12 October 2020
Please read the following carefully to understand Our policies and practices regarding personal data and how We will treat it.
In this policy:
- Child refers to any child for whom You are the parent or legal guardian or for whom You are otherwise responsible and who is entitled to use a Square Health App (whether or not under Your supervision) in order to access a Square Health Service or a Third Party Service
- Data Protection Law refers to the DPA, the GDPR and all other laws and regulations relating to the collection and processing of personal data
- DPA refers to the Data Protection Act 2018
- GDPR refers to the General Data Protection Regulation (EU regulation 2016/679)
- personal data refers to personal data as defined in the GDPR including health data or any other sensitive or special category personal data as defined in the DPA or GDPR
- Square Health refers to Square Health Limited, company number 7054181, of Crown House, William Street, Windsor SL4 1AT, and We, Us, Our, Ours and Ourselves also refer to Square Health
- Square Health App refers to a Square Health mobile application which is used by You to access a Square Health Service or a Third Party Service - this includes any mobile application which has been developed in conjunction with any client or commercial partner of Square Health (such as an insurance company or a provider of private medical services) or which is made available as part of a wider service of a client or commercial partner of Square Health
- Square Health Client refers to a third party company or other entity which is a commercial client of Square Health or which is otherwise in a commercial contractual relationship with Square Health (for example, a private medical or other insurance provider, a joint venture partner or other third party which has engaged Square Health to develop and/or provide a Square Health App and/or a Square Health Service, or an employer which has engaged us to provide an employee benefits service)
- Square Health Practitioner refers to a Square Health panel doctor or healthcare practitioner, or pathology laboratory or other analysis service used by Square Health to provide a Square Health Service
- Square Health Service refers to a medical or healthcare service which is provided by Square Health – whether accessed or provided via a Square Health App or otherwise
- Third Party Service refers to a service which is provided by a third party provider and which is accessed via a Square Health App
- You, Your, Yours and Yourself refer to you.
Please note that Square Health Apps may contain links to and from applications or websites of Square Health Clients or providers of Third Party Services. If You follow a link to any of these websites, please note that these applications or websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before You submit any personal data to these websites.
Information We may collect and process about You
We may collect and process the following personal data:
Information provided to us by You (or, where applicable, Your Child) or which We collect about You and/or Your Child (where applicable)
You or Your Child may give Us personal data (including health and medical information) by entering information through a Square Health App, by providing information to a Square Health Practitioner when accessing or using a Square Health Service, by allowing Us access to personal data held by a GP or other third parties, by filling in forms, or by corresponding with Us by telephone, email or otherwise. This includes information You provide when you register to use any service of a Square Health Client or use any element of a Square Health Client service. We may also receive information about You or Your Child from Square Health Clients.
You or Your Child may also give Us health and medical information and other personal data, and We may obtain and process health and medical information and other personal data about You or Your Child resulting from any interactions undertaken or services requested or sourced through a Square Health App, including via any health or monitoring device connected to a Square Health App, or from provision of a Square Health Service. This includes information obtained in the course of providing consultations, tests and prescription services. Please note that consultations in the course of providing a Square Health Service will be recorded for quality, training and monitoring purposes. Recordings may include audio, video or both and information collected includes health and medical information and other personal data contained in consultation recordings.
Information obtained may include Your or (if applicable) Your Child’s name, address, e-mail address and phone number, personal description and photograph, and may also include sensitive information relating to health, medical records, physical and mental performance, characteristics, any ailments, diseases or disabilities, race, gender, age and other sensitive information.
Information about You (or, if applicable Your Child) which is automatically collected by Square Health Apps
Each time You (or Your Child, if applicable) use a Square Health App We may automatically collect the following information:
- technical information, including the internet protocol (IP) address used to connect the device to the internet, login information, browser type and version, and operating system and platform;
- information about the visit, including the date, time and length of the visit, service elements viewed or used, response times for the Square Health App, download errors, interaction information (such as scrolling and clicks), and any phone or other methods used to contact Us;
- information from Square Health Clients which is necessary or related to use of the Square Health App (such as personal details and security tokens related to access by You and/or Your Child (as applicable) to a Square Health Service or a Third Party Service), as well as from Square Health Practitioners, providers of Third Party Services or other third parties who fulfil any service request made via the Square Health App.
Our legal basis for collecting and processing information about You
We collect and process personal data about You (or Your Child where applicable) in order to fulfil Our contractual obligations to the Square Health Client which provides the policy or plan under which You (and Your Child if applicable) are eligible to receive Square Health Services.
We are required to have a legal basis for the collection and processing of this personal data, and this will be one of the following:
- where it is necessary to perform a contract that we have entered into, or we will be entering into, with You;
- where it is necessary for Our legitimate interests (or those of a third party such as a Square Health Client) and Your interests or fundamental rights and freedoms do not override those interests; or
- where We need to comply with a legal or regulatory obligation.
Where We use special category personal data, We are required to confirm an additional lawful basis (to that set out above) for the processing of such data, which will typically be the following:
- the use is necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of health or social care or treatment; or
- Your express consent is given.
Uses made of information
We use information provided by You (or Your Child, if applicable) or that We collect about You or Your Child (including information that We collect from Square Health Practitioners or other third parties as described above) in the following ways:
- to provide the Square Health Services or any other products or services requested from Us and that We agree to provide;
- to review and enhance the quality of any Square Health Service, including monitoring compliance with clinical care standards;
- to make disclosures as required by Public Health England or the Office for National Statistics, or as required by or in compliance with reasonable requests by regulatory bodies such as the General Medical Council or Care Quality Commission, or as otherwise required by law or regulation;
- (subject to appropriate consents), to provide information to other healthcare providers such as Your or Your Child’s GP;
- to notify You about updates or other changes to a Square Health App or a Square Health Service and to communicate with You generally in connection with the provision of the Square Health App or any Square Health Service;
- to assist in the detection of fraud.
