Any reference to “skindoc.”, “SkindocUK™”, “our”, “us”, and “Company” are references to SKINDOCUK LTD, a limited company registered in England and Wales (company number 12639692), the registered address being 85 Great Portland Street, First Floor, London, W1W 7LT. SKINDOCUK LTD own and manage this/these website(s) and the skindoc platform (“platform”) and/or its services.

 

Privacy Policy for SKINDOCUK LTD

Address: 85 Great Portland Street, First Floor, London, W1W 7LT

Main Contact Telephone Number: 020 7871 0074

Main email Address: [email protected]

 

We value your privacy

At skindoc, accessible from https://www.skindoc.uk, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by skindoc and how we use it.

This Privacy Policy applies to everyone who uses skindoc, whether you:

  • are paying for skindoc services yourself
  • are receiving skindoc services because they are part of the NHS services offered by your GP
  • are receiving skindoc services as a benefit through a third-party
  • are using the skindoc service to access the services of a third-party provider

If you have additional questions or require more information about our Privacy Policy, please do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in skindoc. This policy is not applicable to any information collected offline or via channels other than this website.

Personal information is any information that can be used to identify a living person.

 

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms. A separate consent form is required for any services and/or treatment suggested purchased through our website.

 

Information we collect

When you register for an account, we may ask for your contact information, including items such as name, title, date of birth, gender, address, email address, telephone number, username and password. We may also request details of your registered GP (so clinical correspondence can be entered into your main medical records) and your NHS number (if referred to us from or via your GP). You have the right to choose not to share information with your GP but it is strongly advised to maintain best care practices.

Any personal information that you are asked to provide after registration, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. As such, we may also collect and use the following additional personal information:

  • Information about your health and social circumstances. This includes:
  • Information you provide as part of using our services
    • Information provided during your online appointments
    • Notes and reports relevant to your health, including any information you have told us about your health.
    • Details of your treatment and care, including any diagnosis, medical advice, comments and care plan from your doctor and other staff who have cared for you.
    • Results of investigations, such as laboratory tests and biopsies.
    • Relevant information from health and social care professionals, relatives or those who care for you.
    • Information about your ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data where this is relevant to your care or is information that you have provided to us as part of your care.
  • Information about your next of kin and carers (this includes their contact details, relevant medical history if required and emergency contact information).
  • Communications with or about you (this includes referrals and prescriptions)
  • Information about your use of the skindoc website. This includes:
    • Whether you are using a computer, mobile phone or tablet to access our services.
    • Your mobile operating system, the type of mobile internet browsers you use and data about the way you use our app and/or website.
    • Information that identifies the computer, mobile phone or tablet that you use to access our service (this includes your IP address, any unique device identifiers placed by us or our service providers, the unique identifier assigned by skindoc to your computer, mobile phone or tablet.)
  • Information about your visit (this includes full uniform resource locators (URL); clickstream to, through and from the skindoc website (including date and time); services you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks and mouse-overs); methods used to browse away from the page.)
  • Consultation length, how often you visit the website and any phone number used to call our customer services.
  • Information stored on your mobile phone, tablet or computer that you choose to share with your doctor during your appointment.
  • If you provide us with feedback, we will use information from feedback information and survey responses from you (this may include demographic information, such as where you live, if you choose to provide it.  It may also include your opinions about our services.  We anonymise this information before we use it to improve our services.)
  • If you pay for skindoc services yourself we will collect payment and financial information but not store your full account details (this includes your purchases and orders, the charges you have incurred, payments you have made, your payment card details, any credit reference checks and any information from debt collection agencies.) Once a payment has been made the only data available to skindoc. is those stored digitally and made available by our business bank account, currently provided by Starling Bank.
  • Your marketing preferences.
  • If you receive skindoc services as a benefit through a third-party.
  • Information about your third-party service provider, the skindoc benefits you are entitled to and your work contact details.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

 

How we use your information

Most of the personal information we process is provided to us directly by you. We use this information and any other we collect in various ways, including to:

  • Diagnose and manage disease and health complaints
  • Provide, operate, and maintain our website
  • Improve, personalise, and expand our website
  • Understand and analyse how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

We will not use your images for research and/or education purposes unless explicit consent has been sought from you.

