Docobo Privacy Statement

Version 5.0

Your privacy is very important to DOCOBO and we understand how important it is to you. This page describes our privacy policy and how it applies to all information gathered by DOCOBO via any of our websites or any service provided by DOCOBO using mobile communication technology.

It does not cover all sites that can be accessed from DOCOBO websites and applications, so you should always be aware when you are moving to another site and ensure you read the privacy statement for that site.

Please review this privacy statement carefully. Your use of this website, mobile site or mobile application constitutes your agreement to this privacy statement. If you cannot agree with all these terms, please exit the website, mobile site, or mobile application.

This privacy statement applies to all DOCOBO websites and applications.

REGULATORY COMPLIANCE

  • Data Protection Act (DPA 2018) and the UK General Data Protection Regulations (UK GDPR)
  • ISO 27001 Certified for Information Security
  • NHS Data & Security Protection (DSP) Toolkit – Staff are annually IG tested for DSP
  • ISO 13485 Certified – the medical device quality standard
  • Cyber Security Essentials Plus certified, which includes annual penetration testing
  • Docobo can provide a DCB0129 compliant set of documents for any NHS project requiring
    DCB0160.

WHAT INFORMATION DO WE COLLECT?

Personal Data

DOCOBO stores Personal Identifiable Information (PII, sometimes known as PID) (such as, name, date of birth, address, email address) as well as Confidential Patient Information (CPI) (sensitive information that includes PII, such as your health records). Clinical data may be requested by way of data entry into
a device or website or via a connected monitoring devices such as Bluetooth enabled thermometer or blood pressure cuff.

By entering your details, you enable DOCOBO to provide NHS England and its service providers with the data required for their services. Any information you provide to DOCOBO will only be used by us, NHS England, and their service providers. It will not be disclosed to any other party unless we are required to do so by law.

Usage Data

Usage data is collected automatically when using the service. Usage data may include information such as your device’s Internet Protocol (IP) address, browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

YOUR DATA

HOW DO WE PROTECT YOUR INFORMATION?

Where Docobo process personal data, this is done in compliance with the UK-GDPR principles on processing of personal data. That means it is:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and, where necessary, kept up to date
  • kept in a form which permits identification of data subjects for no longer than is necessary
  • processed in a manner that ensures appropriate security of the personal data
  • right to access requests are complied with and right to be forgotten procedures are
    embedded into the telehealth server’s data retention system.

We implement a variety of security measures to maintain the integrity, safety, and confidentiality of your information. All information supplied by you is encrypted before being stored locally on your device and then transmitted and stored on encrypted storage on secure servers inside the NHS HSCN
network.

Transmitted data uses Secure Socket Layer (SSL) technology using Transport Layer Security (TLS) to safeguard your data and keep strict security standards and access rights to prevent any unauthorised access to it. DOCOBO secure telehealth servers have security measures in place to protect the loss and alteration of information under our control.

We do not pass on your details to any other third party or any other government departments.

HOW DO WE USE YOUR INFORMATION?

Your personal data gathered through the telehealth service forms part of your healthcare record and as such is only made available to your NHS Healthcare provider once clearly define data usage and sharing agreements are in place. Information can be recalled by your NHS healthcare provider if such information is required for your future health management needs.

Once the purpose has been met and when your NHS service provider no longer provides the service, your personal information is anonymised. The data is then maintained indefinitely on a secure server within the NHS secure Health and Social Care Network (HSCN); this is the private wide area network
for use exclusively by the NHS and its service providers, the HSCN may be made available for clinical research and to help improve the effectiveness and efficiencies of telehealth clinical programmes that form the basis of telehealth remote monitoring services provided by your healthcare provider.

Your usage data may be used for such purposes as data analysis, crash diagnostics, identifying usage trends and to evaluate and improve our products and services.

USE OF COOKIES

When we provide services, it is important that they should be easy, useful, and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, such as computer or mobile phone.

DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?

We do not sell, trade, or otherwise transfer to outside parties, any of your sensitive or confidential information or personal identifiable details.

Your personal data is used exclusively by your trusted health care provider who uses the system to manage and monitor your care. The information you provide is strictly used only for the management and monitoring of your health care and wellbeing.

YOUR CONSENT

Access to DOCOBO applications and services is limited to authorised users only. Legal action can be taken against unauthorised use of, or unauthorised access to, this application or service and/or any information it contains, including pursuant to the Computer Misuse Act 1990. If you are an authorised user, by proceeding to access and use this application or service and/or the information it contains, you are accepting any terms of use, notices and policies which are contained or referenced herein, or which have otherwise been drawn to your attention as an authorised user.

CHANGES TO OUR POLICY

If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

CONTACTING DOCOBO

If you have any questions about this policy, our terms and conditions, or the practices of this website, mobile site, or applications; if you consider there has been a data breach; wish to request a full copy of the data held about you; or wish to report any other issue, please contact us at:

Docobo Limited
The Old Granary, 21 High Street
Bookham, Surrey
KT23 4AA UK
Tel: +44 (0)1372 899031
technicalsupport@docobo.co.uk