Privacy Policy - Introduction

This is the privacy policy of Square Health Limited relating to the processing by Us of personal data that We collect from You (or if applicable any Child), or that You or (if applicable) Your Child provide to Us , through use of a Square Health App and/or a Square Health Service. Under Data Protection Law We have a legal duty to protect any information We collect from You or (where appropriate Your Child) and We are committed to protecting and respecting the privacy of You and Your Child. We use leading technologies and encryption software to safeguard personal data, and keep strict security standards to prevent any unauthorised access to it.

Questions, comments and requests regarding our privacy policy are welcomed and should be addressed to Anne King at Square Health Limited, Crown House, William Street, Windsor SL4 1AT (anne.king@squarehealth.com) OR to our Data Protection Officer (data.protection@squarehealth.com).

By using a Square Health App or entering into a contractual relationship with Square Health for the provision of one or more Square Health Services to You or a member of Your family, You accept and agree to Our privacy policy and practices as described below.

Please read the following carefully to understand Our policies and practices regarding personal data and how We will treat it.

In this policy:

  • Child refers to any child for whom You are the parent or legal guardian or for whom You are otherwise responsible and who is entitled to use a Square Health App (whether or not under Your supervision) in order to access a Square Health Service or a Third Party Service
  • Data Protection Law refers to the DPA, the GDPR and all other laws and regulations relating to the collection and processing of personal data
  • DPA refers to the Data Protection Act 2018
  • GDPR refers to the General Data Protection Regulation (EU regulation 2016/679)
  • personal data refers to personal data as defined in the GDPR including health data or any other sensitive or special category personal data as defined in the DPA or GDPR
  • Square Health refers to Square Health Limited, company number 7054181, of Crown House, William Street, Windsor SL4 1AT, and We, Us, Our, Ours and Ourselves also refer to Square Health
  • Square Health App refers to a Square Health mobile application which is used by You to access a Square Health Service or a Third Party Service - this includes any mobile application which has been developed in conjunction with any client or commercial partner of Square Health (such as an insurance company or a provider of private medical services) or which is made available as part of a wider service of a client or commercial partner of Square Health
  • Square Health Client refers to a third party company or other entity which is a commercial client of Square Health or which is otherwise in a commercial contractual relationship with Square Health (for example, a private medical or other insurance provider, a joint venture partner or other third party which has engaged Square Health to develop and/or provide a Square Health App and/or a Square Health Service, or an employer which has engaged us to provide an employee benefits service)
  • Square Health Practitioner refers to a Square Health panel doctor or other healthcare practitioner used by Square Health to provide a Square Health Service
  • Square Health Service refers to a medical or healthcare service which is provided by Square Health – whether accessed or provided via a Square Health App or otherwise
  • Third Party Service refers to a service which is provided by a third party provider and which is accessed via a Square Health App
  • You, Your, Yours and Yourself refer to you.

For the purpose of the DPA and GDPR, Square Health is the data controller for personal data which are processed in connection with Square Health Services. (It is not the data controller for personal data which are processed in connection with any Third Party Service even though the Third Party Service is accessed via a Square Health App. It is likely that the relevant third party provider will be the data controller for that data, and You should refer to the third party provider’s privacy policy for the privacy terms which apply to that data.)

Please note that Square Health Apps may contain links to and from applications or websites of Square Health Clients or providers of Third Party Services. If You follow a link to any of these websites, please note that these applications or websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before You submit any personal data to these websites.

Information We may collect and process about You

We may collect and process the following personal data:

Information provided to us by You (or, where applicable, Your Child) or which We collect about You and/or Your Child (where applicable)

You or Your Child may give Us personal data (including health and medical information) by entering information through a Square Health App, by providing information to a Square Health Practitioner when accessing or using a Square Health Service, by allowing Us access to personal data held by a GP or other third parties, by filling in forms, or by corresponding with Us by telephone, email or otherwise. This includes information You provide when you register to use any service of a Square Health Client or use any element of a Square Health Client service. We may also receive information about You or Your Child from Square Health Clients.

You or Your Child may also give Us health and medical information and other personal data, and We may collect and process health and medical information and other personal data about You or Your Child resulting from any interactions undertaken or services requested or sourced through a Square Health App (including consultations, tests and prescriptions) and via any health or monitoring device connected to a Square Health App. Please also note that consultations in the course of providing a Square Health Service may be recorded for quality, training and monitoring purposes. Recordings may include audio, video or both and information collected includes health and medical information and other personal data contained in consultation recordings. The information collected may include Your or (if applicable) Your Child’s name, address, e-mail address and phone number, personal description and photograph, and may also include sensitive information relating to health, medical records, physical and mental performance, characteristics, any ailments, diseases or disabilities, race, gender, age and other sensitive information.

