At DocHQ our mission is to put an accessible, flexible and affordable health service in the hands of everyone, on demand. We are passionate about high quality and convenient healthcare, whilst adhering to and maintaining your privacy at all times. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA0).
This Policy explains how we use your personal data, to help you understand how we work with your data, to allow you to make informed choices and be in control of your information. We urge you to spend a few moments understanding this Policy. Should this document be updated at any time, you will be informed accordingly.
This Policy should be read in conjunction with our terms & conditions which can be found on our company website.
For the purposes of the processing of your personal data, we are the Data Controller (as set out under EU General Data Protection Regulation 2016 (GDPR). We are committed to protecting your privacy, both on and offline. We appreciate that you do not want the personal information you provide to us distributed indiscriminately and here we explain how we collect information, what we do with it and what controls you have over how we process it.
Under GDPR we will ensure that your personal data is dealt with lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if one or more of the following applies:
- You have given consent to the processing of your personal data for one or more specific purpose.
- Processing is necessary for the performance of a contract to which you are a party or in order for you to take action prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which we are subject.
- Processing is necessary to protect the vital interests of you or of a third party.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.
Unless otherwise specified, any processing of personal data undertaken by us or by a medical professional, e.g. Doctors or Advanced Nurse Practitioners, relating to providing healthcare services to a customer, a User of our system is processed based on our contractual relationship (or in anticipation of a contractual relationship).
In addition, as the personal data that we will be processing is “special data” which should be given additional safeguards, such as health information, we will only process that information if there is a valid special condition for processing (as set out in Article 9 of the GDPR). For the purposes of health data, we will rely on Special Condition Article 10(2)(h) (processing of health data where there are adequate safeguards and confidentiality obligations in place).
At no point will we share your confidential data with third parties not working in partnership with DocHQ.
1. Information we may collect from you
We may collect and process the following information about you:
- Registration information (i.e. name, date of birth, email address, home address, telephone number, identification and NHS number/registered practice name) that you provide by completing the registration forms.
- Payments and purchases details of any transactions made by yourself via the telephone.
- Health record data, medical information about you (including medical history), illnesses, prescriptions, allergies, height, weight and other clinical information which you might discuss with a Doctor or Advance Nurse Practitioner as part of your use of the services. We record all consultations with medical professionals on the clinical system. Prior to your consultation you will be asked if you wish to share your medical records with your registered NHS Doctor/GP.
- IP address and URL your activity on our Website will be automatically recorded when you use or log on to any of the sites (including the site you exit to).
- Research and surveys, information from surveys that we may, from time to time, run for research purposes, should you choose to respond to them.
- When contacting us, communications you send to us, i.e. to report a problem or to submit queries or any comments regarding the website or its contents.
- Use of the service, details of your visits to the website, the resources you access and details of any data you choose to download.
You are under no obligation to provide any such information. However, if you choose to withhold requested information, this may result in us being unable to provide you with certain services.
2. Uses made of your information
- To enable us to provide you with the services and information offered and from which you request from us such as, to arrange a consultation. This may include sharing your data with one of our third-party service providers such as doctors or pharmacists.
- To provide and administer access and to our website.
- To verify and carry out financial transactions in relation to any payments you make to us.
- For confirmation of your identity.
- To respond to any communications received from you.
- To provide email, such as newsletters, alerts that you may have subscribed to. You can unsubscribe or opt-out of these at any given time by following the unsubscribe instructions.
The use of your personal information will enable us to provide our services and to exercise our contract with you. In some cases, the collection of data may be a statutory or contractual requirement, and we will be limited in the services that we can provide you with without your consent to us to be able to use such data.
We also collect, store and use the personal information listed above to:
- We also collect, store and use the personal information listed above to:
- Improve the layout and/or content of the pages of the Platform and to enable better customisation for Users.
- Identify visitors to the Platform.
- Carry out research on our User demographics.
- Tailor any information we may send to you based on the health data that you submit to us.
We have a legitimate interest in using your personal information for these purposes, so we can continue to grow and improve our services offered to our customers and to strictly ensure that we are only sending you information that is useful or relevant.
