Terms and Conditions
Our aim is the responsible and secure handling of Personal Information, balancing the benefits of activities like research and data analytics to improve our products and service delivery, with our other commitments, including fairness and transparency. We do so in accordance with the Data Protection Act 1988 and 2003 and the General Data Protection Regulation (GDPR) (EU) 2016/679.
HealthBeacon services can be used by individuals under the age of eighteen (18), in which case guardian information and consent will be required.
Personal Information may be provided to us by you directly or by a third party. For example, an Patient Support Provider may add your information to the HealthBeacon system in order to provide you with HealthBeacon services.
Data we process
The Personal Information we collect, and hold depends on our relationship with you. We process the identification and contact information and the data you input into our programming forms or provide to us over the phone when you request a HealthBeacon or when you join HealthBeacon.
What Personal Data is processed by HealthBeacon?
As a part of the HealthBeacon programme, the following personal data will be processed about you by HealthBeacon in order to provide you with the services:
- Contact details;
- Date of Birth;
- Health care professional, hospital/medical centre details, contacts details;
- Details relating to medicine being taken and when it is administered;
- Initial treatment start date;
- HealthBeacon start date;
- Reminder preferences; and
- Your satisfaction feedback on the Programme.
This information is only processed where relevant and necessary to ensure that you are provided with adequate services and to allow the service to be evaluated and continuously improved. All the information we collect in relation to you for the above purposes is processed on the basis of your consent. You may withdraw your consent at any time, but if you withdraw your consent then we may not be able to provide you with all of the HealthBeacon services.
Categories of data subjects
HealthBeacon holds four categories of personal data:
- Data on current and previous employees;
- Data on patients who have used and use a HealthBeacon or Guardian or caregiver where appropriate
- Healthcare Professionals
- Patient Support Providers
How we will use and share your information?
In providing the services, HealthBeacon may use your above listed information to:
- provide you with the services;
- contact you to check your satisfaction and experience;
- send SMS text message reminders to you as part of the program
Any Personal Data that is collected and processed by HealthBeacon in connection with the Programme will remain confidential. HealthBeacon will only use such Personal Data for the purpose of this Programme and in any ongoing Service Evaluation. Data will be deleted as soon as reasonably practicable having regard to the purpose for which it was collected.. Your Personal Data will only be disclosed to a third party with your permission or as required or permitted by law. Where consent is provided HealthBeacon will also be reporting anonymised data to your Healthcare Professional.
|Type of Personal Information||Examples|
|Telephone recordings||Recordings of telephone calls with our representatives and call centres|
|Photographs and video recordings||Images (including photographs and pictures) created with our device|
|Information device location||Location and identification of device provided (for example, patient address)|
|How do we use your data?
We will not use your personal information or data for a purpose other than the purposes for which you supplied it, and will not disclose it to any other person or organisation unless:
· The information is necessary to facilitate answering of a query or specific request, which you have made;
· We are required by law to do so such as the prevention, detection or investigation of offences;
· The assessment or collection of tax, duty or other money owed to the State;
· Where required to do so by law or court order;
· Where it is required for obtaining legal advice or for legal proceedings;
· There are reasonable grounds to believe that disclosure is necessary to prevent a threat to life or health; or
· You have given us consent to do so.
HealthBeacon has put technological and organisational controls, including policies and procedures, in place to protect personal data from loss, misuse, alteration or unintentional destruction. HealthBeacon personnel who have access to the data have been trained to maintain the confidentiality of such information. Conditions to protect data to at least the same standard as the HealthBeacon does are cascaded to all our contractors, sub processors and suppliers.
The HealthBeacon carries out regular monitoring and testing of its security defences to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us are protected using encryption technologies to ensure they remain secure.
Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit.
Individuals have several rights under data protection law in relation to how the HealtBeacon uses personal information. Individual have the right free of charge to:
· Request a copy of the personal information held about them;
· Rectify any inaccurate personal data held;
· Erase personal information held.
· Restrict processing of personal information;
· Object to the HealthBeacon’s use of personal information for their legitimate interests;
· Receive personal information in a structured commonly used and machine readable format; and
· To have that data transmitted to another data controller.