Information about You (or, if applicable Your Child) which is automatically collected by Square Health Apps

Each time You (or Your Child, if applicable) use a Square Health App We may automatically collect the following information:

  • technical information, including the internet protocol (IP) address used to connect the device to the internet, login information, browser type and version, and operating system and platform;
  • information about the visit, including the date, time and length of the visit, service elements viewed or used, response times for the Square Health App, download errors, interaction information (such as scrolling and clicks), and any phone or other methods used to contact Us;
  • information from Square Health Clients which is necessary or related to use of the Square Health App (such as personal details and security tokens related to access by You and/or Your Child (as applicable) to a Square Health Service or a Third Party Service), as well as from Square Health Practitioners, providers of Third Party Services or other third parties who fulfil any service request made via the Square Health App.

Our legal basis for collecting and processing information about You

We collect and process personal data about You (or Your Child where applicable) in order to fulfil Our contractual obligations to the Square Health Client which provides the policy or plan under which You (and Your Child if applicable) are eligible to receive Square Health Services.

We are required to have a legal basis for the collection and processing of this personal data, and this will be one of the following:

  • where it is necessary to perform a contract that we have entered into, or we will be entering into, with You;
  • where it is necessary for Our legitimate interests (or those of a third party such as a Square Health Client) and Your interests or fundamental rights and freedoms do not override those interests; or
  • where We need to comply with a legal or regulatory obligation.

Where We use special category personal data, We are required to confirm an additional lawful basis (to that set out above) for the processing of such data, which will typically be the following:

  • the use is necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of health or social care or treatment; or
  • Your express consent is given.

Cookies

A cookie is a small data file that is transferred to a computer or mobile device. We may use both session cookies and persistent cookies to better understand interactions with Square Health Apps and/or Square Health Services, to monitor aggregate usage by Our users and traffic routing on Square Health Services, and to customise and improve Square Health Services. Much of the information which We may collect through the use of cookies is non-personal data for the purposes of Data Protection Law but We treat Internet Protocol (IP) addresses and similar identifiers as personal data. Where non-personal data is combined with personal data, We also treat the combined information as personal data for the purposes of this Privacy Policy.

Uses made of information

We use information provided by You (or Your Child, if applicable) or that We collect about You or Your Child (including information that We collect from Square Health Practitioners or other third parties as described above) in the following ways:

  • to provide the Square Health Services or any other products or services requested from Us and that We agree to provide;
  • to review and enhance the quality of any Square Health Service, including monitoring compliance with clinical care standards;
  • to make disclosures as required by or in compliance with reasonable requests by regulatory bodies including the General Medical Council or Care Quality Commission, or as otherwise required by law or regulation;
  • (subject to appropriate consents), to provide information to other healthcare providers such as Your or Your Child’s GP;
  • to notify You about updates or other changes to a Square Health App or a Square Health Service and to communicate with You generally in connection with the provision of the Square Health App or any Square Health Service;
  • to assist in the detection of fraud.

We may also use information about You (and Your Child, if applicable):

  • to administer a Square Health App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve a Square Health App;
  • to ensure that content from a Square Health App or any Square Health Service is presented in the most effective manner for You (and Your Child, if applicable) and for Your device;
  • to allow You to participate in interactive features of a Square Health App or any Square Health Service when You choose to do so;
  • as part of our efforts to keep Square Health Apps safe and secure;
  • to provide You with information about other goods and services We offer that You have enquired about;
  • (subject to anonymising data relating to You or Your Child, as applicable) to measure or understand the effectiveness of Our services to You and others.

Disclosure of Your information

Disclosure of information to Square Health Clients

Where use by You or Your Child (if applicable) of a Square Health App, or access to a Square Health Service is linked to membership of a wider service of a Square Health Client, We may share limited information with the relevant Square Health Client to enable the Square Health Client to administer its service and (where appropriate) to facilitate access to benefits under that service. However, we will only share health or medical or other sensitive information with a Square Health Client if You have given Your consent. If we are providing medical or health-related services as part of an employee benefits service, We will not share any health or medical or other sensitive information with Your employer.

Disclosure of information to Square Health Practitioners

We may share personal data (including health or medical information or other sensitive personal data) relating to You or Your Child (where applicable) with any Square Health Practitioner or other medical or healthcare supplier or sub-contractor where reasonable or necessary in connection with the provision of any element of a Square Health Service.

Disclosure of information to providers of Third Party Services

Where a Square Health App is used by You or Your Child to access a Third Party Service We may share with the provider of that Third Party Service personal data relating to You or (where applicable Your Child) which is collected through the use by You or Your Child of the Square Health App where reasonable or necessary in connection with access to or provision of the relevant Third Party Service. This may include health or medical information or other sensitive personal data about You or Your Child (as applicable).

