This policy sets out the basis on which any personal data submitted to your GP Practice using the Evergreen Life digital triage software (also known as 'askmyGP', ‘Dr.iQ powered by Evergreen’ or 'Evergreen Ask'), or that you otherwise provide to us, will be processed by us.
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and the legal basis for the processing.
We (Evergreen Life) are committed to protecting your personal data and respecting your privacy.
Introduction
This policy (together with our end-user licence agreement) and any additional terms incorporated by reference into the EULA, together our Terms of Use) applies to your use of:
- The application software (the Service) accessed through your GP Practice’s website, via the Evergreen life app, or other means.
- Any of the functions accessible through the Service or available via other sites of ours, unless the EULA states that a separate privacy policy applies to a particular function, in which case that privacy policy only applies.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Important information and who we are
Evergreen Life is the supplier of the service. We are a data processor of the personal data you provide when using our service with your GP Practice, who are the data controller. The processing is necessary for the performance of the statutory duties of the GP Practice. As a data processor we may only process your data as instructed by the data controller – your GP Practice. This is limited to our provision of the application and associated activities that help us manage and analyse our services.
Contact details
Full name of legal entity: Evergreen Life
Email address: [email protected]
Postal address: The Edge, Clowes St, Manchester M3 5NA
You have the right to make a complaint at any time to the supervisory authority for data protection issues. If you live in the UK this is the Information Commissioner’s Office (ICO) Our ICO registration number is Z3487875. If you live in Isle of Man this is the Isle of Man Information Commissioner. Our registration number is R001646
Changes to this Application Privacy Policy and our request that you inform us of changes in your circumstances
We keep our policies under regular review. This policy may change and if it does, these changes will be posted on this page and, where necessary, we will notify you. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Service.
It is important that the personal data we process or hold is accurate and current. Please use the Service to update your details if your personal data changes during our relationship with you.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data: first name, last name, username or similar identifier, title, date of birth, gender, NHS Number, registered GP Practice.
- Contact Data: address, email address and telephone numbers.
- Device Data: includes operating system and browser.
- Profile Data: includes your username and password, history, your preferences, feedback and survey responses.
- Usage Data: includes details of your use of our Service or your visits to any of Our Sites including, but not limited to, traffic data and other communication data. Please see our website privacy policy for further details.
- Information about your health that you exchange with your GP Practice.
- Information you give us (for example, by email or chat or using a form we provide for this purpose). It includes information you provide when you register to report a problem with the Service. If you contact us, we will keep a record of that correspondence.
How we use your personal data
We will only use your personal data to deliver the service as instructed by your GP Practice, usage data for service evaluation purposes or where we need to comply with a legal obligation.
The legal basis for processing your data
As a data processor the legal basis that we rely upon to process your personal data must be determined by the data controller – your GP Practice. This will be to support the legitimate interests of the GP Practice, carry out work that is in the public interest such as medical care and, where clinical details are processed, we will ensure that the processing supports care and treatment. We will never sell your personal data or use it for any other purpose.
Disclosures of your personal data
We will only disclose your personal data to your GP Practice unless the law requires us to disclose it to others. Service evaluation may be undertaken with usage data which includes patient sex and age in years, but no personal identifiable data is accessed.
We may need to transfer personal data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners will use your personal data in the same way as set out in this privacy policy.
Third party links
We may, from time to time, offer links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these websites or services. Please check these policies before you submit any personal data to these websites or use these services.
International transfers
We do not transfer your personal data outside the European Economic Area (EEA).
Data security
All information you provide to us is stored on our secure servers. Where a password is needed to access certain parts of Our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
Data retention and your legal rights
We generally keep a copy of your personal data for two years though your GP Practice will keep their copy for longer as part of your medical record. After two years we will delete all personal identifiable data. We will retain usage data indefinitely but this will have no impact upon you and you have no legal rights in respect of this data.
You do have legal rights in respect of your personal data, including the right to have a copy provided to you, to have data deleted and to have factual inaccuracies corrected. You will need to contact your GP Practice if you wish to exercise any of these rights.
Effective from 12 August 2015
Revised November 2021