PDH Website and pdh.platform Privacy Policy
About Priority Digital Health
Priority Digital Health (PDH) understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Site and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.
This Policy applies to Our use of any and all data collected by us in relation to your use of Our Site and the pdh.platform. Please read this Privacy Policy carefully and ensure that you understand it.
Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site or the pdh.platform. If you do not accept and agree with this Privacy Policy, you must stop using Our Site and the pdh.platform immediately.
About the pdh.platform
The pdh.platform is a proprietary 'Patient Management System' (PMS), comprised of a number of dedicated modules, each one supports a range of NHS, Public Health and Community Services and customisable to each local health setting, large or small. These modules include Social Prescribing Services, Lifestyle Services, Referral Management, Booking Management, Communication Management, Volunteering, Children's Services, Allied Health Services, Charity & Third Sector, Holistic Assessment, Reporting, Workplace Health and Diabetes Services.
Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
"Account"
means an account required to access and/or use certain areas and features of Our Site;
"Our Site"
means this website, www.prioritydigitalhealth.com
"We/Us/Our"
PRIORITY DIGITAL HEALTH LIMITED a company registered in England and Wales under number 10510683 whose registered office is at Denny Lodge Business Park, Ely Road, Chittering, Cambridge, CB25 9PH ("the Service Provider").
"UK GDPR"
(Retained EU Legislation) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) in conjunction with the Data Protection Act 2018.
"GDPR"
The General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The primary aim of the "GDPR" is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
"Data Protection Law"
All legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 (the "GDPR"), ("UK GDPR") the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK.
"Pdh.platform" Means https://platform.prioritydigitalhealth.com/
Legal Grounds For Using Your Personal Data (pdh.platform)
- As a provider of Public Health care we have a public duty to care for our service users as guided by the Department of Health.
- It is necessary for the purposes of preventative or occupational medicine.
- Consent
- Fulfilling agreements with other organisations
Legal Grounds For Using Your Personal Data (Our Site)
Legitimate Interests
We only collect the minimum information needed to provide a useful and personalised service. We may use your personal information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.
Our legitimate interests include:
- Administering, improving and expanding our services
- Implementing and improving Our security measures
- Growing our business and informing our marketing strategy
- Marketing & advertising
- Fulfilling agreements with other organisations
Information About Us
Our Site, www.prioritydigitalhealth.com and our platform https://platform.prioritydigitalhealth.com/ are owned and operated by Us.
What Does This Policy Cover?
This Privacy Policy applies to your use of Our Site and the pdh.platform. It does not extend to any websites that are linked to from Our Site or the pdh.platform (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
What Data Do We Collect on Our Site?
Some data will be collected automatically by Our Site for further details, visit Our Cookie Policy https://www.prioritydigitalhealth.com/cookies. Other data will only be collected if you voluntarily submit it, for example, when signing up for an Account. Depending upon your use of Our Site, We may collect some or all of the following data:
- name;
- date of birth;
- business/company name;
- job title;
- contact information such as email addresses and telephone numbers;
- demographic information such as post code, preferences and interests;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected)
What Data do we collect on the pdh.platform?
Depending upon your use of the pdh.platform, We may collect some or all of the following personal data:
- Name;
- Date of birth;
- Gender;
- Ethnicity;
- Username and password (this helps secure and provide you with access to our Services);
- Medical, health and social care data;
- Business/company/service name if relevant;
- Contact information such as email addresses and telephone and home numbers;
- Demographic information such as post code, preferences and interests;
- IP address (automatically collected);
- Web browser type and version (automatically collected);
- Operating system (automatically collected);
- a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected);
- Assessment information;
- Notes and reports about your health and any treatment or care you needed;
- Employment status;
- Height and weight data;
- Alcohol consumption;
- Fall data;
- Smoking;
- physical activity;
- Religion;
- Marital status;
- NHS number;
- NHS ID;
- BMI;
- Child protection;
- Safeguarding;
- Special Educational Needs Requirements;
- Social isolation;
- Sleep;
- Emotions;
- GP practice information;
- DBS information;
- Volunteering information;
- Patient record activity.
