Version history

Summary of changes

03 Jul, 2024: Initial document


Privacy Policy

This Privacy Policy (the “Privacy Policy”) should be read in conjunction with the terms & conditions of my mhealth Inc. (“my mhealth”, “we”, “us” or “our”). By providing your personal information (“Personally Identifiable Information” or “PII”), to us when you sign up to use our app(s), website and/or service(s), you acknowledge that you have read this Privacy Policy in full and understand the details of the processing of your personal information that we undertake as set out within it.

my mhealth delivers digital tools to patients and healthcare teams managing long term health condition(s). Your privacy is important to us, and we are committed to respecting and protecting the privacy and security of any PII we may collect from users of our app(s), website and/or service(s). This Privacy Policy is designed to help you understand how we collect, use and protect your PII and your rights in respect of your PII. If you do not agree with any aspect of this Privacy Policy, you should immediately discontinue access or use of our app(s), website and/or service(s).

This Privacy Policy applies to users of our app(s), website and/or service(s) and does not extend to include third party services that can be accessed via our platform, including via links to external sites. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or service(s).

Scope of this Privacy Policy

We therefore exercise reasonable care with any PII we receive through the use of our app(s), website and/or service(s), and when determining how and why it is processed.

Should you choose, your PII can be shared between my mhealth and your healthcare team in connection with your use of our app(s), website and/or service(s).

In addition, we also provide our services to other third parties, such as healthcare organizations and professionals involved in your care or conducting scientific research. At times we may process your PII solely on their behalf. This will mean that we will be processing your PII subject to their lawful basis and/or for our own legitimate interests.

What PII we will collect

We collect and process different types of PII to provide you with our app(s), website and/or service(s). These include:
  • Any information which can be used to identify a person, such as first name and surname, address, e-mail address, telephone number, or other contact details;
  • Any other information that you may provide to us.

We will treat certain types of PII with even more care than usual. These are called sensitive or special categories of PII.

We may also collect and process the following types of PII:
  1. App usage and other technical information (including information collected through cookies and other similar technologies) such as your IP address, geolocation and other information collected from your device when you install or access our app(s), website and/or service(s).
  2. Health information such as your medical diagnoses, details of how your diagnosis is treated and your prescription details.
  3. Digital health information from any devices which are compatible with (and linked to) our app, such as a connected glucose meter, inhaler use data (from smart inhaler devices) and activity data (from a smartwatch).

Please see the "How we will use your PII" section below, which sets out the different purposes for processing your PII.

How we obtain PII about you

We may collect or receive your PII in different ways, including:
  • Where you provide it to us directly, for example when you contact us or enter your PII on our app(s).
  • Where we monitor your activity when using our app(s), website and/or service(s), for example via cookies and other similar technologies.
  • Where we receive it from or on behalf of third-party sources such as healthcare professionals, your healthcare team(s) and/or any connected devices linked to our app(s), website and/or service(s).

How we will use your PII

my mhealth will only use your PII where we are permitted to do so by applicable law.

Except where we are required to use your sensitive PII in order to defend, prosecute or make a claim against you, us or a third party, we will only process your sensitive PII on one of the following conditions:
  • Consent, where you have explicitly consented to our use of your PII for a specific purpose, such as the provision of and access to our apps; or
  • Scientific Research, where we are permitted to use your sensitive PII for scientific research purposes. Please note, we will only process your sensitive PII for this purpose in anonymized form
Please see the "Scientific Research" section below for further information.

We have set out in the table below the ways my mhealth may use and process your PII and sensitive PII, and in each case, we have noted the basis and conditions that we rely on to do so. Where we rely on the basis of legitimate interests, we have also provided details of what our legitimate interests are:

PurposeLawful Basis
To create, register and manage your user account for our app(s) / service(s)
Please note, for this purpose, we will act in coordination with your healthcare team
  • Contract performance
  • Legitimate interests: To allow us to provide you with appropriate content
To inform you of any changes, modifications, and updates to our app(s), website and/or service(s)
  • Legitimate interests: To ensure that our app(s), website and/or service(s) continue to satisfy the needs of our users
To review, investigate and address issues that may affect your use of our app(s), website and/or service(s)
  • Legitimate interests: To ensure that our app(s), website and/or service(s) continue to satisfy the needs of our users in a safe and secure manner
To assess and improve the quality of our app(s), website and/or service(s), including via carrying out troubleshooting, data quality checks, functional testing, security testing and statistical analyses
  • Legitimate interests: To ensure that our app(s), website and/or service(s) continue to satisfy the needs of our users in a safe and secure manner
To ensure our records are accurate and up to date
Please note, for this purpose, we will act in coordination with your healthcare team
  • Legitimate interest: To allow us to provide you with appropriate content
To fulfil our legal, regulatory, or risk management obligations, including our legal reporting and disclosure obligations
  • If required by applicable law
  • Legitimate interests: To co-operate with law enforcement and regulatory authorities
To prevent fraud
  • Legitimate interests: To ensure that our app(s), website and/or service(s) continue to satisfy the needs of our users in a safe and secure manner
To protect the rights of third parties
  • If required by applicable law
  • Legitimate interests: To co-operate with law enforcement and regulatory authorities
To enforce our own legal rights
  • Legal claims
  • If required by applicable law
To anonymize your data so that you are not identifiable or able to be identified from it, and so that the PII cannot be linked back to you
  • Legitimate interests: To allow us to share non-identifiable data with researchers to help develop better guidelines and treatments for your condition.
  • Scientific Research
To share your PII with your healthcare team(s) via our app(s)
Please note, for this purpose, we will act in coordination with your healthcare team
  • Contractual performance
  • Legitimate interests: To allow our app(s), website and/or service(s) to support in the management of your medical condition(s)
To contact you in relation to any third-party clinical study or research trial that may be of interest to you
Please note, you will only be contacted where any such study or trial is relevant to your condition(s)
  • Consent (including where this relates to processing of any sensitive PII)
To contact you in relation to any service evaluation, study, or trial run by my mhealth which relates to our app(s), website and/or service(s) which may be of interest to you
  • Consent (including where this relates to processing of any sensitive PII)
  • Legitimate interest: To improve the performance of our app(s), website and/or service(s)
To review your progress through the educational material and courses available within our app(s), website and/or service(s)
  • Contract performance
  • Legitimate interests: To provide the best content and user experience
To help us understand how you use our app(s), website and/or service(s), and which parts of our app(s) or website are most visited
  • Legitimate interests: To help manage your medical condition(s)
To comply with legal or regulatory requirements, such as the requirement to disclose your PII to government, regulatory or law enforcement agencies in connection with enquiries, proceedings, or investigations by such parties
Please note, where permitted, or unless doing so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding
  • If required by applicable law

