On The Mend undertakes a wide range of business activities within its target sector and is constantly developing new services to bring to market. These services include supplying digital support tools to healthcare payer and provider organisations via a mobile application for patients and through a web portal for healthcare professionals. Our goal is to build the first digital platform to improve the experience and outcomes for everyone involved with physical rehabilitation.
Below is some quick guidance on terminology to help you clearly understand this Policy: -
Personal information is any information relating to an identified or identifiable living person.
The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. In the context of this Policy, On The Mend is the Data Controller.
On The Mend is committed to protecting your personal information and privacy.
We have security measures in place designed to prevent the loss of data, preserve data integrity, and to control access to the data and know that ensuring the accuracy and security of your personal information is essential to retaining your confidence and trust.
When collecting and using personal information, our policy is to be fair, lawful and transparent about why and how we process personal information.
4 Important information and who we are
For the purposes of the General Data Protection Regulation (GDPR), when you access our Services we are acting as the data controller (this is a legal term that describes a person or entity that controls the way your data is used and processed). We are registered under the Data Protection Act 2018 with the Information Commissioner’s Office (the UK data protection regulator). Our registration number is ZA790023 and can be viewed online at www.ico.org.uk. You can also access useful guidance and information about your rights in relation to your personal data on that website.
Please take the time to read and understand how this policy applies to you, according to the different categories of user described below and referred to throughout this document:
as a Patient User, who has been invited by your healthcare professional to download and use the App as part of your care and recovery process pre- or post- treatment, or invited to use the App as part of your involvement in a pilot study;
as a Healthcare Professional (HCP) User, being an individual who accesses the Web Portal in your capacity as a person responsible for the medical care and treatment of Patients, and with permission from those Patients to monitor such activity and other data as they may submit to the App in order to inform their care pre- and post- treatment, or as a person administering a study or providing support services;
as a Healthcare Administrator, being an individual or entity responsible for the management and oversight of a healthcare institution and its HCPs, or an employee of a healthcare organisation, and who is a registered user of the Web Portal for the purposes of managing and/or supporting HCPs engaged in medical care and treatment, as well as viewing practice summaries and statistics for your clinical practice, or being an administrator involved in a pilot study or research project; or
as a Partner, being an entity (or individual acting on behalf of an entity) involved in research and development relating to services provided by On The Mend and the treatment and care of patients and support patient safety, and who is a registered user of the Web Portal in order to access information relating to Patients pre- and post- treatment of health conditions and diseases and the use and effectiveness of digital health support tools.
4.1 Information we may collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified (Personal Data). It does not include data where sufficient information has been removed such that an individual can no longer be identified directly or indirectly (Anonymous Data).
We collect information about you if you:
download and use our App; or
access our Web Portal.
We may collect, use, store and process the following different kinds of Personal Data about you that you submit through your use of the Services:
Identity information including your first and last names, date of birth and gender that you provide by completing forms on the Site, the App or the Web Portal, including if you register as a user of the Services, upload or submit any material via the Services, or when you request any information;
Contact information including your email address and telephone number;
Login information including information in connection with an account sign-in facility, such as your login and password details.
5 What we do with your personal information
5.1 If you are Patient User
5.1.1 Why we use your personal information
We use your data for the following purposes: -
To support physical rehabilitation using information provided by you and your healthcare professional;
To identify if you have registered with the Telephone Preference Service and/or have notified us that you do not wish to be contacted and/or receive direct marketing information regarding our services and activities.
Unless we have identified you do not wish to receive marketing information, as per above – to contact you directly in the future regarding our services, future fundraising campaigns and/or events;
To send you emailed newsletters regarding the Company’s activities;
For financial reporting.
5.1.2 Our legal basis for using your personal information
The processing of your personal information is based upon the lawful basis of consent.
6 Information sharing
6.1 If you are a Patient User
6.1.1 Who we may share your personal information with
We may share your information, including information that you submit to the App, with the following:
the healthcare professional responsible for your care and other non-clinical healthcare personnel involved in the administration of your care, for the purposes explained above so they can understand and evaluate your condition and recovery progress;
On The Mend’s Technology Providers who we engage to support our operations and/or host our data;
if required or authorised by law or a legal process, such as to law enforcement bodies to assist in their functions and courts of law; and
third-parties in connection with negotiations prior to any merger, sale of our assets, financing or acquisition of part or all of our business to another company (at this stage, we would only share Anonymous Data and not your personal information).
carefully selected partners who we work with who may use pseudonymised data to support the development of more effective and safer care for patients like you.
We may share aggregated or anonymised data with third-parties, who use this data to improve products and services for more effective and safer care.
In the event that we undergo re-organisation or are sold to a third-party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third-party.
We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.
We may disclose aggregate statistics about visitors to the Site and users of the App and Web Portal in order to describe our services to prospective partners, sponsors and other reputable third-parties and for other lawful purposes, but these statistics will include no personally identifiable information.
