Who we are

MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the MyWay Digital Health eLearning suite and services outside Scotland. We process data on behalf of the Data Controller in your region. (For more information see “ICO definition of data controller")

What data do we collect?

For consenting patients, we collect demographic and medical data relating to their diabetes condition, e.g. name, email address, NHS number or date of birth, GP practice, and if selected may note if diagnosed within 12 months and type of diabetes. We store any data input by you (eg: if using NHS 'BMI calculator' within courses, inputting height & weight, or free text data input). In addition, general auditable information and bug reporting data are also collected to help improve the service we offer.

How do we collect your data?

We collect data and process data when you register online for any of our products or services and use or view our website via your browser's cookies. We track your progress through these education resources and data may also be collected via surveys or from feedback. We may also monitor how you use the site.

With your explicit consent, in using any of our products and services, you are opting-in and agreeing to automated data collection from healthcare systems, where applicable, and to share completion data with your GP Practice. Regular reports are distributed to GP Practices who may add details of completed structured education courses to your health record.

Please note, data input through eLearning is not currently shared with your healthcare team and you should not assume your healthcare team will be aware of any manual data inputs.

How will we use or share your data?

The MyWay Digital Health eLearning suite focusses on holistic diabetes management and education. It is only available to patients that have given their explicit consent. We collect data in order to provide access to a range of education resources. Visitors to the site, who do not register for Structured Education, will not have data stored on the system, however, we do log the IP address of everyone who visits the site.

The website does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.

We collect and process information about you only where we have a legal basis for doing so under applicable EU/UK laws. The legal basis depends on the services you use and how you use them. This means we collect and share information for the following purposes:

• to provide the services and to protect the safety & security of the services. For example, we send some data you provide to NHS systems as part of your health record or verification step when first registering. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.

• if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.

• for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.

• to protect your vital interests or to protect the public interest. For example, we share your data with healthcare professionals and feedback into local healthcare teams (eg: to improve structured education) and anonymised data may be used for regional and national quality reporting.

The service does not involve any automated decision making (eg: profiling). We intend to expand on clinical decision support functionality in the near future and will update this policy accordingly.

How do we store data?

We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable approved hosting provider. Our current providers are ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.

Data storage is on your local device unless you manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.

We will retain data for as long as the eLearning service, in your area, is under an Agreement. eLearning data will be destroyed, if required, as per stated timeframe within our data retention policy. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.

MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority (in the UK, this is the ICO) within 72 hours. If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for the management of security incidents and breach monitoring are in place.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to:

• the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.

• the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.

• the right to erasure – you have the right to request that we erase your personal data, under certain conditions.

• the right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.

• the right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.

• the right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you.

If you would like to exercise any of these rights, please contact us at our email: support@mwdh.co.uk or by using the available Contact Us form. Note exercising these rights relates to the data retained or processed by MWDH only. For detailed data protection queries, you may be directed to your GP practice or your local data controller.

If you wish to opt-out of the eLearning service, please contact us at our email: support@mwdh.co.uk or by using the available Contact Us form, and your information will be promptly and securely removed from our system.

COOKIE POLICY

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

How do we use cookies?

This is the Cookie Policy for the MyWay Digital Health eLearning site, accessible from ut2.mydiabetes.com We use cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in

• Understanding how you use our website

• Auditable activity (in addition, please see the Third-Party Cookies section below)

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

• Account related cookies - if you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences, such as language or location.

Login related cookies - we use cookies when you are logged in so that we can remember this fact. This prevents you from having to log-in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

• Surveys related cookies - from time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages.

• Forms related cookies - when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence. A mix of first-party and third-party cookies are used.

How to manage your cookies

You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or 'break' certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.

Third-Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

• This site may use Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

• From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

If you are unsure whether you need cookies or not it is usually safer to leave them enabled in case it does interact with one of the features, you use on our site. This Cookies Policy was created with the help of the GDPR Cookies Policy Generator.

Privacy policies of other websites

The eLearning website may contain links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their Terms & Conditions. MyWay Digital Health Ltd does not endorse or approve content and bears no responsibility for the accuracy or content of these other websites.

Changes to our privacy policy

We keep our privacy policy under regular review and place any updates on this web page. This privacy policy was last updated on 27 April 2020. For material or substantial changes to this policy, please note you may be contacted by email if we have your email on file.

How to contact us?

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at email: support@mwdh.co.uk or by using the Contact Us form where you will be directed to the most appropriate data protection team. You may also find more information in our FAQs.

MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to the Data Protection Officer in your region.

Any clinical questions must be directed to your local healthcare team.

How to contact the appropriate authorities?

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office via https://ico.org.uk