Last Revision Date: April 2021
Purpose: This Privacy Notice describes our privacy practices to help you understand what personal data we collect, use, share and transfer and to inform you about the choices you can make regarding your personal data.
Table of contents
- Who we are (identity of the data controller)
- Purpose and lawful basis for processing
- Collection and processing of personal data
- Where do we store and process your personal data?
- Sharing of information
- Data subject rights
- How to exercise your rights
- Security measures and storage of personal data
- Cookies, Device and Usage Data
- Log Data
- Disclosure of your Personal Data to third parties
- How long we retain your Personal Data
- Touch ID/Fingerprint/Facial recognition
- Questions and Complaints
- Changes to this privacy notice
- Pando as a Data Processor – Information and FAQ
Pando regards your privacy and the handling of your personal data with the utmost importance. This Privacy Notice details how we collect, use, and securely store any personal data submitted to us through use of our site.
There is also an explanation of the various rights you can exercise as a data subject, as well as how you can exercise those rights.
The scope of this Privacy Notice applies to https://hellopando.com/and the Pando Mobile Application.
2. Who we are (identity of the data controller)
For the purposes of this privacy notice, Forward Clinical Ltd, trading as Pando (“us”, “we”, or “our”) is the data controller and operates the Pando mobile application (the “Service”) and firstname.lastname@example.org.
Our registered office address is: 300 St John Street, London EC1V 4PA.
Our company number is: 10420044
Our ICO registration is: ZA237861
3. Purpose and lawful basis for processing
Providing Pando with your personal data is an obligation of using the Service. This is because your personal data is required to confirm your identity as a user, and to identify you to other users who may need to contact you.
Article 6(1)(b) GDPR provides a lawful basis for the processing of personal data to the extent that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
Article 6(1)(f) provides a lawful basis for the processing where it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
4. Collection and processing of personal data
While using our service, we may ask you to provide us with certain personal data that can be used to contact or identify you. This includes:
- Full name
- Email address
- Mobile number
- Place of work
Whilst using the Service, personal data is generated and processed relating to your professional and/ or clinical activities. This includes user ID/time/date stamps relating to messages or files sent, tasks created and edited, patient profiles created and edited, and photos taken. These are obtained by taking any action within the app and form part of the audit trail generated by the Service.
We may also collect information from individuals who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.
We process your data, (your name and the email address that you enter) and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, based on your explicit consent.
If you submit a support query via our website and are a Pando user, we will process that request based on our contract with you as a user of our service.
We may use your personal data for providing the Service, including to:
- Maintain and improve the Service
- Contact individuals for the purposes of preventing or addressing service, security or technical issues
- To answer queries from users directly
- Maintain the service of the platform
With your explicit consent we may use your personal data for sharing, with users and non-user contacts, details of our services and products in the form of marketing.
Calling our helpline
When you call our main helpline (+44 (0) 3300 970 165), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it is not withheld). We hold a log of the phone number, date, time, and duration of the call, but do not audio record the call itself. We hold this information in our CRM system (HubSpot) in accordance with our data retention schedules.
We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.
We do not audio record any calls, but we might make notes to help us answer your query. Sometimes other staff from Pando may also listen in during your call for training or quality assurance purposes.
We sometimes conduct surveys on our helpline to help us identify trends in the enquiries we receive and improve how we operate If you require a follow up call we will also ask you to provide us with your contact details.
We also hold statistical information about the calls we receive for several years, but this does not contain any personal data.
We use a third-party provider, Slack, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored according to our retention schedules. It will not be shared with any other organisations by Forward Clinical / Pando but will remain in the public domain on Twitter, Instagram, LinkedIn, Facebook etc.
We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system (HubSpot) as an enquiry, a support request or a complaint. When contacting Forward Clinical / Pando through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.
We use a third-party provider, Intercom, to supply and support our live chat service.
If you use our live chat service, we’ll collect the contents of your live chat session and if you choose to provide it your name and email address. Forward Clinical / Pando retains this data in Intercom CRM according to the relevant retention schedules.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
5. Where do we store and process your personal data?
The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in London, UK. This data may, however, be processed by sub-processors operating outside the UK and/or the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR). A full list of our third-party sub-processors and details of their privacy policies can be found below:
Where we process data on behalf of the UK NHS service, we ensure that data will always be stored and processed on the Cloud Servers of Amazon Web Services within the London Cluster and will not leave the UK.
