Why are we providing this privacy notice?

 

We understand that when you provide your personal data to us, we must look after it and keep your personal data safe and secure. We respect the data protection laws in the UK and EU, and this Privacy Notice tells you information about your personal data that we collect and use in our company, how it is being collected, what allows us to do this (called the legal bases), how long we are keeping it and it tells you about your rights. This privacy notice applies to our software systems and applications, our website, and the services that we provide.

​

The data protection laws are the EU General Data Protection Regulation and the UK General Data Protection Regulation (collectively referred to here as ‘GDPR’) and the UK Data Protection Act 2018 (‘DPA18’).

​

Who are we and how do you contact us?

 

We are a company based in the UK called SmartLife Health Ltd (Company Registration No. 14983547). SmartLife Health provides a range of modular applications and services for use in a clinical environment, inclusive of but not limited to hospitals, general practices or other community providers.

​

Where we provide these applications or services and we require certain information to help us form a contract, or where we are running our own business, we are the ‘Controller’ (or ‘Data Controller’) of your personal data. This means we are responsible for collecting, storing, and handling your personal information when you enquire and/or register for any of our services.

​

Where we are processing personal data of another organisation’s patients, we are known as a ‘Data Processor’ and we have contracts in place with those organisations.

​

If you are unclear about how we process or use your personal information, or you have any questions about this Privacy Notice or any other issue regarding your personal information, then please do contact our Data Protection Officer (details below).

​

Data Protection Officer

Address: SmartLife Health, Elers Road Clinic, Elers Road, Hayes UB3 1NY

Email: DPO@smartlifehealth.co.uk

​

Information we collect from you

 

We collect personal data about you when you use our website (for example, when you contact us with a query or download a report) or when you email us directly. For this the personal data is generally:

• Your contact details (such as your name, job title, place of work, telephone number, and email address);

• The reason for your enquiry; and

• Which website pages you have visited and when.

If you decide to use any of our application modules or services then we will collect different personal data depending on which application module or service you are using.

 

For patients who use the SmartLife App, we will collect their Name, DOB, their NHS Number and a unique login and password. This app will display certain information from their medical records to them and facilitate a number of key tasks.

​

For other application modules or services, we will temporarily collect personal data of patients and clinicians when we are processing this before providing the completed task to the Practice or health setting.

​

We will collect and use anonymised and/or pseudonymised information from a practice or health setting’s own system when we integrate our application modules with that system for auditing, monitoring and quality improvement purposes. As this is anonymised or pseudonymised, we do not hold or process identifiable patient data. Where we collect pseudonymised data which can only be matched to an individual by the health setting or practice, this may include the following:

• Emis number;

• Age of patient;

• Gender;

• The first part of postcode (e.g. UB3 XXX);

• Usual GP initials;

• Coded Medical history (including event date, code and associated free text);

• Medication type (including brand), quantity and issue date(s);

• Recent investigations values (e.g. blood test results, spirometry);

• Hospital outpatient (department and date); and

• Count of appointments or consultations.

​

Information about you from others

 

We collect personal data about you from others where they are making a recommendation or where you have provided consent to a third party to contact us and share your personal data. A third party may share your personal data with us and they should obtain your consent to do so.

​

What allows us to collect your personal data – the lawful (legal) bases

 

We have obligations and specific requirements for processing of personal data to enable us to provide services. These obligations form what are known as the lawful or legal bases for the processing under GDPR.

Where a patient registers and uses the SmartLife App the lawful basis that applies is:

• You have provided consent to the processing for the purpose or reason we have described (article 6(1)(a) of GDPR).

 

The specific lawful bases that apply to the processing of patient’s personal data are:

• We are required to perform a public task carried out in the public interest (article 6(1)(e) of GDPR);

• The personal data is necessary for the performance of a contract directly with you to provide the specific service such as a consultation (article 6(1)(b) of GDPR);

• The processing is necessary for the purpose of preventative medicine, the provision of health care and the treatment or management of health care systems and services (article 9(2)(h) of GDPR);

 

For Practices or health settings who take out a contract with us, the legal (lawful) basis is:

• The data is necessary for the performance of a contract and to take the steps necessary to enter a contract with you (article 6(1)(b) of GDPR).

 

We do have a Legitimate interest to collect certain personal data to enable us to provide some services, enable our website to work and operate our business interest. This also applies to analysis of the app usage (article 6(1)(f) of GDPR), except where your rights override these legitimate interests.

​

How we use the information about you

 

We will use personal data to:

• Inform you, if requested, of specific patients suitable for medical record review (we do not have the ability to match the patient).

• Understand coding patterns to help improve the accuracy of future searches.

