PRIVACY POLICY

 

Last Updated on 10th March, 2020

 

This privacy notice provides information on how The GP Service (UK) Limited (“the GP Service“, “we” or “us“) uses personal data relating to users (“you“) of its website at www.thegpservice.co.uk (“the Website“), its mobile and tablet applications and its software (together the “GPS System“), and to users of any of the services accessible via the GPS System.

 

Please read this privacy notice carefully to understand our views and practices regarding your personal data, how we will treat it, your rights and how to contact us.

 

BY USING THE GPS SYSTEM, AND BY GIVING YOUR INFORMATION TO US, YOU INDICATE YOUR CONSENT TO US AND THIRD PARTIES COLLECTING AND USING YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE TERMS SET OUT IN THIS NOTICE.

 

This privacy notice forms part of the GP Service’s Terms and Conditions at https://thegpservice.co.uk/terms Please print a copy for your records and future reference.

 

  1. Who is the GP Service?

 

The GP Service is the trading name of The GP Service (UK) Limited, a company registered in England and Wales with company number 09359853.

 

If you have any queries in relation to the processing of your personal data by the GP Service Limited, please contact us:

 

By post: The GP Service (UK) Limited, Coventry University Technology Park, The TechnoCentre, Puma Way, COVENTRY, CV1 2TT

 

Or

 

By email: support@theGPService.co.uk

 

By phone: Please ask for the Admin Team between the hours of 9.30am and 6.00pm Monday to Friday on 024 7745 0727.

 

We have a Privacy Officer who is responsible for enforcing our policy and making sure everyone at The GP Service respects our policy. Should you have any questions comments or suggestions, they will be happy to hear from you. You can email them at privacy@thegpservice.co.uk

 

If you have any complaints, you can also contact the ICO (Information Commissioners Officer). Our ICO reference is ZA194910.

 

The GP Service provides an online service that brings together patients, doctors and pharmacies, and that aims to facilitate the purchase by users of non-prescription medication, vaccinations and other products (“Products“) for supply by a pharmacy or other third party. It provides this service and related services (together the “Services“) via the GPS System.

 

The GP Service acts as a data controller in its use of your personal data, as described in this privacy notice.

 

You can contact the GP Service by using the contact details set out above.

 

  1. Collection of data by the GP Service

 

2.1. Registration details

 

If you use the GPS System or install any of the GP Service’s mobile or tablet applications, you will be asked to register with the GP Service and provide certain information in order to create an account and receive the Services.

 

Registration information may include:

 

  • your name, telephone number and email address;
  • your postal address;
  • the telephone number of the mobile device on which you have installed the GP Service’s mobile application or use the GP Services web service; and
  • your date of birth (which will be used to check you are over 18 years of age and as an additional identity check should you need to get in contact with the GP Service).
  • Details of your regular NHS GP.

 

2.2. Personal data collected when you use the Services

 

Personal data is any information that is related to a person from which that can be either directly or indirectly identified. This can be any information related to you like your name and surname or address.

 

 

2.2.1 When you use any one or more of the Services, we may also ask you for and/or collect:

 

  • your payment card details (which will be used for the purposes of paying for your order but will not be stored by us);
  • medical information about you (for example, any illnesses, medical history, prescriptions provided);
  • data relating to the Products and Services you purchase via the GPS System; and
  • a record of any consultations you have with a doctor via the GPS System, together with details of the care, advice and / or treatment that you receive from any such doctor.

 

2.2.2 Summary Care Record (SCR) and NHS Number.

 

Where you have opted in to allow us access to your Summary Care Record. We will need to access the Personal Demographics Service (PDS) which is the national electronic database of NHS patient details such as name, address, date of birth and NHS Number (known as demographic information). Each individual record on the PDS contains identifiable data. The data items held include NHS Number, name, date of birth, gender, GP practice, address(es) and contact details (such as telephone numbers and email addresses) amongst other relevant details. Data is also held, where applicable, on certain patient preferences such as nominated pharmacy and whether the record is marked as ‘sensitive’.

 

NHS Digital operates PDS as part of the Spine under direction from the Secretary of State for Health and is the Data Controller. PDS serves as the register of patients registered for, or otherwise in receipt of, health and care services commissioned by NHS organisations in England and Wales.

 

Any medical information that we collect about you is categorised as sensitive personal data under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) introduced on 25th May, 2018.

