Privacy Centre – Transparency Notice
Last Updated : 22 December 2021
Sensely UK and Your Information
AskFirst (Ask NHS) is intended for non-emergency issues only. If you have a medical emergency, please dial 999 for the appropriate level of care.
Sensely UK is based in the United Kingdom. We are a group company of Sensely Corporation, which is based in the United States.
We are registered with the Information Commissioner as a Data Controller and our registration number is ZA194147.
For certain locations, the personal data you provide within the App is controlled by the GP Practice as the Data Controller and Sensely UK will act on their instructions regarding the purpose and manner of processing.
The locations where the GP Practice is the Data Controller are;
In these circumstances, the lawful basis for processing is defined by the GP practice and is likely to be because the processing is necessary for a public task and for medical purposes.
Our Data Protection Officer can be contacted at: email@example.com
If you have any questions or wish to make a request in relation to your information, please contact our Data Protection Officer.
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
In order to provide you with the App services that you have signed up to, we must collect, use, store and share information about you, your health and the way that you have used the App. We do not transfer your personal data you outside of the UK unless you raise a technical / customer service issue via the support contact details. These transfers to the United States are necessary to fulfill our contract with you and will be held securely within our customer service software and personal data is periodically removed from the system.
How Does Sensely UK Collect my Information?
We will collect information about you, either
- Directly – when you enter information into the App or via the Sensely web interface (this might be available from your practice website)
- Indirectly – when your GP links your App profile to your GP record, or when we link your profile to the NHS Spine (to match you to your NHS Number).
- Automatically – when we collect technical information about your use of the App or video functionality
The information we collect will be stored electronically. The information includes Personal Data
- Basic details about you, such as your name, gender, email address, date of birth, NHS number, and GP system reference number
as well as Sensitive Personal Data
- Content of your symptom checker questions
- Outcome of the symptom checker – for example, if you made a GP appointment
- Readings and information from medical devices such as glucose meters, blood pressure monitors, pulse oximeters, pedometers, ECGs and other approved devices which you may use when using the App.
- Answers to the questions that the virtual assistant asks you when you are requesting admin tasks such as a Fit / Sick Note or Vaccination Information
What Information is Collected During Video Calls?
Sensely uses Vonage to provide video call functionality. This section explains what information is collect by Vonage when you use the video call function.
- Communications usage information. This includes information about your communications delivered via the Vonage platform such as the time and duration of usage, source and destination identifiers, completion status, location, IP address, and amount of usage.
- Mobile device camera, microphone. If you use Vonage mobile apps, the software may request your permission to access the camera, microphone on your mobile device, to make and receive voice and video calls and messages. You do not have to allow access these functions of your device, but if you do not, certain features of the mobile apps may not be available to you. You may at any time opt out from allowing this access via the privacy settings on your device.
Sensely has a contract in place with Vonage to ensure that they only use this information in a way that complies with data protection legislation.
Information for Data Subjects in the EU
Your submission of your personal data to Sensely UK constitutes your explicit consent to allow your personal data to be processed by Sensely UK in the United Kingdom. The UK is not a member of the EU and GDPR does not directly apply. However, the UK has worked to implement GDPR and Sensely UK has ensured that there are measures in place to protect your personal data and reduce the risk for EU data subjects. Please see, How Does Sensely UK protect my information?
How Does Sensely UK Use my Information?
Sensely UK will use your information for your care in the following ways;
- To deliver the services of the App
- To communicate with you about your use of the App, new features and respond to your enquiries
- To request feedback or send surveys to find out if the App is working well for you and how you used it
- To tailor the content and information that we send or display, and personalise help and instructions to improve your experience of the App
- To better understand how users access and use the App, both on an aggregated and individual basis, in order to improve the App and respond to user desires and preferences
- To link the data you provide to your NHS Number to allow us to communicate with your health and social care team about your use of the App
- To undertake systems administration and provide technical support for the App. This might include accessing your data in order to ensure your requests via the App are being completed.
- To audit the App, including access to the App, to ensure safety and security
To undertake these activities, your information will be shared internally across our teams. We will work to ensure that only the right people have your information and that they are only given the information they need.
How Else Does Sensely UK Use My Information?
Along with activities related directly to your use of the App, we also use your information to check that the App is safe and to provide data for the improvement and planning of services.
This involves using your information to improve Sensely UK’s products and quality assurance purposes through:
- Conducting quality assessment and clinical safety reviews, to ensure that the signposting you received was safe and of good quality (for example, was it appropriate that you were directed to self-care?)
- Training and accreditation, certification and licensing activities
Who Does Sensely UK Share My Information With?
Sensely UK works hard to ensure that only the right people have your information and that they are only given the information they need.
- Your information will be shared internally across our teams such as our technical staff and administrative teams so that we can deliver the services described above
- When you are directed to another health care provider, we will share your information with them so that they do not have to ask you questions you have already answered
When we share information with another provider, they assume full responsibility for the lawful and secure processing of your information. You have a right to object to us sharing your information with sharing partners. Our Data Protection Officer will be happy to discuss this with you.
Sensely UK works with other companies to deliver some of our services including organisations that enable or assist with the:
- Provision of corporate data storage (Amazon Web Services)
- Secure storage of App data (RedCentric)
- Sending surveys and questionnaires (Type Form)
- Email Provider (Gmail)
- Video Call Provider (Vonage)
- Customer Services Software (ZenDesk)
- Provision of connectively and servers
- Undertaking of audits
- Undertaking of research
Personal data will never be made available to organisations not involved in delivering the App or providing your care without letting you know and giving you a chance to object.