 

Who we share your personal information with

To provide you with skindoc services we need to share your personal information with skindoc Practioners and the relevant Dermatology team.

skindoc Practioners work as self-employed individuals.  This is very similar to the way that Doctors work in other independent clinics in partnership with the NHS, across the country.

skindoc Practioners are responsible for maintaining the privacy of your personal information. All skindoc Practioners have to demonstrate they have completed NHS training in personal information handling before they can start consulting with you.

We employ a clinical team, who are part of skindoc. They may need to access your personal information so that we can provide you with services, for example if you have a query or concern about your consultation or treatment. Only those employees of skindoc who need access to information in order to do their jobs are permitted access.

We also need to share information with partner organisations that help administer skindoc accounts. For example:

  • Our IT suppliers, including suppliers of data storage services
  • Contractors who provide additional telephone services
  • Suppliers of web hosting services
  • Organisations that we use to obtain feedback from patients who have agreed to do this

We have vetted these organisations to ensure that they will deal with your personal information responsibly. We do not allow these partner organisations to use your personal information for their own purposes.  We only permit them to use your personal information in accordance with our instructions.

We may also share information with our partner organisations who provide data analysis services, to help improve our services.  This does not include information about your health.

Sometimes we need to share information with regulators like the Care Quality Commission, the General Medical Council, NHS Digital, the Information Commissioner’s Office and the Health Service Ombudsman. With your agreement, information can be shared with relatives, partners or friends who act as a carer for you.  We will only share information once the person you have asked us to share the information with has provided us with proof of their identity.  We may share information with anyone you have given as an emergency contact, for example your next of kin.  You can find out more by contacting us.

We may also share information with anyone else that you authorise us to e.g. your employer or (if you are not an NHS patient) your insurer.

If you are receiving skindoc services through your third-party service provider we will not share personal data with them. skindoc will only share information on the number of appointments used and anonymised data on high level diagnoses. Where data is anonymised, all direct identifiers are removed and skindoc will only share this information when a certain number of employees have used the service. Please note as well that skindoc will not discuss individual cases with employers, insurers or other third parties.  This is the case even if you are receiving skindoc services as a benefit through a third-party.

There are some other rare occasions where we may share your data with other organisations.

  • We may share information with the police, fire, ambulance and rescue services if:
    • There is an immediate risk of harm to you or other people
    • There is a legal requirement to do so e.g. where an offence has been committed or the police have obtained a court order requiring us to provide information
  • We may share information with bodies with public health responsibilities such as local councils and Public Health England to control infectious diseases such as meningitis, tuberculosis (TB) or measles and manage public health incidents.
  • We may share information with our professional advisors, including lawyers and accountants, if this is necessary to take and receive professional advice (including legal advice), or to bring or defend a legal claim or threatened claim.
  • We may share information with our insurers and the insurers of other organisations (including NHS Resolution) where this is necessary to investigate insurance cover and to handle a claim or threatened claim.
  • We may share information with individuals or organisations if we are legally required to, for example if this is specified in a warrant or court order. 
  • Where we, or substantially all of our assets, are merged or acquired by a third-party, in which case this information may form part of the transferred or merged assets
  • The other organisations that we share information with depend on whether you are paying for skindoc services or not.

If you receive skindoc services through your NHS GP, then we may share your personal information with other organisations that help provide NHS or social care. These organisations include:

  • Your GP practice, for example so that they have a record of your on-line appointment.  If you would like to know more about what your GP practice does with the information we share with them you should look at your GP practice’s patient Privacy Policy.  This is normally available on your GP practice’s website.
  • NHS hospitals
  • Organisations that help deliver services outside of hospital
  • Private sector organisations that deliver healthcare such as private hospitals, dentists, opticians and pharmacists
  • Out-of-hours providers e.g. organisations providing out of hours GP services
  • Voluntary sector organisations that deliver healthcare such as charities
  • Local councils if social workers are part of your care team, education services, children’s services, housing or benefit offices
  • Organisations that provide diagnostic tests
  • Organisations that provide ambulance or patient transport services such as NHS Ambulance Trusts
  • Other organisations involved in the delivery of NHS care, social care or the protection of public health, like Public Health England which oversees cancer screening programmes

If you receive skindoc services through your NHS GP and you have agreed to receive information about our services and offers, we may share your information with marketing organisations. For example we may share you contact information with companies that we use to send marketing emails.  Although we will not share information about your health with these organisations, it may be possible for them to infer this information due to the content of the marketing email.  For example, if we are sending you information about how we can help you manage your eczema, our partners will be able to infer that you have this condition. You can opt out of all communications by contacting us and requesting we remove you our marketing lists.