In conclusion, we use your personal information to:
- Send you information you may find useful or which you have requested from us, including information about our products and services or those of carefully selected third parties such as information on relevant treatment and care offered by third parties, provided you have provided prior full consent to be contacted for such purposes.
- With your consent, to share with carefully selected third parties to send you information directly which you may find useful regarding their products and services.
You can tell us not to contact you with information regarding our products and services or those of third parties or to share your details with third parties so that they can send you information regarding their products and services at any given time. If you do not wish us to continue to use your information in this way you can follow the unsubscribe instructions on any communications sent to you.
3. Information shared with others
We will only share personal information (with your prior express approval), from which you can be identified, in certain limited circumstances as described below:
Doctors/Advanced Nurse Practitioners: We may share medical information about you, including your medical history, illnesses and prescriptions, with clinical staff all of whom are registered with the General Medical Council (GMC) or Nursing Midwifery Council (NMC).
We share your medical information with clinical staff to enable them to better assess health conditions, advise you and deliver informed services that you request in accordance with our terms and conditions.
We ensure that all data transferred to clinical staff is protected and that clinical staff are all bound by contractual obligations, which incorporate the European Commission's Model Clauses, to ensure all clinical staff keep the personal information they receive safe, confidential and only use it for the purposes for which it is provided to them.
Pharmacies: To process a prescription for medication as offered by a medical professional or as requested by you in accordance with our Terms and Conditions, it may be necessary to share basic identification data such as your name, home address, email address and phone number with the dispensing pharmacy, taking all reasonable steps to protect your personal information, for the purposes of the pharmacy verifying your identification upon collection of your prescription.
Messaging providers: Data from phone or text messaging communications may be temporarily transferred to, and stored on, servers located outside of the EEA.
Information that does not identify you: We may disclose aggregate statistics about visitors to the Platform, Users and sales to describe our services to prospective partners, investors, advertisers, sponsors and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
We will not disclose, sell or rent any of your personal information to any third party unless you have directly consented to this first. If you do consent, but later change your mind, you may contact us, and we will cease any such activity. However, if in the event of undergoing a reorganisation or are sold to a third party, you agree that any personal information we hold about you may be transferred to that reorganised organisation or third party.
We may also disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or the rights, property or personal safety of any persons.
4. Our use and storage of medical information
All medical and other health information collected and supplied to DocHQ will be treated as strictly private and confidential and all data will be held in strict accordance with, and as long as required, under UK regulatory codes of practice on records management and data privacy laws.
How long we keep your medical data: Health records are retained in digital form in a secure and encrypted environment and are confidentially stored in accordance with the retention periods set out in the NHS code of practice on records management, which may be updated from time-to-time. We also maintain our own internal Data Retention Policy, on whichstaff are trained and it is regularly reviewed to ensure total compliance with industry best practices.
What we do with consultation notes: DocHQ will make audio and video recordings of your consultation for clinical governance, training, quality, and account management purposes as agreed in our contract. These will be treated as confidential and will be held safely, securely and strictly in accordance with, and as long as required, under UK regulatory codes of practice on records management. These recordings will not be made available to other parties without, your prior written consent.
Sharing information with GPs: Whilst in certain circumstances we may strongly encourage you to let your regular GP know of any health concerns you may have discussed with the doctors, we will not share information with your regular GP unless we have your official consent, or if there is an overriding public interest in disclosing the information without your permission. This is in accordance with the General Medical Council’s and Nursing Midwifery Council (NMC) guidance which may from time-to-time change.
Security and encryption: DocHQ operates in an HTTPS secure mode, encrypts all audio, video and text information shared during your consultation. There are clear procedures in place to ensure paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage. Nevertheless, electronic transmissions sent via the internet are never completely private or secure and there is a risk, therefore, that any such electronic communications sent may be intercepted and potentially read by others. You should ensure that any computer or telephone you use to access your online patient record is suitably protected from potential interception.
5. Additional information
When you visit our Website, we may automatically collect additional information about you, ie. the type of internet browser you are using, the website from which you have come from to our Website and your IP address (the unique address which identifies your computer on the internet), which is automatically recognised by our server. You cannot be identified from this information and it is only used to assist and enable us in providing an efficient effective service on the Website.
