, including sensitive personal health information (Personal Data).
This policy (together with our Terms and Conditions of Use as set out here and as updated from time to time (Terms and Conditions)) applies to your use of:
together, the Platform, and any of the services accessible via the Platform (Services).
For the purpose of the Data Protection Act 1998, the data controller is Push Dr Limited of 1 Church Street, Stourbridge, West Midlands DY8 1LT.
The policy will serve as a summary of your privacy rights. The law (currently the Data Protection Act 1998) requires that your Personal Data be kept private unless there is a legal obligation or requirement for disclosure by us to authorised parties, in which case we will make such disclosure(s) as legally obliged. We must give you this notice about our privacy practices and follow the terms of this policy while it is in effect. Your use of the Platform and the Services indicates your acceptance of the terms of this policy.
Push Doctor is a platform via which individuals in the UK (Customer, Customers, you, your, yourself) may connect in real time, via streaming video, chat, instant messaging and picture messaging, to participating doctors registered with the UK General Medical Council: www.gmc-uk.org, (the GMC) (known as Practitioners), and may purchase the Services.
In order to download or register the App, search for the App or any Service, make an in-App purchase, report a problem with the App or Website or use the Services, you may be asked to provide personal details such as your name, address, age, e-mail address and phone number, the Device's phone number, username, password and other registration information, financial and credit card information, personal description and/or photograph.
The first time you log in to the Platform you will be asked to create an online account (Account). To create an Account, you must provide Personal Data that will be shared with Practitioners and members of the Push Doctor team (from time to time, as required) who have been appropriately checked (including DBS checked) to ensure they meet the requirements to access such information (in accordance with UK law). After you create your Account you can use the same details to log in to the Platform and use the Services.
Push Doctor creates a record of the consultations, care/advice and Services you receive via the Platform. Some examples of the information collected or created through this process are electronic medical records that may be uploaded by you or created as a result of your use of the Services.
When you use Push Doctor to consult with Practitioners we will collect debit and/or credit card information, which is maintained by our billing processing partner in a secure vault (compliant with the payment card industry security standard) for use when you decide to utilise any Services.
Each time you use the App or the Website we may automatically collect the following information:
We may also use GPS technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by turning off your GPS setting in your device.
We are working closely with third parties (including, for example, local NHS practices and community services, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
We may associate any category of information with any other category of information and will treat the combined information as Personal Data in accordance with this policy for as long as it is combined.
We may disclose or otherwise make available Personal Data about you to service providers that assist the function of the Platform. These service providers may collect device-specific data, such as a UDID, when you use our Platform. This data will not be associated in any way with your Account or any Personal Data that identifies who you are; we use this UDID to improve our Platform.
Your email address and mobile number may be shared with third parties working with Push Doctor in the delivery and development of the Services and the Platform, to track usage, and these details may be used to advertise new Push Doctor services to you from time to time.
You should also know that we work with third party analytics companies to discover how we can improve, update and change the Platform. Such third parties may therefore gain access to your Personal Data (but not any medical records). If you do not consent to such use of Personal Data, please do not use the Platform and remove the Platform from your Device by uninstalling the App.
Push Doctor will use the email address and mobile number you provide when you register to send you a text message requesting that you validate your Account. Your email address, mobile telephone number and other contact information that you provide via your Account may also be used by Push Doctor to enable your use of the Services. Push Doctor will use your email address and mobile number as the joint primary means to reset your username and password.
We will use your Personal Data:
We may disclose your personal information to third parties:
In order to participate in the Services, you will need to provide health information about yourself to Push Doctor and the Practitioner(s) such as: your NHS or other medical records; measurements, such as weight, blood pressure or glucose levels; test results; health history, family history and other health information, such as medication information. This is classed as sensitive personal data under the Data Protection Act 1998.
If you grant us access we may be able to feed information from third party services when you use them, such as mobile health applications, Microsoft HealthVault or Google Health and any other data storage connection points to which you provide us access.
