This policy sets out the basis on which any personal data submitted to your GP Practice using the askmyGP Service, or that you otherwise provide to us, will be processed by us.
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and the legal basis for the processing.
We (GP Access Ltd trading as askmyGP) are committed to protecting your personal data and respecting your privacy.
· The askymyGP application software (the Service) accessed through your GP Practice’s website.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Important information and who we are
GP Access Ltd is the supplier of the askmyGP Service. We are a data processor of the personal data you provide when using our service with your GP Practice, who are the data controller. The processing is necessary for the performance of the statutory duties of the GP Practice. As a data processor we may only process your data as instructed by the data controller – your GP Practice. This is limited to our provision of the askmyGP application and associated activities that help us manage and analyse our services.
Full name of legal entity: GP Access Ltd trading as askmyGP
Email address: email@example.com
Postal address: 70 Main Street, Cossington, Leicestershire, LE7 4UW
Telephone number: 01509 816293
You have the right to make a complaint at any time to the supervisory authority for data protection issues. If you live in the UK this is the Information Commissioner’s Office (ICO) Our ICO registration number is Z3487875. If you live in Isle of Man this is the Isle of Man Information Commissioner. Our registration number is R001646
We keep our policies under regular review. This policy may change and if it does, these changes will be posted on this page and, where necessary, we will notify you. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Service.
It is important that the personal data we process or hold is accurate and current. Please use the Service to update your details if your personal data changes during our relationship with you.
Third party links
We may, from time to time, offer links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these websites or services. Please check these policies before you submit any personal data to these websites or use these services.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
· Identity Data: first name, last name, username or similar identifier, title, date of birth, gender, NHS Number, registered GP Practice.
· Contact Data: address, email address and telephone numbers.
· Device Data: includes operating system and browser.
· Profile Data: includes your username and password, history, your preferences, feedback and survey responses.
· Information about your health that you exchange with your GP Practice.
· Information you give us (for example, by email or chat or using a form we provide for this purpose). It includes information you provide when you register to report a problem with the Service. If you contact us, we will keep a record of that correspondence.
How we use your personal data
We will only use your personal data to deliver the askmyGP service as instructed by your GP Practice, to generate anonymised data for our service evaluation purposes or where we need to comply with a legal obligation.
The legal basis for processing your data
As a data processor the legal basis that we rely upon to process your personal data must be determined by the data controller – your GP Practice. This will be to support the legitimate interests of the GP Practice, carry out work that is in the public interest such as medical care and, where clinical details are processed, we will ensure that the processing supports care and treatment. This includes the anonymisation of your personal data to enable service evaluation and improvement and we will not sell this data or use it for any other purpose.
Disclosures of your personal data
We will only disclose your personal data to your GP Practice unless the law requires us to disclose it to others. We need to evaluate our services and gain a better understanding of how we may help to improve our services and the care we support but we anonymise all data before we use it for these purposes. We may share this anonymised data with other organisations, e.g. Universities, who can help with this analysis.
We do not transfer your personal data outside the European Economic Area (EEA).
All information you provide to us is stored on our secure servers. Where a password is needed to access certain parts of Our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
Data retention and your legal rights
We generally keep a copy of your personal data for two years though your GP Practice will keep their copy for longer as part of your medical record. After two years we will delete or anonymise all dat about you. We will retain anonymised data indefinitely but this will have no impact upon you and you have no legal rights in respect of this data.
You do have legal rights in respect of your personal data, including the right to have a copy provided to you, to have data deleted and to have factual inaccuracies corrected. You will need to contact your GP Practice if you wish to exercise any of these rights.
Effective from 12 August 2015
Revised 14 February 2020
Revised 30 April 2020