Our use of your data:
We typically use your personal information in order to provide you with NHS and self-pay clinical services, including access to a healthcare professional.
Sharing: We will only share your data with your referring healthcare provider, such as your GP, if relevant.
Security: We keep your data secure and treat it in accordance with the law.
We transfer your personal information within the EU for secure storage, where you can expect a similar degree of protection in respect of your personal information.
1. WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?
1.1 Under data protection legislation, Versa Health Ltd is required to explain to you why we collect information about you, how we intend to use that information and whether we will share your information with anyone else.
1.2 This statement applies to service users of our NHS and self-pay clinical services. Please read this statement carefully to understand our views and practices regarding your personal data and how we will treat it.
1.3 This statement tells you how personal information which we collect from you, or which you provide to us, will be processed by us.
1.4 This statement relates to information collected from your GP on referral to our clinical services and information collected directly from you from our website, over the telephone and video consultation appointments.
1.6 This statement does not form part of any contract to provide services. We may update this statement at any time.
1.7 It is important that you inform us of any changes to your personal information which we hold so that the information which we hold is accurate and current.
2. WHO ARE WE?
2.1 We are Versa Health Ltd, a company registered in England and Wales under company number 11753132 and with our registered office at 52 Mollison Drive, Wallington, SM6 9BY.
2.2 Versa Health Ltd is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
3. OUR DATA PROTECTION OFFICER
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
3.2 If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to email@example.com or Versa Health Ltd., 52 Mollison Drive, Wallington, SM6 9BY.
3.3 If you have any questions about our use of your personal data, you can raise those questions with our Data Protection Officer.
4. WHY ARE WE COLLECTING YOUR INFORMATION?
4.1 The information that you provide to us is required in order for us to:
4.1.1 contact you to book a healthcare professional appointment following a referral from your healthcare provider or via you providing us your information directly;
4.1.2 provide you with our Versa Health Ltd (Nutrium) app, enabling you to input relevant activity and dietary information so that our healthcare professionals can provide you with tailored guidance and support based on your specific requirements wherever and whenever you need it.
5. TYPES OF PERSONAL INFORMATION WE USE
5.1 We are collecting information about you in order to achieve the purposes set out above (see ‘Why are we collecting your information?‘). This includes:
5.1.1 personal details (such as name, gender and date of birth);
5.1.2 contact details (such as your address, telephone number and email address);
5.1.3 If you choose to share it with us, activity information (whether manually provided or from connected external apps, e.g. Fitbit, Apple HealthKit, Google Fit);
5.1.4 details of any contact with us, including our healthcare professionals (such as a record of your correspondence with us).
6. SPECIAL CATEGORIES OF PERSONAL DATA
6.1 We collect information about you which is categorised as Special Categories of Personal Data. This includes:
6.1.1 health data (including medical history, medications and test results).
6.1.2 Ethnic origin
7. SOURCE OF YOUR PERSONAL INFORMATION
7.1 The information which we collect about you will be obtained through a variety of sources which include:
Information provided by you
7.1.1 in our initial telephone call with you after your (self-) referral;
7.1.2 in any video or telephone appointments with our healthcare professionals;
7.1.3 when you input information into our Versa Health Ltd (Nutrium) app;
7.1.4 when you report a problem with our Versa Health Ltd (Nutrium) app;
7.1.5 when you contact our support or customer service teams.
Information collected automatically about you
7.1.6 If you choose to use the Versa Health Ltd (Nutrium) app, information automatically collected about you through your use of our Versa Health Ltd (Nutrium) app;
7.1.7 If you choose to use the Versa Health Ltd (Nutrium) app and share your activity data, information collected through connected external apps, such as activity trackers;
7.1.8 recording of your telephone calls with our customer service team and healthcare professionals.
Information collected from third parties
7.1.9 information provided by your referring healthcare professional (e.g. your GP) on referral and throughout your use of our services
8. WHAT WE DO WITH YOUR INFORMATION
8.1 We may use your personal data for the following purposes:
8.2 We use your data to improve the services we offer
Arranging and conducting an appointment with a healthcare professional
8.2 We use your personal data to contact you to make an appointment with a healthcare professional, either by video or over the telephone.
