Who we are?
MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the My Diabetes My Way (MDMW) service outside Scotland. We process data on behalf of the Data Controller in your region. (For more information search for “ICO definition of data controller")
What data do we collect?
We collect demographic and medical data relating to your diabetes condition, eg: name; address; contact details; IP address; date of birth; height; weight; GP practice; type of diabetes; blood pressure; laboratory test results; smoking status; eye and foot screening info; goals; appointment data; and medication. We store any data input by you (eg: blood glucose readings). In addition, general auditable information and bug reporting data are also collected to help improve the service we offer.
How do we collect your data?
We collect data and process data when you register online for any of our products or services and use or view our website via your browser's cookies. We collect data from primary care systems, and the systems your GP practice uses, relating to your diabetes. We track your progress through educational resources, available on our website. Data may also be collected via a customer survey or from feedback. And we may also monitor how you use the site.
With your explicit consent, in using any of our products and services, you are opting-in and agreeing to automated data collection from healthcare systems and other third parties.
MWDH Ltd may also receive your data indirectly from NHS systems and from third-party systems (e.g. blood glucose data from your monitor or tracker)
Any data you input directly into the website or app will contribute to the care record you can access on your device. Please note, this data is not currently shared with your healthcare team and you should not assume your healthcare team will be aware of any manual data inputs.
How will we use or share your data?
The MDMW service focusses on holistic diabetes management. It is only available to patients that have given their explicit consent. We collect data in order to manage your account, giving you: secure access to your medical records; access to tailored education resources; and in some cases, the ability to upload results. Visitors to the public site (who have not logged in), have data stored on the system, however, we do log the IP address of everyone who visits the site.
The website, and/or App, does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.
We collect and process information about you only where we have a legal basis for doing so under applicable EU/UK laws. The legal basis depends on the services you use and how you use them. This means we collect and share information for the following purposes:
- to provide the services and to protect the safety & security of the services. For example, we send some data you provide to NHS systems as part of your health record or verification step when first registering. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.
- if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
- for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
- to protect your vital interests or to protect a public interest. For example, we share your data with healthcare professionals and feedback into local healthcare teams (eg: to improve structured education) and anonymised data may be used for regional and national quality reporting.
The service does not involve any automated decision making (eg: profiling) however it will tailor lifestyle and education recommendations, based on your data profile (eg: type of diabetes, medications). We intend to expand on clinical decision support functionality in the near future and will update this policy accordingly.
How do we store data?
We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable Tier III hosting provider. Our current provider is ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.
Data storage is on your local device unless you manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.
We will retain data for as long as the service, in your area, is being funded. Upon termination of funding, all data will be securely and completely destroyed. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.
MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority (in the UK, this is the ICO) within 72 hours. If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for the management of security incidents and breach monitoring are in place.
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to:
- the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
- the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
- the right to erasure – you have the right to request that we erase your personal data, under certain conditions.
- the right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
- the right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
- the right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org or by using the 'Contact Us' form on the My Diabetes My Way Somerset website. Note exercising these rights relates to the data retained or processed by MWDH only. For detailed data protection queries, you may be directed to your GP practice or your local data controller.
If you wish to opt-out of the MDMW service or unsubscribe from our Newsletter, please notify us via the Contact Us form and your information will be promptly and securely removed from our system.
What Are Cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
- Keeping you signed in
- Understanding how you use our website
- Auditable activity (in addition, please see the Third-Party Cookies section below)
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses
- Forms related cookies - when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
A mix of first-party and third-party cookies are used.
How to manage your cookies
You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or 'break' certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.
- This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
If you are unsure whether you need cookies or not it's usually safer to leave them enabled in case it does interact with one of the features, you use on our site. This Cookies Policy was created with the help of the GDPR Cookies Policy Generator.
How to Contact us?
MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to the Data Protection Officer in your region.
Any clinical questions must be directed to your local healthcare team.
How to Contact the appropriate authorities?
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.