Last Revision Date: March 2020
Purpose: This Privacy Notice describes our privacy practices to help you understand what personal data we collect, use, share and transfer and to inform you about the choices you can make regarding your personal data.
Table of contents
- Who we are (identity of the data controller)
- Legal basis for data processing
National data opt-out
- Why do we need your Personal Data?
- Data Protection Officer (DPO)
- Collection and processing of personal data
- Where do we store and process your personal data?
- Sharing of information
- Forums guidance
- Security measures and storage of personal data
- Device and usage data
- Log Data
- Disclosure of your Personal Data to third parties
- How long we retain your Personal Data
- Touch ID/Fingerprint/Facial recognition
- Data subject rights
The right to be informed
The right of access
The right to rectification
The right to erasure (right to be forgotten)
The right to restrict processing
The right to data portability
The right to object
- How to exercise your rights
- Questions and Complaints
- Changes to this privacy notice
Pando regards your privacy and the handling of your personal data with the utmost importance. This Privacy Notice details how we collect, use and securely store any personal data submitted to us through use of our site and the Pando Mobile Application.
There is also an explanation of the various rights you can exercise as a data subject, as well as how you can exercise those rights.
The scope of this Privacy Notice applies to https://hellopando.com/
2. Who we are (identity of the data controller)
For the purposes of this privacy notice, Forward Clinical Ltd (“us”, “we”, or “our”) is the data controller and operates the Pando mobile application (the “Service”) and firstname.lastname@example.org website.
Our registered office address is: 300 St John Street, London EC1V 4PA.
Our company number is: 10420044
Our ICO registration is: ZA237861
3. Legal basis for data processing
We process your user data on the legal basis of explicit consent.
We process your data on the legal basis of explicit consent.
Where a contract has been signed, we process your data on the legal basis of contract.
We process your data, (your name and the email address that you enter) and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, on the basis of explicit consent.
Patient data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
Giving your explicit consent for us to process your data does not affect your rights. Details of your rights and our data retention periods are further explained below in this Privacy Notice. It should be noted that for patient’s data Pando is the processor and not the controller. Any queries in relation to patient data should be addressed to the hospitals/trusts as they remain the controllers of patient data.
For all individuals, users and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing email@example.com It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.
National Data Opt-out
Information about your health and care helps the NHS to improve your individual care, speed up diagnosis, plan your local services and research new treatments.
In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.
The NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments can use your confidential patient information for research and planning. You can choose whether your confidential patient information is used for research and planning.
Type 1 Opt-out: medical records held at your GP practice
You can tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out. This opt-out request can only be recorded by your GP. If you choose a Type 1 opt-out, you should ask your GP for a National Type 1 Data Opt-out Form.
Type 2 Opt-out: information held by NHS Digital
A Type 2 opt-out is an objection that prevents your personal confidential information from being shared outside of NHS Digital, that is used for research and planning.
Previously you could tell your GP surgery if you did not want NHS Digital to share confidential patient information that is collected from across the health and care service for purposes other than your individual care. This was called a type 2 opt-out.
From 25 May 2018 the type 2 opt-out has been replaced by the national data opt-out. Type 2 opt-outs that have been recorded previously have been automatically converted to national data opt-outs.
You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.
Forward Clinical Ltd expects its Data controllers (Trusts, GP’s etc), whether solely or jointly with another organisation, to be responsible for ensuring that national data opt-outs are applied in line with the policy.
In some cases, this requires the Controller to instruct Forward Clinical Ltd (acting as a data processor under their instruction) to apply the national data opt-out.
In line with wider legal requirements as a data processor (Forward Clinical Ltd) will comply with written instructions from the data controller in relation to the national data opt-out.
4. Why do we need your Personal Data?
Providing Pando with your personal data is an obligation of using the Service. This is because your personal data is required to confirm your identity as a user, to maintain accurate clinical records for your patients or clients, and to identify you to other users who may need to contact you.
5. Data Protection Officer (DPO)
Pando has duly appointed Claire Robinson as the Data Protection Officer (DPO). Should you need to contact the Pando’s DPO directly, you can do so:
You can write to the DPO at: 300 St John Street, London, EC1V 4PA
6. Collection and processing of personal data
While using our service, we may ask you to provide us with certain personal data that can be used to contact or identify you. This includes:
- Full name
- Email address
- Mobile number
- Place of work
Whilst using the Service, personal data is generated relating to your professional and/ or clinical activities. This includes user ID/time/date stamps relating to messages or files sent, tasks created and edited, patient profiles created and edited, photos taken. These are obtained by taking any action within the app and form part of the audit trail generated by the Service.