8.3 Our healthcare professionals use your personal information to provide you with tailored advice and guidance.
Use of the Versa Health Ltd (Nutrium) app
8.4 When you use the Versa Health Ltd (Nutrium) app we may use your personal data to:
8.4.1 register you to use the app;
8.4.2 administer the app and for internal operations such as to help diagnose 8.4.3 problems with our server infrastructure, trouble shoot, analyse data and other administrative purposes;
8.4.3 improve the app and to ensure that content is presented in the most effective manner for you and your smartphone;
8.4.4 allow you to participate in interactive features of our service when you choose to do so;
8.4.5 keep the app safe and secure;
8.4.6 improve the services we offer; and
8.4.7 if you report a problem with the app, use your personal data to investigate and resolve the reported problem.
8.5 We may use your personal data in order to handle any issue which you raise with our support or customer service team.
8.6 We may also use your personal data to notify you about changes to our service.
9. WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
Arranging and conducting a healthcare professional appointment
9.1 We will only be able to offer you an appointment if we have access to certain types of personal data. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you.
Use of the Versa Health Ltd (Nutrium) app
9.2 If you do not agree for us to use your personal information when you use the Versa Health Ltd app, you should not use the Versa Health Ltd (Nutrium) app.
10. COMPLYING WITH DATA PROTECTION LAW
10.1 We will comply with data protection law. At the heart of data protection laws are the “data protection principles” which say that the personal information we hold about you must be:
10.1.1 used lawfully, fairly and in a transparent way;
10.1.2 collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
10.1.3 relevant to the purposes we have told you about and limited only to those purposes;
10.1.4 accurate and kept up to date;
10.1.5 kept only as long as necessary for the purposes we have told you about; and
10.1.6 kept securely.
11. WHAT IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?
11.1 In accordance with the data protection laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.
11.2 The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:
11.2.1 Legitimate interest:
Legitimate interest is the lawful basis for processing personal data within Versa Health Ltd’s self-pay services. Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy.
11.2.2 Public interest:
Public interest is the lawful basis for processing personal data within Versa Health Ltd’s NHS commissioned services. Processing your information is necessary for the performance of a task carried out in the public interest laid down in law, i.e. the provision of NHS care.
It is possible that you may give us your consent to use your information for a particular purpose. Consent is the lawful basis for processing personal data only in situations where consent is required, e.g. where an Versa Health Ltd service is being evaluated by an externally appointed provider.
11.2.4 Provision of health or social care:
The lawful basis on which we rely in order to use special categories of personal data which we collect about you for the purposes set out in this statement, e.g. ethnicity, is the provision of health or social care.
12. SHARING YOUR INFORMATION
12.1 We may share some of your personal data with third parties as described below.
Sharing your information with your referring healthcare professional
12.1.1 Whilst we are providing you with NHS clinical services, relevant personal data will be shared with your referring healthcare professional (e.g. your GP) for the purposes of further caregiving.
13. SECURITY OF YOUR DATA
13.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer on firstname.lastname@example.org.
13.2 All information you provide to us is stored on our secure servers.
13.3 Where we have given you (or where you have chosen) a password which enables you to access the Versa Health Ltd app, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
13.4 Please note that data is stored within the Versa Health Ltd app on your mobile device, and the security of that data depends on your device. If your smartphone is lost or stolen, there is a risk that your data will be accessed. We encourage you to password-protect your smartphone and use a device that includes encryption.
By inputting your personal data into the app you bear all risks for data loss from lost or stolen devices.
Third parties security measures
13.5 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
13.6 All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
14. TRANSFERRING INFORMATION WITHIN THE EU
14.1 The data that we collect from you will be transferred to, and stored at, a destination within the European Economic Area (“EEA”). It may also be processed by staff operating within the EEA who work for us. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.
14.2 We will transfer the personal information we collect about you to Portugal.
14.3 There is an adequacy decision by the European Commission in respect of Portugal meaning it is a country deemed to provide an adequate level of protection for your personal information.
15. CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
15.1 We typically will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
15.2 We may use your personal information without your knowledge or consent where such use is required or permitted by law.
16. STORING YOUR INFORMATION AND DELETING IT
16.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer on email@example.com.
16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
16.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a user of our NHS or self-pay clinical services we will retain and securely destroy your personal information in accordance with our data retention policy.
17. YOUR RIGHTS
17.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details at the bottom of this page. If you notice any errors in your personal data, you have the right to have them corrected.
17.2 Under certain circumstances, by law you have the right to:
17.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
17.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
17.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
17.2.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
17.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
17.2.6 Request the transfer of your personal information to another party.
17.3 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing.
18. RIGHT TO WITHDRAW CONSENT
18.1 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
19. RIGHT TO COMPLAIN TO THE ICO
19.1 You also have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
20. CHANGES TO THIS PRIVACY STATEMENT
21. CONTACT DETAILS