Who we are?
MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by UK National Health Service specialists in diabetes and healthcare management, responsible for the MyWay Diabetes (MWD) service. We process data on behalf of the Data Controller in your region.
What data do we collect?
We collect demographic and medical data relating to your diabetes , eg: name; address; contact details; IP address; date of birth; height; weight; clinic/hospital/health centre, type of diabetes; blood pressure; laboratory test results; smoking status; eye and foot screening info; personal goals (e.g. weight loss, etc); appointment data; and medication. We store any data input by you (eg: blood glucose readings). In addition, general auditable information and bug reporting data are also collected to help improve the service we offer. We only collect the minimum amount of data required to support your diabetes self-management and for the service to operate effectively unless you have provided your consent for optional improved site functionality.
How do we collect your data?
We collect data and process data when you register online for any of our products or services and use or view our website via your browser's cookies. We collect data from health systems, and the systems your clinic/hospital/healthcare centre uses, relating to your diabetes. We track your progress through educational resources, available on our website. Data may also be collected via a customer survey or from feedback. And we may also monitor how you use the site.
MWDH Ltd may also receive your data indirectly from core healthcare systems as well as third-party systems (e.g. blood glucose data from your monitor or tracker)
Any data you input directly into the website or app will contribute to the care record you can access on your device. Please note, this data is not currently shared with your healthcare team and you should not assume your healthcare team will be aware of any data inputs input manual or via a home device upload (such as glucose data or fitbit data).
How will we use or share your data?
The MWD service focusses on holistic diabetes management. We collect data in order to manage your account, giving you: secure access to your medical records; access to tailored education resources; and in some cases, the ability to upload results. Visitors to the public site (who have not logged in), have data stored on the system, however, we do log the IP address of everyone who visits the site.
The website, and/or App, does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.
We collect and process information about you only where we have a legal basis for doing so under applicable laws and international best practice. The legal basis depends on the services you use and how you use them. This means we collect and share information for the following purposes:
• to provide the services and to protect the safety & security of the services. For example, we send some data you provide to Healthcare systems as part of your health record or verification step when first registering. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.
• if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
• for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
• to protect your vital interests or to protect the public interest. For example, we share your data with healthcare professionals and feedback into local healthcare teams (eg: to improve structured education) and anonymised data may be used for regional and national quality reporting.
The service does not involve any automated decision making (eg: profiling) however it will tailor lifestyle and education recommendations, based on your data profile (eg: type of diabetes, medications). We intend to expand on clinical decision support functionality in the near future and will update this policy accordingly.
How do we store data?
We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable cloud-hosting provider. Our current provider, partners closely with MWDH in ensuring we comply with the Kingdom of Saudi Arabia’s privacy and data protection laws. Your clinical data will be stored within country in Saudi Arabia as per local requirements. With permission of the commissioning organisation/ data controller, some minor information (not clinical data) relating to education course use may be stored in a regional Middle East server environment, but only where there is no suitable hosting environment in Saudi Arabia. Our authentication service uses Microsoft Azure technology hosted in Europe. By signing up for this service, your email address will be stored on Microsoft's European servers. All other data is stored within KSA.
MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.
Data storage is on your local device unless you manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.
We will retain data for as long as the service, in your area, is contracted. Upon contract termination, all data will be securely and completely destroyed. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.
MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority . If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for the management of security incidents and breach monitoring are in place.
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to:
• the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
• the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
• the right to erasure – you have the right to request that we erase your personal data, under certain conditions.
• the right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
• the right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
• the right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org or by using the 'Contact Us' form. Note exercising these rights relates to the data retained or processed by MWDH only. For detailed data protection queries, you may be directed to your doctor/clinic/hospital/health centre or your local data controller.
If you wish to opt-out of the MWD service or unsubscribe from our Newsletter, please notify us via the Contact Us form and your information will be promptly and securely removed from our system.
What Are Cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
• Keeping you signed in
• Understanding how you use our website
• Auditable activity (in addition, please see the Third-Party Cookies section below)
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
• Forms related cookies - when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
A mix of first-party and third-party cookies are used.
How to manage your cookies
You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or 'break' certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.
How to Contact us?
MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to the information governance teams in your local healthcare organisations.
Any clinical questions must be directed to your local healthcare team.
How to Contact the appropriate authorities?
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact your local Data Commissioner’s office.