We have contracts in place with these organisations that prevent them from using it in any way other than how we instruct them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Will Sensely UK Share without Asking Me?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
- Sharing with the police or tax authorities for the detection or prevention of crime
- Where it is in the wider public interest – for example, to keep the public safe
- Safeguarding children or vulnerable adults
- When the court has told us we must share
What are my Information Rights?
Data protection law provides you with a number of rights that Sensely UK is committed to supporting you with;
Right to Access
You have the right to obtain:
- Confirmation that your information is being used, stored or shared by Sensely UK
- A copy of information held about you. We will respond to your request within one month of receipt or we will tell you when it might take longer.
We are required to validate your identity or the identity of someone making a request on your behalf.
Right to Object or Withdrawn Consent
We collect, use, store and share your information because you have consented for us to do so, but you have a right to object to us doing this, and you may withdraw your consent at any time.
When you make such a request, the data will be anonymised (anything that identifies you will be removed) to ensure it is no longer personal data.
We will then only use the anonymised data for technical, quality and business purposes. Our Data Protection Officer will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information. Our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.
We will respond to your request within one month of receipt or we will tell you when it might take longer.
When you are making requests for correction or objecting to processing, you have a right to request that we do not further share the information whilst we process your request.
We will let you know once we are no longer restricting the information.
You have a right to request that we send you a copy of the personal data you have provided to us via the App. You may do this by emailing us to make a request. You can also ask us to send the information directly to another provider if you wish.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/
To make a request for any of the above, please email our Data Protection Officer at firstname.lastname@example.org
Does Sensely UK Use Profiling or Automated Decision Making?
No. Whilst the technology that Sensely UK uses includes the application of certain automatic rules to make decisions about what services might be appropriate for you based on your symptoms, the decision about how to proceed is made by you.
We will undertake profiling in relation to your information. This means we may compile reports that indicate the typical behaviour of particular App Users. This will be used for the purposes identified under How Does Sensely UK Use My Information?
You have a right to object to this and to find out the types of reports we are producing.
Protection Officer will be happy to speak to you about this if you have
concerns or objections.
How Does Sensely UK Protect My Information?
Sensely UK is committed to ensuring the security and confidentiality of your information. There are a number of ways we do this, including:
- Staff receive regular training about protecting and using personal data
- Policies are in place for staff to follow and are regularly reviewed
- We check that only the minimum amount of data is shared or accessed
- We use controlled access to systems to help ensure that the right people are accessing data – people with a ‘need to know’
- We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
- We report and manage incidents to make sure we learn from them and improve
- We put in place contracts that require providers and suppliers to protect your data as well
- If we send information outside of the EEA, we have EU approved assurances in place to protect it
Unfortunately, the transmission of information via the internet can never be completely secure. Although we do our best to protect both your personal data and sensitive personal data, we cannot guarantee the security of your data transmitted to the App; any transmission is at your own risk.
How Long Does Sensely UK Store My Information?
Sensely UK will retain / store your App Registration information and Symptom Checker information until you withdraw consent.
Because AskFirst (Ask NHS) is an App you may not use every day, we will not delete the data because you have not used the App in a while. Please let us know if you no longer wish to have an account.
When you withdraw consent / close your account, the data will be anonymised (anything that identifies you will be removed) to ensure we are not holding information about you that we no longer need.
We will then only use the anonymised data for technical, quality and business purposes.
Does Sensely UK Use My Information for Marketing?
Yes, but only with your consent. As listed under How Does Sensely Use My Information? we will use your contact details to email you about new features and updates in relation to your App usage and request feedback or send surveys to find out if the App is working well for you.
You can ask not to be contacted in this way by using the unsubscribe link within the notifications and email.
We use automated
third-party devices and applications, such as Google Analytics, to evaluate
usage of the App and our website. We use these tools to help us improve our
other tracking technologies to perform their services. We do not share your
personal information, such as your IP address with these third parties.
How does the App use my Information?
When you register with the App, your information will be shared with our partner organisations in the following ways:
- Your name, date of birth, gender and postcode will be sent to our secure servers for storage
- Your name, date of birth, gender and postcode will be sent to a spine-matching service who will match your details with your NHS Number and return to our secure servers
- Your NHS Number will be sent securely to GP systems to link with your patient record number (the GP will not see this)
When you speak to the virtual assistant, your information will be shared with our partner organisations in the following ways:
- You provide the virtual assistant with information about how you are feeling and your symptoms
- This information is sent securely to our secure servers for storage
- This information is sent to advanced to help us provide the correct signposting to services
- Your symptom checker information will be shared with your GP, if you are directed to this service and provide your consent
When you make an online appointment with your GP through the App, your information will be shared with our partner organisations in the following ways:
- You provide the virtual assistant with consent to share the results of your conversation
- This information is then sent securely to the GP practice system and an appointment is made
When you request Administrative Tasks through ‘General Enquiry’ your information will be shared with our partner organisations in the following ways:
- You provide virtual assistant with consent to share the results of your conversation
- This information is then sent securely to the GP practice system and a return call or email will be placed
Data Security and Privacy
Click here to see our internal policy for Data Security.
Click here to see an assessment of our core product and its impact on privacy.