We may also collect information from individuals, users and non-users, who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.
We may use your personal data for providing the Service, including to:
- Maintain and improve the Service
- Contact individuals for the purposes of preventing or addressing service, security or technical issues
- To answer queries from users directly
- Maintain the service of the platform
With your explicit consent we may use your personal data for sharing, with users and non-user contacts, details of our services and products in the form of marketing.
Calling our helpline
When you call our main helpline (+44 (0) 3300 970 165), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it is not withheld). We hold a log of the phone number, date, time, and duration of the call, but
do not audio record the call itself. We hold this information in our CRM system (HubSpot) in accordance with our data retention schedules.
We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.
We do not audio record any calls, but we might make notes to help us answer your query. Sometimes other staff from Pando may also listen in during your call for training or quality assurance purposes.
We sometimes conduct surveys on our helpline to help us identify trends in the enquiries we receive and improve how we operate If you require a follow up call we will also ask you to provide us with your contact details.
We also hold statistical information about the calls we receive for several years, but this does not contain any personal data.
We use a third-party provider, Slack, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored according to our retention schedules. It will not be shared with any other organisations by Forward Clinical / Pando but will remain in the public domain on Twitter, Instagram, LinkedIn, Facebook etc.
We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system (HubSpot) as an enquiry, a support request or a complaint. When contacting Forward Clinical / Pando through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.
We use a third-party provider, HubSpot, to supply and support our live chat service.
If you use our live chat service, we’ll collect the contents of your live chat session and if you choose to provide it your name and email address. Forward Clinical / Pando retains this data in HubSpot CRM according to the relevant retention schedules.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
Purpose and lawful basis for processing
Article 6(1)(b) GDPR provides a lawful basis for the processing of personal data to the extent that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
7. Where do we store and process your personal data?
The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in London, UK. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR). A full list of our third-party sub-processors and details of their privacy policies can be found here.
Where we process data on behalf of the UK NHS service, we ensure that data will always be stored and processed on the Cloud Servers of Amazon Web Services within the London Cluster and will not leave the EEA.
Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
Please contact our Data Protection Officer if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA – firstname.lastname@example.org
Processors and sub-processors
- Amazon Web Services, Inc. https://aws.amazon.com/privacy/
Customer feedback, engagement and analytics
- Amazon Web Services, Inc. https://aws.amazon.com/privacy/
- Google Firebase https://firebase.google.com/support/privacy
- MixPanel https://mixpanel.com/legal/privacy-policy/
- Wootric https://www.wootric.com/company/privacy/
8. Sharing of information
We do not share your information with anyone outside Pando without your express permission to do so.
Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales or other commercial uses without your prior express consent.
We may disclose information to third-parties where it is necessary, such as where there is an overriding legal obligation, where permitted under Data Protection Legislation or for the purposes of the prevention and/or detection of fraud or crime.
9. Forums guidance
The forums feature in Pando is for clinicians and health workers who need to disseminate information quickly and have a point of reference especially during the COVID-19 pandemic.
Forums are a fixed point of contact for staff at health and social care organisations. The structure is similar to ‘teams,’ as per the existing functionality in the Pando App. The key difference is that users can will search for the forum (e.g. COVID-19 updates) and automatically join.
Stay safe, stay legal
Remember that anyone can read your posts, so please check that you do not include sensitive personally identifying information about either your patients or yourself. Forums are not the place to share confidential information.
You must respect privacy and confidentiality and follow the guidance of your Information Governance teams and NHS England at all times.
Report any post that you consider to be factually inaccurate, misleading or abusive (see respect below) to email@example.com
Respect each other
Pando forums are a place for:
- Co-ordinating and disseminating information encouraging.
- Supporting each other.
- Offering advice and suggestions.
- Posting relevant information.
To achieve this, we ask that users: be respectful – You must not post materials or topics which are insulting, offensive, abusive, vulgar, hateful, harassing, obscene, profane, lewd or physically threatening. We ask that everyone who posts makes the effort to respect all other views and does not attempt to force any personal views onto others. We expect those who post to accept others’ comments in the way that they are meant, as in support and information sharing.
To make the Forums easy to read and use, we ask that users:
- Write clearly when you compose a message – Review your message before you post.
- Don’t use ALL CAPS – It is shouting and makes the message harder to read.
- Don’t post off-topic messages – keep the message relevant to the forum.
- Remember that spamming and advertising is strictly prohibited – Any and all advertising, chain letters, pyramid schemes, solicitation, spamming and trolling is inappropriate and unacceptable on any of our forum areas.
