Who are we?
We provide a medical reports management platform that makes it easier for organisations that require medical reports to manage this process and for medical professionals to access and process medical reports.
This policy and any other documents referred to in it sets out the basis on how MyLiveMedical will process any information we collect from you or you provide to us, as a person being medically assessed, client organisation or medical services provider. Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of the General Data Protection Regulation (GDPR) the data controller in any given situation is our client company and MyLIveMedical is a data processor on their behalf.
Our nominated representatives for the purpose of GDPR: Adrian O’Farrell – firstname.lastname@example.org.
What information do we collect about you?
We are committed to protecting and respecting your privacy.
We use your information for the speedy arrangement and processing of medical reports so that the organisation commissioning the report on your behalf can deal with it as fast as possible.
We do not require you to provide us with personal information directly. If you are being sent for a medical through the MyLiveMedical system, the medical professional will ask for your consent to collect data and for what purpose and to be shared with whom. When you give your consent to this, the medical professional will collect the relevant personal and health data. They will then send this data to MyLiveMedical for onward transmission to our client organisation. When they send this data through the MyLiveMedical system, the data is encrypted so that MyLiveMedical staff do not have sight of this data or the ability to process it.
Therefore, the only personal information about you that MyLiveMedical maintains are the personal details that you have shared with our client organisation. They disclose to us the relevant personal and health details that you have shared with them in order that we can facilitate the arranging of your medical appointment for the purpose you have agreed with our client organisation.
Where data is submitted, it will be used for the stated purposes only.
This starts with making sure that you get meaningful choices about how and why data is collected and used and ensuring that you have the information you need to make the choices that are right for you. You will be asked to consent to your data being collected for the purposes stated.
If you do not agree with or you are not comfortable with any aspect of the Privacy Statement, you can discontinue use of our website.
As a client, you may provide us with the personal details of the person to be sent for a medical appointment as outlined above. You may also provide us with your company bank details in order to facilitate payments.
As a medical professional, you will provide us your address and contact details plus details of your qualifications and specialisations (in order that we can fairly represent the type and quality of the work you do and accurately match you to medical report requests). You will also transmit the completed medical reports to us. These will be encrypted and stored on our platform for a period commensurate with our client’s wishes and our legal obligations, bearing in mind the requirement not to keep the data any longer than we need to. You may also provide us with your company bank details in order to facilitate payments.
With regard to each of your visits to our website we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
The security of your personal data is very important to us. All information you provide to us is stored on secure servers using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We take all reasonable and appropriate measures to guard against accidental, unauthorised or unlawful loss, access, disclosure, alteration, or destruction of your Personal Information, taking into account the risks involved in the processing and the nature of the personal information. We use the highest industry-standard security measures to protect the integrity and confidentiality of any personal data we own or process on behalf of our customers and visitors, including, in appropriate circumstances, the use of firewalls, restricted access and encrypted transmissions. We limit access to personal data to those persons in our organisation who have a business need to process such personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We use a managed service datacentre that is compliant with HIPAA, the Health Insurance Portability and Accountability Act. This sets the standard for protecting sensitive patient data. This dictates standards that ensures that any company that deals with protected health information (PHI) puts in place and follows the required physical, network, and process security measures.
Our website may, from time to time, contain links to and from the websites of our client organisations and medical practitioners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. MyLIveMedical will not retain your Personal Data longer than is necessary for the purposes for which it is collected.
What information do we receive from other sources?
We may receive information about you as follows:
- If you make a claim for personal injury against one of our client organisations. In order to arrange your medical review appointment, this data may be shared with the medical professional who will carry out your medical review.
- Your personal health data arising from a medical report conducted through our website. As noted above, however, this data will be encrypted and not visible to or processed by MyLiveMedical staff.
Why do we use this information?
We collect and process the information in order to provide our client companies and the medical professionals on our panel with our services.
We will use this information:
- When you (or your solicitor, on your behalf) gives your personal and health information to our client company (e.g. an insurance company) in pursuit of a claim against them, they have the right to disclose this information to MyLiveMedical Limited in order to facilitate the arranging of a medical review appointment with a medical professional on our platform.
- To pre-populate some data fields for the medical professional when they come to complete your medical report on our platform
- To carry out our obligations arising from any contracts entered into between our clients and us.
- To notify you about the status of your appointment and send you reminder emails and SMS messages so that you don’t forget about your appointment.
The legal basis for the processing of your data are:
- Processing necessary for the validation of your claim and the extent of your claim.
- Processing necessary for compliance with a legal obligation to which we are subject.
- Processing necessary for the purposes of the legitimate interests in running our business effectively, which we pursue where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.
- You may also give us your consent to certain processing activity.
Disclosure of Your Information
We may share your personal data with any member of MyLIveMedical Limited. We may also share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If MyLIveMedical Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- For our legitimate business interests in running our business effectively e.g. using cloud computing providers / shredding / archiving.
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
How long do we keep hold of your information?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
Do we transfer your information outside the European Union or European Economic Area?
No. Our datacentres are located in Ireland so your data does not leave Ireland.
What are your rights with respect to your personal data?
You have the following rights:
- The right to access the information we hold about you.
- The right to require us to rectify any inaccurate information about you without undue delay.
- The right to have us erase any information we hold about you in circumstances, such as, where it is no longer necessary for us to hold the information for your use of our services or if you have withdrawn your consent to the processing.
- The right to object to us processing information about you, such as, processing for profiling or direct marketing.
- The right to ask us to provide your information to you in a portable format or where technically feasible, for us to port that information to another provider, provided it does not result in a disclosure of information relating to other people.
- The right to request a restriction of the processing of your information.
Where our processing of your information is based on your consent to that processing, you have the right to withdraw that consent at any time, but any processing that we have carried out before you withdrew your consent remains lawful.
You may avail of each of the above rights. If you wish to avail of these rights, a request must be submitted in writing to: MyLiveMedical, Privacy Officer or email email@example.com. In order to protect your privacy, you may be asked to provide suitable proof of identification before we can process your request.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise this right at any time by contacting us at firstname.lastname@example.org.
You may lodge a complaint with your local Supervisory Authority with respect to our processing of your information. The local Supervisory Authority in Ireland is the Data Protection Commissioner. The Data Protection Commissioner’s website is www.dataprotection.ie
When you become our customer the processing of your information, and/or that of your team who you nominate to liaise with us, will become a condition of the contract between us as we require certain information in order to be able to provide you with our services (e.g. Contact information). In those circumstances, if you do not wish MyLIveMedical to process your information we may be unable to provide our services to you.
How can you contact us?