At smartScripts we take the security of personal information seriously. We use firewalls and Secure Socket Layers to safeguard information and have procedures in place to ensure that our computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
It is our priority to protect your data. This is why we have taken the time to describe our information handling practices in detail. Please take the time to review this document, if you find anything that is not clear, please feel free to contact us at firstname.lastname@example.org
Who is responsible for your Personal Data?
For the purposes of the GDPR, in circumstances where you, supply Personal Data to us and which we will collect from you, smartScripts will be the Data Controller with regard to such Personal Data.
Where the Doctor acts as the Data Controller and smartScript as the Data Processor
In cases where the Doctor is processing Patient Data, they act in full compliance with data protection laws.
As a Data Processor, we will:
•Ensure that our staff who have access to and/or process Patient Data are obliged to keep the Patient Data confidential
•Notify the appropriate body without undue delay on becoming aware of a Personal Data breach;
•Maintain complete and accurate records and information to demonstrate our compliance with these obligations.
Personal Information we collect
Information you provide
We collect personal information from you when you apply for one of the services which we offer via an online questionnaire, a telephone call, an email or other means. It is necessary for us to collect sensitive data (such as medical information) relating to you so our medical team can make an clinical decision if the service (and treatment) is safe and suitable for you. We collect your email and mobile number so that our team can contact you if required.
Use of Personal Information
We use your personal information (subject to your consent choices) as described below and to provide and support the services described in the smartScripts terms and conditions.
Provide you with our service
We use the information you provide as part of your online consultation so that our medical team can make an clinical decision if the service (treatment) is safe and suitable for you.
The questions that are asked are based on the latest medical standards both nationally and internationally. The questions are reviewed and updated regularly by our clinical leadership team.
We use the information you provide as input into our clinical decision support system to assist our medical personnel in the decision making process. It should be noted that the decision to determine if the service and associated treatment is safe and suitable for you is decided by our medical team.
Communicate with you
We use the contact details you provide to alert you of a new message from your doctor or smartSquad. All communication with our team relating to your consultation is via an encrypted email server or by telephone.
If we need to contact you urgently or you are not responding to email we may use other means such as SMS or telephone calls to contact you regarding your online consultation. When you contact us, we use this information to respond to you.
If you consent to marketing, we use your information to keep you informed about our service (such as when we release new services or products or run special offers), services you are interested in, general health topics and about exclusive offers. We only contact you with these offers a few times a year and you can always opt-out if you change your mind at any time.
Research and Development
To improve our service and help us make better decisions, we analyse personal data to find improvements and make clinicians aware of risks.
We may from time to time publish anonymised research on aggregate data (you will never be identifiable as we will remove all identity information).
How long do we hold your data (Data Retention Policy)
We store data until it is no longer necessary to provide our services, comply with legislation /guidelines, or until your account is deleted. If you have been treated by our medical personnel we will retain your data for a minimum period based legislation.
Who has access to the information we collect?
We do not share your identifiable personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations.
Disclosure with your consent
Disclosure can be made with your explicit consent. This could be a request from an Insurance company, employer or legal proceedings request but any disclosure must be with, and limited to, the authority provided by you. If this is not forthcoming, no information will be provided.
Disclosure without your consent
Disclosure can be made without your consent in two instances:
•If the disclosure is in the public interest. For example, where mandated by infectious disease regulations, or there is a threat of serious harm to yourself or others.
Third Party Services
We require a number of third parties to deliver our service. Without these, we cannot provide you with a service. These include all the companies and services listed:
Data Controller/ Data Processor
|Amazon||Amazon Web Services||Data Processor|
|Stripe||Stripe||Data Controller and Processor|
|HealthMail||HealthMail secure email||Data Controller|
In line with the Data Protection Acts, you have the right of access to any personal information about you and can request this information from smartScripts at any time.
You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request (this must include a copy of identification such as a driver’s licence or passport, this is to make sure that your personal information is only updated by you).
Subject access requests must be made in writing and include a copy of identification (such as driver licence or passport, this is to make sure that your personal information is not given to the wrong person) and must be addressed to the Data Protection Officer (see below). All access requests wi ll be processed within one month on receipt of the access request.
For what purposes do we process your Personal Data and what is our legal basis?
We have set out below the categories of date required and a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so.
In order to provide you with a service we collect the following information:
(d) Marketing and Communications
The above categories of data are necessary for our legitimate interests (to develop our products/services and grow our business.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you.
We have considered whether there are other less intrusive means to reach the purposes identified above while still serving the legitimate interests identified.
Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to you on how your personal data will be used how you can exercise your rights to obtain a copy of your personal data, it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not override your interests, fundamental rights and freedoms.