wound logo

Privacy Notice - Minuteful for Wound

Last updated: 03/06/2024

Note to healthcare professionals: If you are using the services on behalf of an organisation that has entered into a contractual relationship with us for these services, those contractual terms will govern your use of the services and supersede the terms and this Privacy Notice in the event of any conflict. In line with UK data protection legislation, responsibility for providing transparency information, such as a Privacy Notice, is with the Data Controller. Please contact your organisation if you have any questions or queries.

Note to patients: This Privacy Notice is provided to you because you and your care team have agreed that a digital wound assessment is required as part of your treatment. This service is being offered to you by your Healthcare Provider, who for the purposes of data protection legislation, is the Data Controller and is responsible for how your personal data is processed. In line with UK data protection legislation, responsibility for providing transparency information, such as a Privacy Notice, is with the Data Controller. Please contact your Healthcare Provider if you have any questions or concerns.

Who is Healthy.io and How Can You Contact Us?

This document describes how Healthy.io (UK) Limited (“Healthy”, “Healthy.io”, “we”, “our” or “us”), a company registered in the UK,

  • with Companies House registration number 10996079, and
  • with the Information Commissioner’s Office (“ICO”), our Data Protection registration reference is ZA289700,

use your personal data in relation to support your trust, hospital, or healthcare organisation (“Healthcare Provider”) with the Minuteful™ for Wound service. If you have any questions, concerns or comments about this Privacy Notice, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us by email at [email protected].

What is Minuteful™ for Wound and how Does the Service Work?

Healthy.io’s Minuteful™ for Wound device is a comprehensive wound management system designed to assist in the management of chronic wounds. It is intended to support healthcare professionals in the clinical assessment of wounds by measuring, documenting, monitoring, and managing information relevant to the progression and treatment of chronic wounds. The device comprises calibration stickers, a web portal for healthcare professionals to review and manage wound data, and two separate smartphone applications (the “Apps”, and collectively the “Services”). These Apps are utilised for the collection of wound data: one for healthcare professionals and one for lay users (“Minuteful™ for Wound at Home”) under the guidance and supervisions of healthcare professionals. More information on Healthy.io’s Minuteful™ for Wound service can be found on our website:https://healthy.io/eu/services/wound/

Who is the Data Controller?

A ‘Data Controller’ determines the purposes for and the means by which personal data is processed. A Data Processor carries out tasks on behalf of a Data Controller. With regard to the Apps, and for the purposes of the processing of personal data covered by this Privacy Notice, which is to support your Healthcare Provider in providing you with direct care, your Healthcare Provider is the Data Controller and Healthy.io is the Data Processor In line with UK data protection legislation, responsibility for providing transparency information, such as a Privacy Notice, is with the Data Controller. Please refer to your healthcare provider’s Privacy Notice for further information. Before a clinician can use the Minuteful™ for Wound application, we ensure that a signed Data Processing Agreement (“DPA”) is in place between us and your healthcare provider. A DPA is a legally binding document to be entered into between the Controller and the Processor that regulates the scope and purpose of processing, as well as the relationship between the Controller and the Processor.

What Personal Data is Processed? Patient data processed:

  • Full name.
  • NHS number.
  • Phone number (only where Minuteful™ for Wound at Home is used).
  • Date of birth.
  • Smartphone information (such as carrier, operating system, device, model, app version, city) and IP address, only where Minuteful™ for Wound at Home is used.
  • Special category data: medical information - wound observation data and relevant medical background.

Medical staff data processed:

  • Full name.
  • Email address.
  • Smartphone information (such as carrier, operating system, device, model, app version, city) and IP address.

What is the Purpose and Lawful Basis of the Processing?

We may use the information we obtain about you for purposes allowed by applicable laws, including:

  • Providing our Services, including to establish and maintain any account created for our Services.
  • Operating, evaluating and improving the Services and to diagnose or fix technical issues.
  • Complying with and enforcing as needed applicable legal requirements, industry standards, our policies and our contractual rights.
  • Subject to our contractual obligations, and in order to improve the Services. We may use anonymised data for internal testing, research, analysis, and product development and demonstration.
  • Responding to your requests, questions and comments and providing customer support.
  • Any other purposes with your consent.

