“Bluezone” is operated by Bluezone Health Ltd, registered in England and Wales (company number 09709264) with a registered office at 39 Berwyn Road, Richmond upon Thames, Surrey TW10 5BU (“we“, “our” or “us”).
When we refer to “personal data”, this covers any information from which you can be personally identifiable. This includes things like your name, email address, date of birth, address, phone numbers, online identifiers, device IDs and financial information. We also collect and use certain “special categories of personal data”, which are seen as being more sensitive and are therefore afforded greater protection (including data relating to your health). For the purposes of the General Data Protection Regulation (EU) 2016/679 or “GDPR” (and all other laws relating to the use of your personal data), we act as data controller in respect of any personal data that we process about you in connection with Bluezone, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons.
Your personal data
We take the protection and security of your personal data very seriously. You will be asked about your data collection/data sharing preferences at the point of registration and prior to your use of Bluezone. You can change these preferences at any time (as directed in the “Your Rights” section below). Please be aware that there are certain types of personal data which we will always require to enable the proper functioning of Bluezone.
Personal data that you provide
You may be required to provide us with the following types of personal data in connection with your registration with, or use of, Bluezone:
- Name, email address, address and telephone number;
- Date of birth;
- Username and password required to access Bluezone;
- Your financial information, including your bank or payment card details;
- Medical information and other “special categories of personal data” (which may include your racial or ethnic origin);
- You may be required to provide certain of the above information about your family members who are also signing up to Bluezone; and
- The name and contact details of your GP.
Please be aware that the medical advice that you receive is largely reliant on the information that you provide to us and to the Consultants. Please ensure that any data you provide to us or the Consultants is honest, accurate and up to date. Please tell us as soon as reasonably possible when any of your details or information changes. If you withhold any information this may affect the medical advice that you receive.
Personal data that we collect
We may collect the following types of personal data from you as a result of you using Bluezone:
- Records of your calls and messaging conversations with Consultants, which may include video footage, photographs and hard and soft copy medical records;
- Records of any other care, advice or treatment that you receive in connection with Bluezone;
- Information about you that we receive from third parties who we collaborate with in connection with Bluezone (including your GP and our third party service providers);
- If you contact us for any reason, we will keep a record of that correspondence; and
- We will use GPS technology (or other technology) to determine your current location. Some of our location enabled services require your personal data.
How we use your personal data
We may use your personal data to:
- fulfil our obligations to you (whether contractual otherwise) which primarily involves the provision of private immediate healthcare, as facilitated through Bluezone;
- send you service/transactional related emails about Bluezone
- ensure that Bluezone is delivered, and presented to you on your device, in the most efficient and effective way possible;
- effectively administer and operate Bluezone, including undertaking troubleshooting, testing, research and data analysis activities and undertaking business and product development;
- provide you with general communications (newsletters, emails etc) about health issues (subject to your consent);
- where we have received valid consent from you, assist us with delivering the most relevant advertising to you in respect of our own services and products which are similar to Bluezone, advertising our new products and services or those of selected third parties; and
- enable you to participate in interactive features of Bluezone.
Our legal grounds for using your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you for the provision of Bluezone
- Where we need to comply with a legal obligation.
- Where it is necessary for legitimate interests pursued by us and your interests and rights do not override those interests.
We may use your special categories of personal data on the basis that it is necessary for the purposes of providing the Bluezone service, which provides medical diagnosis and healthcare.
Disclosure of your personal data
We may disclose your personal data to the following third parties, in each case solely to the extent necessary and in line with our obligations under applicable data protection laws:
- Consultants and other third party medical specialists, pharmacists and healthcare providers who are involved with your medical advice and treatment, in order for you to receive private immediate healthcare through Bluezone;
- Service providers who assist with the operation, functioning and development of Bluezone, including our payment processing provider, web developer and our marketing agency;
- Your GP – it is a requirement of the UK General Medical Council that we share your data with your GP; and
- Selected third partieswho may contact you about relevant services that they feel may be of interest to you (subject to your consent).
We may also be required to disclose your personal data for the following purposes:
- If we are required to do so by law (including in connection with any safeguarding concern) or pursuant to a binding regulatory request (in such circumstances, such disclosure will at all times be solely to the extent required by law or the applicable regulatory request);
- To protect the rights of our customers or other parties, which may include exchanging information with third party companies for the purpose of fraud prevention or credit risk reduction.
Security and retention of personal data
We have adopted strict security processes, in accordance with good industry practice, to prevent the unauthorised access to, or disclosure of, your personal data. Notwithstanding our implementation of these policies, please note that we cannot guarantee the security of any data that you send to us via the internet.
We will not transfer your data outside of the European Economic Area unless we have your explicit consent to do so (or we have another legal justification for doing so) and where we have ensured that all adequate protections are in place in respect of the processing of such data outside of the EEA. Where relevant, you will have the right to see a copy of any safeguards we put in place. Please contact us if you would like to find out more.
We will retain your personal data on our systems only for as long as is strictly necessary for the purposes for which such data was originally collected (or for such longer period as may be required by law).
You are entitled, in certain situations, to:
- access a copy of your personal data that we hold about you;
- correct or update your personal data (other than your medical records, which only Consultants (or other healthcare providers) may amend);
- erase your personal data;
- object to the processing of your personal data where we are relying on a legitimate interest;
- restrict the processing of your personal data;
- request the transfer of your personal data to a third party; or
- where you have provided your consent to certain of our processing activities, in certain circumstances, you may withdraw your consent at any time (but please note that we may continue to process such personal data if we have legitimate legal grounds for doing so).
If you want to exercise any of these rights, please contact us. You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex). We may also need you to confirm your identity before we proceed with your request if it is not clear to us who is making the request.
In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your personal data.
Opting out of marketing
You may unsubscribe to any of your marketing/data sharing preferences at any time through the app, by contacting us using the email address set out below, or by using the opt-out function detailed in the relevant marketing email.
Last updated May 2018