PLEASE READ THIS POLICY CAREFULLY BEFORE USING getUBetter SERVICES
You must be 18 years or older to use our Services.
Protecting your data, privacy and personal information is very important to getUBetter (“us”, “our”, “we” or “getUBetter”). It is vitally important to us that our customers feel secure when using our “Services”, as further described in this policy.
Summary
This privacy policy, collectively with our terms and conditions in the provision of our Services (as defined below), sets out our responsibility and commitment to protecting the privacy and confidentiality of your personal data. In particular, this policy details the basis on which any personal data we collect from you, or that you provide to us, will be processed by getUBetter when you:
(together, the “Services”);
Please read this privacy policy carefully to understand the types of information we collect from you, how we use that information, the circumstances under which we will share it with third parties, and your rights in relation to the personal data you provide to us. It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
This privacy policy is provided in a layered format so you can click through to the specific areas below:
About Us
The data we collect about you
Processing of sensitive personal data
How is your personal data collected?
How we use your information and justification of use
Marketing
Where we store your personal information
Disclosure of your information
How long we retain your personal data
Your rights
Change to our privacy policy
Cookies
Contact
About Us
We're Get U Better Limited, a company registered in England and Wales (company number 08330528). Our office is The Old Dairy, Ashton Hill Farm Weston Road, Failand, Bristol, England, BS8 3US , UK. Our VAT number is 191176892. We are responsible for operating this Website and our associated Services, including the processing of your personal data.
When contacting us we strongly recommend you don't email us confidential or personal information (unless otherwise requested by us, for example, where you’re exercising one of your data subject rights and we need to verify your identity).
What we do
Our Website, Apps, WebApp and the Services available through these methods are provided by us, and we partner with NHS Trusts and other healthcare providers to provide you with access to other services in your area. To inform you about the services in your area, our Services also contain information provided by third parties. For example, through our Services, you will be able to request treatments with NHS service providers or other local service providers, and we will refer your details to that service provider in accordance with, and as described in, this privacy policy.
You can choose for us to introduce you to any of these services, or there may be links to such third-party websites, application or plug-ins through our Services. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. When you leave our Website, WebApp or our App, we encourage you to read the privacy policy of every other website you visit.
We also partner with other third-party partners (as further described in the ‘How is your personal data collected?’ section). In this case, the third party will be responsible for providing you with their services. We just provide the technology and infrastructure behind the services to enable that third party to provide their own services to you. Your third party will have their own privacy policies which will explain how they use your data. We do not accept any responsibility or liability for their policies or the processing of your information. We are the processor of the personal data we require from you to create you an account to access the third party’s services, as further described below.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We explain the different types of personal data we collect, use, store and transfer about you which we have grouped together as follows:
Processing of sensitive personal data
The nature of the App means that, where necessary to act in your best interests, we need to be able to process certain sensitive data about your symptoms and health concerns. Due to its sensitivity, health data has the protected status of “special category data” under data protection law and we are subject to additional compliance obligations to ensure such data is adequately protected. Some of the data you provide to us (including details of your symptoms) will constitute special category data. We explain how we use this data in the below table.
We also collect anonymised aggregated data about how you use our Services. This data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, when lawfully permitted to do so we may aggregate technical data collected from you to calculate the percentage of users accessing a specific feature on our App, or we may create anonymous, aggregated reports such as statistics, ratings, analysis, and reviews that we may provide for research purpose. Your feedback and use of our Services helps improve recovery for you, others and future generations.
How is your personal data collected?
We collect and process the following data about you:
You will be asked to provide us with your information when you:
We automatically collect technical data about your equipment, browsing actions and patterns and usage data about how you use our Apps or WebApp, as further described in the How we use your information and justification of use section below.
Please see the How we use your information and justification of use section below for further information.
Please note that our Partner(s) will have their own privacy policies which explain how they collect, use, store and process your personal data on their app and through their services. We are not responsible for their privacy statements and we encourage you to read their privacy policies.
