Privacy Notice

Last updated on 25/02/2021

My Well Record is provided and managed by Health Diagnostics Ltd, a company registered in England with company number 04649183 and with a registered office at 24 Castle Street, Chester, CH1 2DS.
Health Diagnostics are registered with the Information Commissioners Office, registration number Z136831X.

Health Diagnostics act as a “Controller” of any personal data shared with My Well Record. This means that Health Diagnostics is responsible for how to hold and use this personal data. We are committed to protecting and respecting your privacy.

Scope of this privacy policy

This notice, together with our end-user licence agreement as set out here applies to your use of:

  • The My Well Record website provided to you upon completion of a health check using Health Diagnostics’ digital services.

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. ‘Processing’ for the purposes of this notice covers a broad range of activities including using, transferring, storing and even deleting data.

Please read the following terms carefully to understand our views and practices regarding your personal data and how we handle it.

Data collected for and by My Well Record will not be shared or processed for any purpose not outlined in this notice.

For the avoidance of doubt

  • By registering with My Well Record or supplying data or information through the site or otherwise accessing or using My Well Record, you acknowledge that you are aware of the collection, use, and transfer of the personal and relevant data under the terms of this privacy notice (and the Terms of Use)

Our data privacy credentials

  • ICO Registration Number is Z136831X
  • NHS Data Security and Protection Toolkit Organisation Code is 8HM99

Personal data we may collect in relation to you

We may collect, and process, the following types of personal data about you:

  • As part of your registration for My Well Record following your health check, we hold the undermentioned demographic information about you:
    • Full name
    • Full address
    • Email address
    • NHS number, if provided during a health check
    • Telephone number
    • GP Practice details
    • Details of the service provider that referred you to My Well Record
  • To communicate the health check results we may hold the following clinical information about you
    • Smoking status
    • Blood pressure readings
    • Pulse rate and pulse rhythm
    • Blood test results
    • Your height
    • Your weight at the time of the assessment
    • Your waist measurement
    • Alcohol consumption information
    • Information about your physical activity
    • Risk of Type 2 Diabetes
    • Risk of cardiovascular disease
    • Family history of coronary heart disease related illness
  • Each time you visit or use My Well Record we may automatically collect the following information:
    • Technical information, including the type of device mobile device or computer used to access My Well Record
    • Details of your visits to My Well Record and any responses submitted to the site

Age limits

This application is NOT for persons under the age of 18 and will not be offered to persons under the age of 18.

Uses made and purpose of the information you provide

  • Submitted information: the information you submit during the registration process of My Well Record will be used to:
    • manage your account
    • provide technical support
    • contact you to notify you of any updates relating to this site
    • answer any queries you might raise regarding My Well Record and for our own administrative purposes
    • help us verify your identity to enable secure and authorise access to My Well Record
  • Health data: we will use any health data you submitted to My Well Record on registration only for the purposes of storing that information and make it available to you.
  • Survey responses: we will use this information for the purpose outlined in the survey or request for information.
  • Device information: we will use this information to help ensure My Well Record presents the correct version and data for your device.
  • Log information: this is stored for security and audit purposes and to ensure that we are able to support your use of My Well Record.
  • For security and safety purposes: we will monitor activity in order to help protect our users from security threats and to detect if users are trying to misuse any element of My Well Record or to use them in an unauthorised manner. We may also use your contact information in order to alert you to any relevant security issues or safety concerns of which we are aware.
  • To statistically analyse user behaviour and activity: we will monitor user interest and behaviour to help us to understand general usage of My Well Record to help us improve the services we provide. We may also use this information to tailor the view of My Well Record. We may conduct statistical analysis in respect of My Well Record.

