Feb 12 2020
Last revised September 2020
At myPatientSpace, we understand that the privacy and security of your information is important to you. To this end, we endeavour to safeguard the privacy of all information you entrust us with in order to protect and respect your privacy.
myPatientSpace provides services to our customers (various types of healthcare providers and pharmaceuticals). In turn, they invite their staff and patients to use myPatientSpace during their care journeys. Patients and staff may also invite extended care takers (e.g. family members). In these circumstances in respect of your personal data provided by your healthcare provider to the myPatientSpace application, the healthcare provider is the data controller, and myPatientSpace is the data processor.
Any reference to “I”, “we”, or “our” is a reference to myPatientSpace.
Any reference to “HC” is a reference to the healthcare provider who has given you access to myPatientSpace and is the data controller.
DEPENDING ON THE LOCATION OF YOUR HEALTHCARE PROVIDER, YOUR DATA MAY BE STORED AND PROCESSED IN A DIFFERENT REGION. FOR HEALTHCARE PROVIDERS IN THE EU AND UK, THE DATA IS STORED IN THE EU
It is not our intention to transfer your data outside of the EEA, however where we are required to do so, we will ensure the recipients are in full compliance with the requirements of the GDPR.
1. About myPatientSpace
We are myPatientSpace Limited (“myPatientSpace”). We deliver a mobile application-based service in the form of the app: myPatientSpace or myStaffSpace and associated digital platform (web and server).
2. Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. We may also process certain special category data which may include health information. The personal data we collect is outlined in section 4 below.
3. Your Rights
You have several rights in relation to how we use your information:
- The right to be informed: through this policy
- Access your information, receive copies of the information held about you, have inaccurate information corrected and incomplete information updated or have your information deleted. In the event that you wish to exercise these rights, please contact your hospital.
- Object to particular uses of your personal data – However, doing so may have an impact on the services and products we can / are willing to provide.
- Object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes. However, we do not currently engage in any direct marketing or advertising using any personal data.
- Have your data deleted or its use restricted – you have a right to this under certain circumstances. For example, where you withdraw consent you gave us
- Obtain a transferable copy of certain data which can be transferred to another provider, known as “the right to data portability”.
- Withdraw consent at any time, where any processing is based on consent
If you have a cause for complaint, you can contact the Irish Data Protection Commission or other relevant supervisory authority.
4. Data Collection
myPatientSpace collects data to conduct business and provide you with our services. We collect both personal data and other information for these purposes.
(a) Personal and sensitive personal data – “Personal data” is data that can be used directly or indirectly, alone or with other information, to identify you as an individual user of myPatientSpace. This is first and foremost data about your contact information, your health and information concerning your treatment journey. Some of the information collected will depend on what your HC has configured. The following are examples of personal data that you or your healthcare provider may submit when you create a user account and when you use myPatientSpace:
- Information about your name, phone number, email address and password.
- Information about height, weight, body measurements, age, gender and other health data as configured by HC.
- Patient Data such as PROMs (Patient Reported Outcome Measures) e.g: Oxford knee and hip scores, spirometry or Sleep Data
- Information about doctor diagnosis and specific information about the condition and procedures
- Data concerning the number of completed daily tasks and how you rated symptoms such your pain levels.
- Your permanent physical address (location is NOT continuously tracked).
- Your biometric data (fingerprint or facial image) should you choose to use these with our services. We do not store this data but use the devices’ in-built capabilities to ease login.
(b) Other Information – “Other information” is anonymous, aggregated, de-identified, or other types of information that do not reveal your identity. Some examples are age, sex, browser, operating system, number of PROMS taken or the amount of time spent on our services. We collect and use this information to understand how you, and our users in general, use our services to continuously improve, innovate, and produce products and services that satisfy our users’ demands. We generally do not view other information as personal data. If we chain together other information in a way that makes you identifiable as an individual user, we will handle that information as personal data.
5. How We Use Personal Data
myPatientSpace uses the data we collect to conduct our business, deliver our products and services, improve existing products and services, develop new products and services, and to improve and personalize your user experience when you interact with us. We can use this data to:
(5.1) Deliver our services and maintain an effective operation of our IT-structure – We use the data we collect to deliver the services we offer. This includes operating, maintaining, and delivering all content and functions of our services to you.
(5.2) Communicate with you and respond to your requests
6. How we handle personal data
(6.1) Health professionals, independent consultants and hospitals that work with myPatientSpace and offer the use of this application as part of the provision of medical treatment.
(6.2) IT service providers that either host or have access to our data as part of their product offering.
(6.3) The company/controller (HC) who has provided this service to you.
(6.4) Regulatory bodies such as national registries if you have consented to participate.