All Content included on Our Site and the copyright and other intellectual property rights subsisting in that Content, unless specifically labelled otherwise, belongs to or has been licensed by Us. All Content is protected by applicable United Kingdom and international intellectual property laws and treaties. If there are material changes to how we collect user data, user consent will be re-obtained.
What Data Can You Not Opt Out Of?
There are some data processing activities which you may not opt out of. This is because the processing is required for us to be able to fulfil our obligations relating to:
- providing services of Public Health
- Services for preventative or occupational medicine.
The data which you cannot Opt Out of is:
- First name
- Last name
- DOB
- Postcode
- Email or phone
How Do We Use Your Data?
All personal data is stored securely in accordance with the principles of the EU Regulation 2016/679 (the"GDPR"), ("UK GDPR") the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK.
We do so in a fair and legal manner;
We use your data to provide the best possible products and services to you. This includes:
- Providing and managing your Account;
- Providing and managing your access to Our Site or the pdh.platform;
- Personalising and tailoring your experience on Our Site;
- Supplying Our products and services to you;
- Personalising and tailoring Our products and services for you;
- Responding to communications from you;
- Supplying you with email newsletters and alerts that you have subscribed to. You may unsubscribe or opt-out at any time by clicking the link at the bottom of the in the newsletter.
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email, telephone, text message and post with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
How and Where Do We Store Your Data?
Links to other sites may be included on Our Site. Unless expressly stated, these sites are not under Our control. We neither assume nor accept responsibility or liability for the content of third party sites. The inclusion of a link to another site on Our Site is for information only and does not imply any endorsement of the sites themselves or of those in control of them.
We only keep your data for as long as We need to in order to use it as described above, and/or for as long as We have your permission to keep it.
All data collected either from Our Site or the pdh.platform will be stored in the UK. If you are using the pdh.platform, your Personal data will only be stored in Amazon Web Services (AWS) within the Health and Social Care Network and within the European Economic Area ("the EEA"). The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein.
Data security is of great importance to Us, and to protect your personal data We have put in place suitable physical, electronic and managerial procedures (encrypted to AES256) to safeguard and secure data collected through Our Site. Our procedures ensure that all personal data is encrypted between the device and any external host storage.
Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
Data Protection Principles
In compliance with UK GDPR, We process Your Personal Data in accordance with the following data protection principles listed in Data Protection Legislation:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)
- securely protected following our appropriate security measures in place
Data Retention
We only keep your personal data for as long as We need to in order to use it as described above, and/or for as long as We have your permission to keep it. Information associated with your account will be kept until it is no longer necessary to provide the Services. We may retain your information to comply with relevant legislation and take other actions permitted by law. This information we retain will be handled in accordance with this Privacy Policy and for up to six years to identify any issues and resolve any legal proceedings. We may keep your personal information for a longer period: in the event of a complaint, if we reasonably believe there is a prospect of legal proceedings, if we are aware of pending or ongoing legal proceedings, or in some circumstances, if applicable law says we must.
In accordance with our Data Retention Policy, all information relating to your personal data that is no longer necessary will be securely destroyed manually. The process in which we delete your personal data depends on instructions from the data controller (the Healthcare Provider).
The processes include either from the following:
- Deleting/reformatting data
- Overwriting data
- Erasing
- Shredding
In some instances, some information relating to your personal data that is no longer necessary and relevant to provide our Services may be de-identified to provide insights which are commercially valuable to Us. For example, for health research purposes and data analysis to improve Services and help us understand the types of users and the information they are accessing in order for us to make improvements to the accessibility of the pdh.platform. This information will not be identifiable.
Who Has Access To Your Data And Do We Share Your Data (pdh.platform)?
