Privacy Policy for #HEALTH Now UK
Introduction
Hashtag Health Remote Limited (“we,” “us,” “our”) respects your privacy and is committed to
protecting your personal data. This privacy policy explains how we collect, use, and safeguard
your information when you use the #HEALTH Now UK app.
Data Controller
We are the data controller responsible for your personal data under this privacy policy. Our
registered office is:
Hashtag Health Remote Limited,The Office, Moor Lane Farm, Downall Green Road, Ashton-In-Makerfield, Wigan, England, WN4 0NA
For any questions about this policy, please contact us at info@hashtaghealth.co.uk.
Information We Collect
We may collect and process the following data about you:
– Personal Information: Name, date of birth, contact details (email, phone number), and address.
– Health Information: Medical history, symptoms, and consultation records when using GP or
healthcare services.
– Technical Data: IP address, device type, and app usage data.
– Payment Information: When purchasing paid services or subscriptions.
– Communication Data: Records of your communications with us, including queries, feedback,
and complaints.
How We Use Your Data
We use your personal data for the following purposes:
– To provide and manage our services.
– To facilitate GP consultations and third-party healthcare services.
– To process payments and manage subscriptions.
– To communicate with you, including sending service updates and support.
– To improve our app functionality and user experience.
- To comply with legal and regulatory obligations.
Legal Basis for Processing
We will only process your personal data when the law allows us to. The legal bases include:
– Consent: When you provide explicit consent for data collection and processing.
– Contractual Obligation: When data is required to fulfil our agreement with you.
– Legal Compliance: When we are required to comply with legal obligations.
- Legitimate Interests: For purposes such as app improvement and service efficiency.
Data Sharing
We may share your data with:
– GP and healthcare service providers for medical consultations.
– Payment processors to manage transactions.
– Regulatory bodies when required by law.
– Technical service providers for app maintenance and support.We ensure that any third parties comply with UK GDPR standards for data protection.
Please note that when you use GP services facilitated through the #HEALTH Now UK app, the
third-party GP provider will collect and process your health data in accordance with their own
privacy policy. We strongly encourage you to read and understand the privacy policy of the
relevant GP service provider before using their services.
Data Security
We implement technical and organisational measures to protect your data against unauthorised
access, loss, destruction, or alteration. This includes encryption, secure servers, and access
controls.
Data Retention
We retain your data only as long as necessary for the purposes outlined in this policy and in
accordance with legal obligations. Once data is no longer required, it will be securely deleted or
anonymised.
Your Rights
Under UK GDPR, you have the right to:
– Access your personal data.
– Correct or update inaccurate information.
– Request data deletion (where applicable).
– Object to data processing.
– Withdraw consent at any time.
- Lodge a complaint with the Information Commissioner’s Office (ICO).
Third-Party Links
Our app may contain links to third-party websites or services. We are not responsible for the
privacy practices of those third parties and encourage you to read their privacy policies.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through the
app or by email.
Contact Us
If you have any questions about this privacy policy or your data rights, please contact us at:
GP Service Privacy Policy
Introduction
Please read this privacy policy carefully as it contains important information on who we are and
how and why we collect, store, use and share your personal information.
How and why we use your personal information
We collect and process your personal and sensitive information solely for the purpose of
providing you with access to our services. When we do so, we comply with the Data Protection
Laws in the territory where your healthcare is delivered from, i.e., The United Kingdom (UK) or
Republic of Ireland, and the applicable UK or EU General Data Protection Regulations (GDPR).Under Data Protection laws, we can only use your personal information if we have a proper reason for doing so. For example:
• to comply with our legal and regulatory obligations.
• for the performance of a contract with you or a third party or to take steps, at your request,
before entering a contract.
• to collect feedback from you on our services.
• for our legitimate interests or those of a third party.
• where you have given consent.
The lawful basis we rely on for processing your personal and sensitive (health) data is provided for
under Articles 6(1)(b), 6(1)(f) and 9(2)(h) of the applicable UK or EU GDPR.
Personal information we collect about you
We routinely collect and use the following personal information about you and the patient, if
different, including:
• your name and contact information, including your home address, telephone number and
email address.
• your location at the time of your consultation if different to your home address (for use only
in the case of a medical emergency)
• your date of birth; and
• if necessary, the name of the partner organisation who provides you with access to our
services (e.g. your employer, insurer, or membership group) and any access code, policy,
or membership number you may have.
• health data, which can include audio/video recordings, documents and images.
This personal information is required to provide our services to you. If you do not provide all the
personal information we ask for, it may delay or prevent us from providing our services to you.
Images or other health documents you provide to us will be stored as part of the HealthHero
Electronic Health Record (EHR) we create when you use our services.
All calls, consultations and electronic communications are recorded to protect the interests of all
parties.
