Airmid Privacy Policy JAM


Airmid Privacy Policy

Updated on 28/06/2023

The Phoenix Partnership (Leeds) Ltd (“TPP”) have developed Airmid (the “App”) to provide you with access to and the ability to contribute to your own health and care record from your smartphone or other personal device.

TPP is committed to protecting and respecting your privacy.

To provide the App and associated services, we must process information about you. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

This policy (together with the End User Licence Agreement for the App) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By creating a user account on or using the App you are accepting and consenting to this policy.

Personal information

The following information is used by us in order to provide the App and services:

Information you give us

You may provide us with information through your use of the App, including Personal Data and Special Categories of Personal Data. This includes:

  • personal information that we ask for in order for you to create an account (such as your name, gender, date of birth, ID number and phone number/email address) to access the App;
  • medical and lifestyle information which contains sensitive personal information contained within your medical record. This information has been recorded by organisations who are/have been caring for you and who have allowed you to view the record they hold within the App. You consent for this data to be shared to and made visible in the App by your use of it and acceptance of this policy;
  • demographic, medical and lifestyle information that you add to the App or your medical record;
  • information in or about the content you provide (e.g. metadata), such as the date and time when information is added.

Information we collect about you:

We may collect information from your use of the App and our services, including:

  • Device and Connection information, such as the type of device, operating system, mobile network information and phone number; Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address;
  • Usage Information and automatic activity tracking, such as how and when you use the service and what content and functionality you access;
  • Location information, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals, when location services settings are activated;
  • Your networks and connections, such as the people and groups you are connected to and how you interact with them, such as the people you communicate with the most or the groups you like to share with. We also collect contact information you provide if you upload, sync or import this information (such as an address book) from a device;
  • Information from partner Apps and Apps that use our App/Services. We collect information when you visit or use third-party Apps and Apps that use our App/Services;
  • Information about transactions made on the App. If you use the App for purchases or other financial transactions, we may collect information about the purchase or transaction.

Information we collect about you:

We may collect information from your use of the App and our services, including:

  • Device and Connection information, such as the type of device, operating system, mobile network information and phone number; Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address;
  • Usage Information and automatic activity tracking , such as how and when you use the service and what content and functionality you access;
  • Location information , including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals, when location services settings are activated;
  • Information from partner apps and apps that use the App/services. such as information collected by us when you visit or use third-party apps and apps that use the App and/or our services;
  • Information about transactions made on the App. If you use the App for purchases or other financial transactions, we may collect information about the purchase or transaction.

Uses of personal information

We use the personal information that we collect (subject to choices you make) for the following purposes:

  • To provide our services and to suggest products, including to personalise features and content, services or additional functionality that you may find helpful. In order to create a personalised app and services that are unique and relevant to you, we use:
    • Information on how you use and interact with the App and services;
    • Location-related information – such as your current location, where you live, the places you like to go, and the locations, organisations and people you’re near (location-related information can be based on things such as precise device location (if you’ve allowed us to collect it), IP addresses and information from your use of the App).
  • To improve our services and to ensure that content is presented in the most effective manner for you and for your device. We use the information we have to send you communications and to respond to you when you contact us.
  • To allow you to participate in the interactive features of our services, when you choose to do so.
  • To help us keep the App safe and secure .We use the information that we have to verify accounts and activity, combat harmful conduct, detect and prevent bad experiences, maintain the integrity of the App and services, and promote safety and security on and off the App. For example, we use data that we have to investigate suspicious activity or breaches the Airmid Terms of Use.

Non-personal information

We also collect anonymised data in a form that does not allow identification of you:

  • To monitor usage and collect usage statistics for product research and development including but not limited to how the App services are being used. We use the information to develop, test and improve the App and services, including by means of conducting surveys and research, and testing and troubleshooting for existing and new products and features.

How your data is shared

To access your medical record via Airmid:

  • You will have consented to providing this information to Airmid by agreeing to our consent form, Terms and Conditions, Privacy Policy and End User Licence Agreement;
  • The healthcare organisation(s) that care for you will need to consent for your medical record that they hold to be shared to you via the App. You will not be able to see the part(s) of your medical record on the App if the particular organisation(s) that hold that information have not given their consent for you to do so.