Disclosure of information to affiliated companies

We may share personal data relating to You or (where applicable Your Child), including health or medical information or other sensitive personal data with any affiliated company which processes personal data on Our behalf. Our affiliated companies are Docslot Limited, Square Health Group Limited, Bodycare Limited and Doctors Chambers (UK) Limited and any of their respective holding companies and any subsidiaries of any of those holding companies, as well as our ultimate holding company and its subsidiaries. Holding company and subsidiary are defined in section 1159 of the UK Companies Act 2006.

Disclosure of information to other third parties

We may share personal data (but not health or medical information or other sensitive personal data) with selected third parties including:

  • (subject to anonymising Your personal data) advertisers and advertising networks that require the data to select and serve relevant adverts to You and others.
  • survey organisations, and analytics and search engine providers that assist in the improvement and optimisation of Square Health Services and/or Square Health Apps.
  • survey and other organisations that we may use to assist us in compliance with the requirements of any regulatory body such as the General Medical Council or the Care Quality Commission.

It is Your responsibility, and not Square Health’s, to share medical and health information obtained through using a Square Health Service with Your or (as appropriate) Your Child’s NHS GP. We strongly encourage such sharing. We (or a Square Health Practitioner) will only share medical information with Your or Your Child’s GP if there are significant issues which override a doctor’s duty of confidentiality to their patient and where it is consistent with the General Medical Council’s guidelines of “Good Medical Practice”.

We may disclose personal data relating to You or Your Child (if applicable) to third parties:

  • In the event that we sell or buy any business or assets, in which case We may disclose personal data on any anonymised basis to the prospective seller or buyer of such business or assets. But we will never disclose health or medical information or other sensitive personal data for this purpose.
  • If all or substantially all of Our assets are acquired by a third party as part of a sale or transfer of our business, in which case personal data held by Us about our clients and users will be one of the transferred assets.
  • If We are under a duty to disclose or share the personal data in order to comply with any legal obligation including the requirements of regulatory bodies such as the General Medical Council or the Care Quality Commission, or in order to enforce or apply our terms of use of any agreement with a Square Health Client or other third party; or to protect the rights, property, or safety of Us, Our clients and users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

How we store your personal data

Some personal data relating to You (and/or, if applicable, Your Child) may be held within the Square Health App used by You. All other personal data relating to You and/or (as applicable) Your Child will be stored on secure servers located in the UK or Ireland. This includes primary and secondary care information, medication information and diagnostic information.

Passwords and security

Where We have given You (or where You have chosen) a password which enables You to access a Square Health App or a Square Health Service, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.

We encrypt data which are transmitted via Square Health Apps. However, the transmission of information via the internet can never be completely secure due to security threats outside Our control. For this reason, although We will do our best to protect Your personal data, We cannot guarantee the security of Your data transmitted via a Square Health App . Once We have received your information, We will use strict procedures and security features to minimise the risk of unauthorised access.

Retention of Your personal data

Personal data relating to You (or Your Child, if applicable) which is in a non-digital form will be securely destroyed within a maximum of 90 days unless it is required in order to provide a Square Health Service to You or Your Child. Personal data which is in digital form will normally be retained by Us for a maximum of 10 years in order to comply with Our contractual obligations to Square Health Clients and/or to insurance and financial providers, but We may retain information for longer periods if required by law or to comply with regulatory requirements or recommendations of regulatory bodies such as the General Medical Council or the Care Quality Commission. All personal data retained by Us will be held securely as described in this privacy policy.

Your rights

You have the following rights under Data Protection Law:

  • To withdraw consent to the processing of Your (or, where applicable, Your Child’s) personal data – in that case We will not be able to provide Square Health Services
  • To request Us to restrict the processing of Your (or, where applicable, Your Child’s) personal data – in that case We may not be able to provide Square Health Services
  • To access personal data held about You (or Your Child) and to ask Us to update or correct any inaccurate personal data
  • To request us to delete Your (or, where applicable, Your Child’s) personal data (‘right to be forgotten’) unless We have a contractual/legal requirement to keep your data
  • To request Us to provide a copy of Your personal data in a ‘portable’ electronic format.

We will not use Your personal data for marketing purposes without Your consent. If you have given Your consent, You have the right to withdraw Your consent and to ask Us not to process Your personal data for marketing purposes. If you have elected to receive marketing materials, at any time subsequently You can ask not to receive marketing materials.

You can exercise Your rights under Data Protection Law as described in this section at any time by writing to Us at Crown House, William Street, Windsor SL4 1AT OR by sending your request to data.protection@squarehealth.com.

Data Protection Law also gives You the right to complain to the Supervisory Authority (www.ico.org.uk) about Our data processing activities.

Changes to our privacy policy

Any changes We may make to Our privacy policy in the future will be notified to You when You log in to any Square Health App, or at Our discretion may be notified to You by email or SMS. New terms may be displayed on-screen and You may be required to read and accept them in order to continue Your use of a Square Health App and/or a Square Health Service.