Your Thyme Limited (trading as Thyme) is committed to protecting and respecting your privacy. By way of background, we are required to process your personal data in accordance with the requirements of the General Data Protection Order. In addition, as a medical practice, we are regulated and inspected by the Care Quality Commission, which sets out very strong regulations for the handling and security of patient data and medical records.
1 WHO WE ARE
1.2 We can be contacted in the following ways:
1.2.1 By post to: Your Thyme Limited, The Stables, New Lodge, Drift Road, Windsor, SL4 4RR
1.2.2 By email to: email@example.com
1.2.3 By telephone: 0330 088 2020
2 INFORMATION WE COLLECT ABOUT YOU
We will collect and process the following data about you:
2.1 Information you give us
2.1.1 This is information you give us by filling in forms on our website at www.yourthyme.com, or on our mobile applications (together our “platform”), or by corresponding with us by phone, email or otherwise.
2.1.2 It includes information you provide when you register to use our platform, search for services on our platform, enter a competition, promotion or survey and when you report a problem with our platform.
2.1.3 It includes information we collect about you every time you use our service, whether by attendance at a clinic, use of our telephone appointment system or when one of our staff makes a visit to you or when you make use of our virtual consultation service.
2.1.4 The information you give us may include your name, address, phone number, email address, date of birth, financial and credit card information including billing address.
2.1.5 The information you give us may also include your medical records (including NHS summary care records) or personal description.
2.2 Information we collect about you
2.2.1 We will collect information about you when you visit our platform and use our services.
2.2.2 We will collect technical information, including the Internet Protocol address (IP address) used to connect your computer to the internet, your login information, browser type and versions, operating systems, certain device information and your location.
2.2.3 We will collect information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from our platform (including date and time), services you viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs) and methods used to browse away from the page.
2.2.4 We will collect information from and about your consultation including the appointment location and duration, medical notes taken during the appointment, any information provided by your medical insurance provider (if applicable), and any test results (if applicable);
2.2.5 Your medical records.
3 HOW WE USE YOUR INFORMATION
3.1 We use information other than medical records about you for the following purposes:
3.1.1 to perform our contractual obligations to you, including the provision of our services requested by you;
3.1.2 to create and maintain records in relation to the performance of our contractual obligations to you, invoicing and payments made by you;
3.1.3 to confirm appointments when you make them;
3.1.4 if you provide consent, to send information about our services or other services provided by third parties which we consider may be of interest to you by whatever means of communication you consent to. Your consent may be withdrawn at any time;
3.1.5 to obtain feedback about our services from you by email, phone or mail;
3.1.6 to improve the services we provide to you;
3.2 We will use information we collect when you use our platform:
3.2.1 to administer our platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.2.2 to improve our platform to ensure that content is presented in the most effective manner for you and your device;
3.2.3 to keep our platform safe and secure; and
3.2.4 to measure or understand the effectiveness of marketing we provide to you and others, and to deliver relevant marketing to you.
4 MEDICAL RECORDS
4.1 By contracting with us to provide medical services to you, you are consenting to us using, storing, sharing and otherwise processing your medical records as set out in the paragraph 4.
4.2 We may use your sensitive personal data and medical records:
4.2.1 to create a record of the consultations, care/advice and Services we provide to you in the course of providing our services to you. Examples of the information collected or created through this process are electronic medical records that may be uploaded by you or created as a result of your use of the Services;
4.2.2 to facilitate treatment or the provision of medical services by our employees and consultants. We may share your medical records with doctors, technicians or employees to enable us to fulfil our contractual obligations to you. For example, we may share your personal health information across a number of practitioners employed or engaged by us to plan your care. This may include prescriptions, lab work, other digitised / digital health information that you make available to us about you from time to time
4.2.3 to measure the performance of its own staff in relation to the provision of services to you.
4.3 We may, with your specific consent or as provided in clause
4.4, share your medical records with people not at Thyme including, but not limited to specialist consultants, GP practices, out of hours providers, hospitals, pharmacists, pharmacies and other healthcare providers who are treating you, emergency services, NHS organisations and certain specific non NHS organisations for the purposes of direct and indirect delivery of care.