 

2.3 Contacting the GP Service

 

If you contact the GP Service in relation to any of the Services or any part of the GPS System (via email, telephone, post or otherwise), we may collect and retain your contact details (name; email address; phone number) and your communication for the purpose of handling your query and keeping records of communications. Examples of when we collect such data is when you

 

  • complete any forms or medical questionnaires on our website
  • register and create your account to order from us
  • enter a voucher or promotion
  • report a problem with our site
  • make contact with our support team
  • take part in a voluntary survey or perhaps write a review of our service
  • subscribe to a specific marketing offer, information or newsletters

 

 

2.4 Data we receive from other sources

 

We work with third parties such as pharmacies and sub-contractors in technical, payment processing using organisations such as stripe, working with advertising partners/providers for analytics, obtaining credit and search references from agencies and information providers which may provide us with information about you.

 

If you use our test kits service, we also partner with an external Test Kit provider. All test kits available for purchase via the GPS System are supplied, and all testing is carried out, by The Doctor’s Laboratory Limited (“TDL“) (see paragraph 8.2 of the GP Service’s Terms and Conditions) at https://thegpservice.co.uk/terms Following completion of the tests by TDL, TDL will send the test results to us, for uploading onto your Account.

 

We also work closely with other third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies), and we may sometimes receive information about you from them.

 

All such information may be combined with the data you provide to us when you register with the GP Service and / or when you use the Services, and the combined data may be used by us for the same purposes outlined in this notice.

 

  • Data we collect from your visit to our service using a computer, mobile phone or other communication device 

When you use our service, we may also collect information about how you use our website. In order for us to improve our website and mobile applications. Examples of the type of information we may collect include:

  • the device you use (for example iphone, android)
  • your device’s unique identifier (for example your device’s IMEI number for mobiles or the MAC address of the device’s wireless network interface for a computer)
  • any network related information (e.g. 02 network, Virgin Broadband)
  • technical device information
  • your operating system (e.g Windows, Mac OS,)
  • your IP address and related information
  • your location and the time zone you are in (e.g if you are in or outside the UK)
  • your GP Service login information related to your account with us
  • the type of browser you may be using (for example Chrome )
  • The phone number you dialled to contact our customer support team
  • websites you have looked at before and after our own website,
  • sites you have searched for or visited
  • time spent on individual pages or how you browse away from the page, and how you interact with our website (scrolling, clicks, etc);

2.6 Your agreement with us to provide true and accurate information

By using our services, you are agreeing, at all times, to provide us with accurate and complete information when completing any information on our service including in your registration and account, and to update such information as appropriate. The services and advice provided to you when you use our service is based on the information you have supplied. It is your responsibility to ensure this information is accurate and complete and you accept that failure to do so (whether intentionally or not) will affect the advice given to you and any medicines prescribed to you and, as such, may have very serious consequences for which neither we or any doctor can be responsible for.

 

  1. How we use your data

 

We use the data that you provide to us when you register with the GP Service, and the data that we collect when you use the Services or contact us, as follows:

 

  • to provide you with the Services that you request from us in accordance with our obligations under any agreement entered into with you;
  • to communicate with you in the event that any services requested are unavailable or if there is a query or problem with your order;
  • for record keeping purposes;
  • where you have provided your consent, your name, email address and contact number may be used to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you (you may unsubscribe from this at any time by contacting us using the contact details in section 10 below);
  • to ensure that content on the GPS System is presented in the most effective manner for your device;
  • to take payment for the Services and/or Products you purchase via the GPS System;
  • to monitor and improve our service
  • to notify you about changes to our Services or to the GPS System
  • for legal, compliance and regulatory reasons.

 

We may also use and disclose your personal data:

 

  • to track and analyse activity on the GPS System:
  • for internal operations, including troubleshooting, data analysis, testing, measuring advertising effectiveness, research and/or survey purposes;
  • to perform a range of other business intelligence functions to optimise the Services and introduce new offerings;
  • to check your compliance with the GP Service’s Terms and Conditions at thegpservice.co.uk/terms
  • for the administration and maintenance of the GPS System and the Services;
  • for compliance with legal obligations, or protection and enforcement of legal rights; and/or
  • to detect or prevent fraudulent activity.