These rights are in some circumstances limited by data protection legislation. If you wish to exercise any of these rights please contact the Healthbeacon Data Protection Officer using the contact details listed above.
You also have the right to lodge a complaint to the Office of the Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois – firstname.lastname@example.org
Why do we process your data?
We process your personal data in order to provide you with our services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.
There are various options under data protection law, but the primary bases that we use are (a) processing necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your dependants’ consent, and (d) processing that is required under applicable law.
Implications of not providing information
Sharing information with us is in both your interest and ours.
We need your information in order to:
- Provide our services to you and fulfil our contract with you.
- Manage our business for our legitimate interests.
- Comply with our legal obligations.
Of course, you can choose not to share information, but doing so may limit the services we are able to provide to you.
- We may not be able to provide you with certain services that you request. We may not be able to continue to provide you with or renew existing services.
- When we request information, we will tell you if providing it is a contractual requirement or not and whether or not we need it to comply with our legal obligations.
Duration of processing
HealthBeacon will process (use/store) personal data only for so long as long as you require us, or as legally required by set retention periods. As a company recording medical records, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information.
- Where we hold Personal Information to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
- Where we hold Personal Information in order to provide a product or service (such as a HealthBeacon), we will keep the information for at least as long as we provide the product or service.
For further information about the period of time for which we retain your Personal Information, please contact us.
Are automated decisions made using data?
Sometimes, as part of our business operations, decisions about you are taken using automated computer software and systems. These decisions do not involve human input, and the software and systems apply pre-defined logic programming and criteria to make a decision and assess how we deal with you in connection with the provision of services.
For example, we sometimes use automated decision making as part of a process to:
(1) Sending SMS Reminders
(2) Sending Unplugged SMS Reminders
(2) Excluding images
We seek consent for any automatic decisions that are made. You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing.
Who is responsible for Personal Information?
HealthBeacon, is responsible for looking after the Personal Information we collect, hold and use. Rules and responsibilities will differ for when we are a data controller or processor.
We may also share your information with third parties. Those third parties will assume certain responsibilities under data protection law for looking after the Personal Information that they receive from us:
- Where permitted by applicable law and consent, HealthBeacon may share Personal Information with other third parties, for example, doctors and nurses.
- Personal Information may also be shared by you on message boards, chat, profile pages and blogs, and other HealthBeacon digital services to which you are able to post information and materials (including, our Social Media Content).
Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the HealthBeacon digital services and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, when using the HealthBeacon digital services.
Where do we process Personal Information?
We may process Personal Information both nationally and internationally. This may include transferring Personal Information outside the European Economic Area (EEA). Rest assured, we are committed to protecting and respecting your data protection and privacy rights. We take additional steps to ensure the security of Personal Information when we transfer it outside the EEA. Depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries in the EU an EEA. When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law.
This typically involves the use of data transfer agreements in the form approved by the European Commission and permitted under Article 46 of the EU General Data Protection Regulation (GDPR) (the relevant data protection law). If there is no data transfer agreement in place, we may use other mechanisms recognised by the GDPR as ensuring an adequate level of protection for Personal Information transferred outside the EEA (for example, the US Privacy Shield framework or any framework that replaces it).
How do we keep your data secure?
Information security is extremely important to us. HealthBeacon uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Information secure. If, despite our efforts, you believe that Personal Information is no longer secure, please tell us so that we can resolve any security issue.
As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. Our team receive regular training on data protection and information security.
When HealthBeacon engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please contact us immediately.
What is the legal justification for our use of data?
We are obliged to advise you on the legal justification we rely on for using your Personal Information.
Data protection law seeks to ensure that the way Personal Information is used is fair. We may be required to obtain Personal Information from you to comply with applicable legal requirements, and certain data may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We may inform you of this at the time that we are obtaining the data from you. In these circumstances, if you do not provide the relevant data to us, we may not be able to provide our products and benefits to you.
For more sensitive special categories of Personal Information we will rely on either your consent or one or more of the other legal justifications below):
- the use is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the processing of Personal Information)
- the use is necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of health or social care or treatment.