Information that Practitioners on the Platform record in your online notes (your Electronic Medical Records or EMRs) will include relevant and pertinent information that you have discussed with Practitioners on the Platform. Such EMRs may also include Practitioners’ comments, diagnoses and commentary as well as factual information, medical advice and the symptoms that you have presented with in a session. We will also collect and process demographic information about you (where available) such as your age, location, gender and income. To protect your EMRs we print hard copies and place these in a secure vault environment at regular intervals throughout the year.
Use and Disclosure of Sensitive Personal Data
Push Doctor may gather sensitive personal data, as described above, to share with Practitioners for the purposes of diagnosis, treatment and health care operations. Push Doctor may also use aggregated, anonymised data sets of unidentifiable, non-personal information for: (i) statistical analysis, improvement of the Services and customisation of UX-design and content layout or creation; or (ii) sharing with government agencies or regulators that oversee and monitor health care providers in both the public and private sectors.
Further, Push Doctor is permitted to use and disclose your sensitive personal data for purposes of: (a) treatment; and (b) to enable medical service provision, as follows:
Push Doctor may use or disclose your personal health information to facilitate treatment or the provision of medical services by a Practitioner. Push Doctor may share your sensitive personal data with doctors, technicians or Push Doctor employees, as required to fulfil its contractual obligations to you. For example, departments may share your personal health information to plan your care. This may include prescriptions, lab work, other digitised / digital health information that you make available to us about you from time to time. Push Doctor will make all reasonable endeavours to procure that such persons securely store, transmit or destroy such data and comply in all respects with applicable data protection law from time to time.
Push Doctor may share your sensitive personal data with people not at Push Doctor including, but not limited to, referring practitioners, specialists, GP practices, hospitals, pharmacists, pharmacies and other healthcare providers who are treating you.
Enabling Medical Service Provision:
Push Doctor may use and disclose your personal health information to help us in the operating and improvement of the Platform. For example, Push Doctor may use sensitive personal data to review the treatment and provision of Services by certain Practitioners. Push Doctor may also use sensitive personal data to measure the performance of its own staff and may share sensitive personal data with third parties who Push Doctor engages to provide various Services on the Platform or to Push Doctor itself, such as Practitioners and other healthcare workers, research agencies, clerical services providers, marketing agencies and data processing houses. If any such third party requires access to your sensitive personal data in order to perform the agreed services, Push Doctor will make all reasonable endeavours to procure that such third party complies with: (i) the terms of this policy; and (ii) applicable data protection law from time to time as well as seeking informed consent from you.
Video Recordings for Training and Special Incidents
Push Doctor does not routinely record any of the video interactions on its Platform and would only do so to meet a serious training need, a review or other special incident and would never record any patient or doctor’s visual/video/audio interaction unless it was in the strictest conformity with the guidance and guidelines on Visual and Audio Recordings as published by the GMC, a version of which is available at: http://www.gmc-uk.org/guidance/ethical_guidance/making_audiovisual.asp
To Prevent Incidents and Protect You:
Push Doctor may use and disclose your Personal Data to the extent required to prevent a serious threat to your health and safety or that of others (including but not limited to instances of child abuse or neglect). In such circumstances Push Doctor will only disclose your Personal Data to public bodies or officials who can help prevent the identified or possible threat (as permitted by s.31 Data Protection Act 1998).
Push Doctor may share your Personal Data for public health activities, as required by departments or parties duly authorised by the UK Government. For example, we may share your Personal Data:
If you are involved in a legal dispute, Push Doctor may share your Personal Data in response to a court order, legal demand or other lawful process.
Push Doctor may share sensitive personal data if asked to do so by the police in certain limited circumstances, including reporting of certain types of wounds.
Push Doctor may share, if required, your Personal Data with UK Government officials for national security reasons (as permitted by s.28 Data Protection Act 1998).