Your data is only accessible to those involved in your care or administration on a need to know basis. The members of staff who have access to your data are bound by a strict confidentiality code of conduct. We will only share information with those who have a legitimate right to know. In some instances, We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
Do We Share Your Data (Our Site)?
We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
In certain circumstances We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
What Happens If Our Business Changes Hands?
We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by Us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will, however, be given the choice to have your data deleted or withheld from the new owner or controller.
If you are a business user, We accept no liability for loss of profits, sales, business or revenue; loss of business opportunity, goodwill or reputation; loss of anticipated savings; business interruption; or for any indirect or consequential loss or damage.
How Can You Control Your Data (Our Site)?
When you submit information via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.
You must not deliberately introduce viruses or other malware, or any other material which is malicious or technologically harmful either to or via Our Site.
Your Rights under UK GDPR
You have a number of rights under Data Protection law which you can exercise in certain circumstances. These include:
- The right to be informed
- The right of access
- You have the right under the UK GDPR to obtain confirmation as to whether or not their Personal Data is being Processed by Us and to access that Personal Data. To exercise this right, you must make a Data Subject Access Request (DSAR). This can be done by contacting in writing the Data Protection Officer at dpo@prioritydigitalhealth.com. In most cases We will need to ask for proof of identification before a request can be processed. We will inform you if you will need to verify your identity and the documents this requires. DSARs will be dealt with as quickly as possible and certainly within the stipulated one month from receipt of the request. For complex or numerous DSARs then We may extend the period by a further two months. If this is the case then you will be notified within one month of receipt of the request with an explanation as to why the extension is necessary.
- The right to rectification
- You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- The right to erasure
- In certain instances, You can ask us to delete the personal data we hold on you.
- The right to restrict processing
- You can ask Us to restrict the use of your information;
- The right to data portability
- You have the right to receive personal data You have provided to Us in a structured, commonly used and machine readable format. You also have the right to request that We transmit this data directly to another controller. Please note that Information is only within the scope of the right to data portability if it is personal data of the individual that You have provided to Us.
- The right to object to Us processing your personal data
- You can object to Us processing your personal data.
- Rights in relation to automated decision making and profiling.
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You
- The right to withdraw consent for the use of Your personal data.
Please contact us at dpo@prioritydigitalhealth.com if you would like to execute any of the above rights stated. We will aim to respond to your request ideally within one month.
Data Security Breach Management
Priority Digital Health is committed to ensuring that all personal data we process, including that of colleagues and customers, is managed appropriately and in compliance with Data Protection legislation. In the event of a data security breach, We shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorised disclosure required by applicable laws and regulations.
Your Right to Withhold Information
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
You may restrict your internet browser’s use of Cookies. For more information Our Cookie Policy https://www.prioritydigitalhealth.com/cookies
How Can You Access Your Data?
You have the legal right to ask for a copy of any of your personal data held by Us (where such data is held). Please contact Us for more details at dpo@prioritydigitalhealth.com.
Unlawful Child Access To The Platform
Please inform us on legal@prioritydigitalhealth.com if you have any knowledge that a child under the age of 16 is accessing the pdh.platform and is providing personal data without parental consent. In this instance we will immediately act and stop the processing of such information.
Right To Complain
You have the right to complain to the Information Commissioner’s Office (ICO) if you think that We have:
- failed to respond to your request for information
- refused your request
- failed to send you all of the information you asked for
- failed to comply with the time limit for information
The ICO will expect you to have first raised your concerns with Us before submitting a complaint. To make your complaint, you can use the form on the ICO website. Data Protection Officer (DPO)
John Dibb is the responsible Data Protection Officer. We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at dpo@prioritydigitalhealth.com.
Policy Review
This Policy will be amended from time to term and no less than annually. Any changes we make will be posted on Our respective websites and where appropriate, notified to Data Subjects.
Related Policies