For providing our services and arranging for any medicines to be delivered to you 

We use your personal information to:

  • provide a consultation with one of our doctors or to check your suitability for a particular treatment or treatment for a presenting complaint for which you are consulting with one of our doctors.
  • recommend from your responses to any medical questionnaire, a particular treatment
  • deliver your prescription to your chosen pharmacy or medication(s) to your address as maybe applicable
  • provide any test kit results to you
  • confirm your identity and access your medical record and account (if necessary) when you call our customer support team.
  • provide any advice and useful information related to your enquiry or concern
  • access your Summary Care Record (SCR) on the NHS database where you have provided consent for us to do so.

For research purposes

We use your personal information to:

  • carry out a range of market research
  • analyse both individual and collective data
  • make improvements to our services
  • send you questionnaires or surveys related to our services
  • offer you services or provide tools to interact with us on our website

Additional processing

We will always ask for your consent prior to the use of any data for research or marketing or other purposes, unless the information we are using could in no way identify you (for example: a male, living in a location between the ages of 18 to 30.

For Legal, compliance, security, and regulatory reasons

We use your personal information to:

  • detect and prevent fraud. The GP Service needs to make sure that you are who you say you are to deliver our services to you safely, and we also need to ensure that no fraud is happening on our website like payment with a stolen payment card
  • comply with any applicable law, regulation, legal process or public authorities request.
  • defend our rights, property and safety, as required or permitted by law

 

We may also need to share your personal information for legal reasons:

  • should we sell or buy any business or assets, as we may need to share your data with the future seller or buyer
  • to protect the rights, property, or safety of the GP Service, our patients, suppliers and partners, or others. This includes exchanging information for fraud protection, reducing credit risk and verifying your identity by a third-party identity checking provider
  • if we need to share your personal data as a result of a court order or any other legal obligation

3.1 How long we hold personal information.

 

The service takes into account relevant guidance, including that from the Care Quality Commission’s Schedule of Applicable Guidance.

 

  • All records will be held securely.
  • Access will be restricted to persons who have a need to access such documents as appropriate (e.g. Registered Person(s) or where relevant, practitioners).
  • The records will be maintained for a minimum of 11 years from date of last entry where patient details are contained within the documentation. All records will be destroyed by shredding after the retention period.

 

Patient records will be kept for the time period required under relevant legislation.

 

  1. Sharing your data

 

The GP Service will never sell information that can be used to personally identify you to a third party.

Our website may contain links to and from the websites of our partner networks, advertisers and affiliates/resellers. If you follow a link, please be aware that each site will have their own privacy policy/notice, for which we have no responsibility or liability. We advise that you check any privacy notice before you provide any personal information or date to any third-party site.

However, you agree that The GP Service may share and disclose your personal data for the purposes outlined at Section 3 above to third parties, including your personal data with third parties as follows:

 

4.1. Disclosure to doctors, pharmacies and The Doctor’s Laboratory

 

The GP Service may share and disclose:

 

  • your personal data (including any medical information you provide to us) with the doctor allocated to you to carry out a consultation for the purposes of enabling the relevant doctor to provide you with medical services, a diagnosis and treatment;

 

  • your personal data (including any medical information you provide to us and any medical information that is generated through your use of the Services such as a record of any consultations you have with a doctor via the GPS System, together with details of the care, advice and / or treatment that you receive from any such doctor) to your NHS General Practitioner (“GP“), unless you specifically opt out of this when using our Services (this is a compliance requirement of the General Medical Council); and

 

  • your basic identification data with the pharmacy selected by you at the time you place your order via the GPS System (or, if that pharmacy fails to or declines to accept your prescription for dispensing, the pharmacy nominated by us and notified to you by email) for the purposes of enabling the pharmacy to verify your identification on collection of your prescription or deliver your prescription to you.

 

  • your basic identification data for test kits. All test kits available for purchase via the GPS System are supplied by TDL. Accordingly, when you place an order to purchase a test kit via the GPS System, we will also share your basic identification data with TDL for the purposes of enabling TDL to provide the test kits to you.

 

4.2. Disclosure to other third parties

 

The GP Service may share and disclose your personal data for the purposes outlined at Section 3 above to third parties, including:

 

  • our service providers and professional advisers:
  • The nominated pharmacy of your choice
  • com: ‘Know Your Customer’ checks
  • NHS Digital: Summary Care Records
  • The nominated GP: patient records with your consent
  • any investor, lender, purchaser or (on terms of confidentiality) likely investor in, or purchaser of, the GP Service’s business; and
  • other third parties where required or permitted by law.

 

4.2.1 Marketing Information

 

Where you have opted in to receive marketing information, your data may also be passed to third parties including Mail Chimp and Trustpilot.