A cookie is a small text file that may be placed on your computer or Device when you visit the Platform. When you next visit the Platform the cookie allows us to distinguish you from other users. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or Device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or Device until you close your browser, when they are automatically deleted.
The cookies Push Doctor uses:
The importance of security for all your Personal Data including, but not limited to, sensitive personal data is of great concern to us. At Push Doctor, we have gone to great lengths to manage the security and integrity of the Platform and to ensure that we use best–in-class services when providing secure transmission of information from your computer or Device.
Personal Data collected via the Platform is stored in secure environments that are not available or accessible to the public; only those duly authorised people, officers, employees or agents of Push Doctor who need access to your information in order to do their jobs are allowed access. Anyone who violates our privacy or security policies is subject to disciplinary action, including possible termination of their contract with Push Doctor and civil and/or criminal prosecution.
Push Doctor uses the latest technologies to ensure utmost security, including utilising several layers of firewall security and encryption of personal data to ensure the highest level of security.
Push Doctor is the sole owner of any data collected via the Platform.
We may collect and store personal data on your Device using application data caches and browser web storage (including HTML 5) and other technology.
Certain features of the Platform link to social networking. Ensure when using these features that you do not submit any Personal Data that you do not want to be seen, collected or used by third parties.
When using the Platform, all your Personal Data, including but not limited to your debit or credit card number(s), are transmitted through the internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your entered information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent a third party from capturing and viewing your Personal Data. Push Doctor also takes the following measures to protect your Personal Data online:
You are required to go through a two-step verification process to create and restore your Account. Online access to your Account is protected with a password that you create. We strongly recommend that you do not disclose your password to anyone. Push Doctor will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls, email or text messages). You will only ever be able to reset your password using a two-step process.
Since any information you provide to us on the Platform will be transmitted using a secure connection, if your web browser cannot support the required level of security you will not be able to use the Platform properly. The most recent versions of Google Chrome, Safari and Firefox can support a secure connection and can be downloaded for free from their respective websites. Should you choose to download and/or install any such package such actions are at your own risk.
No data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your Personal Data from unauthorised access, use or disclosure, Push Doctor cannot ensure or warrant the security of any information you transmit to us via the Platform. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We believe that patients should have access to their medical information without charge where possible, to enable patients to take a more active role in their own health future. You can access your EMRs on Push Doctor any time by signing in to your Account and selecting the option to ‘Release Your Notes’. We do not charge for releasing notes.
For access to other Personal Data please see “Accessing Information Held By Us” below.
We do not allow ANYONE to AMEND EMRs created or held by Push Doctor. We only ever allow authorised contributors (that is, Practitioners and the Customer) to ‘add to’ records, making an update to the information without deletion of the original record. We believe this approach is for everyone’s benefit and best ensures the integrity of the information we hold. If you would like to update your medical information or EMRs please Contact Us and direct your query to a member of our Clerical Team.
Push Doctor may, in circumstances such as these, deny your request to update your record (this is a non-exhaustive list):
Push Doctor may revise this policy to reflect any changes in its privacy practices. We reserve the right to make any revised policy effective for Personal Data we already have about you as well as any information we receive in the future. We will post a copy of the updated policy on our Platform prior to any change becoming effective. The effective date of this policy is displayed directly under the title of the document. If we make any material changes we will notify you by means of a notice on the Platform prior to the change becoming effective.
If you would like a copy of all of the Personal Data, we hold about you please Contact Us. We do charge for providing information because we have to gather, collate and process this data to make it available to you in its entirety: a fee of £10 must be paid prior to releasing data and details of how this should be paid will be provided in our response to your request. Alternatively, you may write to Push Doctor and enclose a cheque payable to Push Dr Limited in that correspondence. The Data Protection Act allows us up to 40 days (from the date instructions and payment have been received – please note payments must clear first) to retrieve, process and provide the information requested.
If you have any complaints, please Contact Us.