• Understand trends in patients’ journey for optimal care.

• We would like to keep in touch with you about the latest research, best practice, and innovations in analytics technology. We design our content to share skills and support you in your role.

• You are using the SmartLife App as a patient and we need to ensure that we display the correct patient’s data and medical records.

 

We may use your information to:

• Personalise and tailor educational and skills share content;

• Invite you to upcoming events that may interest you;

• Ask for your feedback on any SmartLife Health Application modules and services you are using;

• Notify you of changes to our services.

​

How long we keep your personal information

 

We will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice.

Although we do not intend to keep any patient data, if we are asked to keep it, this will be in line with the Records Management Code of Practice for Health and Social Care 2021. We delete personal data sooner if we are told that the conditions in GDPR that allowed us to keep it, no longer apply.

 

Where you are a patient using the SmartLife app, we will provide links to your Practice’s systems to enable you to view your data. We will need to keep your App registration details for as long as you are using the app and are registered with us. If you withdraw your consent, we will delete your data immediately, unless we are obliged to keep it longer.

If you decide to discontinue using any of SmartLife Health Application modules or services, we will keep your information for up to six years after you leave us to enable us to comply with contract law.

 

For HMRC (Tax) purposes and financial records, we are required to keep financial data for 6 years after the end of the current financial year, after which time it will be destroyed.

 

If you have consented to your information being used for marketing purposes, it will be kept until you inform us that you no longer wish to receive this marketing.

 

You can find out more about how long we keep it in our retention schedule by contacting us.

​

How we store your data and security

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. All personal data is processed within the UK. We use secure electronic storage facilities that meet all industry standards.

Transfers of personal data are undertaken using all available and reasonable technical and organisational measures. We regularly review these measures and our processes and systems to ensure they comply.

​

​Sharing your data

 

We do not allow third parties to have access to your personal data unless we are required to share your data with them by law or we are ordered to do so by a Court.

 

If we have a technical problem, we may need to allow access to our systems by our technical support team who work within our confidentiality policies, and we restrict access to a ‘need to know’ basis to enable them to resolve the technical issues only.

​

Overseas Transfers

 

We do not intend to transfer your personal data to third countries outside of the EU. If we do have to, for example, to obtain technical support, we will ensure that we have all appropriate security and safeguards in place as required by the data protection laws in the UK and EU, and in line with our obligations as a responsible Data Processor or Controller of your personal data.

 

If we are required to transfer your personal data to countries outside the EU, we will only do this if that country has an adequate level of protection for personal data, or we have appropriate International Data Transfer Agreements and Clauses in place as these provide similar protections.

​

Automated decision making

 

For some services such as Smart SearchesTM, we make automated decisions on your data using an algorithm within this application module. This informs the practice or health setting about patients who may be identified with long term health conditions such as Asthma.

​

If you are a patient, you have a right to ask for a person to be involved in the decision if you are not happy with the outcome and you should contact your practice or health setting to discuss this further.

​

What are your rights?

 

You have a number of rights relating to the processing of your personal data.

• A right to be informed – This privacy notice fulfils that right.

• A right of access to your personal data held by us, also called a Subject Access Request.

• A right to rectify any personal data held by us that you believe is incorrect.

• A right to erase any personal data that we no longer have a legitimate purpose to process (right to be forgotten).

• A right to restrict the processing of your personal data subject to certain conditions and obligations.

• A right of access to a machine-readable version of your data (data portability). There are conditions that apply to this right, but we will endeavour to give you a portable version of any of your data where possible.

• A right to object to us processing any of your data that we do not have a legal or contractual obligation to process.

• Rights linked to automated decisions or profiling involving your data.

 

You should contact us at DPO@smartlifehealth.co.uk or write to us at our London address if you wish to exercise these rights.

 

Where you have provided personal data with consent, you can withdraw this consent at any time. This may mean that we are unable to provide all services to you or your GP. We recommend speaking to your GP first. If you wish to do this, please send an email to DPO@smartlifehealth.co.uk with the subject “withdraw consent”.

 

More information on your rights can be found on the Information Commissioner’s website at www.ico.org.uk.

​

Complaints

 

If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, then please contact our Data Protection Officer who will investigate the matter.

 

If you are not satisfied with our response, or believe we are processing your personal data in a way that is not in line with the legislation, you have a right to raise a complaint with the Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone 0303 123 1113 (local rate) or by completing their online form at https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.

​

Changes to Our Privacy Notice

 

We review and update our Privacy Notice, especially where there is a change in the legislation. We recommend that you visit this page periodically to read any updates. This Privacy Notice was last updated in February 2024.