Who we share your PII with

Your PII is used to support you to improve your self-management and for you, and us, to learn more about your condition(s).

To do this, we will need to share certain information with other parties, such as:
  • Data storage and back up provider(s), to securely record the PII that is input into your user account.
  • Push notification software providers, so that we can send you medication reminders and so that you can receive updates from your healthcare team.
  • Your healthcare team(s), for them to support you and to evaluate our service(s).
  • Clinical Trials and Research team(s), where you have expressed an interest in receiving further information about a service evaluation, study, or research trial opportunity.
  • Device manufacturers, so that they can troubleshoot any device or product performance issues.
  • SMS and email messaging services, for communicating to/with you to provide information relevant to your condition(s).

Scientific Research

As mentioned in the table above, we may convert your PII into an anonymized form. Once converted, you will no longer be able to be identified or identifiable from the data, and the PII will not be able to be linked back to you. We may share such anonymized PII with our trusted research partners for the purpose of conducting scientific research, including identifying new treatment strategies for long-term condition management.

Please note, we will only ever share the minimal amount of PII necessary for this purpose, and we will not sell or share any of your PII or sensitive PII to third parties for marketing purposes.

Which countries we transfer your PII to

We do not transfer your PII to jurisdictions outside of the United States of America.

How do we keep your PII secure?

We recognize that information security is an integral element of data privacy. While no data transmission (including over the internet or any website) can be guaranteed to be secure and we therefore cannot fully guarantee that loss, misuse, unauthorized acquisition, or alteration of your PII will not occur, we implement a range of security measures to help protect your PII from unauthorized access, use, disclosure, alteration, or destruction in accordance with applicable data protection laws.

PII that you provide to us is stored on our, or our service providers’, secure servers (we use Amazon Web Solutions datacentre situated in the USA and is encrypted both at rest and in transit. We ensure that the PII you provide to us is accessed and used in accordance with our security policies and procedures, or those agreed with our service providers.

Everyone at my mhealth, and any third-party service providers we may engage that process PII on our behalf for the purposes listed above, are also contractually obligated to respect the confidentiality of your PII.

How long will we store your PII

We will keep your PII only for as long as is necessary to fulfil the purpose for which it was originally collected and/or any other permitted linked purpose (including as required by applicable law). Our data retention periods are based on our business needs. They are regularly assessed to ensure that we do not retain your information for longer than is necessary. Your PII will be kept for up to 20 years from your last interaction within the platform, or until you request that your PII be deleted.

Following the confirmed death of a user, their PII will be removed after a period of 10 years, in accordance with medical guidelines.

What cookies do we use

Cookies are used to help us understand your preferences based on previous or current app(s) and website activity, which enables us to provide you with improved services. We use the following cookies:
  • Necessary cookies: these cookies are necessary to maintain our services. They are usually only set in response to actions made by you. You can set your browser to block or alert you about these cookies, but that can make some parts of the app(s) or website not work. These cookies do not store any PII;
  • Performance cookies: these cookies allow us to count visits and traffic so we can collect insights and see how visitors move around the app(s) and website. All information these cookies collect is aggregated and therefore, anonymous;
  • Functional cookies: these cookies enable the app(s) or website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our webpages;
  • Marketing cookies: these cookies may be set through our app(s) and website by our advertising partners to build a profile of your interests and show you relevant adverts on other apps and websites. They do not store directly PII but can identify your browser and internet device.

You can choose to have your computer warn you (through your browser settings) each time a cookie is being sent, or you can choose to turn off all cookies. If you choose to turn cookies off, some of the features that make the app(s) and website experience more efficient may not function properly.

Complaints

If you have a complaint about the way in which we have processed your PII, or if you believe that we have breached any applicable data protection laws, then please contact us using the contact details in the "How to contact us" section below, as we would like to resolve this with you.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes to this Privacy Policy will be notified to you via an in-service notification, and the latest version will be made available on our and app(s) and website. For some notifications you may be required to read and acknowledge the changes before you can continue using our app(s), website and/or service(s)

How to contact Us

You can contact us using the following details:

DetailsLawful Basis
By post: my mhealth Inc.
251 Little Falls Drive
Wilmington
DE 19808
By telephone: +44 1202 599583
By email: support@mymhealth.com