This is PharmAppy
Services Limited’s Privacy Notice.
As part of the services we
offer, we are required to process personal data about our staff, our service
users and, in some instances, the friends or relatives of our service users and
staff. “Processing” can mean collecting, recording, organising, storing,
sharing or destroying data.
We are committed to being
transparent about why we need your personal data and what we do with it. This
information is set out in this privacy notice. It also explains your rights
when it comes to your data.
If you have any concerns
or questions please contact us: hello@pharmappy.com
So that we can provide a
safe and professional service, we need to keep certain records about you. We
may process the following types of data:
·
Your basic
details and contact information e.g. your name, address, date of birth, phone
number and email
·
Your financial
details e.g. details of how you pay us for your care or your funding
arrangements.
We also record the
following data which is classified as “special category”:
·
Health and
social care data about you, which might include both your physical and mental
health data.
We need this data so that
we can provide high-quality care and support. By law, we need to have a lawful
basis for processing your personal data.
We process your data
because:
·
It is
necessary for us to provide / operate our products and / or services
·
This
information may be required by a clinical registrant / healthcare professional
for the use of fulfilling prescriptions or providing services
·
It may be
necessary to contact our users e.g. to provide updates via email
We process your special
category data because
·
It is
necessary due to social security and social protection law (generally this
would be in safeguarding instances);
·
It is
necessary for us to provide and manage social care services;
·
We may be
required to provide data to a regulatory body
We may also process your
data with your consent. If we need to ask for your permission, we will offer
you a clear choice and ask that you confirm to us that you consent. We will
also explain clearly to you what we need the data for and how you can withdraw
your consent at any time.
So that we can provide you
with high quality care and support we need specific data. This is collected
from or shared with:
1. You or your legal representative(s);
2. Third parties.
We do this face to face,
via phone, via email, via our website(s), via our web app(s), via post, via apps
or any software we use.
Third parties are
organisations we might lawfully share your data with. These include:
·
Other parts of
the health and care system such as local hospitals, the GP, the pharmacy,
social workers, clinical commissioning groups, and other health and care
professionals;
·
The Local
Authority;
·
Your family or
friends – with your permission;
·
Organisations
we have a legal obligation to share information with i.e. for safeguarding, the
CQC;
·
The police or
other law enforcement agencies if we have to by law or court order.
So that we can provide a
safe and professional service, we need to keep certain records about you. We
may record the following types of data:
·
Your basic
details and contact information e.g. your name, address, date of birth,
National Insurance number and next of kin;
·
Your financial
details e.g. details so that we can pay you, insurance, pension and tax
details;
·
Your training
records.
We also record the
following data which is classified as “special category”:
·
Health and
social care data about you, which might include both your physical and mental
health data – we will only collect this if it is necessary for us to know as
your employer, e.g. fit notes or in order for you to claim statutory
maternity/paternity pay;
·
We may also,
with your permission, record data about your race, ethnic origin, sexual
orientation or religion.
As part of your application you may – depending on
your job role – be required to undergo a Disclosure and Barring Service (DBS)
check (Criminal Record Check). We do not keep this data once we’ve seen it.
We require this data so
that we can contact you, pay you and make sure you receive the training and
support you need to perform your job. By law, we need to have a lawful basis
for processing your personal data.
We process your data
because:
·
We have a
legal obligation under UK employment law;
·
We are
required to do so in our performance of a public task;
·
We may be
required to provide data to a regulatory body
We process your special
category data because
·
It is
necessary for us to process requests for sick pay or maternity pay.
If we request your criminal records data it is
because we have a legal obligation to do this due to the type of work you do.
This is set out in the Data Protection Act 2018 and the Rehabilitation of
Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your
criminal records information (if any). We do record that we have checked this.
We may also process your
data with your consent. If we need to ask for your permission, we will offer
you a clear choice and ask that you confirm to us that you consent. We will
also explain clearly to you what we need the data for and how you can withdraw
your consent.
As your employer we need
specific data. This is collected from or shared with:
1. You or your legal representative(s);
2. Third parties.
We do this face to face,
via phone, via email, via our website(s), via our web app(s), via post, via
apps or any software we use.
Third parties are
organisations we may have a legal reason to share your data with. These
include:
·
Her Majesty’s
Revenue and Customs (HMRC);
·
Organisations
we have a legal obligation to share information with i.e. for safeguarding, the
CQC;
·
The police or
other law enforcement agencies if we have to by law or court order.
·
The DBS
Service
In order to provide you
with the best experience while using our website, we process some data about
you, e.g. contact form.
The data that we keep
about you is your data and we ensure that we keep it confidential and that it
is used appropriately. You have the following rights when it comes to your
data:
1. You have the right to request a copy of all of the
data we keep about you. Generally, we will not charge for this service;
2. You have the right to ask us to correct any data we
have which you believe to be inaccurate or incomplete. You can also request
that we restrict all processing of your data while we consider your
rectification request;
3. You have the right to ask that we erase any of your
personal data which is no longer necessary for the purpose we originally
collected it for. We retain our data in line with the Information Governance
Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
4. You may also request that we restrict processing if
we no longer require your personal data for the purpose we originally collected
it for, but you do not wish for it to be erased.
5. You can ask for your data to be erased if we have
asked for your consent to process your data. You can withdraw consent at any
time – please contact us to do so.
6. If we are processing your data as part of our
legitimate interests as an organisation or in order to complete a task in the
public interest, you have the right to object to that processing. We will
restrict all processing of this data while we look into your objection.
You may need to provide
adequate information for our staff to be able to identify you, for example, a
passport or driver’s licence. This is to make sure that data is not shared with
the wrong person inappropriately. We will always respond to your request as
soon as possible and at the latest within one month.
Please note that if you
access our service using our NHS login details, the identity verification
services are managed by NHS England. NHS England is the controller for any
personal information you provided to NHS England to get an NHS login account
and verify your identity, and uses that personal information solely for that
single purpose. For this personal information, our role is a ‘processor’ only
and we must act under the instructions provided by NHS England (as the
‘controller’) when verifying your identity. To see NHS login’s Privacy Notice
and Terms and Conditions, please CLICK HERE. This
restriction does not apply to the personal information you provide to us
separately.
You can access the
PharmAppy app using your NHS login details. If you sign in using NHS login, we
will ask your permission to share your NHS login information with our service.
This allows us to fill in some personal details for you, such as your first name,
last name, date of birth and contact details. We will not use your NHS login
information for any other purposes. You can only share your NHS login
information if you have proved your identity to NHS login. You can choose not
to share your NHS login information with PharmAppy but you will need to enter
your information yourself whilst using our service.
For more information, see
the NHS login privacy notice and terms and conditions.
If you would like to
complain about how we have dealt with your request, please contact:
Information
Commissioner’s Office
Wycliffe
House
Water
Lane
Wilmslow
Cheshire
SK9 5AF