(6.5) As we grow and develop – Business transactions and reorganisations. Should myPatientSpace ever merge with another company or if myPatientSpace should decide to buy, sell, or reorganise parts of or all its business(es), we may disclose or transfer to the extent permitted by law and in accordance with applicable requirements to notify you your personal data to prospective or actual buyers or the subsequent business entity in connection with any of these transactions or reorganisations.
(6.6) As required by law and special circumstances We may be forced to disclose your personal data if: (i) it is reasonably necessary to comply with legal proceedings (such as a court order, search warrant, etc.) or other legal requirements of any public authority, (ii) such a disclosure would potentially reduce our liability in a real or potential trial, (iii) it is necessary to protect our legal rights or property, or (iv) it is necessary to protect the legal rights, property, or other parties’ physical security or for the prevention or discovery of crime and such a disclosure is legitimate.
(6.7) We exchange anonymous information about the use of the myPatientSpace app and website with the following companies: [Oxford University, Aptible, AWS, Stripe, Google, Logentries] These companies help us monitor, evaluate and analyse our products’ performance, customer retention and reliability. We exchange your phone number with AWS, an SMS-messaging service. We exchange the number of questionnaires completed with Oxford but no specifics of your personal data. We may share the personal data described in this notice with service providers such as providers of cloud, IT infrastructure, emailing and website analytics services.
(6.8) Any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries.
7. Information security
myPatientSpace is committed to protecting the security of your personal data. We use technical and organizational measures designed to protect your information from unauthorized access, theft, and loss. We also recommend that you take additional measures to protect yourself and your information, such as installing antivirus software, closing browsers after use, keeping your login information and passwords secret, and making sure you regularly update software and apps you have downloaded to ensure that you have activated the latest security features on your devices.
8. Storing data
myPatientSpace stores your personal data as long as you have an Account, or as long as it is necessary to deliver our Services to you. We also keep and use your personal data, as necessary, to comply with legal obligations, resolve conflicts, and enforce our agreements. The duration of how long your data is stored may be specified by the HC who provides you access to our service.
It is not the intention of myPatientSpace to transfer your data outside of the EEA however where we are required to do so then we will ensure the recipients are in full compliance with the requirements of the GDPR
9. Purpose for processing your data
We will process any personal data that you provide to us for the following purposes:
- To provide you with the services you have ordered.
- To carry out our obligations arising from any contracts entered into between you and HC.
- To deliver and maintain a high-quality service and to improve and develop the service provided.
- To allow you to access the myPatientSpace application and to participate in interactive features of our Service, when you choose to do so.
- To provide you with information, products or services that you request from us or that we feel may interest you, where you have consented to be contacted for such purposes.
- To respond to any communications you might send to us.
- To inform you about changes to the Service, our Agreement with you or website that we believe will be of interest to you.
- As the myPatientSpace application is being actively developed we might contact you to get feedback on the service provided.
- To determine whether you are in compliance with our Agreement with you and to impose sanctions where necessary
- As proof of identity before we disclose personal information to you that we hold about you (in order to establish that we are disclosing the personal information to you and not to someone pretending to be you).
- To process payments from or to you if applicable;
- Compare information for accuracy and verify it with third parties.
- For safety purposes, to provide you with customer support and to resolve technical or other problems; and
- To determine whether you or other users are in compliance with this Agreement relating to the application, including the policies and terms and conditions of the application.
We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us at firstname.lastname@example.org. If we become aware that a child under 16 has provided us with personal data without the parents’ consent, we will remove the information and delete the child’s account.
12. Information Sharing
Residents of the European Economic Area
If you choose not to provide personal data – You may choose not to supply myPatientSpace with your personal data. To do this, please send an email to email@example.com. If you choose not to provide your personal data, the app’s personalised care journey program will be disabled.
Third parties not under our control –
13. How to contact us
If you have any questions, comments or concerns about the way we handle your personal data, please contact us by sending an email to firstname.lastname@example.org.
15. Access to Information and Updating and Verifying Personal Data
myPatientSpace keeps your personal data up to date. If you live in the European Economic Area, you may request access to, as well as modification, opposition, and deletion of your personal data that is in the system. To access your personal data, please contact myPatientSpace at email@example.com. Subject to applicable law, we may charge for this service and will comply with reasonable requests as soon as possible and in any case within the deadlines prescribed by law. You may also contact your HCP to request access to, or request modifications to your personal data.
16. Our Details
This application is owned and operated by myPatientSpace Limited.
We are registered in Ireland under Company Registration Number 616748 and our registered office is at:
Marine Court Center, Malahide, Co. Dublin, Ireland.
Our principal place of business is: Malahide, Ireland.
You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone, on (+353) 1 267 6625; or
(d) by email, to firstname.lastname@example.org.