These more sensitive special categories of Personal Information include Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sex life or sexual orientation. Additional legal justifications may also be available in the country in which you are based and we may also rely on these justifications from time to time.
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Information, those legitimate interests will be set out in a supplemental privacy notice (which is tailored to our relationship with you where this is useful to provide you with a full picture of how we collect and use Personal Information). In any event our legitimate interests will usually be:
- pursuit of our commercial activities and objectives, or those of a third party (such as direct marketing)
- compliance with legal and regulatory obligations, and any guidelines, standards and codes of conduct (such as detecting or investigating fraud or money laundering)
- improvement and development of our business operations and service offering, or those of a third party
- protection of our business, shareholders, employees and members, or those of a third party (such as ensuring IT network and information security, enforcing claims, including debt collection)
- analysing competition in the market for our services (such as research, including market research).
We may need to collect, use and disclose Personal Information in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime. In these cases, the legal justification for our use of Personal Information is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.
Do we record calls and monitor email communications with us?
To ensure that we can meet the needs of our members we may record telephone calls in an effort to:
- improve the standard of service that we provide by providing our team with feedback and training
- address queries, concerns or complaints
- prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks
- comply with our legal and regulatory obligations
We may also monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:
- identifying and dealing with inappropriate communications
- looking for and removing any viruses, or other malware, and resolving any other information security issues
What are your Personal Information rights?
You have a number of rights in relation to your data, all of which apply in different circumstances:
- Right of access to Personal Information – you have the right to receive a copy of the Personal Information we hold about you and information about how we use it. This right is applicable at all times when we hold your Personal Information (subject to certain exemptions).
- Right to rectification of Personal Information – you have the right to ask us to correct Personal Information we hold about you where it is incorrect or incomplete. This right is applicable at all times when we hold your Personal Information (subject to certain exemptions)
- Right to erasure of Personal Information – this right is sometimes referred to as ‘the right to be forgotten’. This right entitles you to request that your Personal Information be deleted or removed from our systems and records. However, this right only applies in certain circumstances.
Examples of when this right applies to Personal Information we hold include (subject to certain exemptions):
- When we no longer need the Personal Information for the purpose we collected it
- If you withdraw consent to our use of your information and no other legal justification supports our continued use of your information
- If you object to the way we use your information and we have no overriding grounds to continue using it
- If we have used your Personal Information unlawfully
- If the Personal Information needs to be erased for compliance with law.
- Right to restrict processing of Personal Information – you have the right to request that we suspend our use of your Personal Information. However, this right only applies in certain circumstances.
Where we suspend our use of your Personal Information we will still be obliged to store your Personal Information, but any other use of this information while (subject to certain exemptions) our use is suspended will require your consent.
You can exercise this right if:
- you think that the Personal Information we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Information is in fact inaccurate
- the processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead
- we no longer need the Personal Information for the purposes we have used it to date, but the Personal Information is required by you in connection with legal claims
- you have objected to our processing of the Personal Information and we are considering whether our reasons for processing override your objection.
- Right to data portability – this right allows you to obtain your Personal Information in a format which enables you to transfer that Personal Information to another organisation. However, this right only applies in certain circumstances.
You may have the right to have your Personal Information transferred by us directly to another organisation, if this is technically feasible.
This right will only apply:
- to Personal Information you provided to us
- where we have justified our use of your Personal Information based on your consent
- the fulfilment by us of a contract with you
- if our use of your Personal Information is by electronic means.
Right to object to processing of Personal Information – you have the right to object to our use of your Personal Information in certain circumstances.
You can object to our use of your Personal Information where you have grounds relating to your particular situation and the legal justification we rely on for using your Personal Information is our (or a third party’s) legitimate interests. However, we may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims.
You can also object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).
Rights relating to automated decision making and profiling – you have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances.
This right is not applicable if:
- we need to make the automated decision in order to enter into or fulfil a contract with you
- we are authorised by law to take the automated decision
- you have provided your explicit consent to the decision being taken in this way using your Personal Information.
- Right to withdraw consent to processing of Personal Information – where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent. This right only applies where we process Personal Information based upon your consent.
