– Our use of your data: We typically use your personal information in order to provide you with self-pay clinical services, including access to the Dietitian
– Sharing: We will only share your data with your referring healthcare provider, such as your GP, if relevant.
– Security: We keep your data secure and treat it in accordance with the law.
– International: We may transfer your personal information outside the EU and, if we do, you can expect a similar degree of protection in respect of your personal information.
1. WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?
1.1 Under data protection legislation, Erin Elizabeth Ltd. is required to explain to you why we collect information about you, how we intend to use that information and whether we will share your information with anyone else.
1.2 This statement applies to service users of our self-pay clinical services. Please read this statement carefully to understand our views and practices regarding your personal data and how we will treat it.
1.3 This statement tells you how personal information which we collect from you, or which you provide to us, will be processed by us.
1.4 This statement relates to information collected from your GP on referral to our clinical services and information collected directly from you from our website, over the telephone and at virtual appointments.
1.5 Please do not use Erin Elizabeth Ltd's clinical services unless you agree with this policy.
1.6 This statement does not form part of any contract to provide services. We may update this statement at any time.
1.7 It is important that you inform us of any changes to your personal information which we hold so that the information which we hold is accurate and current.
2. WHO ARE WE?
2.1 We are Erin Elizabeth Ltd, a company registered in England and Wales under company number 11337478 and with our registered office at 23 Donnington House, Union Road, London, United Kingdom, SW8 2RU.
2.2 Erin Elizabeth Ltd is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
3. OUR DATA PROTECTION OFFICER
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
3.2 If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to firstname.lastname@example.org
3.3 If you have any questions about our use of your personal data, you can raise those questions with our Data Protection Officer.
4. WHY ARE WE COLLECTING YOUR INFORMATION?
4.1 The information that you provide to us is required in order for us to:
4.1.1 contact you to book a healthcare professional appointment following a referral from your healthcare provider or via you providing us your information directly;
4.1.2 provide you with the Oviva app, enabling you to input relevant activity and dietary information so that the dietitian can provide you with tailored guidance and support based on your specific requirements wherever and whenever you need it.
5. TYPES OF PERSONAL INFORMATION WE USE
5.1 We are collecting information about you in order to achieve the purposes set out above (see ‘Why are we collecting your information?‘). This includes:
5.1.1 personal details (such as name, gender and date of birth);
5.1.2 contact details (such as your address, telephone number and email address);
5.1.3 If you choose to share it with us, activity information (whether manually provided or from connected external apps, e.g. Fitbit, Apple HealthKit, Google Fit);
5.1.4 details of any contact with us, including a record of your correspondence with us.
6. SPECIAL CATEGORIES OF PERSONAL DATA
6.1 We collect information about you which is categorised as Special Categories of Personal Data. This includes:
6.1.1 health data (including medical history, medications and test results).
6.1.2 Ethnic origin
7. SOURCE OF YOUR PERSONAL INFORMATION
7.1 The information which we collect about you will be obtained through a variety of sources which include:
Information provided by you
7.1.1 in our initial telephone call with you after your (self-) referral;
7.1.2 in any telephone appointments with our healthcare professionals;
7.1.3 when you input information into the Oviva app;
7.1.4 when you report a problem with the Oviva app;
7.1.5 when you contact us for other support or customer service.
Information collected automatically about you
7.1.6 If you choose to use the Oviva app, information automatically collected about you through your use of the Oviva app;
7.1.7 If you choose to use the Oviva app and share your activity data, information collected through connected external apps, such as activity trackers;
7.1.8 recording of your telephone calls with our customer service team and healthcare professionals.
