DialysisAway Privacy Information

For Dialysis Centre Operators

This document sets out what personal data we collect and use in delivering our services. This document relates to the personal data collected, obtained and used via the DialysisAway platform.

Who we are

  • We are Medicalisys Ltd (Company number 12186141) and we created the DialysisAway platform to help dialysis centres to coordinate the information required in order to enable dialysis patients to access treatment while travelling away from their base centres.

 

  • Our registered office is: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZB027157.

What personal data we collect

To register a clinic with DialysisAway , you will need to provide some of the below categories of information:

  • Name
  • Email address
  • Username
  • Phone number
  • Job title
  • Job location

These details relate to the following job roles within the clinic:

  • Account Owner
  • Regional Manager
  • Lead Coordinator
  • Coordinator
  • Doctor

How your personal data is used

  • To register new users
  • To provide support to users
  • To allow clinics to exchange information relating to medical treatment
  • To allow you to communicate directly with patients via DialysisAway
  • To contact you in relation to service updates and in relation to new services we may provide (you can opt-out at any time)
  • To deactivate users

 

We also use information about how users interact with DialysisAway  to analyse and improve the platform. We act as a controller for this purpose. This information will be used at an aggregated level wherever possible. 

Who do we share your personal data with

Other than the relevant clinics who will have access to your personal data via DialysisAway , we also use some third parties to deliver our service, as below: 

 

 

Provider Purpose Location
Amazon Web Provider (AWS)
IT hosting
GERMANY
Twilio
Two factor authentication
USA

We may also be required to comply with a request or legal order to disclose personal data to a third party, for example in relation to a police investigation or insurance claim.

Lawful basis

Under data protection law, we have to identify relevant lawful bases for our use of your personal data, as set out below:

 

Lawful basis Purpose
Legitimate interests
Our legitimate interests to use your personal data relate to the provision of our service, supporting users and communicating with you in relation to our service and future services we may provide.
Legal obligation
In meeting our legal obligations under financial, health and safety and employment laws (among others).
Contractual
We use the data provided to fulfil our obligation to provide you with a system for supporting your patients with regards to dialysis treatments they wish to undertake at another clinic.

How long do we keep your personal data

We will retain your personal data for the period during which your clinic/centre account is active and for six months after an account is deactivated.

Your rights

Under data protection legislation, you have a number of rights in relation to your personal data, as below:

 

  • The right of access (obtaining a copy of your data)
  • The right to rectification (correcting your data)
  • The right to erasure (deleting your data)
  • The right to restrict processing (to stop use of your data for a time limited period)
  • The right to data portability (to move your data to another organisation)
  • The right to object (to object to our use of your data)
  • Rights in relation to automated decision making and profiling (to know if and how we use any technology to make decisions about you)

 

There are some limited exemptions to these rights, so they may not apply in every scenario. For further information on these rights, please see the Information Commissioner’s Office (ICO) website.

 

If you wish to make a request in relation to any of these rights, please contact us as: [email protected] and/or Medicalisys Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.  Where we act as a processor on behalf of our customers, we will pass any requests to the customer to respond to (as a controller).

Information security

We have information security measures in place to reduce the risk of unauthorised access to, misuse or loss of personal data. These include:

  • We hold both the DSP Toolkit assurance (NHS ODS code O4S4B) and the Cyber Essentials certification.
  • All access to information is restricted by the use of a login and password for each user, including two factor authentication (2FA) requiring a one-time code to be entered (sent by text to user’s phone).
  • All data stored in the cloud is encrypted at rest.
  • Data is encrypted in transit.
  • Auto-logout when a user remains inactive for a period of time.
  • Contracts in place with our suppliers covering data protection and information security.
  • Regular testing and review of our security measures.
  • Staff policies and training.

All data is stored in the EU and we use Amazon Web Services (AWS) as our main hosting provider. AWS holds ISO27001 information security certification (among others), as set out at: https://aws.amazon.com/compliance/iso-certified/

More general information on AWS security measures is available at: https://aws.amazon.com/products/security/?nc=sn&loc=2

Queries or complaints

In the first instance, we would hope to resolve any queries or concerns you have in an informal way, if you contact us at: [email protected] and/or at Medicalisys Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

 

If you are not satisfied with our response, you also have a right to complain to the Information Commissioner’s Office (ICO) as the regulator of data protection. For further information, please see: https://ico.org.uk/make-a-complaint/