Updated on 28/06/2023
The Phoenix Partnership (Leeds) Ltd (“TPP”) are committed to protecting and respecting your privacy. TPP provide the healthcare organisation you are employed by (“Your Organisation”) with the electronic healthcare record (EHR) software, SystmOne.
TPP (We) have developed Brigid (the “App”) to provide you and Your Organisation with the additional ability to access and contribute to electronic healthcare records directly from your smartphone or other personal device. To benefit from the App Your Organisation must have entered into a customer agreement with us and granted you access credentials necessary to access the App and use the Services.
TPP is committed to protecting and respecting privacy.
To provide the App and associated services, we must process information about you and about the individuals you access within the App. Please read the following carefully to understand our practices regarding personal data and how we will treat it.
This policy (together with the Terms and Conditions and End User Licence Agreement for the App) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. By using the App you are accepting and consenting to this policy.
1. How you may use the App
In return for agreeing to the below you may:
- Log onto the App via your SystmOne username and password, or PIN, to use the App functionality.
- Use any documentation to support your permitted use of the App functionality and the service.
- Contact us with queries or log issues about the services. Please check the customer support model relevant to Your Organisation as these queries may need to be directed via first line support staff.
- Receive and use any free updates of the App functionality and the service incorporating “patches” and corrections of errors as we may provide to you.
2. Collection of Personal information
The following information is used by us in order to provide the App and services:
Information you give us
You may provide us with information through your use of the App, including Personal Data and Special Categories of Personal Data. This includes:
- personal information – associated with access credentials used to access the App and associated software, SystmOne (such as your name, gender, date of birth, ID number and phone number/email address);
- medical and lifestyle information which contains sensitive personal information contained within a medical record. This information has either been added by you, Your Organisation or has been recorded by organisations who are/have been caring for an individual and who have allowed you to view the record within the App. You acknowledge the data you add will be shared to and made visible in the App by your use of it and acceptance of this policy;
- demographic, medical and lifestyle information that you add to the App or medical record;
- information in or about the content you provide (e.g. metadata), such as the date and time when information is added.
Information we collect about you:
We may collect information from your use of the App and our services, including:
- Device and Connection information, such as the type of device, operating system, mobile network information and phone number; Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address;
- Usage Information and automatic activity tracking such as how and when you use the service and what content and functionality you access;
- Location information including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals, when location services settings are activated;
- Information from partner apps and apps that use the App/services, such as information collected by us when you visit or use third-party apps and apps that use the App and/or our services;
- Information about transactions made on the App. If you use the App for purchases or other financial transactions, we may collect information about the purchase or transaction.
3. Uses of Information we collect
We use the personal information that we collect for the following purposes:
- To provide our services and to suggest products, including to personalise features and content, services or additional functionality that you may find helpful. In order to create an app and services that are relevant to you, we use:
- Information on how you use and interact with the App and services;
- Location-related information – such as your current location, and the locations, organisations and people you’re near (location-related information can be based on things such as precise device location (if you’ve allowed us to collect it), IP addresses and information from your use of the App).
- To improve our services and to ensure that content is presented in the most effective manner for you and for your device. We use the information we have to send you communications and to respond to you when you contact us.
- To allow you to participate in the interactive features of our services, when you or Your Organisation choose to do so.
- To help us keep the App safe and secure. We use the information that we have to verify accounts and activity, combat harmful conduct, detect and prevent bad experiences, maintain the integrity of the App and services, and promote safety and security on and off the App. For example, we use data that we have to investigate suspicious activity or breaches the App Terms and Conditions or End User Licence Agreement.
- To allow you to participate in research. Subject to provisions contained within Your Organisations relevant customer agreement, the information held within the App may be used to support researchers who are working to improve health and care provision for the benefit of you and the public.
We may also collect anonymised data in a form that does not allow identification of you for the following reason:
- To monitor usage and collect usage statistics for product research and development including but not limited to how the App services are being used. We use the information to develop, test and improve the App and services, including by means of conducting surveys and research, and testing and troubleshooting for existing and new products and features.
4. How data is shared
The App enables you to view and update information controlled by Your Organisation. The information you enter into the App will be visible in the desktop software, (SystmOne) used by Your Organisation and within the patient’s electronic healthcare record once you press Save.
To allow another organisation that is not Your Organisation to see the data that you record on the App:
- Your Organisation or the patient will need to consent to the data that you record being shared to that organisation from within SystmOne. The data will then become part of the shared care record.
- The data recorded in Brigid will also be available within patient facing applications, subject to the sharing rules of your organisation.
Because of our responsibilities to you, we will only disclose or share your personal data in the following circumstances:
- In accordance with our customer agreements with Your Organisation and the data processing provisions contained therein; or
- If we have a legal obligation to do so; or
- If it is necessary to comply with a request from a public or governmental organisation.
An example of a legal obligation would be if a court ordered us to disclose information; in a similar way the government can issue orders that require information to be shared.
5. Our legal basis for processing data
We act as data processor for data that you enter into the app We collect, use and share data that we have access to (as described above):
- To fulfil our Customer Agreement;
- To comply with our legal obligations;
- To protect your interest, or those of others;
- As necessary in the public interest;
- As necessary for our (or others’) legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
6. Data Retention
We retain data until it is no longer necessary for the provision of the App or delivery of our services. Retention of Data will align to the provisions contained in the relevant Customer Agreement associated with your credentials and any minimum retention periods as prescribed in law or as advised (and amended from time to time) by any applicable regulatory body.
7. Information security and preventing harm
We restrict access to personal information strictly to TPP employees, contractors, and agents who need access in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
In addition to this, it is your responsibility to ensure your computer or device, and your connection to the service, is secure. Use of the App and our services is at your own risk. Although we will do our best to protect personal data, we cannot guarantee the security of the data transmitted to us via any device on which you may access the App.
8. Changes to this policy
9. How we operate and transfer data as part of our global services
10. How to contact TPP with questions
If you have general questions or comments about the App, you can email us at AppEnquiries@tpp-uk.com