How your personal information is collected
We collect personal information directly from you. This may be via:
• Telephone
• Online Services (Webforms/Progressive Web Apps)
• Mobile Applications (App)
• Third Party Applications via APIs (Application Programming Interfaces)
We may also collect information directly from third parties e.g., insurance companies and other
organisations which you are a member of.
Who will we share your personal information with?
We will not share any personal information with any third parties without your explicit consent or
as otherwise set out in this privacy policy. We only allow third parties to handle your personal
information if we are satisfied that they take appropriate measures to protect your personal
information.
Where we have a lawful basis to do so, we may share personal information with:
• other companies within the HealthHero Group we use to deliver our services to you.
• third parties we use to help deliver our services to you.
• other third parties we work with to provide services to you, e.g. insurance companies.
• other third parties we use to help us run our business e.g. website hosts.
• third parties approved by you.
If you consent for us to do so, we may share your sensitive personal information with third parties
to provide you with additional services if they are available to you.
These services include, but are not limited to:
• Private Prescriptions
• Medical Certificates or Fit Notes• Referrals
If the consulting doctor feels it is appropriate, and with your consent, we will also share a copy of
the consultation notes with your normal healthcare provider, e.g., your regular GP Practice.
A partner organisation who provides you with access to our services may require us to share
personally identifiable information to validate your eligibility or confirm that you have used the
service.
We may also be asked by a partner organisation who provides you with access to our services to
disclose relevant consultation records if you are in the process of making a claim, or to facilitate
continuity of care. Where we do not already have a lawful basis to share this information, we will
seek your consent to do so.
We may also need to share aggregated information with other parties, such as potential buyers of
some or all our business, or during a re-structuring. The recipient of any information will be bound
by confidentiality obligations.
We may share aggregated information publicly and with our partners. For example, we may share
information publicly to show trends about the general use of our clinical services.
Information that we may be obliged to share for other contractual or legal reasons
You may have been referred directly to our services by a partner organisation as part of their
contractual obligations to you, for the purposes of preventive or occupational medicine, the
assessment of your working capacity, medical diagnosis or the provision of healthcare or
treatment. Where this is the case, we may be obliged to share special categories of personal data
with them in order that they can fulfil their contractual obligations to you.
We will share personal information with other third parties if we have a belief in good faith that
access, use, preservation, or disclosure of the information is reasonably necessary to:
• meet any applicable law, regulation, legal process, or enforceable governmental request.
• enforce applicable Terms of Service, including investigation of potential violations.
• detect, prevent, or otherwise address fraud, security, or technical issues; and/or
• protect against harm to the rights, property, or safety of companies within the HealthHero
Group, our partners, users, or the public, as required or permitted by law.
Where we process data
We process data at our trading offices at Inspired, Easthampstead Road, Bracknell, Berkshire,
RG12 1YQ, UK and (under contract) at the sites of data processors and third parties appointed by
us within the UK and the European Economic Area (EEA). The only exception to this is below.
Under certain limited circumstances, pseudonymised personal data may be processed or stored
outside of the UK and the EEA. Pseudonymised means the processing of personal data in such a
manner that the data cannot be attributed to a specific person without the use of additional
information. For example, the third-party platform we use to seek pre-consultation information or
patient feedback may use servers outside of the UK and EEA. However, they are unable to
attribute any information provided by you to you, as only we hold the necessary additional
information required to do so.
We also use this third-party platform to provide the online help tool for our Apps and online
services. To facilitate personalised support when seeking help, you will need to provide your name
and contact e-mail address so we can respond to you directly. If you have already registered and
are logged into your account with us, when you make an enquiry through the help tool, your name
and contact e-mail address will automatically be passed to us with your query.
The use of any data processors outside of the UK or EEA will always be safeguarded in
accordance with Articles 46, 47 or 49 of the applicable EU or UK GDPR. For further information
on these safeguards, contact us at dpo.epc@healthhero.com.
Data security
We take appropriate technical and organisational measures to maintain your personal information
in a secure environment to prevent your personal information being accidentally lost or unauthorised access and use. Our partners are bound by contract to do the same. We limit
access to your personal information to those who have a genuine business need to access it.
We use Transport Layer Security (TLS) to encrypt and protect data traffic generated as part of our
normal operations. If your email service does not support TLS, you should be aware that any
emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious
software and you have a responsibility to ensure that any email you send is within the bounds of
the law.
We will notify you and the appropriate supervisory authority of any suspected data security
breach where we are legally required to do so.
Data Retention
Where we have been provided with your personal information to establish your eligibility to use
the services, we will only retain this information for as long as you are declared as eligible by any
partner organisation who provides you with access to our services.
HealthHero EHRs are retained for a minimum of 10 years after death. Current guidance is that
EHRs must not be destroyed or deleted. This includes any video or audio recordings.
Information that is not directly related to your EHR will be retained only for as long as is necessary
and in accordance with retention periods set out in our Record of Processing Activities, a copy of
which can be provided on request.
