Privacy Policy

Summary of changes

06 May, 2020: We clarified the wording on how we use patient's data.


Your privacy is essential to our core activity. We are committed to respecting and protecting it while you use our services. This policy is designed to let you know who we are, what we do, how we protect the information you provide us with, or that we are provided from other sources, such as your healthcare team, and what your rights are.


Who we are

my mhealth delivers a platform for patients and healthcare teams managing long term health conditions. Our company's registered address is First and Second Floor, 8 Trinity, 161 Old Christchurch Road, Bournemouth BH1 1JU and we are registered with Companies House with the number 07881370.

We are a data controller under UK law. This means we are responsible for the data we receive through the use of our apps and for determining the purpose(s) and manner in which it is processed. As we provide our services to third parties, such as healthcare organisations and trusts, we may be processing the information on their behalf and subject to their lawful basis for processing and/or our own legitimate interests.

Signing up to use the apps, you consent to us having and using your data to provide our service. We take this responsibility extremely seriously and commit to maintaining utmost security to support this. If you stop providing your personal information or you choose to withdraw your consent to us processing your information, we will be no longer able to provide you with the service.


What will we collect?

  • Any information that you put into our system. This can include name, address, email and NHS number. We need your NHS number as this forms part of your unique patient identifier.

  • We may collect additional information from your device, such as, data provided by sensors like location and acceleration, by applications like web browsers, your device's IP address and the time and duration of your activity, to deliver the fastest application response for you, as the user.

  • We will record your usage of our app(s) to understand which sections you use most and to review your progress through the courses available on the app(s)

  • Information put into our system by your healthcare team in working with you to self-manage your condition

  • Geolocation – In order to provide you with the correct information about Weather, pollution and pollen in your area, we need to know your location. We do this because weather, pollen and pollution can affect your long-term condition.

  • Information from third parties that form part of our services, such as pollen feeds, pollution feeds and localised weather information

How do we use your data?

NOTE – we will NOT use your information nor sell your information for marketing purposes.

  • 1. To provide you with the service

    • To register and manage your account with us and to ensure your information is accurate and up to date

    • To enable users to work together in a safe, secure environment

    • To inform you of any alterations, modifications and updates to the service

    • To review, investigate and address issues that may affect your use of our service

  • 2. To exercise our legitimate interests

    • We will use your data to review and assess the quality of our service and make improvements

    • We need your information to provide a responsive service to you and to support or respond to you, when you contact us.

    • We will use your information for internal operations. These might include troubleshooting, fraud detection and resolution, data quality checks, functional testing, security, audit and statistical analysis to ensure that our app(s)/service satisfies the requirements of our users

  • 3. To respond to obligatory requirements

    • We will disclose information if we are requested to do so as part of a reasonable regulatory requirement or in response to a legal request

Sharing of your data

We use your information to support you, for you to record your symptoms, learn more about your condition and improve your self-management. To do this, we may share your information and anonymised information, depending on the service, with third parties. The third parties, and an example of their involvement in the delivery of the service are;

  • Information storage providers to record information that is input to your account

  • Push notification software providers to communicate medication reminders and updates from your healthcare team

  • Healthcare & research teams. This will always be anonymised unless you agree, at the time, to participate in trials using your identifiable information

  • SMS messaging services for communicating to you, information relevant to your condition


We will only ever share the minimal information necessary to deliver the service.

We will also take part, where approved by the relevant authorities, in assisting with studies and medical research. This is to help understand more about your condition and the improvement of future treatments available to you, and others who suffer from the same condition. To do this we may contact you when these types of opportunities arise. We will contact you, under our legitimate interest, where you can consent or opt-out of participating.


How do we keep your information secure?

Your information is stored within Amazon Web Services and situated in a region local to you. All information kept by us is encrypted both at rest and in transit.


We have strict procedures and security measures to prevent, as much as reasonably possible, unauthorised access to or disclosure of your information. We cannot guarantee the security of any information you transmit to us, such as emails containing information about you.


How long will we store your information?

We will keep your information for up to 30 years in line with medical guidelines, from the point you tell us you no longer wish to use the platform. If you ask us to delete your information before this, we will, but it may take up to 6 months to completely remove your data from the cloud-based back-up storage system, simply because of the way in which our back-up host operates. Following the confirmed death of a user, their data will be removed after 8 years, again in line with medical guidelines.


What rights do you have regarding your information?

We are committed to complying with your rights to your information and will deal with any requests, outlined below without undue delay, and in line with regulatory timeframes. By law you have a number of rights that apply in certain circumstances. These include the right to

  • Object to processing
    This means you may not want your information used in some ways

  • Restrict processing
    This means we can no longer use your information, but we will store it and maintain your place on our data set of users whose information we hold but cannot use moving forward

  • Be informed
    You should have clear, accessible and transparent information provided to you so you understand how we work, protect and use your information

  • Have access to your information
    This enables you to check we are using your data correctly and is done by contacting us directly or your healthcare team.

  • Data rectification
    If you see incorrect or incomplete information, you can ask to have that corrected.

  • Be erased
    This means you can be "forgotten". It is important to know; this is not a general statement and is subject to some conditions, but the right means you can have all the information we hold on you deleted where there is no compelling reason for us to keep using it.

  • Move your data
    This is referred to as portability. Your data should be provided for you in a way that is accessible and provides you with the option of reusing the data in other situations, as you own your data

  • Complain
    You have the right to lodge a complaint, and we will respect this and deal with it in a timely fashion in line UK regulations.

  • Withdraw consent
    This means you remove the right for us to use your data. You may do this at any point and without providing a reason for doing so. Removing your consent though means you will no longer be able to use our services.


Changes in the Privacy Policy and to the service

Any changes to the Privacy Policy will be notified to you via an in-service notification. For some notifications you may be required to read and accept the changes before you can continue using the service. This will be governed in line with our terms & conditions, to be read in conjunction with this privacy policy, when activating your user account.


Contact Us

If you have further questions, you can contact us at the address:

First and Second Floor
8 Trinity
161 Old Christchurch Road
Bournemouth
BH1 1JU
Telephone 01202 299 583
Email support@mymhealth.com

Our Data Protection Officer is Adam Kirk, at the above details and dpo@mymhealth.com

If you would rather deal with an independent group or feel we have not satisfactorily dealt with your enquiry, you can contact the ICO by email casework@ico.org.uk OR phone 0303 123 1113.