Privacy Policy

Summary of changes

26 Feb, 2020: We simplified the policy wording and unified the consent we request from you.


Your privacy is essential to our core activity. We are committed to respecting and protecting it while you use our services. This policy is designed to let you know who we are, what we do, how we protect the information you provide us with, or that we are provided from other sources, such as your healthcare team, and what your rights are.

Who we are

my mhealth is a company that makes apps for patients and healthcare teams to manage health conditions. Our company’s registered address is First and Second Floor, 8 Trinity, 161 Old Christchurch Road, Bournemouth BH1 1JU and we are registered with Companies House with the number 07881370.

We are a data controller under UK law. Being a data controller means we are responsible for the data we receive through the use of our apps and for determining the purpose(s) and manner in which it is processed. As we provide our services to third parties, such as healthcare organisations, we may be processing the information on their behalf and subject to their lawful basis and legitimate interests.

When you sign up to use my mhealth apps, you consent to us having and using your data to provide you with our service. We take this responsibility extremely seriously and commit to maintaining utmost security to support this. If you stop providing your personal information or you choose to withdraw your consent to us processing your information, we will be no longer able to provide you with the service.

What will we collect?

  • Any information that you put into our system. This can include name, address, email and NHS number.
  • We may collect additional information from your device, such as, data provided by sensors like location and acceleration, by applications like web browsers, your devices IP address and the time and duration of your activity.
  • We will record your app usage to understand how you use the service and which sections you use most and to review your progress through the courses available on the app(s).
  • Information put into our system by your healthcare team in working with you and your condition.
  • Geolocation.
  • Information from third parties that form part of our services, such as pollen feeds, pollution feeds and localised weather information (geolocated to your whereabouts).

How do we use your data?

NOTE – we will not use your information nor sell your information for marketing purposes.

1. To provide you with the service
  • To register and manage your account with us and to ensure your information is accurate and up-to-date
  • To enable users to work together in a safe, secure environment
  • To inform you of alterations, modification, updates and improvements in the service
  • To review, investigate and address issues that may affect your use of our service
2. To exercise our legitimate interests
  • We will use your data to review and assess the quality of our service and make improvements
  • We need to use your information to provide a responsive service to you and be able to support or respond to your contacts
  • We will use your information for internal operations. These might include troubleshooting, fraud detection and resolution, data quality checks, functional testing, security, audit and statistical analysis of the app/service
3. To respond to obligatory requirements
  • We will disclose information if we are requested to do so as part of a reasonable regulatory requirement or in response to a legal request

Sharing of your data

We use your information to support you, for you to record your symptoms, learn more about your condition and as a result, improve your self-management. To do this, we may share your information and anonymised information, depending on the service, with third parties such as;

  • Information storage providers
  • Push notification software providers
  • Healthcare & research teams
  • SMS messaging services
We will only share the minimal information necessary to deliver the service.

As a medical company, we take part, where approved by the relevant authorities, in assisting with studies and medical research. This is to help understand more about your condition and the improvement of future treatments available to you or other people with your condition. To do this we may contact you when these types of opportunities arise. We will ensure that you can consent or opt-out of this type of activity before any further information processing takes place.

How do we keep your information secure?

Your information is stored within cloud-based servers situated in a region local to you. For example, UK users’ data remains within the EEA. All information kept by my mhealth is encrypted when it is being moved between devices but also when it is stored using the industry standard.

We have strict procedures and security measures to prevent, as much as possible, unauthorised access or disclosure of your information. We cannot guarantee the security of any information you transmit to us, such as emails containing information about you.

Keeping your information safe is ESSENTIAL to my mhealth; this is part of our core service.

How long will we store your information?

We will keep your information for up to 30 years, unless you are still actively using the platform. If you ask us to delete your information before this, we will, but it may take up to 6 months to completely remove your data from the cloud-based back-up storage system. Following the death of a user, these rules will apply unless we are informed directly.

What rights do you have regarding your information?

We are committed to complying with your rights to your information and will deal with any requests, outlined below without undue delay, and in line with regulatory timeframes. By law you have a number of rights that apply in certain circumstances. These include the right to

  • Object to processing
    This means you may not want your information used in some ways

  • Restrict processing
    This means we can no longer use your information, but we will store it and maintain your place on our data set of users whose information we hold but cannot use moving forward

  • Be informed
    You should have clear, accessible and transparent information provided to you so you understand how we work, protect and use your information

  • Have access to your information
    This enables you to check we are using your data correctly and is done by contacting us directly or your healthcare team.

  • Data rectification
    If you see incorrect or incomplete information, you can ask to have that corrected.

  • Be erased
    This means you can be “forgotten”. It is important to know; this is not a general statement and is subject to some conditions, but the right means you can have all the information we hold on you deleted where there is no compelling reason for us to keep using it.

  • Move your data
    This is referred to as portability. Your data should be provided for you in a way that is accessible and provides you with the option of reusing the data in other situations, as you own your data

  • Complain
    You have the right to lodge a complaint, and we will respect this and deal with it in a timely fashion in line UK regulations.

  • Withdraw consent
    This means you remove the right for us to use your data. You may do this at any point and without providing a reason for doing so. Removing your consent though means you will no longer be able to use our services.

Changes in the Privacy Policy and to the service

Any changes to the Privacy Policy or to the app will create a notification via the app directly to you. This will arrive in your notifications tile when you next log in following the notification release. For some notifications you may be required to read and accept the changes before you can continue using the service.

Contact Us

If you have further questions, you can contact us at the address:

First and Second Floor
8 Trinity
161 Old Christchurch Road
Bournemouth
BH1 1JU
Telephone 01202 299 583
Email support@mymhealth.com

Our Data Protection Officer is Adam Kirk, at the above details and dpo@mymhealth.com

If you would rather deal with an independent group, or feel we have not satisfactorily dealt with your enquiry, you can contact the ICO by email casework@ico.org.uk OR phone 0303 123 1113.