Online services – Cookies
Our corporate websites and online services use cookies. Cookies are small text files that are
stored on your device (e.g. computer, smartphone or other electronic device) to allow websites to
store information about you in relation to the site. We collect statistics from our online services
using Google Analytics, allowing us to record visitor numbers, number of pages viewed and
referral source. This data simply helps us to administer and enhance the sites and services
provided.
For full information on the cookies we use, please see our Cookie Policy.
You can manage your cookie preferences in your browser settings.
Third party links in online services
If you are using an online service provided by us, you may have access to links to other web sites.
If you follow links to other sites from our hosted services, your data will be subject to the privacy
policies of those sites. You should refer to these policies before providing any personal data to
them. These other third-party websites may also use cookies or similar technologies in
accordance with their own separate cookie policies.
The owners of these sites may be independent from us, and we do not endorse or accept any
responsibility for their content or services they may offer.
Identity Checking depending on your service provision, HealthHero may need to perform an
identity check before you are able to access the services. This is necessary to ensure we can
identify the correct service user and provide appropriate care options and to ensure the
confidentiality of your care record.
In order to perform these checks, we use a 3rd party supplier – Yoti Ltd, which you will be
directed to a part of the sign-up process. You will need to upload a photograph of a photo ID,
passport, driver’s license, etc. You will then be asked to take a clear photo of your head and
shoulders for comparison.
Yoti will then compare your uploaded information and provide the outcome of the verification
check to HealthHero. All uploaded information will be held by Yoti for 28 days before being
automatically erased. Please see the Yoti Privacy Policy for more information. HealthHero will also
retain a copy of your photo and the last four digits of your ID number so our Doctors can check
identification during video appointments.
We encourage you to complete the ID check process upon registration with HealthHero as you
will not be able to access the services without completing this step. The process is usually
completed within 24hrs but may take longer on weekends.
Your rightsUnder the Data Protection Laws, you have several rights which may apply to the services we
provide including the right:
• to ask us for copies of your personal information (the right of access).
• to ask us to rectify information you think is inaccurate. You also have the right to ask us to
complete information you think is incomplete (the right to rectification).
• under certain circumstances, to require us to delete your personal information (the right to
be forgotten). Please note that the right to erasure does not extend to EHRs.
• under certain circumstances, to require us to restrict processing of your personal
information e.g. if you contest the accuracy of the data (the right to restrict processing).
• under certain circumstances, to receive the personal information you provided to us, in a
structured, commonly used and machine-readable format and/or transmit that data to a
third party (the right to data portability).
• under certain circumstances, to object to our continued processing of your personal
information e.g. processing carried out for the purpose of our legitimate interests (the right
to object).
You can withdraw your consent to future processing at any time, but this right cannot be applied
to data already processed.
For further information on each of those rights, including the circumstances in which they apply,
please contact us.
Contacting us
Should you wish to exercise any of your rights and if you have had a recent consultation, you can
make a Subject Access Request directly by contacting us on the telephone number you have
been given to access the service for support.
Alternatively, you may request access to information held about you by emailing
dpo.epc@healthhero.com or writing to:
For patients based in the UK:
The Data Protection Officer
HealthHero Solutions Ltd
Inspired,
Easthampstead Road,
Bracknell,
RG12 1YQ
For patients based in Ireland:
The Data Protection Officer
HealthHero Healthcare Ireland Ltd
2nd Floor, Palmerston House,
Denzille Lane,
Dublin 2
D02 WD37
If we are unable to confirm or have reasonable doubts concerning the identity of the person
making a request to exercise the rights above, we will require additional proof of identity (e.g. a
copy of your driving licence or passport and a recent utility or credit card bill) and/or evidence of
the requester’s authority to exercise these rights.
We will ask for information on the right you wish to exercise and the information to which your
request relates.
If you make a request, we will respond to you without undue delay and in any event within one
month of your request.
Privacy Related Complaints
HealthHero Solutions Ltd is regulated by the Information Commissioner’s Office (ICO) in the
United Kingdom (UK).
The Data Protection Officer for HealthHero Healthcare Ireland Ltd is registered with the Data
Protection Commission in Ireland.
We hope that we can resolve any query or concern you may raise about our use of your
information. However, if you are not happy with how we have processed your personalinformation, handled your privacy rights, or responded to a privacy related complaint, you can
raise a concern with the appropriate supervisory authority:
The Information Commissioner’s Office
https://ico.org.uk/make-a-complaint
Tel: +44 (0)303 123 1113
Policy Changes
If we are involved in a merger, acquisition, or asset sale, we will continue to ensure the
confidentiality of any personal information and give notice to you if affected before personal
information is transferred or becomes subject to a different privacy policy.
Changes may be necessary to this privacy policy from time to time to reflect contractual, legal or
data processing developments. If we change this privacy policy, we will update them on this web
page.