Table Of Contents
- What this policy covers
- What data we collect about you
- What we use your data for
- How we store and move your data
- How long we keep your data
- Our rights
- Third party links
1. WHAT THIS POLICY COVERS
Ouris health – Web Application
Ouris Health – APPs
2. WHAT DATA WE COLLECT ABOUT YOU
- Personal Data - Name, Date of Birth, Address, E-mail, Telephone.
- If you are giving information about another person, you are confirming that you are authorised to do.
- For children’s Registrations – The parent or legal guardians’ details collected as Personal data.
- Special Data –We collect your Gender and Ethnicitydata.
2.1 For Health and Care professionals and Organisation
We collect only the data relevant to conduct our legal contract
- Personal – Name, Organisation details, E-mail, and Telephone
- Special Data – Ethnicity and Gender: This is collected to assist with request from your patients. We do not collect your date of birth.
2.2 Health Data
Using our APP and Web Application we collect and process information about your health.
- General Health -Symptoms, Treatments, Advices, Medications, Allergies
- Health Parameters – Personal health monitoring entries
- Symptom entries and Health data entries, which are shared with your health care professional
- Video and online consultation details and recordings
- Messaging, Chats, Notifications, SMS Texts
The information is from yourself and from your health care professional
Your details are shared with Health care professional with your consent when you sign up with Ouris
We send all your private consultations to your registered health care professional with your consent
We hold details of your conversations with us for support, Technical calls, Chats, Messages and Visit notes
2.3 Data from other sources
If you use a third-party device or apps to connect to Ouris health, we ask your permission to receive health data from third party devices.
For Private patients, if you are making a payment to a health care professional using your debit or credit card using our platform, we do not hold any card details and they are processed by a third-party payment provider.
Credit and Debit Card information
If you make a payment on the app, your credit and debit card details are processed by a third part provider . We do not store any of credit or debit card information and we only keep the details of the transaction securely for your reference
2.4 What Technical Data we collect
- Log in date, Time, location, IP
- Browser information of log in
- APP downloaded device, Model and Version
- Your visits to our site and your browsing information in our site (Help, Information and Products)
- We may use your browsing information in our web site to share with analytical partner to improve our user experience and to check our performance
We do not use any health information about you.
2.6 APP Permissions
Our web and Mobile APPs require the below permissions for APP functions .
Our web and APP solutions ask you to update your location , this is to help you find the nearest services ( Private or NHS services ) from your current location . You can switch these services On and Off any time . This service is also used to validate your health and well being diary , Appointments times depending on your time zone to provide you with an entry appropriate to the time zone.
Camera –Use of camera is to take pictures , videos and to conduct a video consultation with your health care professional.
Microphone – To conduct a Video Consultation and to record audio .
Bluetooth – To sync with blue tooth devices to obtain readings – Example – Blood pressure, pulse oximeter.
You can disable or enable them from Phone settings
- On your phone – Open settings , tap privacy and turn off camera and Microphone access .
- On your Phone – Open settings and disable Bluetooth
3. WHAT WE USE YOUR DATA FOR
This is how we use your data and legal reasons for it
Providing you with a service
We need your personal details for your registration with our product, to enter a contract to deliver services.
3.1 Health Data
The health data and health information provided by you and your health care provider is shared between both with consent.We allow your health care professional to share clinicalinformation,treatments, Medication details, health parameter details and provide health advice on your condition using online and Video Consultation tools with you and with other health and care professionals involved in your care. (GPs, Hospitals, Community Care,Therapist,Pharmacist)
The information is about
- Legitimate interest with your health (Planning, Advice and Treatment)
- Public Interest – (NHS Obligation)
- Online and Video consultations, Medical details, Prescriptions, Health Parameters and Symptom check list and its severity
- Our Private section of the APP will show services closer to you by using your location to find a chemist or a Healthcare Professional
We use your feedbacks to improve our Health information platform. We collect unidentified health information from health diary on Blood Pressure entry , Weight , BMI and Mood. This data is collected only to analyse and measure the benefits of the APP in risk reduction. We do not store any identifiable data to the readings.
We collect data from devices when you have an outage using our product to find out the reasons behind the outage.
3.2 Marketing and Communication Data
We send you notifications and text messages about your Appointments and Health promotion messages to assist and to remind you about your appointments. The notifications and text Messages may come from Ouris or from your Health care Professional Organisation using Ouris Health Platform.
We may contact you with marketing messages, product updates,surveys, and information on our product. You can opt in or out by going to settings, privacy controls of your APP and in your account settings when using Web application.
Regulating the quality and safety of our service
We use your health information for Training, Safety, Regulatory and Compliance Purpose.
This means that :
- If we are legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council, Medicines and Healthcare Products Regulatory Agency or Care Quality Commission
- We may audit how you use our services, for example to review the quality of results provided by our products
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions, and fraud prevention services.
4. HOW WE STORE AND MOVE YOUR DATA
Your data are stored in our secured servers.
Your Personal data
Your Medical and Health Data (Consultations, Chats, Messages, and all about your health)
We do not hold any information locally in your devices (Mobile Devices)
We are committed to keeping your personal and Health information you provide us secure and we will take reasonable precautions to protect your personal information from loss, misuse, or alteration.
