Updated on 16/05/2022
TPP have developed this App to provide you with access to your own health care record on your smartphone.
The Phoenix Partnership (Leeds) Limited (“TPP”) is committed to protecting and respecting your privacy.
To provide the Airmid product and Services (the “App”), we must process information about you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy (together with our licence agreement for the use of Airmid) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By registering on or using the App you are accepting and consenting to this policy.
1. Personal information that we collect
We collect the following information in order to provide our App and Services and further described below in Section 2:
Information you give us
You may provide us with information through your use of the App, this includes:
- the personal information that we ask for in order for you to create an account (such as your name and phone number/email address) to access the App to create or share, and message or communicate with others;
- medical information which contains sensitive personal information contained within your medical record that you have consented to share to the App;
- demographic, medical and lifestyle information that you add to your health record within the App;
- information in or about the content you provide (e.g. metadata), such as the date and time when information is added.
Information we collect about you:
We may collect information from your use of the App and our services, including:
- Device and Connection information, such as the type of device, operating system, mobile network information and phone number; Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address;
- Usage Information and automatic activity tracking, such as how and when you use the service and what content and functionality you access;
- Location information, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals, when location services settings are activated;
- Your networks and connections, such as the people and groups you are connected to and how you interact with them, such as the people you communicate with the most or the groups you like to share with. We also collect contact information you provide if you upload, sync or import this information (such as an address book) from a device;
- Information from partner Apps and Apps that use our App/Services. We collect information when you visit or use third-party Apps and Apps that use our App/Services;
- Information about transactions made on the App. If you use the App for purchases or other financial transactions, we may collect information about the purchase or transaction.
2. Uses of personal information
We use the personal information that we collect (subject to choices you make) for the following purposes:
- To provide our services and to suggest products, including to personalise features and content, services or additional functionality that you may find helpful. In order to create a personalised app and services that are unique and relevant to you, we use:
- To improve our services and to ensure that content is presented in the most effective manner for you and for your device. We use the information we have to send you communications and to respond to you when you contact us.
- To allow you to participate in the interactive features of our services, when you choose to do so.
3. Non-personal information
We also collect anonymised data in a form that does not allow identification of you:
- To monitor usage and collect usage statistics for product research and development including but not limited to how the App services are being used. We use the information to develop, test and improve the App and services, including by means of conducting surveys and research, and testing and troubleshooting for existing and new products and features.
4. How is your data shared
To access your medical record via Airmid:
- The healthcare organisation(s) that care for you will need to consent for your medical record that they hold to be shared to you via the App. You will not be able to see the part(s) of your medical record on the App if the particular organisation(s) that hold that information have not given their consent for you to do so.
In order for an organisation to see the data that you record on Airmid:
- you will need to consent to the data that you record being shared to that organisation;
- The organisation will need to consent to see the data that you recorded.
You may give us consent to disclose your personal information to select other third parties via the App as part of the service. The types of third parties that we may share information with are researchers and academics working to improve health and social care provision for the benefit of you and the public. You will be asked if you want to share your information with these other parties.
We will only disclose or share your personal data under the following circumstances:
- When you have given us consent as described above;
- If we have a legal obligation to do so; or
- If it is necessary to comply with a request from a public or governmental organisation.
If our ownership or control of all or part of our services transfers to a new owner, we may transfer your personal information to the new owner. The new owner will be obligated to continue to treat such personal data on the terms set out in this policy.
Our legal basis for processing data
We collect, use and share data that we have in the ways described above as necessary:
- To comply with our legal obligations;
- To be consistent with your consent, which you may revoke at any time through the App;
- To protect your interest, or those of others;
- As necessary in the public interest;
- As necessary for our (or others’) legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
Data Retention, account deactivation and deletion
We retain personal information until it is no longer necessary for the provision of our App or delivery of our Services unless you delete it in the App (whichever comes first).
Personal information that is recorded by you can be removed from the App by yourself, so that it cannot be accessed by any clinician. However if you uninstall the App without disabling your App account, your personal information will be retained so that it is available if you want to reactivate your account in the future. You are not able to remove data recorded by your healthcare provider. Your healthcare provider cannot remove data recorded by you.