If you pay for skindoc services yourself we will share the record of your on-line consultation with your NHS GP unless you ask us not to. Your preference can be changed in the Profile where you simply need to remove your GPs information.  We will not share your information with any other providers of NHS care.

Our IT suppliers will also include our IT service provider, who ensures your medical records are stored securely.

We may share your information with credit reference agencies to help us check your identity.

If you have agreed to receive information about our services and offers, we may share your information with marketing organisations.

If you receive skindoc services as a benefit through a third-party we will share the record of your on-line consultation with your NHS GP unless you ask us not to. Your preference can be changed in the Profile area where you simply need to remove your GPs information. We will not share your information with any other providers of NHS care.

Our website includes some social media features, such as links to Facebook, Instagram, Twitter and LinkedIn. You can use these features to share information about your use of skindoc through social media.  The relevant social media site(s) control how these features work.  If you want to find out more about this you should read the Privacy Policy of the relevant social media site.

 

How we store your information

Your information is stored on a super secure cloud server run by Digital Ocean who encrypt and store all personal data on their secure servers using the latest technologies which are protected by several layers of security.

We do not store any of your personal health data on your mobile device or within your web browser storage permanently.  We may collect some personal data and store it temporarily on your mobile device or within your web browser storage (e.g. your post-code during the registration process) but this data is not kept on your device after the process for which it is being used has ended.

When using the skindoc website, all your personal data is transmitted through the internet using Secure Socket Layers (SSL) technology. SSL is an industry standard technology designed to prevent any third-party from capturing and viewing your personal data while in transit.

You are required to go through a two-step identity verification process to create your account. Access to your account is protected with a password that you create. You are responsible for keeping this password confidential.  We strongly recommend that you do not disclose your password to anyone else and skindoc will never ask you for your password in any unsolicited communication (including unsolicited correspondence such as letters, phone calls, emails or text messages). You will only ever be able to reset your password using a two-step identity verification process.

We urge all patients to allow us to send their patient records to their General Practitioner (GP). Although current practice is to store your medical information for you indefinitely, we may only keep it for eight years (minimum) as per national record management code of practice. We however do not send your photographs and videos to the GP, primarily so to not overload their Electronic Medical Record System.

After a minimum of eight years, if we decide to dispose of your information we will do so by permanent digital erasure. Please note, if permission has been granted for clinical information to be sent to your GP then the NHS data storage guidance should be consulted here. The NHS is capable of storing your records for considerably longer than us and should be your primary hub for all health-related documentation and records.

For more information on how we keep your data secure, please contact us.

 

ID Verification

We need to verify your identity before you can receive care via skindoc. This helps protect the integrity of your clinical records and ensures that nobody else can use your account.

If you register for a self-paying account or are invited to join by a family member, we will need you to provide some additional information before you start booking appointments. NHS patients referred into skindoc will have already had their ID verified by their GP and will not need to re-verify their ID.

We work closely with the Care Quality Commission, who independently regulate all healthcare providers in the UK. Our identity verification process reflects their recommendations and help us ensure that our service is safe, secure, and effective.

To verify your identity, or the identity of a family member, we ask you to submit relevant identity documentation (ID). We accept valid passports, driving licenses, national identity card for adults and more. Please review our Terms & Conditions for a more comprehensive list of accepted documents.

For children beneath 18 years old or cared-for individuals you will need to provide either their birth certificate, passport or an order of guardianship/confirmation of parental/carer responsibility.

It is easy to upload your identity documents so we can complete the verification process. As a registered patient, you can view your account status from the Account section. During the verification process, we will prompt you to upload the necessary documents.