We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this privacy notice for as long as it is combined.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Basis on which we process your personal data

We may rely on a range of legal grounds in accordance with the applicable GDPR privacy laws and the Data Protection Act 2018 in order to ensure that our use of your personal data is lawful, including:

  • Where it is needed to provide you with your My Well Record such as:
    • updating your records
    • contacting you about My Well Record (where appropriate)
    • activities relevant to managing My Well Record, including any enquiries you may make regarding My Well Record
    • your application to access My Well Record
    • the administration and management of accounts
  • Where it is in our legitimate interests to do so (provided this is not overridden by considerations regarding your rights and interests), such as:
    • managing My Well Record
    • updating your records
    • contacting you about My Well Record (where appropriate)
    • performing and/or testing the performance of our products, services and internal processes
    • following guidance and recommended best practice of government and regulatory bodies
    • managing and auditing our business operations
    • monitoring and keeping records of our communications with you
    • undertaking market research and analysis and developing statistics to enable us to comply with our legal obligations
  • The above will only be done with your (explicit) consent which is obtained via your health check provider when you register for My Well Record.

Disclosure of your information

We may disclose your personal data to third parties:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
  • To a contractor appointed by us to deliver elements of My Well Record on our behalf (and under our control). Any access we might grant to a contractor will be limited to such information as is required for them to deliver the relevant service (and will be subject to a contract which includes appropriate obligations of confidence and compliance with GDPR and the Data Protection Act 2018).
  • In order to:
    • enforce or apply the Terms of Use and other agreements or to investigate potential breaches of the same; and/or
    • protect the rights, property or safety of Health Diagnostics Ltd, our customers, or others (acting at all times in accordance with our obligations under the relevant data protection legislation and the terms of our agreement with you)
  • In connection with a potential sale or transfer of part or all of our business. In such circumstances we may share information with prospective purchasers (for example as part of a controlled due diligence exercise).
  • If we reorganise our business as we may need to transfer information about you to another member business group so that we could continue to provide My Well Record to you.

How and where we store your personal data

We use strict procedures and security features designed to prevent any unauthorised or unlawful access to the personal data which we control.

Personal data which we hold in relation to you will be stored securely at our premises and (where relevant) at the offices of third-party agencies, service providers, representatives and agents. We only hold your personal data in secure data centres located within the United Kingdom.

All health data will be encrypted (using industry standard methods) when being transferred to/from your device to the relevant data centre. No health data is stored locally within My Well Record on your device.

Where we have given you (or where you have chosen) a password that enables you to access My Well Record, you are responsible for keeping this password confidential. We ask you not to share a password with anyone and that you use a unique password in respect of your My Well Record account.

We will retain a record of your personal data in accordance with relevant law and the following criteria:

  • where we have a reasonable business need to do so, for example, in order to manage our relationship with you
  • where we are providing products and/or services to you and then for as long as someone could bring a claim against us in respect of those products or services; and/or
  • in line with any legal and regulatory requirements or guidance in respect of retention periods

As noted above, we sometimes use other organisations to process your data on our behalf, for example, in relation to analysis of the use of My Well Record (Google Analytics). We may use service providers to help us run My Well Record, some of whom may be based outside the UK. However, it is our responsibility to ensure that if we use any such service provider that we ensure that we have the necessary safeguards in place. We may also independently audit these service providers to ensure that they meet our standards.

Unfortunately, the transmission of information via the internet is not completely secure. Any transmission that you make of your data from My Well Record is therefore made at your own risk. However, we will use strict procedures and security features designed to prevent any unauthorised or unlawful access to the same and all information you provide to us will be stored securely.

My Well Record may contain links to and from the websites of lifestyle services. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them will have their own privacy notices, policies and terms of use and that we do not accept any responsibility or liability for them (and how they may be applied) or for any personal data that may be collected through those third-party websites or services, such as contact and location data. Please check the relevant third-party terms, notices and policies before you provide any personal data to those websites or use their services.