Personal information that has been deleted in the App may persist in our backup systems, but will not be readily accessible. Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to 6 months. When you or TPP delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers. Any data retained will be in an anonymized form according to our anonymisation policy.
Data You Enter
The App provides you with control over the data you record on the App. You can:
- Access your personal information except in exceptional cases provided for by laws and regulations. You may access your personal information by logging into the App or by contacting the relevant healthcare provider who input the information;
- Correct or supplement your personal information.
When you find that there is an error in the personal information we process about you, you have the right to ask TPP or the healthcare provider to make corrections or additions. You can make a correction or supplementary application by means of updating your information within the App or contacting the relevant healthcare provider who input the information and asking them to update your information.
Changing the scope of your authorized consent:
You can change who can access the data you enter on the App:
- If you wish to withdraw your consent for your data to be used by a specific organisation, you can contact the organisation to revert your consent.
- When you withdraw your consent, we will no longer share the personal information you added via the App. However, your decision to withdraw your consent will not affect the personal information that has already been processed based on your previous authorisation.
Request deletion of your personal information
- You can remove the individual data items that you have contributed to your health record via the App yourself.
- You need to contact your healthcare provider directly to request deletion of personal information data items within your health record added by a healthcare professional.
- If you wish to make all the data entered by you to be made inaccessible, you can disable your App account in the App. Once you disable your App account, your healthcare providers or third parties with whom you have previously consented to share your data will no longer be able to access the data you have entered via the App. If you reactivate your App account, your healthcare provider will be able to access the data you record via the App and have consented to share. This includes the data you previously recorded before disabling your account.
- Deleting the App from your device by virtue does not delete either the data you have entered into your health record or the data added by your healthcare provider.
You may request the deletion of personal information from us in the following cases:
- If we deal with personal information violations of laws and regulations;
- If we collect and use your personal information, but do not obtain your express consent;
- If our handling of personal information is a serious breach of our agreement with you;
- If you no longer use our products or services, or you voluntarily write off the account;
- If we permanently no longer provide you with products or services.
If we decide to respond to your request, we will delete your information in a timely manner, unless otherwise provided by laws and regulations.
We do not charge a fee in principle for your reasonable request, but we will charge a fee for repeated requests that exceed reasonable limits, as appropriate.
We may reject requests for unprovoked repetition that require too much technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are very unrealistic.
We will not be able to respond to your request in the following cases, as required by laws and regulations:
- Related to national security and defence security;
- Related to public safety, public health, major public interests;
- Related to crime investigation, prosecution, trial and enforcement of sentences, etc.;
- There is sufficient evidence to show that the subject of personal information there exists subjective malice or abuse of rights;
- If the response to your request will cause you or other individuals, organisations of the legitimate rights and interests serious damage;
- Involving trade secrets.
Information security and preventing harm
We restrict access to personal information to TPP employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
However, it is your responsibility to ensure your computer or device, and your connection to the service, is secure. Use of the Service is at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us via any device on which you may access the App.
Use of App Services by Minors
We may collect and use information of a minor only as provided by the parent or guardian or with their express consent. If we become aware that we process information of a minor without the valid and express consent of a parent or guardian, we reserve the right to delete it.
Changes to this policy
We may need to change this policy to reflect changes in law or best practice or to deal with additional features or changes to features that we introduce.
- We will notify you of any changes to this policy when you next start the App after an update.
- If you do not accept the notified changes, you will not be permitted to continue to use the App.
- If you continue to use the App following notice of the changes to the policy, it constitutes your acceptance of the updates.
How do the TPP products work together?
TPP share infrastructure, systems and technology amongst its other products to provide an innovative, relevant, consistent and safe experience across all products for our customers.
How do we operate and transfer data as part of our global services?
We share information, both internally within TPP and externally with our partners and with those you connect and share with around the world in accordance with this Policy. Information will be transferred or transmitted to, or stored and processed in, Malaysia and the United Kingdom or other countries outside where you live for the purposes as described in this Policy.
How to contact TPP with questions
You can contact TPP by email or by post at:TPP House
129 Low Lane
If you have questions about this Policy, you can contact us as described below
Contact the Data Protection Officer – firstname.lastname@example.org