7 Information collection
7.1 If you are a Patient user
7.1.1 What information we may collect
By providing us with additional information about you and your recovery, we are able to provide better and more personalised services and information to you and the healthcare professionals responsible for your treatment, and as a result your healthcare professional will be able to better tailor the care to your individual needs. We may collect the following additional data (including medical data):
Treatment-specific Health information including information about your surgery or treatment, including pre- and post- treatment care information, such as the dates and details of your treatment and the details of your healthcare team;
Other Health information including data relating to you, your treatment, and how your recovery is progressing, including pain scores, exercise compliance data, and responses to surveys and questionnaires, as well as any other content that you choose to create and post or upload to the App (including. but not limited to, exercise videos;
Third-party Health App data including data collected where, if you install the App on to an Android or Apple device, we will request access to third-party health app data such as your exercise and fitness level through your device. You will be prompted by your device to allow access the first time this content is requested by us and, even if you grant us access, you can stop this access at any later point by changing the settings on your device. You are under no obligation to provide this information. However, if you should choose to withhold requested information, this may reduce our ability to provide you and your healthcare team with information on your recovery from treatment;
Communication and App Usage information including details of any communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Services or content made available through the Services; information from videos you have watched or surveys that we may, from time to time, run on the Services for research purposes, if you choose to respond to, or participate in, them; and
Location information including information provided by your device to enable us to authenticate the use of the Services. We may approximate your location from your device using the GPS connection information used by your device to help your healthcare team understand your recovery from treatment, for example to understand your activity levels. You can disable location sharing at any time through the settings of your device.
7.2 If you are a HCP User or Healthcare Administrator
7.2.1 What information we may collect
The only information we collect about you is the identity information of the HCP users of the service.
7.3. How your personal data is collected
We use different methods to collect data from and about you, including through:
Direct interactions: you may provide us with your identity and contact details when you register to use our Services. You may provide further data by submitting information to the App or Web Portal, responding to surveys or providing feedback.
Automated technologies or interactions: when you interact with our Services, we will automatically collect technical data about the device you are using, your browsing actions and patterns and (if you enable location sharing you location and activity data).
8 How we use your Personal Data and purposes for processing your data
We take the protection of your personal information very seriously and will only ever use your Personal Data lawfully and in accordance with the requirements of Data Protection Legislation.
8.1 Common legal grounds for processing your data:
The legal grounds of processing your data is consent and we may need to comply with a legal or regulatory obligation.
8.2 Legal grounds for processing Special Category Data:
Due to the nature of our Services, if you are a Patient User accessing the App we will collect and process certain types of data about you which are classified by law as being Special Category Data. This includes information about your health and other medical data, which we collect in order to effectively provide our Services to you. In order to lawfully process such data, we will only do so where you have given your explicit consent to such processing of your personal data. Where this does not apply, and where you have consented to the processing, we will also use your personal data to provide your healthcare professionals with information about your progress.
9 How long we keep hold of your data
For the purposes of improving care delivered to you and others with similar conditions, we may retain your personal information for as long as it is clinically relevant. In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for your personal information and other documents created is 50 years.
Aggregate or anonymised data will be kept indefinitely for the purpose of improving healthcare delivery and research. You cannot be identified from aggregate information retained or used for these purposes. You can contact us at any time if you would like to have your personal data redacted. Please contact [email protected].
10 Statutory or Contractual Requirement
The provision of your personal information is not a statutory or contractual requirement, or a requirement necessary to enter into a contract, nor are you obliged to provide the personal information, however without data in relation to your health condition it will not be possible to benefit from the On The Mend application.
11 Automated Decision Making & Profiling
We do not make any decisions in relation to your personal information, solely by automated means without any human involvement (e.g. we do not conduct automated decision making).
Neither do we conduct any automated processing of personal information to evaluate certain things about you (e.g. we do not conduct profiling).
12 On The Mend’s contact details
The Data Controller is On The Mend (registered in England under Reg No: 10758082 and with its registration address at 1-3 Worship Street, 2nd Floor C/O Buckworths, London, England, EC2A).
Post: Data Protection Officer, 1-3 Worship Street, 2nd Floor C/O Buckworths, London, England, EC2A.
Email: [email protected].
13 Your rights
Under certain circumstances, you have the rights under data protection laws in relation to your personal information. These rights are summarised below but if you would like more information on these rights, please go the ICO’s website. Additionally, if you wish to exercise any of these rights listed below, please contact us using any of the contact details provided via the contact details above.
13.1 Access to your personal information
You have a right of access to personal information held by us as a Data Controller. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (1 month under GDPR).
13.2 Correcting your personal information
You have a right to request amendment(s) to your personal information. Wherever practically possible, once we are informed that any personal information processed by us is no longer accurate, we will make the necessary amendments based on the updated information.
13.3 Restriction of Processing of your personal information
In certain circumstances, you have the right to request the restriction or suppression of your personal information. This effectively allows you to limit the way that we use your persona data.
13.4 Object to Processing
In certain circumstances, you have the right to object to the processing of your personal information. This effectively allows you to ask us to stop processing your personal information.
Where we have told you that any use of information is based on ‘legitimate interest’, you can raise an objection to that use. When you make an objection, we’ll have up to one month to respond to you. We will stop using the information in this way unless we disagree that we should because of a compelling legal justification for continuing to use it. We’ll always tell you what the justification is.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other agencies. If you no longer wish to be contacted for marketing purposes, please contact us at the above email or address.
13.5 Erasure (also known as “the right to be forgotten”)
In certain circumstances, you have the right to request the erasure of your personal information.
In certain circumstances, you may have the right to obtain and reuse your own personal information, that you provided to us, for your own purposes across different services. This data will be provided in a structured, commonly used and machine-readable format and we can transmit this data directly to other parties at your request.
13.7 Withdrawal of consent
Where we process your personal information based on consent, you have a right to withdraw consent at any time.
If you would like to request to withdraw your consent, please contact us using the contact details provided here. Alternatively, to stop receiving our Marketing emails, please click on the unsubscribe link in the any of the emails we have sent to you.
14. How to complain
In the event you wish to complain about our use of your personal information, please send an email with the details of your complaint to [email protected]. We will look into and respond to any complaints we receive.
You also have a right to lodge a complaint with the Information Commissioner's Office (ICO) (the UK’s data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website: www.ico.org.uk.
If we believe that the changes are material, we’ll let you know by posting the changes on this website and sending you a communication about the changes.