 

Data passed to these third parties for marketing purposes, includes:

 

  • Title, First name, Last name, Email address

 

This data will be stored for email marketing purposes only and will not sell or share your personal data.

 

In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this privacy notice. You can ask to stop receiving all or part of this information at any time.

 

 

4.3 Disclosure for the purposes of law and enforcement

 

Where we are legally required to do so, we will also share your information with any authority to prevent cyber crime or fraud or to protect the intellectual property of the GPS System or personal safety rights of any individual. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

 

 

  1. Payment processing and storage of your personal information

 

Payment processing services are provided by Stripe Inc. The details you provide to us via the GPS System are passed directly to Stripe Inc and will be subject to its terms of use and privacy policy by the Stripe Connected Account Agreement, available at https://stripe.com/connect/account-terms. By inputting payment card details, you are consenting to use of the payment card details by Stripe Inc for the purpose of paying for your order. If you have any questions relating to these services please contact Stripe Inc.

 

For avoidance of doubt, if any payment you initiate using the Service does not successfully complete, the payee reserves the right to seek payment from you via or outside the Service. Any authorization you provide to make repeating automatic payments using the Service will remain in effect until cancelled. You must have appropriate authority to use the payment card that you use for payment.

 

The GP Service does not store any of your payment card details on its systems.

 

Storage and security of your personal data

 

Your personal data is stored in electronic and physical records maintained by the GP Service and/or its service providers in the UK. Any medical information or personal data you provide us is stored safely and securely on a private database. This database is only used by our doctors, customer support team, pharmacy team, and a small number of other employees on a need-to-know basis, such as IT support. This platform is hosted on our servers or third parties servers located at AWS and Redcentric, and is based in the UK. Your personal data may be seen by staff from outside the EEA who work for us. In this case the data they have access to is encrypted and only available via an encrypted network. Any data that is not related to your health may be transferred and stored outside of the European Economic Area (EEA). As some countries may not offer the same level of personal data protection as in the EEA in these cases we will have a specific agreement with such parties to ensure adequate safeguards are in place.

 

Our promise

 

The security of all personally identifiable information associated with you is taken very seriously and all data supplied is treated confidentially. We therefore have several security measures in place to try to protect against the loss, unauthorised use and corruption of any personal data that is under our control. We review our security and privacy policies regularly and improve them where it is reasonably possible to do so. We do not guarantee that loss, unauthorized use, corruption and/or alteration of information will never occur, but we use all reasonable efforts to prevent it, including:

 

  • having security measures to protect unauthorised access
  • making sure your payment transaction and personal data is encrypted using SSL technology.
  • staff having access to your data have signed a confidentiality agreement
  • only staff that have a need to know are given access to such data
  • request all our partners to have to abide to privacy and applicable data protection laws and regulations

 

Please note that the input of data over the internet is never fully secure. We cannot, therefore, guarantee the security of data you submit via the Website or the GPS System in transit over the internet and any such submission is at entirely your own risk. Please ensure that you never leave your device logged on or use the GPS System or the Services in a public place where others can potentially see your details.

 

We run our applications in HTTPS secure mode and all textual, audio and video information is encrypted.

 

 

  1. Cookies

 

Cookies are small pieces of information that are created when you visit a website. They are used to store bits of information about your interactions with the website, which we can use later when processing to to make your journey better.

 

We reserve the right to collect technical data about the type of browser software or operating system you are using for the purposes of tracking website use, or improving the services offered through the GPS System. This information will be not used to identify you personally.

 

We may also place a ‘cookie’ on your browser to provide us with information about your use of the Website, and to help us identify you when you return to the site so that your preferences can be stored. Using cookies helps us to improve our Website and to deliver a better and more personalised service. We may also use cookies to identify repeat visitors.

You can remove cookies from your computer at any time and choose to disable cookies in your internet browser settings. Without cookies enabled, we cannot guarantee that the Website and your experience of it are as we intended it to be.

 

The length of time a cookie stays on your device depends on its type. We use two types of cookies on the Website, as follows:

 

  • Session cookies are temporary cookies which only exist during the time you use the Website (or more strictly, until you close the browser after using the Website). Session cookies help the Website remember what you chose on the previous page, avoiding the need to re-enter information.

 

  • Persistent cookies stay on your device after you have visited the Website. For example, when you log onto the GPS System, a persistent cookie will be used to remember your preferences, so that the system remembers your choice the next time you log in. Persistent cookies help us to identify you as a unique visitor but do not contain any information that could be used to identify you to another person.