 

Payment

If you are paying for skindoc services yourself or receiving them as a benefit through a third-party we may also use your personal information to:

  • carry out credit checks to check your identity
  • In order to process your application, we carry out a ‘soft credit check’ to confirm your identity with one or more credit reference agencies (“CRAs”). We provide your details to a CRA, which uses information it holds and publicly available information to check those details are correct.   The CRA lets us know the result of the check.  Only you can see the check on your credit report.  The check will have no impact on your credit score or any future credit applications you may make. It doesn’t matter how many soft checks there are on your credit report.

We will use this information to:

  • Verify the accuracy of the data you have provided to us
  • Prevent criminal activity and fraud

If you would like more information on the list of following topics this can be found in the Credit Reference Agency Information Notice:

  • the identities of the CRAs
  • their role also as fraud prevention agencies
  • the data they hold
  • the ways in which they use and share personal information
  • data retention periods
  • your data protection rights with the CRAs

If you are paying for skindoc services yourself we will also use your information to obtain payment from you for our services. If you are receiving skindoc services as a benefit through a third-party we may also use your personal information to check that you are entitled to this benefit.

 

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data or log in to your medical file and extract any personal data we hold about you. If the information is not visible to you, you can contact our administrative team who can search our digital archive which is not accessible via your portal. Please note, to do this you will need to make a ‘subject access request’ under the General Data Protection Regulation (GDPR).
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete. You do not however have the right to stipulate the content of your records.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions. You can read more about this here. Please note that according to data protection legislation your medical records, both private and NHS, are not considered your property thus cannot be erased upon request. You are also not entitled to take possession of the originals. You do however have a right to view the original records and obtain copies of them.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

 

Lawful basis for data processing

All data must be processed under a 'lawful basis'. The GPDR sets out a number of lawful bases for processing and there is detailed guidance on the ICO's website.

Under data protection laws, each purpose for which we use your personal information must comply with one of the conditions for processing. Under the GDPR there is some personal information that is so sensitive that it also gets extra protection.  This special data is any personal information about someone’s:

  • health (including mental health);
  • sex life;
  • sexual orientation;
  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs
  • trade union membership
  • genetic and biometric data if that information is used to identify an individual.

When we are using personal information we must therefore meet one of the conditions set out in Article 6 of the General Data Protection Regulation (GDPR). Two specific provisions are relevant to skindoc:

  1. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract. Article 6(1)(b).
  2. Independent practitioners (i.e. skindoc) may be able to rely on this as the lawful basis for data processing. NHS practitioners are not considered to have a contractual arrangement with patients and cannot use this condition as the legal basis for processing.

NHS practitioners (i.e. when skindoc Practioners are providing care to referred by an NHS body) can use:

  1. Article 6(1)(e). Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  2. Article 9(2)(h). As health data and social care data is 'special category data' we must also establish a condition from article 9 for lawful processing.
  3. Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of UK law or a contract with a health professional.

There are extra rules that apply to information about criminal allegations and convictions.  We do not use this type of information very often, for example you might tell us about a drug-related conviction or time in prison.  Our use complies with Article 10 of the GDPR because it meets the condition set out in the Data Protection Act 2018, Schedule 1, Part 1, paragraph 2 (health or social care purposes). 

 

Log Files

skindoc follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

 

Cybersecurity

The system we built to process and protect your personal information was done so with privacy and security as the primary feature. We ensure that these systems and the cybersecurity that protect them are robust and tested regularly. We keep all systems up to date to prohibit cyberattacks and unauthorised access to your data.

 

Cookies and Web Beacons

Like any other website, skindoc uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.

For more general information on cookies, please read "What Are Cookies".

Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on skindoc, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that skindoc has no access to or control over these cookies that are used by third-party advertisers.

 

Advertising Partners Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of skindoc:

  • skindoc has no advertising partners.

Third-Party Privacy Policies

skindoc’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

 

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

 

How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

 

Updating this policy

We may update this notice from time to time.  If we plan to update the policy we will let you know through the skindoc website.  When you log on to your account we will also let you know if the notice has been updated since you last accessed skindoc services.  You should stop using our website if you do not agree to any changes.

 

Our Privacy Policy was created with the help of the Privacy Policy Generator and the Online Privacy Policy Generator.