Our Partners will change from time to time. However, as at the date of this privacy policy (set out above), our Partners are:
Other than Partners identified above, we do not receive information from other sources.
How we use your information and justification of use.
We have data protection compliance procedures in place to oversee the effective and secure processing of your processing and we will only use your personal data where the law allows us to. Use of personal information under applicable data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information, and most commonly, we will use your personal data in the following circumstances:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose / activity |
Type of Personal Data |
Lawful basis for processing |
WebApp / App |
||
To provide you with access to our App or WebApp to use our Services and create an account for you |
Registration Data |
Necessary for our legitimate interests (so we can identify you when you access our Services) |
To provide you with our Services on the App and WebApp |
Identity Data Registration Data Recovery Data |
Performance of a contract with you We also rely on your explicit consent to process your health data for this purpose |
As part of our Services, to obtain your NHS Number and link your Recovery Data to your NHS Number so that your medical records are updated to inform your clinician if you have registered to use the App. |
Identity Data Registration Data NHS Number |
Performance of a contract with you We also rely on your explicit consent to process your health data for this purpose |
To support your recovery by sending emails with updates |
Identity Data Registration Data |
Necessary for our legitimate interests (so we can ensure you are making the most of the Services and using them in a way that provides you with support) |
To connect and refer you to your healthcare providers (including doctors, GP surgeries, hospitals, healthcare providers) (our clients) and local services of your choice on the App or WebApp |
Identity Data Registration Data
|
Performance of a contract with you We also rely on your explicit consent to process your health data for this purpose |
To contact you where they have difficulty using the App or WebApp |
Email address Recovery Data |
Performance of a contract with you We also rely on your explicit consent to process your health data for this purpose |
To notify you about changes to our Services |
Identity Data Registration Data |
Performance of a contract with you |
Create electronic versions of documents for you to provide to your practitioner |
Identity Data Registration Data Recovery Data |
Performance of a contract with you We also rely on your explicit consent to process your health data for this purpose |
To remember you so that you don’t have to re-enter your details each time you log in |
Identity Data Registration Data |
Necessary for our legitimate interests (to ensure we provide you easy access and a great level of service) |
For our internal operations, including, data analysis and data statistics |
Identity Data Registration Data Technical Data Usage Data |
Necessary for our legitimate interests (to administer and improve our Services) |
For evaluation of our Services we share with our NHS partners (NECS) identifiable data that they then anonymise to enable aggregated data to track and improve our Services |
Identity Data Registration Data Recovery Data Usage Data |
Necessary for our legitimate interests (to administer and improve our Services) |
Clinical portal |
||
To enable you to access our clinical portal. |
Unique username and password |
Necessary for our legitimate interests (to ensure we can monitor who is accessing our clinical portal for security and business management purposes) |
Our Partners Apps |
||
To register you as a user of our Partner’s app and services and create you an account to access such services |
Email address (provided to us by our Partner) Registration Data (provided to us by you when we create an account for you to access the Partner’s services) |
Necessary for our legitimate interests (to perform our obligations under our contract with the relevant Partner and to ensure you are able to access and benefit from the use of their app and services) |
Website, App and our WebApp |
||
To use data analytics to improve, test and update our Services, Website, App and WebApp, marketing, customer relationships and to monitor its performance and effectiveness |
Technical Data Usage Data |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To administer and protect our business, Website, App and WebApp (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
Identity Data Registration Technical Data |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation |
Develop and test new products, services and features |
Technical Data Usage Data |
Necessary for our legitimate interests (to improve our Services) |
For you to participate in clinical research |
Identity Data Registration Data Recovery Data |
Consent We also rely on your explicit consent to process your health data for this purpose |
Improve user experience and the quality of the content available. |
Technical Data |
Necessary for our legitimate interests (to define types of customers for our Services, keep our Website, App and Webapp relevant, to develop our business and inform our marketing strategy) |
To make suggestions and recommendations to you about services that may be of interest to you |
Usage Data Technical Data |
Necessary for our legitimate interests (to develop our Services and grow our business) |
To help us identify and fix defects or errors in our systems |
Usage Data Technical Data |
Necessary for our legitimate interests (to ensure our Services and systems are running as they should) |
To give you reminders, emails or alerts |
Identity Data Registration Data |
Consent |
We will not sell your personal data (or any other data you provide us with) to third parties, however, we reserve the right to share any data, which has been anonymised and/or aggregated. You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymised data collected or created by us.