 

  • We also use web analytics services from other companies to track how visitors reach our site and the path they take through it. These companies use cookies to help us improve our service to you.

 

  • You can also learn more about cookies by visiting allaboutcookies.org, which includes additional useful information on cookies. It also shows how to block cookies using various types of browser.

 

  1. External Links

 

Although the Website only looks to include quality, safe and relevant external links users should always adopt a policy of caution before clicking any external web links mentioned throughout the Website or any part of the GPS System.

 

If you follow a link to any external web links mentioned throughout the Website or any part of the GPS System, please note that these external websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

 

  1. Social Media Platforms

 

Communication, engagement and actions taken through external social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies of those social media platforms.

 

You are advised to use social media platforms wisely and communicate/participate on them with due care and caution with regard to your personal information. We will never ask for personal or sensitive information through social media platforms and we encourage users wishing to discuss sensitive details to contact the relevant platform provider through primary communication channels such as by telephone or email.

 

The Website and the GPS System may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion – you should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these social media platforms.

 

8.1 Shortened Links in Social Media

 

We may through our social media platform accounts share web links to relevant web pages. By default some social media platforms shorten lengthy URLs.

 

Users are advised to take caution and exercise good judgement before clicking on any shortened URLs published on social media platforms by us. Despite the best efforts to ensure only genuine URLs are published, many social media platforms are prone to spam and hacking and therefore we cannot be held liable for any damages or implications caused by visiting any shortened links.

 

  1. Your rights

Objection to processing of your data.

 

You may ask us not to process your data for marketing purposes. We will let you know prior to collecting any data for marketing or if we intend to disclose your information to any third party. You can deny this use of data when you register with us or by changing this in your account at a later date or by selecting unsubscribe which can be found on any marketing email that we send to you. You may also contact us at any time and let us know of your preferences on the contact details provided at the end of this notice.

 

Correcting your data.

 

You are able to update and correct any information that may be incorrect by logging into your account. If we have made an error you wish to change but are unable to do so, you can also contact our support team at any time.

 

 

Deleting your data

 

You may request deletion of your account on the App or the Web Ordering Tool and information submitted and collected at any time by contacting:

 

The GP Service (UK) Limited
Coventry University Technology Park,
The TechnoCentre,
Puma Way,
COVENTRY,
CV1 2TT

support@theGPService.co.uk

 

However, we may retain certain aspects of your account and other personal details for the purposes of maintaining of medical records in our dealings with you including for, medical auditing analysis and statistics. Such data is required to be continued to be held by us for a minimum period as described in 3.1 above and cannot be deleted, but you can ask us to disable your account by contacting us. You will be sent a separate form to complete.

 

The GP Service may delete your account in accordance with clauses 5.4 and 14.2 of the GP Service’s Terms and Conditions available on our website, including in the circumstances where you breach its terms or have not used the Services for a substantial period of time.

 

  1. Access to your personal data

 

You have the right to see any information we hold about you. If you would like to access a copy of any personal data which the GP Service holds about you, or if you wish to change your consent, please send a request by email or by post using the contact details  below. Please let us know what information you would like to access. You will be required to provide us with two types of ID, one with photo such as a passport or driving licence and one with a proof of address such as utility bill that is less than 3 months old.

 

Consent Preferences

Should at anytime you wish to change or withdraw your consent preferences, please contact us on the email provided at the end of this notice or change your preferences within your online account.

 

Please contact us:

 

The GP Service (UK) Limited
Coventry University Technology Park,
The TechnoCentre,
Puma Way,
COVENTRY,
CV1 2TT

Email: support@theGPService.co.uk

 

  1. Queries

 

If you have any queries in relation to the processing of your personal data by the GP Service Limited, please contact us:

 

By post: The GP Service (UK) Limited, Coventry University Technology Park, The TechnoCentre, Puma Way, COVENTRY, CV1 2TT

 

Or

 

By email: support@theGPService.co.uk

 

By phone: Please ask for the Admin Team between the hours of 9.30am and 6.00pm Monday to Friday on 024 7745 0727.

Note: If you require assistance for a video consultation booking or require support for an appointment you can speak to us by calling 024 7745 0727 between the hours of 8.00am and 8.00pm Monday to Sunday.

 

  1. Changes to this privacy notice

 

Privacy laws and practice are constantly developing and we aim to meet high standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, update our security and privacy policies and suggest that you check this page periodically to review our latest policies.