Here at Perci Health (“Perci”, “we”, “us” or “our”), we take the privacy and security of your (the “user”, “you” or “your”) Personal Data very seriously.
This Policy applies to the use of the Perci platform (the “Platform”) located at www.percihealth.com. The Platform is not intended for children, defined as anybody under the age of 18, and we do not knowingly collect data relating to children.
This Policy supplements other Perci notices and policies and is not intended to override them.
2. Who We Are
Perci is a limited company registered with Companies House in England as Perci Health Ltd under company number 12402935. Our registered address is Wellers Accountants, 1 Vincent Square, London, United Kingdom, SW1P 2PN.
We are the controller of your Personal Data. This means that we are responsible for what happens to any data that you share with us, and we are subject to certain legal obligations about how we store it, who we send it to, and what we can lawfully do with it.
Perci has appointed a Data Protection Officer (the “DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
|Title||Data Protection Officer|
|Name||Mr Joe Stock|
|Email Address||[email protected]|
3. The Data We Collect
Your Personal Data is any information about you from which you can be identified. It does not include data from which identifying markers, such as numbers or codes, commonly referred to as anonymised or Aggregated Data (further information in section 4), have been removed.
The table below shows the types of Personal Data we may collect when you visit our Platform.
|Identity Data||First, middle and last name, title, date of birth, sex and gender (if different from sex).|
|Contact Data||Billing address, email address, telephone number and GP details.|
|Transaction Data||Details regarding payments made to or from you, and other details regarding services you have purchased.|
|Technical Data||The internet protocol address you use to access our Platform, your log-in data, browser type and version, location, operating system and device type.|
|Usage Data||Information about how you use our Platform.|
When collecting your Personal Data, we may collect and process Special Category Data relating to you. Special Category Data is Personal Data that is considered especially sensitive. The collection and processing of Special Category Data will depend on the services you engage with. Examples of this type of data are provided in the table below.
|Medical Data||Your medical history, conditions, medications, therapies, and other health-related information.|
|Race or Ethnicity||Collected as part of our clinical assessment, if relevant to your medical history.|
|Sex / Gender||Collected as part of our clinical assessment, if relevant to your medical history.|
|Sexual Health||Collected as part of our clinical assessment, if relevant to your medical history.|
|Disability||Collected as part of our clinical assessment, if relevant to your medical history.|
|Outcome Data||Details about your medically-related and psycho-emotional concerns.|
We may create, use and share Aggregated Data relating to you. Aggregated Data is data that can be created by combining multiple sources of your Personal Data, but is not considered Personal Data by the law as it will not directly or indirectly reveal your identity. For example, we may aggregate Personal Data about the types of Perci services that are seeing greater demand, or the areas of the country where our Platform is most popular. We may also aggregate Personal Data about how the Platform is used (e.g. the percentage of users who access the Platform via an IOS device compared to those who use Android or Windows). We may use this data to inform our marketing and development strategies.
However, if we combine or connect Aggregated Data with your Personal Data in such a way that it can directly or indirectly identify you, we will treat the combined data as Personal Data and use it in accordance with this Policy.
We also collect outcome data. This is data collected through a questionnaire about your responses and progress to the services we provide. The questionnaire we use to collect this data is called MYCaW®. Meaningful Measures Ltd operates the licence for MYCaW® and collects anonymised data from users around the world to create an anonymised database of concerns from those living with and beyond cancer. This data collection helps organisations to better understand how to respond to the needs of those living with and beyond cancer. Perci will fully anonymise your data before securely sending it to Meaningful Measure Ltd. For more information, see the Meaningful Measures Ltd website: www.meaningfulmeasures.co.uk and their datashare policy.
4. How We Collect and Store Your Data
Almost all of the data we collect about you will be provided by you directly (the exception to this will be any data provided about you by one of our healthcare professionals following a consultation), either when you sign-up to access our Platform, or as you use it. Your data is stored locally with Perci, unless manually exported by you from our Platform.
We will also collect technical data relating to you from your browser when you log-in and every time you connect to a consultation. Please note that all of our online video consultation services use secure encryption methods.