When you visit our site, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
Please contact our Data Protection Officer if you would like further details on the specific safeguards applied to the export of your personal data outside the UK and or/ EEA –email@example.com
Processors and sub-processors
- Amazon Web Services, Inc. https://aws.amazon.com/privacy/
Customer feedback, engagement, and analytics
- Amazon Web Services, Inc. https://aws.amazon.com/privacy/
- Google Analytics – https://policies.google.com/privacy
- Google Firebase https://firebase.google.com/support/privacy
- MixPanel https://mixpanel.com/legal/privacy-policy/
- Wootric https://www.wootric.com/company/privacy/
- Slack https://slack.com/intl/en-gb/privacy-policy
- HubSpot https://legal.hubspot.com/privacy-policy
- Intercom https://www.intercom.com/legal/privacy
6. Sharing of information
Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales, or other commercial uses without your prior express consent.
We may disclose information to third parties where it is necessary, such as where there is an overriding legal obligation, where permitted under Data Protection Legislation or for the purposes of the prevention and/or detection of fraud or crime.
7. Data subject rights
Under the General Data Protection Regulation (GDPR), and UK GDPR data subjects whose data is processed by Pando are entitled to exercise certain rights against their personal data. These rights are designed to put data subjects in the driving seat when it comes to how their personal data is handled by organisations.
The right to be informed
Pando is obliged to ensure that any communications regarding our data processing activities between ourselves and any data Subjects is provided is a clear and transparent manner. This is provided by this Privacy Notice.
The right of access
You are entitled to request a copy of the all personal data currently held about you as well as the following information about your data:
- The purpose of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been disclosed;
- The retention/envisioned retention period for that personal data;
- The source of the personal data if it has been collected from a third-party.
The right to rectification
If you believe the personal data we hold about you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with ’the right to restrict processing ‘to ensure that any inaccurate or incomplete data is not processed until corrected.
The right to erasure (right to be forgotten)
You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:
- The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
- The data subject withdraws consent and no other legal ground for processing exists;
- The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
- The personal data has been unlawfully processed;
- The personal data has to be erased for compliance with an overriding legal obligation;
- The personal data has been collected in relation to the offer of information society services.
The right to restrict processing
As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:
- The accuracy of the personal data is contested;
- Processing of the personal data is unlawful;
- Personal data is no longer needed for processing, but is still required as part of a legal process;
- The right to object has been successfully exercised and processing is temporarily halted pending a decision on the status of the processing.
The right to data portability
You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:
- The processing was on the basis of consent
- The processing is by automated means
- The processing if for the fulfilment of a contractual obligation
The right to object
You may exercise the right to object in instances where:
- Processing is based on either the performance of a public task or legitimate interest;
- Processing is for direct marketing purposes;
- Processing is for the purposes of scientific or historical research;
- Processing involves automated decision-making, including profiling.
8. How to exercise your rights
You may request to exercise any of the above rights, free of charge by contacting: firstname.lastname@example.org
Any data subject request will be responded to within one month. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.
9. Security measures and storage of personal data
Where you communicate with us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information that you transmit as no data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.
10. Cookies, Device and Usage Data
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you.
As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and Apps and to guarantee their security and continued proper functioning.
In addition, we gather certain information automatically as part of your use of the cloud products and services. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, as well as to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities and for the security of Pando generally (in addition to the security of our products and services). Some of the device and usage data collected within the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers (where we act as a Processor).
Cookies, web beacons and other tracking technologies on our website and in email communications
When you visit our websites, we or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience.
We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. All our communications include easy instructions about how to unsubscribe or you can email our Data protection Officer and invoke your right to be forgotten.
11. Log Data
When you access the Service by or through a mobile device (such as a smartphone or a tablet), we may collect certain data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use and other statistics (“Log Data”).
12. Disclosure of your Personal Data to third parties
We disclose your Personal Data to various recipients to improve our Service, including.
- to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers;
- to comply with any applicable law or regulation, a summons, search warrant, court regulatory order, or another statutory requirement.
13. How long we retain your Personal Data
We will not retain your Personal Data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We will only retain your personal data for as long as it is required to fulfil the original purpose for which it was collected, including the purposes of satisfying any legal, accounting, or reporting requirements.
If you ask us to delete your data then we may not be able to provide you with all of the services offered from this website.
14. Touch ID/Fingerprint/Facial recognition
Users may choose to use Fingerprint/Facial recognition/Touch ID as part of the Service. This data is not collected, stored or processed in any manner by Pando. We advise that users should review the privacy notice relating to their device and its operating system before setting up any fingerprint or facial recognition systems.
15. Questions and Complaints
Data Protection Officer (DPO)
Pando has appointed Claire Robinson as the Data Protection Officer (DPO). Should you need to contact the Pando’s DPO directly, you can do so:
You can write to the DPO at: 300 St John Street, London, EC1V 4PA
Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you.
Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).
16. Changes to this privacy notice
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email.
17. Pando as a Data Processor – Information and FAQ
We act as a data processor for many medical organisations including NHS Trusts.
Pando act as a data processor when processing patient data (which means that we act under the instructions of the data controllers). In this case, these are the organisations providing care, such as a GP practice, hospital, hospice, pharmacy, or care home (providers). They maintain overall responsibility for creating and storing information about patients and their health, such as in a patient record.
Our users (clinicians, healthcare, care workers using the service with patients)
GDPR allows six different legal bases for processing data. The Information Governance Alliance, NHS X and NHS Digital has advised healthcare organisations to process patient data for the delivery or administration of care under the following legal bases:
6(1)(e) “…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…”.
9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…”
For the purposes of processing patient data Pando is acting under the instructions of the user’s organisation and it is the organisation (data controller) that determines the lawful basis for processing. in most cases the organisation is using Article 6 (1) (e) (processing in the exercise of official authority vested in the controller).
National Data Opt-out – FAQ
Information about your health and care helps the NHS to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.
The NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments can use your confidential patient information for research and planning. You can choose whether your confidential patient information is used for research and planning.
Type 1 Opt-out: medical records held at your GP practice
You can tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out. This opt-out request can only be recorded by your GP. If you choose a Type 1 opt-out, you should ask your GP for a National Type 1 Data Opt-out Form.
NHS National Data Opt outs
You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.
You can change your choice at any time. To find out more or to make your choice visit https://nhs.uk and/or view the NHS Digital patient leaflet.
Pando expects its data controllers (GPs, Trusts, Care homes etc.), whether solely or jointly with another organisation, to be responsible for ensuring that national data opt-outs are applied in line with the policy.
The NHS national data opt-out only applies to NHS organisations and sharing your information for research or planning. Because Pando processes data for professionals who give you individual care, this opt-out does not apply.
In the current emergency it has become even more important to share health and care information quickly across relevant organisations, to deliver care to individuals, support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. The health and social care system is facing significant extra pressures due to the Covid-19 outbreak.
Existing law allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. The Secretary of State requires NHS Digital; NHS England and NHS Improvement; Arm’s Length Bodies local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any arrangements put in place specifically to use or share information during the Covid-19 are temporary and will be limited to the period of the outbreak unless there is another existing legal basis that covers the use and sharing of that data.
During the COVID-19 outbreak many Clinical Commissioning Groups will not process any new requests to opt-out of local data sharing arrangements such as the One London Health and Care Record exemplar, Connecting your Care or The National Data Opt-Out. All opt-out requests currently submitted will be held until the outbreak ceases at which point, the request to opt-out will be processed.
The forums feature in Pando is for clinicians and health workers who need to disseminate information quickly and have a point of reference especially during the COVID-19 pandemic.
Forums are a fixed point of contact for staff at health and social care organisations. The structure is similar to ‘teams,’ as per the existing functionality in the Pando App. The key difference is that users can will search for the forum (e.g. COVID-19 updates) and automatically join.
Remember that anyone can read your posts, so please check that you do not include sensitive personally identifying information about either your patients or yourself. Forums are not the place to share confidential information.
You must respect privacy and confidentiality and follow the guidance of your Information Governance teams and NHS England at all times.
Report any post that you consider to be factually inaccurate, misleading or abusive (see respect below) to email@example.com
Respect each other
Pando forums are a place for:
- Co-ordinating and disseminating information encouraging.
- Supporting each other.
- Offering advice and suggestions.
- Posting relevant information.
To achieve this, we ask that users: be respectful – You must not post materials or topics which are insulting, offensive, abusive, vulgar, hateful, harassing, obscene, profane, lewd or physically threatening. We ask that everyone who posts makes the effort to respect all other views and does not attempt to force any personal views onto others. We expect those who post to accept others’ comments in the way that they are meant, as in support and information sharing.
To make the Forums easy to read and use, we ask that users:
- Write clearly when you compose a message – Review your message before you post.
- Don’t use ALL CAPS – It is shouting and makes the message harder to read.
- Don’t post off-topic messages – keep the message relevant to the forum.
- Remember that spamming and advertising is strictly prohibited – Any and all advertising, chain letters, pyramid schemes, solicitation, spamming and trolling is inappropriate and unacceptable on any of our forum areas.
Contacting a moderator
If you need to contact us with a forums query please email firstname.lastname@example.org
If you have a concern about data protection please email email@example.com