Cookies are pieces of information which detail a unique reference code that a Website transfers to your device to store and sometimes track information about you. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Website and will last longer.
- Identify that you have used our Website before, this enables us to ascertain the number of unique visitors we receive.
- Enable you to navigate the Website more quickly and easily.
- Remember your login so you can move from one page to another within the Website.
- Store your preferences.
- Customise parts of the layout and/or content of the pages of the Website for you.
- Gather statistical information about how you use the Website so that we can improve and evolve the service.
Most computer and various mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browsers. Please note however, that by blocking or deleting cookies, it may not allow you to be able to take full advantage of our Website.
Our cookies will be used for:
- Crucial session management.
- Generating a specific log-in session for a visitor to the Website to allow the Website to remember that a visitor is logged in and that their page requests are delivered in an effective, secure and consistent way.
- Recognising when a visitor to our Website has visited before allowing us to identify the number of unique visitors we receive and to ensure we have enough capacity for the number of Users that receive.
- Verifying when a visitor to the Website is a registered member.
- We may also log information from your computer including the existence of cookies, your IP address and information about your browser program to allow us to diagnose problems, administer and monitor your usage of our services.
- Customising elements of the promotional layout and/or content of the pages of the Website for example by storing a country code and providing Users with content relevant to their own country.
- These crucial session management and functionality cookies are necessary to enable for to provide our service Platform.
Performance and measurement:
- Gathering statistical data about how our visitors use our Website in order for us to improve the Website and learn which parts are most favoured by our visitors.
We have a genuine interest in using any personal information collected through performance and measurement cookies, this means that we can constantly monitor and consistently improve our Platform and our services available to you.
7. Payment processing
We treat any personal and identifiable information that is associated with our Users with high importance. We have security measures in place to protect against the loss, misuse and alteration of personal information under our control. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information.
Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it from occurring.
Please bear in mind that the submission of any information over the internet is never entirely secure. Whilst we take appropriate technical and organisational measures to safeguard the personal information you provide, we are unable to guarantee the security of information you submit via the website whilst it is in transit over the internet and any such submissions are entirely at your own risk.
In order to protect your personal information and to stop others from accessing it, it is of great importance that at the end of each session your browser is closed. This is of great importance if you are using a shared computer or a computer in a public place.
9. Storage of your information
10. Your rights
You have a legal right to access the personal information we hold about you at any time.
You also have a right to ask us to update and amend any out-of-date information or errors in said information free of charge, object to our use of your personal information for certain purposes, delete your personal information and transfer to you, where technically possible to another organisation a copy of the personal information about you that has been provided to us.
We process your personal data on the basis of your personal consent, and you may withdraw your consent for DocHQ to use your personal data as set above at any time by contacting us using the details below, and subject to the regulatory and legal requirements for DocHQ. We retain information on your medical history and your clinical consultation notes, you can withdraw your consent to our use of any of your personal information at any time, including any data sharing, using the settings in your DocHQ summary or by calling +44 (0)3300 880645 or emailing firstname.lastname@example.org.
You also have the right to submit any complaints at any time about our treatment of your personal information with a relevant supervisory authority, including, the Information Commissioner's Office in the UK.
Ways in which to contact the ICO’s office can be found at https://ico.org.uk/global/contact-us/
Automated Decision-Making and ProfilingIn the event of DocHQ using personal data for the purposes of automated decision making and those decisions have a legal, or similarly significant effect to you, you have the right to challenge to such decisions under GDPR, requesting human intervention, expressing their own point of view, and obtaining a full explanation of the decision from DocHQ.
- The decision is necessary for the performance of and entry into a contract between DocHQ and you the User.
- The decision is authorised by law.
- You have given your explicit consent.
- Clear information explaining the profiling will be provided, including its significance and any likely consequences.
- Appropriate statistical procedures will be used.
- Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily rectified shall be implemented.
All personal data processed for profiling purposes shall be secured in order to prevent any discriminatory effects stemming from the use of profiling.
11. Contacting us
DocHQ, Wessex House, Upper Market Street, Eastleigh, Hampshire, SO50 9FD