Cookies

We use cookies to distinguish you from other users of My Well Record. This helps us to provide you with a good experience when you use My Well Record and allows us to improve My Well Record. For detailed information on the cookies we use and the purposes for which we use them, please see our cookie policy

Your rights

You have a number of important legal rights regarding the manner in which personal data relating to you is used. You can find more information about your rights on the Information Commissioner’s Office website – please see https://ico.org.uk/for-the-public/.

We have outlined below the key rights which we believe may be relevant to your use of My Well Record.

If you would like to exercise any of these rights, then please contact us using the contact information provided below. Please note that you may be asked to provide us with reasonable proof of your identity so that we can be sure that we are discussing or providing your personal data with, or to, you (or if someone is making a request on your behalf, we need to check that they have the authority to do so).

Access to your information (Subject Access Request)

You have the right to access certain information we hold about you so that you can be aware of, and verify the lawfulness of, the processing we undertake.

You can exercise your right of access by making what is generally referred to as a 'subject access request'.

We will review each request which we receive and if we agree that we are obliged to provide personal data to you then we will (subject to certain limited exceptions provided under the relevant law) amongst other things:

  1. describe it to you
  2. tell you why we are holding it
  3. tell you who it could be disclosed to; and
  4. let you have a copy of ot (this may inlcude providing an electronic copy)

Right to heve information corrected

If you identify that any personal data that we hold about you is wrong, inaccurate or out of date, then you may ask us to correct or update it. Please contact us via the details provided below and we will review each request and respond accordingly.

Right to be forgotten and the right to stop or limit our processing of your personal data

You have the right to ask us to delete/remove data we hold about you. Alternatively, you can ask us to stop or to limit any processing we are undertaking in respect of your personal data. These rights arise if we no longer have a valid reason to do so or if we have held it for too long.

These are not absolute rights but every request we receive will be considered carefully and we will respond accordingly (providing grounds for any decision we make).

Right to withdraw consent

You are free to withdraw any consent which you have given to us in relation to our use of your personal data at any time (for example, in relation to any health data). Please note that not all uses which we make of your personal data require your consent (for example, if we need to use that information to provide a service you have requested, then we do not need your consent to do so). If you choose to withdraw your consent in respect of health data, then you will no longer be able to use that functionality in respect of the service. To withdraw consent please use our subject access request form here

Right to object

You have the right to object to the processing of your personal data at any time. This effectively allows you to stop or prevent the processing of your personal data.

An objection may be in relation to the personal data we hold (as a Controller) about you or only to certain information or the purpose we are processing the data for.

You have the right to object where we are processing your personal data for direct marketing purposes by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Right to complain

If you are unhappy about the way in which we have processed your personal data, then you have a right to raise the issue or to lodge a complaint with the Information Commissioner’s Office – as noted above please see https://ico.org.uk/for-the-public/.

Changes to our privacy notice

We may update this privacy notice from time to time (for example, to reflect changes we might make to our services or to reflect changes in the law or best practice). Any changes we may make to our privacy notice, will be posted on this page. We encourage you to visit this page periodically so that you are aware of any changes which have been made. In addition, changes may be notified to you by email or when you next log onto the My Well Record. The new terms may be displayed on screen and you may be required to read and accept them to continue your use of My Well Record.

Contact details

If you have any concerns regarding our privacy notice, or the manner in which we handle your personal data please contact our DPO Ametros, details below:

Ametros Group Ltd
Lakeside Offices
Thorn Business Park
Hereford
Herfordshire
HR2 6JT
By email: jamie.richards@ametrosgroup.com

Or if you would like to comment on My Well Record and provide valuable feedback, please do feel free to contact us by one of the following means:

Comments/questions by post:
Health Diagonstics Ltd.
The Quadrant
Sealand Road
Chester
CH1 4QR

By email: support@healthdiagnostics.co.uk

Using the contact form available from My Well Record

We will consider your comments and respond withing 15 working days.
Please note that if you have a ‘support’ query (for example you are having issues in accessing the service) then please contact; - support@healthdiagnostics.co.uk We aim to respond to support issues within 5 working days.