1st February 2021
Onko is a “data controller”. This means we are responsible for deciding how we hold and use personal information about you.
We are committed to protecting your personal information and privacy on-line. We appreciate that you do not want your personal information distributed indiscriminately and here we explain how we collect information, what we do with it and what rights you have.
Information that identifies or can be used to identify a living individual is known as “Personal Data”. All organisations processing personal data must do so fairly, lawfully and in accordance with applicable data protection laws, including the Data Protection Law.
This includes the obligation for us to tell you how we will use your personal data. We treat all of our legal obligations seriously and take all steps necessary to ensure compliance when storing and processing your personal data.
You can contact us at: firstname.lastname@example.org
2.0 OUR DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is responsible for overseeing what we do with your information and monitoring compliance with data protection laws.
If you have any queries or concerns about our use of your personal data, you can contact our Data Protection Officer by writing to email@example.com or by calling us on 0203 488 0182.
3.0 WHY WE ARE COLLECTING YOUR INFORMATION
- The information that you provide to us is required for us to:
- contact you to book a healthcare professional appointment following a referral from your healthcare provider or from you providing us with your information directly.
- provide you with our Onko App, enabling you to input relevant activity and health information so that our healthcare professionals can provide you with tailored guidance and support based on your specific requirements wherever and whenever you need it.
4.0 THE TYPES OF PERSONAL DATA WE USE
- We may collect and process the following personal data about you:
- personal details such as name, date of birth and gender.
- contact details such as your address, telephone number and email address.
- if you choose to share it with us, activity data from wearable devices such as Fitbit or Apple Health Apps.
- details of any contact with us, including healthcare professionals when they correspond with you as part of the coaching programme.
- Special categories of personal data includes:
- health data, such as medical history.
- ethnic origins.
5.0 SOURCE OF PERSONAL INFORMATION
- Personal information we would like to collect from you can be collected in a number of ways including:
- in an initial telephone call with you following your referral
- in any video or telephone appointments with our healthcare professionals
- when you input information into our Onko App
- when you report a problem with our Onko App
- when you contact our support or customer service teams
- financial information about you including but not limited to your t, the financial information of your insurer or sponsor relating to your care with us.
- Information collected from third parties:
- information provided by your referring healthcare professional (e.g. your clinical team) on referral and throughout your use of our services.
- Information collected automatically about you:
- if you choose to use the Onko App information automatically collected about you through your use of our Onko App.
- if you choose to use the Onko App and share your activity data, information collected through connected external Apps, such as activity trackers.
- recording of your telephone calls with our customer service team and healthcare professionals.
- We may collect information about you using website tracking tools such as Google Analytics to analyse behaviours of our website visitors. This will track information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser, the website you visited prior to visiting our website and unique number identifiers that are automatically generated by our systems when you visit our website. This will include details of the choices you make on our website indicating whether you wish to receive information on our services, for example when signing up to receive our newsletter.
6.0 WHAT DO WE DO WITH YOUR INFORMATION
- We process your data for the following purposes:
- arranging and conducting an appointment with a healthcare professional
- we use your data to contact you and make an appointment with a healthcare professional either via telephone or the Onko App video platform
- our healthcare professionals use your information to provide tailored advice and guidance.
- Use of the Onko App
- When you use the Onko App we may use your personal data to:
- register you to use the App;
- administer the App and for internal operations such as to help diagnose problems with our server infrastructure, trouble shoot, analyse data and other administrative purposes;
- improve the App and to ensure that content is presented in the most effective manner for you and your smartphone;
- allow you to participate in interactive features of our service when you choose to do so;
- keep the App safe and secure;
- to assist us in developing new and improved products as indicated by user practice and preferences, based on our analysis of patterns of site usage;
- improve the services we offer; and
- if you report a problem with the App, use your personal data to investigate and resolve the reported problem.
- to provide you with details of changes to our products or of other product offerings which we believe may be of interest to you from Onko. We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so.
- When you use the Onko App we may use your personal data to:
7.0 WHAT HAPPENS IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION
- Arranging and conducting a healthcare professional appointment
- We will only be able to offer you an appointment if we have access to certain types of personal data. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you.
- Use of the Onko app
- If you do not agree for us to use your personal information when you use the Onko App, you cannot use the Onko App.
8.0 COMPLYING WITH DATA PROTECTION LAW
We will comply with data protection law. At the core of data protection laws are the “data protection principles” which say that the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
9.0 WHAT IS THE LAWFUL BASIS FOR USING YOUR INFORMATION
In accordance with the data protection laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.
The lawful basis on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:
- Legitimate interest:
- Legitimate interest is the lawful basis for processing personal data within Onko’s self-pay services. Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy.
- Public interest:
- Public interest is the lawful basis for processing personal data within Onko’s commissioned services. Processing your information is necessary for the performance of a task carried out in the public interest laid down in law, i.e. the provision of care.
- It is possible that you may give us your consent to use your information for a particular purpose. Consent is the lawful basis for processing personal data only in situations where consent is required, e.g. where an Onko service is being evaluated by an externally appointed provider.
- Provision of health or social care:
- The lawful basis on which we rely in order to use special categories of personal data which we collect about you for the purposes set out in this statement, e.g. ethnicity, is the provision of health or social care.
10.0 SHARING INFORMATION
Whilst we are providing you with a clinical coaching programme, relevant personal data will be shared with your referring healthcare professional and clinical team for the purposes of further caregiving.
If at any time you wish us to stop processing your Personal Information for the above purposes, then you may contact our Data Protection Officer via email at firstname.lastname@example.org.
11.0 SECURITY OF YOUR DATA
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction, and they are subject to a duty of confidentiality.
Details of these measures may be obtained from our Data Protection Officer by emailing email@example.com.
All information you provide to us is stored on our secure servers.
Where you have chosen a password which enables you to access the Onko App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please note that data is stored within the Onko App on your mobile device, and the security of that data depends on your device. If your smartphone is lost or stolen, there is a risk that your data will be accessed. We encourage you to password-protect your smartphone and use a device that includes encryption. Onko will not be held liable for security breaches affecting personal devices held by our customers and will not be held responsible for loss of data resulting from an insecure device not featuring password protection or enhanced encryption.
Third party security measures
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not permit our third party service providers to use your personal data for their own purposes. We only allow them to process your personal data for specified purposes in accordance with our instructions.
12.0 RETENTION PERIOD
Onko takes appropriate measures to ensure that any information collected from you is kept only for so long as is necessary and for the purpose for which such information is used. For further information about our Retention of Records policy please contact us on firstname.lastname@example.org.
To determine the appropriate retention period we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a user of our clinical services we will retain and securely destroy your personal information in accordance with our Retention of Records Policy.
We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate as possible.
13.0 YOUR RIGHTS
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right to be informed – you have the right to be informed about the collection and use of your personal data.
- Right of access – you have the right to request a copy of the information we hold about you. In order to do so, as the data subject, you will have to provide proof of identification during the request process.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right to data portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision process.
If Onko refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below. All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data. In line with the Subject Access Request Procedure (SAR) you can request a SAR form by contacting us at email@example.com.
14.0 RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
15.0 RIGHT TO COMPLAIN TO THE ICO
You also have the right to complain to the Information Commissioner’s Office (the “ICO”) if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- In the event that you wish to make a complaint about how your personal data is being processed by Onko (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with Onko’s Data Protection Officer: Martyn Rankin, Onkohealth Ltd, Price Mann & Co, 447 Kenton Road, United Kingdom HA3 0XY, email@example.com or firstname.lastname@example.org