Privacy Policy

Privacy Policy

This Privacy Policy should be read in conjunction with the my mhealth terms & conditions. By providing your personal information to us when you sign up to use our app(s) and/or service(s), you acknowledge that you have read this Privacy Policy in full and understand the details of the processing of your personal information that we undertake as set out within it.

my mhealth Limited (my mhealth) delivers digital tools to patients and healthcare teams managing long term health condition(s). Your privacy is important to us, and we are committed to respecting and protecting the privacy and security of any personal information we may collect from users of our app(s) and/or service(s). Our privacy policy is designed to help you understand how we collect, use and protect your personal information, and your rights in respect of your personal information.

This privacy policy applies to users of our app(s) and/or service(s) and does not extend to include third party services that can be accessed via our platform, including via links to external sites.

Scope of this Privacy Policy

For the purposes of applicable data protection laws, my mhealth acts as a Controller of your personal information. We are therefore responsible for any personal information we receive through the use of our app(s) and/or service(s), and for determining how and why it is processed.

For certain purposes, we will also act as a joint Controller alongside your healthcare team. This means that some of your personal information will need to be shared between my mhealth and your healthcare team in connection with your use of our app(s) and/or service(s). The purposes for which we will process your personal information as joint Controllers are explained in more detail in the How we will use your personal information section below.

In addition, we also provide our services to other third parties, such as healthcare organisations and professionals involved in your care or conducting scientific research. At times we may process your personal information solely on their behalf, as a Processor. This will mean that we will be processing your personal information subject to their lawful basis and/or for our own legitimate interests.

What personal information we will collect

We collect and process different types of personal information to provide you with our app(s) / service(s). These include:

  • Any other personal data that you may provide to us.
We are required by law to treat certain types of personal information with even more care than usual. These are called sensitive or special categories of personal information.

We may also collect and process the following types of sensitive personal information:

  1. Contact information such as your name, address, email address and NHS number.
  2. App usage and other technical information (including information collected through cookies and other similar technologies) such as your IP address, geolocation and other information collected from your device when you install or access our app(s) / service(s).
  3. Health information such as your medical diagnoses, details of how your diagnosis is treated and your prescription details.
  4. Digital health information from any devices which are compatible with (and linked to) our app, such as a connected glucose meter, inhaler use data (from smart inhaler devices) and activity data (from a smartwatch).
Please see the "How we will use your personal information" section below, which sets out the different purposes for processing your personal information and sensitive personal information.

How we obtain information about you

We may collect or receive your personal data in different ways, including:
  • Where you provide it to us directly, for example when you contact us or enter your information on our app(s).
  • Where we monitor your activity when using our app(s) / service(s), for example via cookies and other similar technologies.
  • Where we receive it from or on behalf of third-party sources such as healthcare professionals, your healthcare team(s) and/or any connected devices linked to our app(s) and/or service(s).
How we will use your personal information

my mhealth will only use your personal information where we are permitted to do so by applicable law; under EU and UK data protection laws, we are required to always have a permitted reason or justification (called a "lawful basis") for processing your personal information such as:
  • Contract performance, where we need to use your information is necessary in order to enter into or perform our contract with you.
  • Legal obligation, where we need to use your information to comply with our legal obligation(s).
  • Legitimate interests, where we need to use your information to achieve a legitimate business interest.
  • Consent, where you have consented to our use of your information
Where we process your sensitive personal information, we are required by law to have an additional condition for processing. Except where we are required to use your sensitive information in order to defend, prosecute or make a claim against you, us or a third party, we will only process your sensitive personal information on one of the following additional conditions:
  • Consent, where you have explicitly consented to our use of your sensitive information for a specific purpose, such as the provision of and access to our apps; or
  • Scientific Research, where we are permitted to use your sensitive information for scientific research purposes. Please note, we will only process your sensitive information for this purpose in anonymised form.
Please see the "Scientific Research" section below for further information.

We have set out in the table below the ways my mhealth may use and process your personal information and sensitive personal information, and in each case, we have noted the lawful basis and conditions that we rely on to do so. Where we rely on the lawful basis of legitimate interests, we have also provided details of what our legitimate interests are:

PurposeLawful Basis
To create, register and manage your user account for our app(s) / service(s)
Please note, for this purpose, we will act as joint Controllers with your healthcare team.
  • Contract performance
  • Legitimate interests: To allow us to provide you with appropriate content
To inform you of any changes, modifications, and updates to our app(s) / service(s)
  • Legitimate interests: To ensure that our app(s) / service(s) continue to satisfy the needs of our users
To review, investigate and address issues that may affect your use of our app(s) / service(s)
  • Legitimate interests: o ensure that our app(s) / service(s) continue to satisfy the needs of our users in a safe and secure manner
To assess and improve the quality of our app(s) / service(s), including via carrying out troubleshooting, data quality checks, functional testing, security testing and statistical analyses
  • Legitimate interests: To ensure that our app(s) / service(s) continue to satisfy the needs of our users in a safe and secure manner
To ensure our records are accurate and up to date
Please note, for this purpose, we will act as joint Controllers with your healthcare team
  • Legitimate interest: To allow us to provide you with appropriate content
To fulfil our legal, regulatory, or risk management obligations, including our legal reporting and disclosure obligations
  • Legal obligation
  • Legitimate interests: To co-operate with law enforcement and regulatory authorities
To prevent fraud
  • Legitimate interests: To ensure that our app(s) / service(s) continue to satisfy the needs of our users in a safe and secure manner
To protect the rights of third parties
  • Legal obligation
  • Legitimate interests: To co-operate with law enforcement and regulatory authorities
To enforce our own legal rights
  • Legal claims
  • Legal obligation
To anonymise your data so that you are not identifiable or able to be identified from it, and so that the information cannot be linked back to you
  • Legitimate interests:To allow us to share non-identifiable data with researchers to help develop better guidelines and treatments for your condition.
  • Scientific Research
To share your information with your healthcare team(s) via our app(s)
Please note, for this purpose, we will act as joint Controllers with your healthcare team.
  • Contractual performance
  • Legitimate interests: To allow our app(s) / service(s) to support in the management of your medical condition(s)
To contact you in relation to any third-party clinical study or research trial that may be of interest to you
Please note, you will only be contacted where any such study or trial is relevant to your condition(s).
  • Consent (including where this relates to processing of any sensitive personal information)
To contact you in relation to any service evaluation, study, or trial run by my mhealth which relates to our app(s) / service(s) which may be of interest to you
  • Consent (including where this relates to processing of any sensitive personal information)
  • Legitimate interest: To improve the performance of our app(s) / service(s)
To review your progress through the educational material and courses available within our app(s) / service(s)
  • Contract performance
  • Legitimate interests: To provide the best content and user experience
To help us understand how you use our app(s) / service(s), and which parts of our app(s) or website are most visited
  • Legitimate interests: To help manage your medical condition(s)
To comply with legal or regulatory requirements, such as the requirement to disclose your personal information to government, regulatory or law enforcement agencies in connection with enquiries, proceedings, or investigations by such parties.

Please note, where permitted, or unless doing so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding
  • Legal obligation


Who we share your personal information with

Your personal information is used to support you to improve your self-management and for you, and us, to learn more about your condition(s).

To do this, we will need to share certain information with other parties, such as:
  • Data storage and back up provider(s), to securely record the personal information that is input into your user account.
  • Push notification software providers, so that we can send you medication reminders and so that you can receive updates from your healthcare team.
  • Your healthcare team(s), for them to support you and to evaluate our service(s).
  • Clinical Trials and Research team(s), where you have expressed an interest in receiving further information about a service evaluation, study, or research trial opportunity.
  • Device manufacturers, so that they can troubleshoot any device or product performance issues.
  • SMS and email messaging services, for communicating to/with you to provide information relevant to your condition(s).

Scientific Research

As mentioned in the table above, we may convert your personal information into an anonymised form. Once converted, you will no longer be able to be identified or identifiable from the data, and the information will not be able to be linked back to you. We may share such anonymised information with our trusted research partners for the purpose of conducting scientific research, including identifying new treatment strategies for long-term condition management.

Please note, we will only ever share the minimal amount of information necessary for this purpose, and we will not sell or share any of your personal information or sensitive personal information to third parties for marketing purposes.

NHS login

Please note that if you accessed our app(s) / service(s) using NHS login details, the applicable identity verification services are managed by NHS England. NHS England is therefore the Controller of any personal information you provide to get an NHS login account and verify your identity. For this purpose, our role in respect of your personal information is as a “Processor” only and we must act in accordance with the instructions provided by NHS England when verifying your identity. To see NHS Englands Privacy Notice and Terms and Conditions, please click here.

Please note, this does not apply to the personal information that you provide to my mhealth separately.

Which countries we transfer your personal information to

We do not transfer your personal information to jurisdictions outside of the United Kingdom (UK) or European Economic Area (EEA).

How do we keep your personal information secure?

We recognise that information security is an integral element of data privacy. While no data transmission (including over the internet or any website) can be guaranteed to be secure, we implement a range of security measures to help protect your personal information from unauthorised access, use, disclosure, alteration, or destruction in accordance with applicable data protection laws.