Information collected from third parties
7.1.9 information provided by your referring healthcare professional (e.g. your GP) on referral and throughout your use of our services
8. WHAT WE DO WITH YOUR INFORMATION
8.1 We may use your personal data for the following purposes:
Arranging and conducting an appointment with a healthcare professional
8.2 We use your personal data to contact you to make an appointment with the Dietitian, over the telephone.
8.3 The Dietitian uses your personal information to provide you with tailored advice and guidance.
Use of the Oviva app
8.4 When you use the Oviva app, Oviva may use your personal data to:
8.4.1 register you to use the app;
8.4.2 administer the app and for internal operations such as to help diagnose 8.4.3 problems with our server infrastructure, trouble shoot, analyse data and other administrative purposes;
8.4.3 improve the app and to ensure that content is presented in the most effective manner for you and your smartphone;
8.4.4 allow you to participate in interactive features of our service when you choose to do so;
8.4.5 keep the app safe and secure;
8.4.6 improve the services we offer; and
8.4.7 if you report a problem with the app, use your personal data to investigate and resolve the reported problem.
8.5 We may use your personal data in order to handle any issue which you raise via email.
8.6 We may also use your personal data to notify you about changes to our service.
9. WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
Arranging and conducting a healthcare professional appointment
9.1 We will only be able to offer you an appointment if we have access to certain types of personal data. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you.
Use of the Oviva app
9.2 If you do not agree for us to use your personal information when you use the Oviva app, you should not use the Oviva app.
10. COMPLYING WITH DATA PROTECTION LAW
10.1 We will comply with data protection law. At the heart of data protection laws are the “data protection principles” which say that the personal information we hold about you must be:
10.1.1 used lawfully, fairly and in a transparent way;
10.1.2 collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
10.1.3 relevant to the purposes we have told you about and limited only to those purposes;
10.1.4 accurate and kept up to date;
10.1.5 kept only as long as necessary for the purposes we have told you about; and
10.1.6 kept securely.
11. WHAT IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?
11.1 In accordance with the data protection laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.
11.2 The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:
11.2.1 Legitimate interest: Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy. For example, we rely on legitimate interest as our lawful basis for providing you with the Oviva app and registering you so that you are able to use the app.
11.2.2 Consent: It is possible that you may give us your consent to use your information for a particular purpose.
12. SHARING YOUR INFORMATION
12.1 We may share some of your personal data with third parties as described below.
Sharing your information with your referring healthcare professional - if applicable
12.1.1 Whilst we are providing you with clinical services, relevant personal data will be shared with your referring healthcare professional (e.g. your GP) for the purposes of further caregiving. - if applicable
13. SECURITY OF YOUR DATA
13.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer on email@example.com.
13.2 All information you provide to us is stored on our secure servers.
13.3 Where we have given you (or where you have chosen) a password which enables you to access the Oviva app, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
13.4 Please note that data is stored within the Oviva app on your mobile device, and the security of that data depends on your device. If your smartphone is lost or stolen, there is a risk that your data will be accessed. We encourage you to password-protect your smartphone and use a device that includes encryption. By inputting your personal data into the app you bear all risks for data loss from lost or stolen devices.
Third parties security measures
13.5 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
13.6 All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
14. TRANSFERRING INFORMATION OUTSIDE THE EU
14.1 The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.
14.2 We will transfer the personal information we collect about you to the following countries outside the EU:
14.3 There is an adequacy decision by the European Commission in respect of those countries listed above with an asterix (*). This means that those countries are deemed to provide an adequate level of protection for your personal information.
15. CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
15.1 We typically will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
15.2 We may use your personal information without your knowledge or consent where such use is required or permitted by law.
16. STORING YOUR INFORMATION AND DELETING IT
16.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer on firstname.lastname@example.org.
16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
16.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a user of our self-pay clinical services we will retain and securely destroy your personal information in accordance with our data retention policy.
17. YOUR RIGHTS
17.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details at the bottom of this page. If you notice any errors in your personal data, you have the right to have them corrected.
17.2 Under certain circumstances, by law you have the right to:
17.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
17.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
17.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
17.2.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
17.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
17.2.6 Request the transfer of your personal information to another party.
17.3 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing.
18. RIGHT TO WITHDRAW CONSENT
18.1 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
19. RIGHT TO COMPLAIN TO THE ICO
19.1 You also have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
20. CHANGES TO THIS PRIVACY STATEMENT
21. CONTACT DETAILS
21.2 If you have any questions, comments or requests regarding the Oviva app please contact Oviva on email@example.com.