5. How We Use Your Personal Data
The law defines how we can use your Personal Data. In line with this, we will most commonly use your Personal Data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have already entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests, and fundamental rights do not override those interests;
- Where we need to comply with a legal obligation; and/or
- Where we feel there is a safeguarding concern or life-threatening situation. Further details on this are available within our Safeguarding Policy, which can be requested by emailing [email protected] at any time.
Where we rely on our own legitimate interests to process your Personal Data, those interests will be:
- To administer and protect our business, including the Platform and its security;
- To understand and measure the effectiveness of our referrals;
- To develop the Platform in accordance with what our clients need; and
- To use data analytics as a way of improving the user experience on our Platform.
To process Special Category Data about you, including your health data, we rely on an exemption in the UK General Data Protection Regulation (GDPR), which allows for the processing of your Personal Data, where necessary, to provide health and care services.
We will also use your Personal Data to send you emails from time to time, giving you details about new features, partners or webinars that we are holding. You can opt out of these emails at any time by clicking on the link at the bottom of the email message.
6. Disclosures of Your Data
Keeping your Personal Data safe is extremely important to us, and we take extra steps to ensure that we do this. One of the steps we take is to encrypt your data using a key that belongs to your account. This means access to your information is on a strict need-to-know basis and only those with a legitimate reason to access your information will do so. We will never sell your Personal Data.
We will only ever disclose necessary updates about your clinical care with third parties that have been nominated by you. These may include your GP, oncologist, other medical referrers, and your medical insurance provider. In line with the Health and Care Professions Council (HCPC) protocols, the only other time details about your clinical care may be disclosed is in exceptional circumstances. This could include situations where there is sufficient evidence to raise serious concerns about your safety, the safety of other persons who may be endangered by your behaviour or the health, welfare or safety of children or vulnerable adults. In such circumstances, we will obtain your consent to disclose your Personal Data, except in situations where we have to communicate with third parties to protect you or another individual as required by the law. If we liaise with third parties, we will only do so in a way whereby the Personal Data being shared is relevant and necessary for the protection of you or someone else.
In very rare circumstances, we may be required to share your Personal Data where legally requested to do so by, for example, a Coroner’s Office or Court of Law.
If your Perci care is sponsored by an employer or insurer, we may be contractually obligated to share some of your data back to them. We will always gain your consent before sharing any personal data with your employer or insurer. Aggregated Data may also be shared with your employer or insurer and this will not require consent to be shared.
Where we share your data with essential suppliers or subcontractors, they will be subject to a contract which imposes strict obligations of confidentiality and compliance with UK data protection laws on them.
Some of our external third-party suppliers and subcontractors are based outside of the UK, so their processing of your personal data will involve a transfer of data outside of the UK. Whenever we need to transfer your Personal Data outside of the UK, we will ensure a similar degree of protection by putting in place a valid legal transfer mechanism, as required under data protection law.
We may also disclose your Personal Data to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may only use your Personal Data in the same way as set out in this Policy.
7. Data Security and Retention
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they will be subject to a duty of confidentiality.
Appropriate procedures are in place to deal with any suspected Personal Data breaches, and we will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a potential for legal action to be raised against Perci, in respect to our relationship with you. Please note that allied healthcare professionals (AHPs) are subject to separate requirements regarding how long they must retain medical or healthcare data about their patients. If you wish to have further information on this, please ask the relevant AHP directly, as requirements can differ.
Should you click onto any links which take you to a third party website, Perci does not have any control over the way in which these websites may use your data. You should read their respective Privacy Policies carefully to understand what data their websites will collect about you.
8. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. You have the right to:
- Request access to the Personal Data we hold on you;
- Request corrections to any of the Personal Data we hold, if it is inaccurate;
- Ask us to erase your Personal Data;
- Object to the way in which we process your Personal Data; and/or
- Request transfer of your Personal Data in a commonly-used file format.
You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights as outlined in this Policy). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. If you wish to exercise any of the rights set out above, please contact us. We try to respond to all legitimate requests within 28 days. Occasionally it could take us longer if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
9. Your Right to Complain
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues. Details of how to do this can be found on the ICO website, which you can access by clicking here. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact the DPO in the first instance.
This policy will be updated should there be any changes in the purpose of data collection. This may mean reobtaining your consent to process your data.