Who we are?
MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the My Diabetes My Way (MDMW) service outside Scotland. We process data on behalf of the Data Controller in your region. (for more information on the difference between data processors and data controllers, click or tap on this link “ICO definition of data controller")
What data do we collect?
We collect demographic and medical data relating to your diabetes condition, i.e.: name; address; contact details; IP address; date of birth; height; weight; GP practice; type of diabetes; blood pressure; laboratory test results; smoking status; eye and foot screening info; goals; appointment data; and medication.
We store any data input by you (e.g.: blood glucose readings, goals, text added to the eLearning chat forum).
In addition, general auditable information and bug reporting data are also collected to help improve the service we offer. We only collect the minimum amount of data required to support your diabetes self-management and for the service to operate effectively, unless you have provided your consent for optional improved site functionality (see related Cookies Policy).
What happens if wrong data is entered?
When you input your own measurements, most of the time you will be happy that this is accurate. However, on the rare occasions where you are not, we can manually erase any incorrect entries. Please ‘Contact Us’ with details of what is wrong including date entered and specific values which are wrong. Some examples of where this could happen include a child may have entered data using your smart phone or tablet without your permission or knowledge, or you may have entered the value in the wrong context such as adding weight instead of a BMI calculation.
How do we collect data?
We collect data and process data when your patients register online for any of our products or services and use or view our website via their cookies. We may also collect data from primary and secondary care systems relating to patient diabetes.
Any automated data collection, from healthcare systems and other third parties, is only permitted via a valid data sharing agreement. Data quality from these systems is therefore dependent on the source data being accurate.
Patients are advised not to expect any automated feedback from health care professionals in relation to any data submitted via the MDMW system, unless they specifically request and agree this with someone from their healthcare team.
Please also refer to the MDMW Terms and Conditions for further information.
How will we use or share data?
The MDMW service focusses on holistic diabetes management. It is only available to patients that have given their explicit consent. We collect data in order to manage your account, giving you: secure access to your medical records; access to tailored education resources; and in some cases, the ability to upload results. Visitors to the public site (who have not logged in), have data stored on the system (basic functional cookies only unless consent is granted for opt in Cookies which cover tracking of site use and ability to market via FaceBook), however, we do log the IP address of everyone who visits the site.
The website, and/or App, does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.
We collect and process information about you only where we have a legal basis for doing so under applicable EU/UK laws. The legal basis depends on the services you use and how you use them. This means we collect and share information for the following purposes:
- to provide the services and to protect the safety & security of the services. For example, we send some data you provide to NHS systems as part of your health record or verification step when first registering. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.
- if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
- for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
- to protect your vital interests or to protect the public interest. For example, we share your data with healthcare professionals and feedback into local healthcare teams (e.g.: to improve structured education) and anonymised data may be used for regional and national quality reporting.
The service does not involve any automated decision making (e.g.: profiling) however it will tailor lifestyle and education recommendations, based on your data profile (e.g.: type of diabetes, medications). We intend to expand on clinical decision support functionality in the near future and will update this policy accordingly.
We follow the principle of data minimization and only collect data and information which are important and relevant to diabetes care and self-management.
Do we carry out marketing activity to Users?
This is an NHS service and is free at the point of care, so we will not try to ‘sell’ you anything.
Here the term ‘Marketing’ is about activities we use to keep in touch with you and encourage you to make the most of the resources you sign up for. This can be broadly split into two:
- a)Direct contact
This includes contacting you (for a range of purposes) via emails or messaging. Consent is gathered for these activities during the registration process.
- b)Social media advertising
If you give us consent for analytics cookies, we may use online platforms such as Facebook and Google to include you in adverts about the service. These are to help you (and others who may not yet have registered) to get the most out of using the platform or to come and register if not already users.
You can change your consents at any time while you use the service.
How do we store data?
We take data security very seriously. Any data elements we store are held in a secure data centre, on encrypted drives, managed by a reliable Tier III hosting provider. Our current provider is ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act 2018. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.
Data storage is on your local device unless you manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet. All data is protected using HTTPS with TLS encryption between the device and the host.
We will retain data for as long as the service, in your area, is being funded. Upon termination of funding, all data will be securely and completely destroyed. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.
MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority (in the UK, this is the ICO) within 72 hours. If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for the management of security incidents and breach monitoring are in place.
Please note that if you access our service using your NHS login details the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity.
To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to:
- the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
- the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
- the right to erasure – you have the right to request that we erase your personal data, under certain conditions.
- the right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
- the right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
- the right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
You have additional rights under the General Data Protection Regulations, the two main ones are:
- The right to withdraw consent
- The right to request that you are not subject to a decision based solely on automated processing (note this is not relevant to this service)
Please note our Cookie pop up will appear every 30 days to enable you review and change your choices if you wish.
If you make a request, we will aim to get back to you as soon as possible, but will respond within one month, dependent on complexity of the request.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org or by using the 'Contact Us' form. Note exercising these rights relates to the data retained or processed by MWDH only. For detailed data protection queries, you may be directed to your GP practice or your local data controller.
If you wish to opt-out of the MDMW service or unsubscribe from our Newsletter, please notify us via the 'Contact Us' form and your information will be promptly and securely removed from our system.
Privacy Policies of other websites
Changes to our Privacy Notice
How to contact us?
In the event of any personal data breach or security incident, we will inform you of any serious adverse consequences without undue delay. We will also inform the ICO, within 72 hours, where required and document all evidence.
MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to the Data Protection Officer in your region.
Any clinical questions must be directed to your local healthcare team.
How to contact the appropriate authorities?
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
What are cookies?
A cookie, also known as a HTTP cookie, web cookie, or browser cookie, is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago.
- Keeping you signed in and to remember certain information, so you do not have to repeatedly enter the same details.
- Understand and measure how you use our website so we can continually improve how information is provided
- Auditable activity (in addition, please see the Third-Party Cookies section below)
What types of cookies do we use?
The site options allow for a selection of basic site functionality, which is necessary for the site to work correctly and for ease of log-in, or (optional) improved site functionality, which helps MWDH understand how the site is used and to make improvements.
There are a number of different types of cookies, however, our website uses
- Forms related cookies - when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
A mix of first-party and third-party cookies are used.
- This site uses Google Analytics, which is one of the most widespread and trusted analytics solutions on the web, to help us understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
How to manage your Cookies
You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or 'break' certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.
- This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that youreceive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
- If you have selected the optional improved site functionality, to help us make the products better, and provided your consent and taken clear positive action to accept additional tracking, additional third-party cookies such as Facebook may be applied.
If you are unsure whether you need cookies or not it's usually safer to leave them enabled in case it does interact with one of the features, you use on our site. This Cookies Policy was created with the help of the GDPR Cookies Policy Generator.