Information that you provide to us is stored on our, or our service providers’, secure servers (we use Amazon Web Solutions datacentre situated in their London region) and is encrypted both at rest and in transit. We ensure that the information you provide to us is accessed and used in accordance with our security policies and procedures, or those agreed with our service providers.

Everyone at my mhealth, and any third-party service providers we may engage that process personal information on our behalf for the purposes listed above, are also contractually obligated to respect the confidentiality of your personal information.

How long will we store your personal information?

We will keep your personal information only for as long as is necessary to fulfil the purpose for which it was originally collected and/or any other permitted linked purpose (including our legal and regulatory obligations). Our data retention periods are based on our business needs and are in line with established NHS guidelines for long term illness records management. They are regularly assessed to ensure that we do not retain your information for longer than is necessary. Your personal information will be kept for up to 20 years from your last interaction within the platform, or until you request that your data be deleted, in accordance with NHS record-keeping requirements.

Following the confirmed death of a user, their data will be removed after a period of 10 years, in accordance with medical guidelines.

What rights do you have regarding your information?

Under applicable data protection laws, you have several rights in respect of your personal information that may apply in certain circumstances.

These include the following:

  • Right to object to processing
    You have the right to object to (i) any processing of your personal information that we carry out based on our legitimate interests, and (ii) any decision we make which is based solely on automated processing.
  • Right to restrict processing
    You have the right to require us to restrict processing (i) where the personal information we are processing is inaccurate, or (ii) where the processing we are carrying out is unlawful.
  • Be informed
    You should have clear, accessible and transparent information provided to you so you understand how we work, and how we protect and use your personal information.
  • Right of access to your information
    You have the right to receive confirmation of whether or not we process your personal information, and where we do, you have the right to access it and be provided with certain information in relation to it. This enables you to check we are using your information correctly.
  • Right to rectification
    You have the right to require us to correct any inaccuracies wherever you see that we hold incorrect or incomplete information about you.
  • Right to erasure
    You have the right to require us to erase your personal data (i) where we no longer need it for the purpose for which it was collected, (ii) where the processing we are carrying out with that information is unlawful or (iii) where erasure is required in order for us to comply with a legal obligation. Please note, if you request us to delete your personal information, the deletion process can take up to 6 months, and in some cases, we may not be able to satisfy your request where we are required to retain your personal information for legal and regulatory purposes.
  • Right to move your data
    You have the right to require us to provide you with your information in a structured, commonly used and machine-readable format so that it can be transferred to another provider. This is referred to as portability.
  • Right to withdraw your consent
    You have the right to withdraw your consent where we process your personal information and/or sensitive personal information on the lawful basis of consent. This means that you remove our ability to use your information for such processing unless there is another lawful basis that we can rely on to do so. You may withdraw your consent at any point and without providing a reason for doing so, however please note that withdrawing your consent will mean that you will no longer be able to use or access certain aspects of our app(s) / service(s).
While it is our policy to respect the rights of our users, please be aware that your exercise of any of these rights is subject to certain exemptions, including our obligation to safeguard the public interest (e.g., the prevention or detection of crime) and our legal obligations (e.g., to protect third parties). Some of these rights may also be limited where we are required or permitted by law to continue processing your personal information to defend our legal rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights, we will check your entitlement and respond to you without undue delay, which in most cases is within a month. Please note that for those purposes in which my mhealth and your healthcare team(s) act as joint Controllers, my mhealth will be your point of contact for any queries or complaints you may have; please see the "How to contact us" section below.

Complaints

If you have a complaint about the way in which we have processed your personal information, or if you believe that we have breached any applicable data protection laws, then please contact us using the contact details in the "How to contact us" section below, as we would like to resolve this with you.

If for some reason we have not been able to resolve your complaint or if you are dissatisfied with our proposed resolution, you also have the right to make a complaint to the relevant data protection supervisory Authority, which is the Information Commissioners Office (ICO) in the UK.

Further details can be found on the ICO website here: www.ico.org.uk/global/contact-us

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes to this Privacy Policy will be notified to you via an in-service notification, and the latest version will be made available on our and app(s). For some notifications you may be required to read and acknowledge the changes before you can continue using the service.

How to contact Us

You can contact us using the following details:

MethodDetails
By post:my mhealth Limited
Milton Gate
60 Chiswell Street
London
EC1Y 4AG
By telephone:(+44) 01202 299 583
By email:support@mymhealth.com


Or alternatively if you would specifically like to contact our Data Protection Officer:

MethodDetails
Data Protection Officer email:dpo@mymhealth.com

CONTACT US

Request a free demo or find out more

Contact us today

Call us on 01202 299 583

Open 8 am to 5 pm, Monday to Friday (except bank holidays)