4.4 For medical reasons or as a requirement of the law, we may use, share or otherwise process your medical records or other personal information in the following circumstances:
4.4.1 where the processing is necessary to protect the vital interest of you or another – for example – we may use and disclose your personal information to the extent required to protect the vital interests of you or someone else, where the relevant person is physically or legally incapable of giving consent. Examples of this are to prevent a serious threat to your health and safety or that of others, including but not limited to instances of child abuse or neglect;
4.4.2 where the processing is necessary for reasons of public interest in the area of public health – we may share your personal information where it is necessary for reasons of public interest in the area of public health. For example, we may share your personal information with the UK Government departments or other relevant authorities:
(a) to report reactions to medicines or problems with products;
(b) if we have reason to believe that you may have been exposed to, or may be at risk of spreading, certain specified serious diseases or conditions.
(c) where the processing is necessary in relation to an actual or potential legal claim – If you are involved in a legal dispute, we may share your sensitive personal information in response to a court order, legal demand or other lawful process;
4.4.3 the Police – we may share personal information if we are legally required to do so by the police. The circumstances in which we are required to do so are limited, but include reporting certain types of wounds.
4.4.4 National Security – we may share, if legally required to do so, your personal information with UK Government officials for national security reasons.
5 OTHER DISCLOSURE OF YOUR INFORMATION
5.1 You consent to our sharing your personal data with selected third parties including:
5.1.1 business partners (including medical insurance providers), payment service providers, GPs, and other suppliers and sub-contractors necessary for the performance of the services we provide to you;
5.1.2 analytics and search engine providers that assist us in the improvement and optimisation of our platform.
5.2 We will disclose your information to third parties:
5.2.1 in the event that we sell or transfer any business or assets which includes the contract between you and us to a third party, in which case we will disclose your personal data to the prospective acquirer of such business assets;
5.2.2 if all or a significant proportion of our share capital is acquired by a third party, in which case aggregated data held by us about customers using our platform will be disclosed to the prospective acquirer on an anonymous basis; and
5.2.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreement with you or agreements with third parties or to protect our rights, property or safety or that of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6 WHERE WE STORE YOUR PERSONAL DATA
6.1 Your medical records are held on our secure clinical system and in accordance with requirements of the Care Quality Commission, which conducts regular inspections. This clinical system allows for our doctors to hold, store and view your medical records. We will not share your medical records with anyone unless you give consent or as required under Clause 4.4.
6.2 The personal information that we collect about you will not be transferred outside of the United Kingdom without your prior consent.
6.3 All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
6.4 Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
6.5 You should be aware that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of personal information transmitted by you to our platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7 INFORMATION RETENTION AND DELETION
7.1 For medical, legal and insurance reasons, we may retain your medical records for life and a further six years.
7.2 We may retain your personal information (other than medical records) for the following purposes and periods:
7.2.1 as long as you are receiving our services;
7.2.2 in relation only to such personal information as we require to retain for the purposes of dealing with disputes or litigation with you, for a further period after you have ceased to receive our services as necessary in the event of a dispute or litigation;
7.2.3 to the extent necessary to protect our legitimate business interests;
7.2.4 as long as necessary to comply with any legal requirement.
8 YOUR RIGHTS
8.1 Under certain circumstances, you have the following legal rights in respect of your personal information:
8.1.1 a right to request access to your personal information and a copy of any personal information that we hold relating to you;
8.1.2 a right to request rectification of your personal information;
8.1.3 a right to request erasure of your personal information (subject to clause 7);
8.1.4 a right to ask us to restrict processing of your personal information and a right to object to our processing of your personal information; and
8.1.5 a right to lodge a complaint about how we treat your personal information with the Information Commissioner’s Office.
8.2 We will only permit changes or erasure of part of your medical records in exceptional circumstances where it can be proved beyond reasonable doubt that the medical record is wrong, inaccurate or misleading and does not provide background information to the state of your health. Any such changes as are agreed may be agreed and amended only by a medical practitioner.
8.3 If you pursue a request under clause 8.1.3or 8.1.4, we may not be able to continue to provide you with the services or information about the services that you have requested us to provide to you, and your agreement with us may then need to be terminated without refund of fees.
8.4 If you wish to discuss or make a request in respect of any of the above rights, please contact us as set out in clause 1.2.
9 THIRD PARTY LINKS