The Company is a Healthcare and Health Digital Solutions business which provides staffing solutions and digital platforms in the health sector. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.
What this policy covers:
This policy explains how we use your data to deliver our healthcare app( CheckUp Health), websites and services. This includes:
Services are provided through the following:
The Flame lily Healthcare Limited, the company that provides the services CheckUp Health, the technology software brand for Digital health services When we talk about “we”, “The Company”, we mean The Flame Lily healthcare limited and Checkup Health.
This means The Flame Lily Healthcare limited is using CheckUp Health and is the data “controller” of your personal data. Some services we offer with our partners, or on behalf of them may use the CheckUp Health technology.
You may give your personal details to the Company directly, such as on an application or registration form or via our website and or apps or we may collect them from another source such as other health services providers and platforms.The Company must have a legal basis for processing your personal data. For the purposes of providing you with healthcare and medical services and/or information relating to support relevant to you, we will only use your personal data in accordance with this privacy statement. At all times we will comply with current data protection laws.
1. Collection and use of personal data
a. Purpose of processing and legal basis
The Company will collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with required services. We collect information directly from you when you choose to participate in our offers and programs, create an account on our websites or in our mobile applications to access services, call or email us, or otherwise provide information directly to us and developing and managing our services and relationship with you and our clients.
If you have opted-in we may also send you marketing information and news via email/ text. You can opt-out from receiving these at any time by clicking “unsubscribe” when you receive these communications from us.
In some cases we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
We must have a legal basis to process your personal data. The legal bases we rely upon to offer our services to you are:
b. Legitimate interest
This is where the Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests is/are as follows:
c. Statutory/contractual requirement
The Company has certain legal and contractual requirements to collect personal data (e.g. to comply with Regulation and in some circumstances safeguarding requirements.) We use your health and medical information for safety, training, regulatory, and compliance purposes.
This means that:
If we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council, Medicines and Healthcare Products Regulatory Agency or Care Quality Commission
We may audit how you use our services, for example to review the quality of results provided by our products
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.
d. Recipient/s of data
The Company will process your personal data and/or sensitive personal data with the following recipients:
Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address or from organisations we are contracted with to provide you services.
Data we hold and we collect from you
When you register with us, we'll ask you for your:
The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorised to do so.
Sensitive Personal Data
When you use our services, we collect information about your health, including:
If you use our private service, we'll send your appointment notes to your NHS GP, if you give us your consent.
Details of your conversations with us
How long do we keep your data?
We might also keep some information that doesn't identify you to help improve our business and our services that we offer.
In some circumstances, we might keep data longer if required by the law
|Your information||How long we keep it (its 'retention period')|
|GP records: This includes medical records, consultations with GPs and monitor health at home modules interactions||We keep your GP records for 10 years after your death or after you've permanently left the country. We may keep your records longer if there are genetic implications for your family. We work on the advice from clinicians in this situation. Electronic patient records can't be destroyed or deleted for the foreseeable future|
|Video consultations||If we keep your video consultations, they are kept in the same way as your GP records (although that period of time could change if our product changes).|
|Voice (or audio) consultations||We keep your voice consultations in the same way as your GP records (although that period of time could change if our product changes).|
|Communications with support teams, including phone calls, emails and live chats||1 year after you leave the CheckUp Health service.|
|Maternity records||We keep your records for 25 years after the birth of your last child.|
|Records on any treatment for a mental disorder (as described in mental health legislation)||We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner.|
If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: Support firstname.lastname@example.org
Data from other sources
We might also receive some data about you and your health from other organisations we are contracted with, apps, devices and services.
This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a health monitoring device that linked to our app.
Credit and debit card information
If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.
We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.
Technical information and analytics
When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:
Source of The Personal Data and Hho we may Share it With
Other healthcare providers
If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:
By law, we may need to share information with these services to safeguard either you or others, or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with optimum uptime services.We work with third parties servers which may be hosted outside UK to deliver efficient services.We take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. This will always be in line with applicable data protection lawful mechanisms (such as appropriate contractual terms) and subject to strict safeguards.
For further information on how we protect your data if we transfer it outside of the EEA, contact us by email at: email@example.com
Protecting public health
We might process your data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics. and in cases where such an activity is a legal requirement.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
Aggregated or anonymous data
In situations where we may need to show on our website or share with our commercial partners data that does not personally identify you, which shows general trends. This is 'aggregated' data and is not personal data may be shared.
This might include, for example, the number of visitors to our websites, number of App downloads, users of our service or trends in a particular location.
Statistical data in the public's interest
We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in such schemes from time to time. These schemes may be project related, or government rleated scheme.
We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge on how we support you in service delivery and help our members and the general public.
You can contact us directly if you do not want your data to be used in this way by email at: firstname.lastname@example.org
Please be aware that you have the following data protection rights and you are in control of your records:
Making changes within your App
Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:
Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't..
Ask us to restrict any automated (computer-made) decisions made with your data.
Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
Where you have consented to the Company processing your [personal data/[and]sensitive personal data] you have the right to withdraw that consent at any time by contacting us using the methods below.
Write to us: Data Protection officer.
The Flame Lily HQ.
144 Penn Road,
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:
Information Commissioner's Office
Phone: 0303 123 1113
Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
Cookies and Other Technologies
The Flame Lily and our third-party service providers use a variety of technologies to assess how our sites or mobile applications are used, to personalize your experience and to deliver you marketing, including online content, tailored to your interests. Some technologies we may use include the following:
A cookie is a small file placed on your device when you visit a site that can be understood by the site that issued the cookie. We use the information collected by cookies to remember who you are to log you in and your preferences, to provide you advertisements, offers or other content tailored to your interests and to assess how our sites are used. You can accept or decline cookies through your browser settings. To learn more, please look at the cookie settings available in your specific web browser(s). Please note, however, that without cookies you may not be able to use all of the features of our Sites or other websites and online services. Please click here for a list of all The Flame Lily Cookies.
We may use third-party web analytics services on our Sites, such as those of Google Analytics. These service providers help us analyse how visitors use the Sites. The information obtained for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers. To learn more about Google Analytics, and how to opt out, please click here.
The providers of third-party plug-ins and widgets on our Sites, such as embedded videos and social media sharing tools, may use automated means to collect information regarding your use of the Sites and your interactions with the plug-ins and widgets. We may also receive information you have made available to those third party services, including the geographic location of your mobile device and other information about you (such as name, email address, gender, locale, time zone, languages, social media profile URL, personal website URL, biographical information, birthday, photo, list of devices, education history, work history, hometown, interests, current city, political views, favourite athlete and teams, relationship status and information, religion, name of significant other, and certain security settings information) and your contacts on those services. This information is subject to the privacy policies or notices of the third party providers of the plug-ins and widgets.
Links to external websites
The Company’s website may contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
The Company takes every precaution to protect our users’ information.The company uses security measures in relation to the personal data processed, e.g. firewalls, browser certification technology, encryption, limited access, use of passwords.Only users who need the information to perform a specific task (for example, consultations, our clinical team) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/ the Internet.
If you share a device with others we recommend that you do not select the “remember my details” function when that option is offered.
If you have any questions about the security at our website, you can email email@example.com
Changes to this privacy statement
We will update this privacy statement from time to time. We will post any changes on the statement with revision dates. If we make any material changes, we will notify you and give you a chance to review them.If you agree to the changes, you don't need to do anything. Just keep using our services as when and you need them with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.
Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
Write to us: Complaints department, The Flame Lily HQ. Checkup Health 144 Penn Road WV3 0EE