Privacy Notice – Wellbeing Way – Mobile App

 

This is the privacy notice for the Wellbeing Way mobile app. If you are after general information on the app, please visit our 'frequently asked questions'.

 

 

The privacy policy was last updated on 25/07/2020 


  • This privacy notice is issued on behalf of Pulse Healthcare Limited who are also known as “ICS Health and Wellbeing” (referred to as “H&W” in this privacy notice).

    H&W will be your point of contact for any questions relating to the use of your personal data in the Wellbeing Way App (referred to in this privacy notice as “the App”). The App is provided as part of the Rewind Diabetes Programme which is run by North West London NHS trust (referred to in this privacy notice as “NWL”).

    NWL has asked ICS Health and Wellbeing to provide a 12-month intervention programme for the management of type 2 diabetes. This programme is referred to in this privacy notice as “the Rewind Diabetes Programme”). The Rewind Diabetes Programme involves face to face and/or remote education regarding diabetes and the App is a key part of the intervention programme. The App allows you to have full access to the services we are providing under the Rewind Diabetes Programme. The App is designed to support your activity on the Rewind Diabetes Programme , however, this is not mandatory to your participation in the Rewind Diabetes Programme.

    If you have any questions about this privacy notice or the personal data we use about you in connection with the Rewind Diabetes Programme:

    • email: dpo@ukics.com; or

    • writing: Data Protection Officer, ICSG Ltd, 223 Pentonville Road, London, N1 9NG

     

    This privacy notice details what personal data is collected in the App, how this is used, stored and safeguarded. Please read this privacy notice carefully, if you have any concerns regarding this privacy notice please do not download the App.

    We reserve the right to change this privacy notice and will alert you about any changes by updating the last updated date of this privacy notice. You are encouraged to review this privacy notice periodically in order to stay informed of any updates. This privacy notice does not apply to the third party online/mobile app store from which this application was installed.

    We use some terms in this privacy notice which we have explained in a bit more detail below. If you need any help understanding these terms just let us know.

    “H&W coach(es)” - these are our coaches who will help support you with the Rewind Diabetes Programme
    “personal data” - this is any information that can identify you as an individual, for example, this could be as simple as your name or it can also be your username or your service user number.


  •  

    We are required to tell you why we need to use your personal data under data protection laws and why this is permitted. We will only use your personal data when data protection law allows us to.

    We will use your personal data for purposes below. Under data protection laws, these are called the “lawful basis” for processing.

    Details of the lawful basis we rely on to process your personal data is set out in the table in section 3 below.

    We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose set out in this privacy notice.



  • Most of the personal data we collect in the App is provided by you. The App requires you to create an account once it has been downloaded. In order to do this you will need download the Wellbeing way app, then go to your email and click the unique link you have been sent. This will then open the app and prompt you to create a username and password. If you choose to participate in the community section of the App with others on the Rewind Diabetes Programme, your username will be visible to other members on the Rewind Diabetes Programme.

     

    Personal data, other than your username, should not be shared in the community section of the App.

    The personal data used by the App is set out below.

    Personal data collected Why this is collected and used in the App Lawful basis
    First and last name This is used in email communications to contact you to send the activation link and for password resets. This is also used to identify you as a user. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Username This is used to log in to the App and is your name which is displayed on the community page and on your profile page. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Email address This is used to send all communications, including password resets and other communications relating to the operation of the App. This is not used for any marketing communications or purposes. It is also used to create an account on downloading the App. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Password This is used to securely log in to the App. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Data of birth This is used to uniquely identify you as an individual user in the coach/admin portal. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Service user number This is displayed on your profile page and is used in the coach/admin app as an identifier. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Photo This is used on in the community section of the App and on your profile page. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Comments and opinions This is provided by the user in the community section of the App. This is used to help the user engage with the community. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller
    Confirmation of completion rates for the e-learning packages We collect completion rates and the status of your e-learning, for example, if the e-learning has been started or not started. This is used to help manage the progress of your e-learning within the App and to help your H&W coach to assist you with the Rewind Diabetes Programme. The performance of a public task carried out in the public interest or in the exercise of official authority vested in the controller


  • Most of the personal data processed in the App will be provided by you directly. However, as the App is linked to the Rewind Diabetes Programme, we will be provided with personal data from your GP or the NHS as part of the Rewind Diabetes Programme. This is needed to ensure that we have the correct medical and other information so that we may support your participation in the Rewind Diabetes Programme.


  •  

    We will request to send you push notifications regarding your account (such as reminders to log your weight). If you wish to opt-out from receiving these types of communications you may turn these off in your device settings.

    To do this on an Apple device take the following steps:

    Go to Settings – Tap on “Notifications” – Choose the Wellbeing Way App – from here you can choose which notifications are set up for the App.

    To do this on an android device take the following steps: 

    Go to settings – Tap on “Notifications” – scroll down to ‘recently sent’ and tap ‘see all’ – choose the Wellbeing way App – from here you can choose which notifications are set up for the App


  •  

    The personal data and the information that you input into the App will be shared with NHS England, as they run the Rewind Diabetes Programme. We will also share this information with your GP as and when required for the purposes of providing the Rewind Diabetes Programme.

    Any discussions that takes place in the community section of the App will not be transferred outside of the App and will not be placed on your Rewind Diabetes Programme file.



  • Type of Cookie Definition How we use that Cookie
    Session Cookies A Cookie that will only be stored on a device’s memory during the current session. It will store your user preferences in the App only.
    These Cookies will allow a more streamlined use of our App.
    Site Analytical CookiesA Cookie that will allow an anonymised analysis of how visitors navigate and use the AppWe use Google Analytics to receive anonymised reports on how long visitors stay on our App and how they use it. This information allows us to improve user experience and make sure the content is relevant and interesting.


  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorized way.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    All data held on your device is encrypted at rest. So, in the event that your device is lost, no data can be recovered.

    All data that is transmitted from your device to our API server is via HTTPS protocol with encryption and is therefore secure.

    Data at rest in our database, is also encrypted and there is no access to the database from the outside world, only our application server, held on Microsoft Azure platforms in the UK, can access this.

    More details of the physical security of the data servers can be found here https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security.

    In addition, we limit access to your personal data to only those who have a business need to know and they will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

    If you delete the App all of the data stored locally within the App will also be deleted.


  •  

    Under data protection law, you have rights including:

    • Your right of access - You have the right to ask us for copies of your personal data.
    • Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete personal data you think is incomplete.
    • Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
    • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
    • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
    • Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

     

    If you would like to exercise any of these rights, please email dpo@ukics.com.

     

    In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.


  •  

    If you have any concerns about the personal data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.