We have implemented information security policies, rules, and technical measures to protect the personal information that we have under our control from:
- unauthorised access.
- improper use or disclosure.
- unauthorised modification, and
- unlawful destruction or accidental loss.
All our employees and data processors (i.e., those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information.
You are responsible for keeping your password and/or authentication method confidential. Please do not share it with anyone.
For making payments to your private practice appointments and for Ouris, we do not store any of your credit card details and they are processed by a third-party provider. They follow strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.
4.2 Where we store your Data
Your Data is stored locally with in UK and not processed outside UK and we operate in line with Data Protection guidelines.
4.3 Sharing your Data
We share your Personal Data with Healthcare Organisations involved in your care and with organisations (NHS) using Ouris as a solution. We may share your personal data with private organisations to assist with support and chat. These companies can only use your data on our instructions, and they have contractual terms, and they have to act in line with data protection laws.
If you use our services through our partner Organisation (Health Insurer), we may share some of your information with them. We do not share your Medical and Health Information.
We share the below information.
Name, Date of Birth, E-Mail, Telephone, Address and Policy Number
Health Care Organisation
We will share your details with Health and Care Organisations involved in your care.
- Your NHS GP
- Social Enterprise Organisations involved in your care
- Care and Nursing Homes
- Community Care
- Emergency Services (Urgent Care, Accident and Emergency)
- Other Health and Care Organisations
By law, we may need to share information with these services to safeguard either you or others or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
4.4 Protecting Public
We may use your health data to protect the public.
Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
- NHS Digital
- NHS England and Improvement
- Public Health England
- Local authorities
- Health organisations
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
4.5 Our NHS services
We share your data across NHS organisations involved in your care if you choose to use our NHS solution. The organisations include GPs, Hospitals, Pharmacies, Urgent care, Accident and Emergencies and Ambulance services.
Our solution is integrated with existing NHS solution and we share your data for identification and to share medical and health details.
If you are a resident in a nursing and care home, we share your data with your resident care organisation for identification and to share health information with your NHS care provider.
Online and Video Consultations
NHS Organisations offer Online and Video Consultations services through Ouris platform. Ouris health has gone through all stringent assessment, scrutiny and achieved standard to provide this service. NHS England along with NHS Organisations ( GP Practices, NHS Trusts ) act as a joint controller for this system. Your NHS Organisation remain responsible for your data and will ensure that any data you provide to use this service is used only for specific contracted NHS services.
Ouris Health acts as a Data processor of your personal data under GDPR providing service to NHS Organisations.
What Additional Data we collect
We collect the listed data in paragraph (2) for registered Ouris health users. For NHS guest users we process your ID Details to NHS organisations to conduct the consultation by verifying your Identity to provide the service securely and confidentially. This ID Information is deleted at the end of the consultation.
4.6 Summary Care Records
These records are patient information records received from your GP and NHS records. These are viewed only by authorised staff involved in your direct health care. If you do not wish to share you can opt own by contacting your GP or NHS Organisation or remove the link from your linked practices and to fill an opt out form at your GP practice.
We may keep or share information about you if we need to :
- Comply with a law, regulation, legal process, or government request
- State our legal rights or defend against legal claims
- Stop, find, or investigate illegal activity, fraud, abuse, breaking our terms, or threats to the security of our services or the physical safety of anyone
5. HOW LONG WE KEEP YOUR DATA
We will only retain your personal data in line with the UK Electronic Health data guidelines, for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Your Information and How long we keep it (its 'retention period')
- Health Records – NHS - This includes medical records, consultations with GPs and Health Diary interactions.Video and Consultations , Voice or audio Consultations ,Health Diary – NHS Entries . We keep your NHS medical records for the period of NHS contract and transfer to the new contact holder or to the supplier of GP records for the services or transfer to Local NHS digital team . We do not hold any NHS records after the end of the NHS contract period.
- Private Health care records for health care professionals using Ouris Health for private practice -Your private health care details are retained for the duration of your usage of the solution.
- Health care professionals – Access to the solution will be blocked on non-payment of subscriptions and hard delete after 60 days of non-payment
- Patients and General users -When the account is unused over a 60-day period , the account will be blocked and after 30 days they are archived for a period of 12 months and if unused they are deleted permanently .
- Communications with support teams, including phone calls, emails, and live chats - 1 year after the end of NHS contract .
6. Your Rights
You are in control of your personal information. Under data protection law, you have the right to:
- Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:
- Going to APP,Setting, Change Privacy settings
- Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. See: how long we keep your data.
- Ask us to correct information that is wrong, delete it, or ask that we only use it for certain purposes. There might be times when we are not able to help, like if the law or our medical obligations say we cannot.
- Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
To do any of these things, please contact us at:
Data Protection Officer
Suite 201, 5300 Lakeside
Cheadle Royal Business Park
Or mail to DPO@ourishealth.com
We will ask you for a proof of identity. Data protection laws give us one month to get back to you.
We are regulated by the Information Commissioner's Office (ICO). If you are not happy with any aspect of our data handling, you can complain to the ICO directly.
You can contact them at:
Information Commissioner's Office
Phone: 0303 123 1113
7. THIRD PARTY LINKS
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
If you do not agree to the changes, then you can stop using our services at any time.
Last updated March 2022