In order for an organisation to see the data that you record on Airmid:

  • you will need to consent to the data that you record being shared to that organisation;
  • The organisation will need to consent to see the data that you recorded.

Once an organisation is able to see the data you record via the App and you have subscribed to receive information from that organisation they are able to choose to incorporate data you record via the App into their medical record about you (which may then be shared by them with other organisations involved in your care) but this is only where:

  • The organisation has requested the data from you. For example, via a questionnaire or template.

Should this happen there will be some implications in terms of data retention and deletion – see the Airmid Deletion Policy.

Family Access:

If Family access (where somebody has access to another person’s record through the App) is granted on a legal basis (e.g. parental responsibility for a child), the proxy user will automatically be granted access to view, add to, edit and remove that person’s App data. For example, if you are granted Family access you would be able to view and record information on your child’s record, or, with their consent, your parent’s record.

If you do become a proxy user the person whose record is being accessed will see within the App that your proxy access has been granted on a legal basis. In the same way, if someone has proxy access to your record, you will be able to see this within the App.

Third Parties

You may give us consent to disclose your personal information to select other third parties via the App as part of the service. The types of third parties that we may share information with are researchers and academics working to improve health and social care provision for the benefit of you and the public. You will be asked if you want to share your information with these other parties.

We will only disclose or share your personal data under the following circumstances:

  • When you have given us consent as described above;
  • If we have a legal obligation to do so; or
  • If it is necessary to comply with a request from a public or governmental organisation.

If our ownership or control of all or part of our services transfers to a new owner, we may transfer your personal information to the new owner. If this happens, the new owner will be obligated to continue to treat such personal data on the terms set out in this Privacy Policy and inform you of their ownership.

Our legal basis for processing data

We act as data controller for the data that you independently choose to enter into the app.

We act as data processor for the data that third parties such as care organisations may request you to enter into the app. For example, responses to surveys and questionnaires.

We collect, use and share data that we have in the ways described above as necessary:

  • To fulfil our Terms of Use;
  • To comply with our legal obligations;
  • To ensure we respect your consent, which you may revoke at any time through the App;
  • To protect your interest, or those of others;
  • As necessary in the public interest;
  • As necessary for our (or others’) legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.

Data Retention

We retain data until it is no longer necessary for the provision of the App or delivery of our services, or until you request that your App account is deleted – see below.

Your Rights

You have specific rights under the Jamaica Data Protection Act 2020.

Data you enter

The App provides you with control over the data you enter on the App. You can:

  • Access your personal information except in exceptional cases provided for by laws and regulations. You may access your personal information by logging into the App. Sometimes you may also need to contact the relevant health or care provider who holds your record;
  • Correct or supplement your personal information. If you find an error in the personal information you have created that we process, you have the right to ask TPP to make corrections or additions if you are unable to correct it yourself in the App. Where the incorrect information is coming from one of your health or care providers you will need to ask them to make the correction.

Changing your consent to share data

You can change who can access the data you enter on the App:

  • If you wish to withdraw your consent for your data to be used by a specific organisation, you can contact the organisation to revert your consent.
  • When you withdraw your consent, we will no longer share the personal information you added via the App. However, your decision to withdraw your consent will not affect the personal information that has already been processed based on your previous authorisation.

Request deletion of your personal information – right to erasure

  • You can remove the individual data items that you have contributed to your health record via the App yourself. You can do this by selecting the ‘Permanently delete data that I have added to my medical record’ option when disabling your App account. Any references to data ‘deletion’ mean your data is being ‘put beyond use’ which ensures that your data is made inaccessible, cannot be retrieved in a useable format, and is no longer visible in your medical record.
  • You need to contact your healthcare provider directly to request deletion of personal information data items within your health record added by a healthcare professional.
  • If you wish to make all the data entered by you to be made inaccessible, you can disable your App account in the App. Once you disable your App account, your healthcare providers or third parties with whom you have previously consented to share your data will no longer be able to access the data you have entered via the App. If you reactivate your App account, your healthcare provider will be able to access the data you record via the App and have consented to share. This includes the data you previously recorded before disabling your account.
  • Deleting the App from your device by virtue does not delete either the data you have entered into your health record or the data added by your healthcare provider.