We may also use information about You (and Your Child, if applicable):
- to administer a Square Health App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve a Square Health App;
- to ensure that content from a Square Health App or any Square Health Service is presented in the most effective manner for You (and Your Child, if applicable) and for Your device;
- to allow You to participate in interactive features of a Square Health App or any Square Health Service when You choose to do so;
- as part of our efforts to keep Square Health Apps safe and secure;
- to provide You with information about other goods and services We offer that You have enquired about;
- (subject to anonymising data relating to You or Your Child, as applicable) to measure or understand the effectiveness of Our services to You and others.
Disclosure of Your information
Disclosure of information to Square Health Clients
Where use by You or Your Child (if applicable) of a Square Health App, or access to a Square Health Service is linked to membership of a wider service of a Square Health Client, We may share limited information with the relevant Square Health Client to enable the Square Health Client to administer its service and (where appropriate) to facilitate access to benefits under that service. However, we will only share health or medical or other sensitive information with a Square Health Client if You have given Your consent. If we are providing medical or health-related services as part of an employee benefits service, We will not share any health or medical or other sensitive information with Your employer.
Disclosure of information to Square Health Practitioners
We may share personal data (including health or medical information or other sensitive personal data) relating to You or Your Child (where applicable) with any Square Health Practitioner or other medical or healthcare supplier or sub-contractor where reasonable or necessary in connection with the provision of any element of a Square Health Service.
Disclosure of information to providers of Third Party Services
Where a Square Health App is used by You or Your Child to access a Third Party Service We may share with the provider of that Third Party Service personal data relating to You or (where applicable Your Child) which is collected through the use by You or Your Child of the Square Health App where reasonable or necessary in connection with access to or provision of the relevant Third Party Service. This may include health or medical information or other sensitive personal data about You or Your Child (as applicable).
Disclosure of information to affiliated companies
We may share personal data relating to You or (where applicable Your Child), including health or medical information or other sensitive personal data with any affiliated company which processes personal data on Our behalf. Our affiliated companies are Docslot Limited, Square Health Group Limited, Bodycare Limited and Doctors Chambers (UK) Limited and any of their respective holding companies and any subsidiaries of any of those holding companies, as well as our ultimate holding company and its subsidiaries. Holding company and subsidiary are defined in section 1159 of the UK Companies Act 2006.
Disclosure of information to other third parties
We may share personal data (but not health or medical information or other sensitive personal data) with selected third parties including:
- (subject to anonymising Your personal data) advertisers and advertising networks that require the data to select and serve relevant adverts to You and others.
- survey organisations, and analytics and search engine providers that assist in the improvement and optimisation of Square Health Services and/or Square Health Apps.
- survey and other organisations that we may use to assist us in compliance with the requirements of any regulatory body such as the General Medical Council or the Care Quality Commission.
It is Your responsibility, and not Square Health’s, to share medical and health information obtained through using a Square Health Service with Your or (as appropriate) Your Child’s NHS GP. We strongly encourage such sharing. We (or a Square Health Practitioner) will only share medical information with Your or Your Child’s GP if there are significant issues which override a doctor’s duty of confidentiality to their patient and where it is consistent with the General Medical Council’s guidelines of “Good Medical Practice”.
We may disclose personal data relating to You or Your Child (if applicable) to third parties:
- In the event that we sell or buy any business or assets, in which case We may disclose personal data on any anonymised basis to the prospective seller or buyer of such business or assets. But we will never disclose health or medical information or other sensitive personal data for this purpose.
- If all or substantially all of Our assets are acquired by a third party as part of a sale or transfer of our business, in which case personal data held by Us about our clients and users will be one of the transferred assets.
How we store your personal data
Some personal data relating to You (and/or, if applicable, Your Child) may be held within a Square Health App used by You. All other personal data relating to You and/or (as applicable) Your Child will be stored on secure servers located in the UK or Ireland. This includes primary and secondary care information, medication information and diagnostic information.
Passwords and security
Where We have given You (or where You have chosen) a password which enables You to access a Square Health App or a Square Health Service, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.
We encrypt data which are transmitted via Square Health Apps. However, the transmission of information via the internet can never be completely secure due to security threats outside Our control. For this reason, although We will do our best to protect Your personal data, We cannot guarantee the security of Your data transmitted via a Square Health App . Once We have received your information, We will use strict procedures and security features to minimise the risk of unauthorised access.
Retention of Your personal data
You have the following rights under Data Protection Law:
- To withdraw consent to the processing of Your (or, where applicable, Your Child’s) personal data – in that case We will not be able to provide Square Health Services
- To request Us to restrict the processing of Your (or, where applicable, Your Child’s) personal data – in that case We may not be able to provide Square Health Services
- To access personal data held about You (or Your Child) and to ask Us to update or correct any inaccurate personal data
- To request us to delete Your (or, where applicable, Your Child’s) personal data (‘right to be forgotten’) unless We have a contractual/legal requirement to keep your data
- To request Us to provide a copy of Your personal data in a ‘portable’ electronic format.
We will not use Your personal data for marketing purposes without Your consent. If you have given Your consent, You have the right to withdraw Your consent and to ask Us not to process Your personal data for marketing purposes. If you have elected to receive marketing materials, at any time subsequently You can ask not to receive marketing materials.
You can exercise Your rights under Data Protection Law as described in this section at any time by writing to Us at Crown House, William Street, Windsor SL4 1AT OR by sending your request to firstname.lastname@example.org.
Data Protection Law also gives You the right to complain to the Supervisory Authority (www.ico.org.uk) about Our data processing activities.