Marketing
We may use information for marketing products and services to you in the following ways:
Types of marketing activity:
We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us at any time using the details set out at the end of this privacy policy.
Where we store your personal information
The personal data that we collect from you (including email addresses that form part of our prospective marketing database) are processed only in the UK and stored at a UK data centre. Sensitive information between our “Apps” or “Webapp” and our server is transferred in encrypted form using Secure Socket Layer (“SSL”). In the unlikely event where we need to send your data outside the UK, we will ensure that any such transfers are only undertaken following an assessment of the level of protection afforded in the receiving country or jurisdiction, and will put in place the international data transfer agreement (“IDTA”) and UK addendum to the new EU Standard Contractual Clauses (“UK Addendum”) to ensure that your data is protected with the appropriate technical and organisational controls.
Your passwords and data for our Apps, WebApp, Website and our Partners’ apps are stored on getUBetter servers in encrypted form. We do not disclose your account details to any third party. It is your responsibility to keep your password secure. When transmitting sensitive information, you should always make sure that your browser can validate the getUBetter certificate. Unfortunately, the transmission of information via the internet is not completely secure. Although getUBetter will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
Disclosure of your information
We may also disclose your personal information to the following third parties for the purposes specified in the above table:
How long we retain your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, what we may have agreed with our partners, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Please get in touch using the details set out below if you require further information about our retention periods.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods reflect the NHS Records Management Code of Practice for Health and Social Care 2016 and also based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.
Your rights
Under data protection legislation, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at contact@getUBetter.com.
You have the following rights in relation to your personal data:
getUBetter will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or clearly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data mean we will notify your Health Care Provider of your request. Your Health Care Provider Organisation has the legal responsibility to maintain a record of care provided so, ultimately, has the authority to respond to your request. On receipt of your request getUbetter will acknowledge the request and keep you informed of the Health Care Provider instruction. With authority to stop processing your data, getUBetter anonymise all identifiable data whilst retain storage of the anonymised data on a secure cloud-based data servers and use for aggregate data analysis. Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use getUBetter Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services. We will notify you if this is the case at the time.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
Where you request getUBetter to rectify or erase your personal data or restrict any processing of such personal data, getUBetter may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right, for example doctors, GP Surgeries, Healthcare professionals, local health related services or Hospitals.
Automated decision-making
Automated decision-making takes place when an electronic system uses your personal information to make a decision without human intervention.
If we make an automated decision on you (and using your health data), we will obtain your explicit written consent and we will put measures in place to safeguard your rights. Automated decision-making is used on our App and WebApp to ensure we generate appropriate responses to any Recovery Data you submit (for example, if it appears that your symptoms have got worse, we may recommend that you contact your GP).
Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App or our Partner’s app (as applicable). We therefore encourage you to review it from time to time to stay informed of how we are processing your information.
Cookies
A cookie is a small file of letters and numbers that we or third parties may store on your browser or device. We use them to identify and distinguish you from other users of our services, which helps to provide you with a better experience.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see www.getUBetter.com
Contact
We are committed to continually developing and promoting our compliance with the UK GDPR and data protection standards. You are welcome to contact us at contact@getUBetter.com if you have any questions, comments and requests regarding this privacy policy. For the purpose of the relevant data protection legislation, our data protection officer is Carey McClellan.