Contacting a moderator
If you need to contact us with a forums query please email firstname.lastname@example.org
If you have a concern about data protection please email email@example.com
10. Security measures and storage of personal data
Where you communicate with us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information that you transmit as no data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server.
Please refer to Pando’s cookie declaration for information about the cookies we use.
12. Device and Usage Data
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you.
As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and Apps and to guarantee their security and continued proper functioning.
In addition, we gather certain information automatically as part of your use of the cloud products and services. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, as well as to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities and for the security of Pando generally (in addition to the security of our products and services). Some of the device and usage data collected within the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers (where we act as a Processor).
Cookies, web beacons and other tracking technologies on our website and in email communications
When you visit our websites, we or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience.
We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. All our communications include easy instructions about how to unsubscribe or you can email our Data protection Officer and invoke your right to be forgotten.
The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:
|Type of Cookies||Description||Manage Settings|
|Required Cookies||Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.|
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
|Because required cookies are essential to operate the websites and the Pando desktop web App, there is no option to opt out of these cookies.|
|Functional Cookies||Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyse site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.|
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/ .
Pando may also utilise HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it.
|You can choose to opt out of functional cookies. To change your cookie settings and preferences, click the Cookie Preferences link|
To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.
To learn how to control functional cookies via your individual browser settings, click here.
To learn how to manage privacy and storage settings for Flash cookies, click here.
|Targeting or Advertising cookies||Targeting or advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct specific marketing to them. Some examples include: cookies used for re-marketing, or interest-based advertising.|
|You can choose to opt out of targeting and advertising cookies. To change your cookie settings and preferences, click the Cookie Preferences link |
See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.
13. Log Data
When you access the Service by or through a mobile device (such as a smartphone or a tablet), we may collect certain data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use and other statistics (“Log Data”).
14. Disclosure of your Personal Data to third parties
We disclose your Personal Data to various recipients to improve our Service, including.
- to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers;
- to comply with any applicable law or regulation, a summons, search warrant, court regulatory order, or another statutory requirement.
15. How long we retain your Personal Data
We will not retain your Personal Data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We will only retain your personal data for as long as it is required to fulfil the original purpose for which it was collected, including the purposes of satisfying any legal, accounting, or reporting requirements.
If you ask us to delete your data then we may not be able to provide you with all of the services offered from this website.
16. Touch ID/Fingerprint/Facial recognition
Users may choose to use Fingerprint/Facial recognition/Touch ID as part of the Service. This data is not collected, stored or processed in any manner by Pando. We advise that users should review the privacy notice relating to their device and its operating system before setting up any fingerprint or facial recognition systems.
17. Data subject rights
Under the General Data Protection Regulation (GDPR), data subjects whose data is processed by Pando are entitled to exercise certain rights against their personal data. These rights are designed to put Data Subjects in the driving seat when it comes to how their personal data is handled by organisations.
The right to be informed
Pando is obliged to ensure that any communications regarding our data processing activities between ourselves and any Data Subjects is provided is a clear and transparent manner. This is provided by this Privacy Notice.
The right of access
You are entitled to request a copy of the all personal data currently held about you as well as the following information about your data:
- The purpose of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been disclosed;
- The retention/envisioned retention period for that personal data;
- The source of the personal data if it has been collected from a third-party.
The right to rectification
If you believe the personal data we hold about you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with ’the right to restrict processing ‘to ensure that any inaccurate or incomplete data is not processed until corrected.
The right to erasure (right to be forgotten)
You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:
- The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
- The data subject withdraws consent and no other legal ground for processing exists;
- The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
- The personal data has been unlawfully processed;
- The personal data has to be erased for compliance with an overriding legal obligation;
- The personal data has been collected in relation to the offer of information society services.
The right to restrict processing
As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:
- The accuracy of the personal data is contested;
- Processing of the personal data is unlawful;
- Personal data is no longer needed for processing, but is still required as part of a legal process;
- The right to object has been successfully exercised and processing is temporarily halted pending a decision on the status of the processing.
The right to data portability
You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:
- The processing was on the basis of consent
- The processing is by automated means
- The processing if for the fulfilment of a contractual obligation
The right to object
You may exercise the right to object in instances where:
- Processing is based on either the performance of a public task or legitimate interest;
- Processing is for direct marketing purposes;
- Processing is for the purposes of scientific or historical research;
- Processing involves automated decision-making, including profiling.
18. How to exercise your rights
You may request to exercise any of the above rights, free of charge by contacting: firstname.lastname@example.org
Any data subject request will be responded to within one month, however we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will inform you if an administrative charge is being applied before fulfilling your request, so you can decide whether or not to proceed. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.
19. Questions and Complaints
Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you.
Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).
20. Changes to this privacy notice
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email.