You may request the deletion of personal information from us in the following cases:

  • If we deal with personal information violations of laws and regulations;
  • If we collect and use your personal information, but do not obtain your express consent;
  • If our handling of personal information is a serious breach of our agreement with you;
  • If you no longer use our products or services, or you voluntarily write off the account;
  • If we permanently no longer provide you with products or services.

If we decide to respond to your request, we will delete your information in a timely manner, unless otherwise provided by laws and regulations.

We do not charge a fee in principle for your reasonable request, but we will charge a fee for repeated requests that exceed reasonable limits, as appropriate.

We may reject requests for unprovoked repetition that require too much technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are very unrealistic.

We will not be able to respond to your request in the following cases, as required by laws and regulations:

  • Related to national security and defence security;
  • Related to public safety, public health, major public interests;
  • Related to crime investigation, prosecution, trial and enforcement of sentences, etc.;
  • There is sufficient evidence to show that the subject of personal information there exists subjective malice or abuse of rights;
  • If the response to your request will cause you or other individuals, organisations of the legitimate rights and interests serious damage;
  • Involving trade secrets.

Family/Proxy access data

If you wish to request deletion of data that either:

a) you, acting as a proxy for somebody else, have entered into that person’s record within the App, or

b) somebody else, acting as a proxy for you, has entered into your record within the App  

please email dpo@tpp-uk.com.

Deletion Principles

  1. By requesting data that you have entered into the App to be deleted, you understand this will mean that the data will no longer be accessible, including by yourself.
  2. The data in scope for deletion is personal data entered by you and associated metadata.
  3. Any in-scope data will be deleted by it being put beyond use.
  4. Any requests for deletion of out-of-scope data will need to be raised with either the specific organisation you have shared the information with or the health or care provider who holds your medical record.
  5. If you delete data directly through the App, this deletion will happen immediately. If you email us to request deletion of proxy (‘Family’) access data, we will assess the request and process it in a timely manner – see Proxy access data below.
  6. Following deletion, we will no longer be able to assist you with access to such data and all processing activities by us shall cease.

Information security and preventing harm

We make it a priority to provide strong security and give you confidence that your information is safe and accessible when you need it. The App is built with strong security features that continuously protect your information. We use strict procedures and employ strict security features in accordance with industry best practice and standards. We take all steps reasonably necessary to ensure that we treat your data securely and in accordance with this Privacy Policy.

We restrict access to your personal information strictly to TPP employees, contractors, and agents who need access in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

However, it is your responsibility to ensure your computer or device, and your connection to the service, is secure. Use of the App and our services is at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us via any device on which you may access the App.

Use of App services by a minor

We may collect and use information of a minor only as provided by the parent or guardian or with their express consent. If we become aware that we process information of a minor without the valid and express consent of a parent or guardian, we reserve the right to delete it.

Changes to this policy

We may need to change this Privacy Policy to reflect changes in law or best practice, to deal with additional features or changes to features that we introduce or to apply other updates.

When any updates are made to this Privacy Policy, we will notify you when you next start the App. If you do not accept the notified changes, you will not be permitted to continue to use the App.

If you continue to use the App following notice of the changes to the Privacy Policy, it constitutes your acceptance of the updates.

How do the TPP products work together?

TPP share infrastructure, systems and technology amongst its other products to provide an innovative, relevant, consistent and safe experience across all products for our customers.

How we operate and transfer data as part of our global services

We share information internally within TPP, externally with our partners and with selected organisations for research purposes (subject to you providing consent to do so) and with those you connect and share with around the world in accordance with this Privacy Policy. Information will be transferred or transmitted to, or stored and processed in, Jamaica and the United Kingdom or where consent is given other countries outside where you live for the purposes as described in this Policy but always securely and in accordance with data protection law.

How to contact TPP with questions

If you have general questions or comments about the App, you can email us at AppEnquiries@tpp-uk.com

If you have questions about this Privacy Policy, you can contact TPP’s Data Protection Officer at dpo@tpp-uk.com