While the lawful basis will be determined by the Data Controller, Healthy.io has identified the following lawful bases:

UK General Data Protection Regulation:

  1. Article 6(1)(e) public task for personal data.
  2. Article 9(2)(h) Health or social care for special category data.

Data Protection Act 2018: Schedule 1, Part 1: (2) Health or social care purposes.

How is the Personal Data Collected and for How Long is it Retained?

The data is collected through the following sources:

  • directly from you;
  • from the organisation that has entered into a contractual relationship with us (e.g., a healthcare provider); or
  • through the Services (e.g., through usage analytics services)

We will retain your personal data for the duration of the contract between your Healthcare Provider and us. If required by applicable UK law, we will keep your data for the minimum time required under the applicable UK law. When personal data is no longer required, Healthy.io delete or anonymise data in line with Data protection legislation and appropriate industry standards.

Is Personal Data Shared with Other Organisations?

We may share personal information with third parties in certain circumstances or for certain purposes, including:

  • Our business purposes. Subject to our contractual obligations, we may share your personal information with our affiliates, vendors, service providers, and business partners, including our data storage, analytics and data security partners. We may also share your personal data with our professional advisors, such as our auditors and law firms.
  • With your consent. We may share your personal data if your Healthcare Provider requests or directs us to do so.
  • Compliance with law. We may share your personal data to comply with applicable laws or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
  • Business Transfer. We may share your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, in which personal data is held by us about our users are among the assets transferred.
  • Anonymised data. Subject to our contractual obligations, we may also disclose anonymised information, so that it cannot be reasonably used to identify any individual.
  • To enforce our rights. We may share your personal information to enforce any applicable terms and conditions and Terms of Service, and to ensure the safety and security of our Services and our users

Is Personal Data Processed Outside the UK?

We (or sub-processors acting on our behalf) may store or process personal data in countries outside the UK. Where data is processed outside of the UK, we will take the required steps to ensure that your personal data is protected to the standard and data transfer mechanisms required by applicable UK data protection legislation.e

How is your Personal Data Protected?

We and our sub-processors endeavour to maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot ensure the security of any information you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal data.

You can find more information about our information security practices on our Trust Centre webpage here: https://healthy.io/eu/trust-center.

What are your Data Rights, and can you Object to processing of your Personal Data?

Individual rights requests are the responsibility of the Healthcare Provider where you are receiving care. Any individual rights requests that are made directly to Healthy.io will be reported to your Healthcare Provider for them to process and confirm actions required to be taken by Healthy.io. This process is in place as we can only act under the instruction of your healthcare provider to process your data.

You have the right to object processing and opt out of the service. If you would like to object, you can contact your Healthcare Provider.

Who can I contact if I have any questions or queries?

As we can only act under the instruction of your Healthcare Provider (or for staff members, your employing organisation) to process your data, if you have any questions or queries about how your data is used, please contact your Healthcare Provider where you are receiving care.

If you have any questions, concerns or comments about this Privacy Notice, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us by email at [email protected].

How can you make a complaint?

As we can only act under the instruction of your Healthcare Provider to process your data, if you have any questions or queries about how your data is used, please contact your Healthcare Provider where you are receiving care.

You have a right to make a complaint if you are unhappy about how your personal data is processed.

Please note that the ICO will not normally consider an appeal until you have exhausted your rights of complaint. Please see the ICO website (link below) for further advice.

If you are unsatisfied with how your complaint is handled, you are within your rights to contact the ICO by:

  • visiting the ICO’s website: https://ico.org.uk/make-a-complaint/

  • by writing to the following address by post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • by telephone: 0303 123 1113

Copyright © 2024, Healthy.io LTD. All rights reserved.