Last updated on 25/02/2021
My Well Record is provided and managed by Health Diagnostics Ltd, a company registered in England with company number 04649183 and with a registered office at 24 Castle Street, Chester, CH1 2DS.
Health Diagnostics are registered with the Information Commissioners Office, registration number Z136831X.
Health Diagnostics act as a “Controller” of any personal data shared with My Well Record. This means that Health Diagnostics is responsible for how to hold and use this personal data. We are committed to protecting and respecting your privacy.
This notice, together with our end-user licence agreement as set out here applies to your use of:
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. ‘Processing’ for the purposes of this notice covers a broad range of activities including using, transferring, storing and even deleting data.
Please read the following terms carefully to understand our views and practices regarding your personal data and how we handle it.
Data collected for and by My Well Record will not be shared or processed for any purpose not outlined in this notice.
For the avoidance of doubt
We may collect, and process, the following types of personal data about you:
We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this privacy notice for as long as it is combined.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may rely on a range of legal grounds in accordance with the applicable GDPR privacy laws and the Data Protection Act 2018 in order to ensure that our use of your personal data is lawful, including:
We may disclose your personal data to third parties:
We use strict procedures and security features designed to prevent any unauthorised or unlawful access to the personal data which we control.
Personal data which we hold in relation to you will be stored securely at our premises and (where relevant) at the offices of third-party agencies, service providers, representatives and agents. We only hold your personal data in secure data centres located within the United Kingdom.
All health data will be encrypted (using industry standard methods) when being transferred to/from your device to the relevant data centre. No health data is stored locally within My Well Record on your device.
Where we have given you (or where you have chosen) a password that enables you to access My Well Record, you are responsible for keeping this password confidential. We ask you not to share a password with anyone and that you use a unique password in respect of your My Well Record account.
We will retain a record of your personal data in accordance with relevant law and the following criteria:
As noted above, we sometimes use other organisations to process your data on our behalf, for example, in relation to analysis of the use of My Well Record (Google Analytics). We may use service providers to help us run My Well Record, some of whom may be based outside the UK. However, it is our responsibility to ensure that if we use any such service provider that we ensure that we have the necessary safeguards in place. We may also independently audit these service providers to ensure that they meet our standards.
Unfortunately, the transmission of information via the internet is not completely secure. Any transmission that you make of your data from My Well Record is therefore made at your own risk. However, we will use strict procedures and security features designed to prevent any unauthorised or unlawful access to the same and all information you provide to us will be stored securely.
You have a number of important legal rights regarding the manner in which personal data relating to you is used. You can find more information about your rights on the Information Commissioner’s Office website – please see https://ico.org.uk/for-the-public/.
We have outlined below the key rights which we believe may be relevant to your use of My Well Record.
If you would like to exercise any of these rights, then please contact us using the contact information provided below. Please note that you may be asked to provide us with reasonable proof of your identity so that we can be sure that we are discussing or providing your personal data with, or to, you (or if someone is making a request on your behalf, we need to check that they have the authority to do so).
You have the right to access certain information we hold about you so that you can be aware of, and verify the lawfulness of, the processing we undertake.
You can exercise your right of access by making what is generally referred to as a 'subject access request'.
We will review each request which we receive and if we agree that we are obliged to provide personal data to you then we will (subject to certain limited exceptions provided under the relevant law) amongst other things:
If you identify that any personal data that we hold about you is wrong, inaccurate or out of date, then you may ask us to correct or update it. Please contact us via the details provided below and we will review each request and respond accordingly.
You have the right to ask us to delete/remove data we hold about you. Alternatively, you can ask us to stop or to limit any processing we are undertaking in respect of your personal data. These rights arise if we no longer have a valid reason to do so or if we have held it for too long.
These are not absolute rights but every request we receive will be considered carefully and we will respond accordingly (providing grounds for any decision we make).
You are free to withdraw any consent which you have given to us in relation to our use of your personal data at any time (for example, in relation to any health data). Please note that not all uses which we make of your personal data require your consent (for example, if we need to use that information to provide a service you have requested, then we do not need your consent to do so). If you choose to withdraw your consent in respect of health data, then you will no longer be able to use that functionality in respect of the service. To withdraw consent please use our subject access request form here
You have the right to object to the processing of your personal data at any time. This effectively allows you to stop or prevent the processing of your personal data.
An objection may be in relation to the personal data we hold (as a Controller) about you or only to certain information or the purpose we are processing the data for.
You have the right to object where we are processing your personal data for direct marketing purposes by following the opt-out links on any marketing message sent to you or by contacting us at any time.
If you are unhappy about the way in which we have processed your personal data, then you have a right to raise the issue or to lodge a complaint with the Information Commissioner’s Office – as noted above please see https://ico.org.uk/for-the-public/.
We may update this privacy notice from time to time (for example, to reflect changes we might make to our services or to reflect changes in the law or best practice). Any changes we may make to our privacy notice, will be posted on this page. We encourage you to visit this page periodically so that you are aware of any changes which have been made. In addition, changes may be notified to you by email or when you next log onto the My Well Record. The new terms may be displayed on screen and you may be required to read and accept them to continue your use of My Well Record.
If you have any concerns regarding our privacy notice, or the manner in which we handle your personal data please contact our DPO Ametros, details below:
Ametros Group Ltd
Thorn Business Park
By email: firstname.lastname@example.org
Or if you would like to comment on My Well Record and provide valuable feedback, please do feel free to contact us by one of the following means:
Comments/questions by post:
Health Diagonstics Ltd.
By email: email@example.com
Using the contact form available from My Well Record
We will consider your comments and respond withing 15 working days.
Please note that if you have a ‘support’ query (for example you are having issues in accessing the service) then please contact; - firstname.lastname@example.org We aim to respond to support issues within 5 working days.