PRIVACY POLICY

At smart Scripts we take the security of personal information seriously. We use firewalls and Secure Socket Layers to safeguard information and have procedures in place to ensure that our computer systems and databases are protected against unauthorised disclosure, use, loss and damage.

We fully respect your privacy and we will not collect any personal information on this website without your consent. It is our priority to protect your data. This is why we have taken the time to describe our information handling practices in detail. Please take the time to review this document, if you find any thing that is not clear, please feel free to contact us at info@smartscripts.today

 

Who is responsible for your Personal Data?

For the purposes of the GDPR, in circumstances where you, supply Personal Data to us and which we will collect from you, smartScripts will be the Data Controller with regard to such Personal Data.

In particular, we have appointed a Data Protection Officer (“DPO”) within smartScripts to monitor compliance with our data protection obligations and with this Privacy Policy and related policies. If you have any questions about this policy or about our data protection compliance please contact us.

 

Where the Doctor acts as the Data Controller and smartScript as the Data Processor

In cases where the Doctor is processing Patient Data, they act in full compliance with data protection laws.

As a Data Processor, we will:

•Ensure that we have in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Patient Data and against accidental loss or destruction of, or damage to, Patient Data, as are appropriate;
•Ensure that our staff who have access to and/or process Patient Data are obliged to keep the Patient Data confidential
•Notify the appropriate body without undue delay on becoming aware of a Personal Data breach;
•Maintain complete and accurate records and information to demonstrate our compliance with these obligations.

 

Personal Information we collect

 

Information you provide

We collect personal information from you when you apply for one of the services which we offer via an online questionnaire, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so th at our medical team can make an clinical decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required.

When you purchase a service from us we collect information that includes your payment information, such as your credit or debit card details and other account and authentication information. Any credit card information you provide is collected and processed directly by our payment processor, which is currently Stripe. We will never receive or store your credit card information on our servers. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS). You can view the Stripe Privacy Policy here https://stripe.com/us/checkout/legal.

 

Use of Personal Information

We use your personal information (subject to your consent choices) as described below and to provide and support the services described in the smartScripts terms and conditions.

 

Provide you with our service

We use the information you provide as part of your online consultation so that our medical team can make an clinical decision if the service (treatment) is safe and suitable for you.

The questions that are asked are based on the latest medical standards both nationally and internationally. The questions are reviewed and updated regularly by our clinical leadership team.

We use the information you provide as input into our clinical decision support system to assist our medical personnel in the decision making process. It should be noted that the decision to determine if the service and associated treatment is safe and suitable for you is decided by our medical team.

 

Communicate with you

We use the contact details you provide to alert you of a new message from your doctor or care team. All communication with our team relating to your consultation is via an encrypted email server or by telephone.

If we need to contact you urgently or you are not responding to email we may use other means such as SMS or telephone calls to contact you regarding your online consultation. When you contact us, we use this information to respond to you. This may be via, telephone, emai, SMS or post.

 

Marketing

If you consent to marketing, we use your information to keep you informed about our service (such as when we release new services or products or run special offers), services you are interested in, general health topics and about exclusive offers. We only contact you with these offers a few times a year and you can always opt-out if you change your mind at any time.

 

Research and Development

To improve our service and help us make better decisions, we analyse personal data to find improvements and make clinicians aware of risks.

We may from time to time publish anonymised research on aggregate data (you will never be identifiable as we will remove all identity information).

 

How long do we hold your data (Data Retention Policy)

We store data until it is no longer necessary to provide our services, comply with legislation /guidelines, or until your account is deleted. If you have been treated by our medical personnel we will retain your data for a minimum period based legislation.

 

Who has access to the information we collect?

We do not share your identifiable personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations.

 

smartScripts team

The sha ring of information within the smartScripts team is on a need – to – know basis, depending on the role the member of staff has in your care.

All our staff are bound by confidentiality clause in their contracts. Also, under Medical Council guidance, it is a condition of registration to abide by the guidance set out by the Medical Council, which includes a requirement to respect patient confidentiality.

 

Disclosure with your consent

Disclosure can be made with your explicit consent. This could be a request from an Insurance company, employer or legal proceedings request but any disclosure must be with, and limited to, the authority provided by you. If this is not forthcoming, no information will be provided.

 

Disclosure without your consent

Disclosure can be made without your consent in two instances:

•If the disclosure is required by law. For example, when ordered by a judge in a court of law, or by a tribunal or body established by an Act of the Oireachtas.
•If the disclosure is in the public interest. For example, where mandated by infectious disease regulations, or there is a threat of serious harm to yourself or others.

 

Third Party Services

We require a number of third parties to deliver our service. Without these, we cannot provide you

with a service. These include all the companies and services listed:

 

Name

Service

Data Controller/ Data Processor

Description

Privacy URL

Amazon
Amazon Web
Services (AWS
Data Processor
Cloud based hosting and services
https://aws.amazon.com/privacy/
google Google Analytics Data Processor
User analytics tracking
https://policies.google.com/privacy
Stripe Stripe
Data Controller and
Processor
Online payment processing
https://stripe.com/ie/privacy
HealthMail
HealthMail
secure email
Data Controller Secure Email https://www.healthmail.ie/privacy.cfm

 

In line with the Data Protection Acts, you have the right of access to any personal information about you and can request this information from smartScripts at any time.

You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request (this must include a copy of identification such as a driver’s licence or passport, this is to make sure that your personal information is only updated by you)

Subject access requests must be made in writing and include a copy of identification (such as driver licence or passport, this is to make sure that your personal information is not given to the wrong person) and must be addressed to the Data Protection Officer (see below). All access requests wi ll be processed within one month on receipt of the access request.

 

For what purposes do we process your Personal Data and what is our legal basis?

We have set out below the categories of date required and a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so.

In order to provide you with a service we collect the following information:

(a) Identity
(b) Contact
(c) Technical
(d) Marketing and Communications
(e) Usage

The above categories of data are necessary for our legitimate interests (to develop our products/services and grow our business.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you.

We have considered whether there are other less intrusive means to reach the purposes identified above while still serving the legitimate interests identified.

Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to you on how your personal data will be used how you can exercise your rights to obtain a copy of your personal data, it corrected or restricted, object to it being processed, and c omplain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not override your interests, fundamental rights and freedoms.

We use cookies to facilitate the use of our website. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

 

Do we share your Personal Data with anyone else?

We may share your Personal Data with the following parties in connection with our processing of your

Personal Data:

Third Party/Reason for sharing data

 

Amazon hosts our cloud storage system. We store our backups on the cloud and so your personal details will be stored on our secure cloud storage system.

In rare circumstances, we may be obliged to disclose Personal Data if disclosure is required to comply with the law

In the event that you wish to make a complaint about how your Personal Data is being processed by smartScripts, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:

Contact: Data Protection Commissioner

 

Telephone: +353 57 8684800/+353 761 104 800

 

Post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois

 

Contact Us

You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below:

Contact: Data protection officer
Email: info@smartscripts.today

 

Updates to this Privacy Policy

Our Privacy Policy may change from time to time, and any changes to this Privacy Policy will be posted on the website and will be effective when posted. As your use of the smartScripts website is subject to your acceptance of this Privacy Policy, and any amendments thereto, please check back regularly.

 

Copyright Healthcare Now Limited 2020