Medic Bleep regard your privacy and the handling of your personal data with the utmost importance. This Policy details how we collect, use and securely store any personal data submitted to us through use of our site https://medicbleep.com (our Site) and the Application.
Below is also an explanation of the various rights you can exercise as a data subject, as well as to how you can exercise those rights.
For the purposes of this Policy, MEDIC CREATIONS LIMITED (us, we, or our) is the data controller and operates the Medic Bleep Application and Site.
Our registered office address is: Oakdale, Royal Oak Hill, Christchurch, Newport, Wales NP18 1JF.
Our company number is: 09452339
Our ICO registration is: ZA234286
Our users (User)
We process your user data on the legal basis of explicit consent.
We process your data on the legal basis of explicit consent.
Where a contract has been signed, we process your data on the legal basis of contract.
We process your data, your name, email that you enter and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, on the basis of explicit consent.
User provided case information and Patient Data
When you use the Application, you will have the ability to upload and share with your colleagues' messages, information and images, audio and visual, including information and images regarding specific patient cases (Patient Data)
This Patient Data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
It should be noted that for patient’s data we are the processor and not the controller. Any queries in relation to patient data should be addressed to the hospitals/trusts as they remain the controllers of patient data.
Giving your explicit consent for us to process your data does not affect your rights. Details of your rights and our data retention periods are further explained below in this Policy.
For all individuals, users and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing email@example.com It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.
Providing us with your personal data is a requirement of using the Application. This is because your personal data is required to confirm your identity as a user, to maintain accurate clinical records for your patients or clients, and to identify you to other users who may need to contact you.
When you register with us and use the Application, you will need to provide us with certain personal data that can be used to contact you or identify you and this includes:
In order to use Medic Bleep on a device, certain permissions in the Operating System are required for the safe operation of our software. These include the use of following permissions must be enabled on your device:
Your location data will only be used to trigger geo-fencing rules to remind you to update your availability status within Medic Bleep (when arriving and leaving one or more designated sites). This location data will be collectedused both when the app is open on your device and in background mode (minimised) but will not be stored and/or retained within the app or on our servers for any other purpose. It is not possible for you or any other user of Medic Bleep to access or view your location data, either in realtime or historically.
Your password is cryptographically hashed.
We will also obtain personal information you provide when you contact us for any other reason by any medium, for example to send us feedback or report a problem with the Application.
You will also be asked to provide us with information verifying you are a licensed healthcare professional, which we will cross-reference with publicly available data to ensure that you actually are a licensed healthcare professional.
We collect and hold this information for the purpose of administering your use of the Application. We may also use this information to:
• Maintain and improve the Application;
• Contact individuals for the purposes of preventing or addressing service, security or technical issues; and
• To answer queries from users directly.
We may also collect information from individuals, users and non-users, who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.
When you access the Application, we may collect certain information automatically such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system and information about the way you use the Application in order to improve the Application and deliver the services.
All information of this type stored on our servers will not be accessible by third parties. We do not collect user level search activity or viewing activity. This is only compiled at an aggregate in order to help us better understand how users are using the Application so that we can optimize your experiences.
We do not share your information with anyone outside Medic Creations Limited without your express permission to do so.
Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales or other commercial uses without express permission.
We may disclose information to third parties where it is necessary, such as where there is a legal obligation, for the purposes of the prevention and/or detection of fraud or crime or where permitted under data protection legislation.
Medic Creations Limited has appointed Matthew Shakesheff as the Data Protection Officer (DPO). Should you need to contact Medic Creation Limited’s DPO directly, you can do so by email: firstname.lastname@example.org.
Where you communicate to us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.
Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server.
You can also manually delete cookie files from your computer at your discretion. Note that if you decline our cookies or ask for notification each time a cookie is being sent, this may affect your ease of use of our site.
We will disclose User provided personal data and automatically collected information as described above only in the following circumstances:
• to the other members of your team who have downloaded the Application (User-provided information only);
• as required by law, such as to comply with a summons, court order or similar legal or statutory process;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement; and
• if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
We will not retain your personal data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We store all clinically related data, including messages, tasks, patient details and time/date/user ID stamps for seven years. It is important that as part of the service of the Application we maintain accurate clinical records, for the purposes of any audit or legal enquiry.
Under the General Data Protection Regulation (GDPR), data subjects whose data is processed by Medic Creations Limited are entitled to exercise certain rights against their personal data. These rights are designed to put Data Subjects in the driving seat when it comes to how their personal data is handled by organisations. These include:
• The right to be informed
Medic Creations Limited are obliged to ensure that any communications regarding our data processing activities between ourselves and any Data Subjects is provided is a clear and transparent manner. This is provided by this Policy.
• The right of access
You are entitled to request a copy of the all personal data currently held on you as well as the following information about your data:
• The right to rectification
If you believe the personal data we hold on you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with the right to restrict processing to ensure that any inaccurate or incomplete data is not processed until corrected.
• The right to erasure (right to be forgotten)
You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:
• The right to restrict processing
As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:
• The right to data portability
You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:
• The right to object
You may exercise the right to object in instances where:
You may request to exercise any of the above rights, free of charge by contacting email@example.com
Any data subject request will be responded to within one month, however we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will inform you if an administrative charge is being applied before fulfilling your request, so you can decide whether or not to proceed. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.
Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you. Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).
We reserve the right to make changes to this Policy at any time without prior consultation. Any changes to this Policy will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Policy, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.