- Right to complain to the relevant data protection authority – if you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator. If you live or work in an EEA member state, you may complain to the regulator in that state. This right applies at any time.
- Right to provide instructions regarding the management of your Personal Information after your death (only where such right applies under applicable law)
You may have the right to inform us of instructions on how we manage the Personal Information we hold about you after your death. This right is applicable at all times when we hold your Personal Information (only where such right applies under applicable law).
If you wish to exercise any your rights, please contact us.
Who to contact about your Personal Information?
If you have any questions, concerns or complaints about the way your Personal Information is used by us, you can contact us by email or post using the details below.
Writing: Data Protection Officer, HealthBeacon, Unit 18 Naas Road Business Park, Muirfield Drive, Dublin 12. D12 WD85
What user and device data do we collect through HealthBeacon digital services?
Along with our third-party service providers we may collect user and device data in a variety of ways when you use HealthBeacon digitals services including:
- internet browser and electronic device information
- app usage data
- data grouped together so that it is not possible to link the data to a particular individual, known as aggregated data.
|Methods of Data Collection||Examples|
|Through your internet browser or electronic device||Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), , internet browser type and version, electronic device manufacturer and model, language, time of the visit, pages visited, and the name and version of the HealthBeacon services (such as the Firmware revision) you are using. We use this information to ensure that the HealthBeacon services function properly.|
|Through your use of an App||When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number.|
|Using cookies and online tracking||To make this website work properly, the HealthBeacon sometimes place small data files called cookies on your device. Most websites do this. You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products. We do not respond to browser do not track signals at this time.|
|Physical location||Subject to applicable law (and your consent where required by applicable law), we may collect the physical location We may obtain the location of your device if you provide your address. We may share your location information with our partners and other entities with whom we work in order to provide our collection service if relevant.
|Using information provided by you||Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Information, this information does not personally identify you.|
|By aggregating information||
Who is responsible for third party services accessed via HealthBeacon digital services?
We are not responsible for the privacy, information or other practices of any third parties, including any third party operating any site or service to which the HealthBeacon digital services link.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Information you disclose to other organizations through or in connection with HealthBeacon digital services.
Responsible Disclosure Guidelines
Security issues should be disclosed to email@example.com. We will investigate legitimate security reports and respond within 1-2 business days, and make every effort to quickly correct any issues, while following Data Protection guidelines and responsibilities. If you identify a security issue you should not modify or access data that does not belong to you.
- HealthBeacon will take reasonable care to ensure that the information and content on the HealthBeacon Website is accurate, complete, up to date, available and does not infringe any third party rights. However, we do not guarantee that this is always the case. The HealthBeacon Website and the content and information on it are provided on an “as is” and “as available” basis, with all faults. To the maximum extent permitted by applicable law, HealthBeacon hereby disclaims all representations and warranties relating to the information and content on the HealthBeacon Website, whether express or implied, created by law, contract or otherwise, including, without limitation, any warranties or conditions about satisfactory quality, fitness for a particular purpose, title or non-infringement of third party rights.
- The information and content on the HealthBeacon Website does not constitute, and is not intended to be, medical or financial advice. You should seek independent advice before you make any decisions relating to your medical condition or finances. To the maximum extent permitted by applicable law, HealthBeacon hereby disclaims all liability for any loss or damage which may be suffered by any person, whether suffered directly, indirectly, immediately or consequentially, and whether arising in contract, tort (including negligence) or otherwise, which arises out of, or in connection with, use of the HealthBeacon Website or any decisions which you make in consultation with an independent advisor or practitioner, except in the case of death or personal injury resulting from HealthBeacon’s negligence.
- HealthBeacon is not responsible, and provides no warranty whatsoever, for the accuracy, effectiveness, timeliness and suitability of any information or content obtained from third parties, including any hyperlinks to or from third-party websites.
- not to disrupt, amend or intercept information posted on the HealthBeacon Website or on any of HealthBeacon’s servers;
- to provide only information that is accurate, complete and not misleading;
- to abide by all applicable, national and international laws, rules and regulations;
- not to attempt to circumvent any security features of the HealthBeacon Website;