Privacy-UK

Home Vision Monitor App Privacy Notice

Last updated: 19 April 2021

Moorfields Eye Hospital NHS Foundation Trust ("Moorfields Eye Hospital", "we", or "us") respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect through the Home Vision Monitor App that you have downloaded through the Apple App Store or GooglePlay (“App”).

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

Quick links

We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.

What does the App do?
What personal information does Moorfields Eye Hospital collect and why?
Who does Moorfields Eye Hospital share my personal information with?
Legal basis for processing personal information
Cookies and similar tracking technology
How does Moorfields Eye Hospital keep my personal information secure?
International data transfers
Data retention
Your data protection rights
Updates to this Privacy Notice
How to contact us

What does the App do?

The App can be used by you to carry out a simple test to monitor your vision. We can view your test results remotely through the Home Vision Monitor web portal.

What personal information does Moorfields Eye Hospital collect and why?

The personal information that we may collect about you broadly falls into the following categories:

Information that you provide voluntarily

In order to use the App, we may ask you to provide personal information to us voluntarily: for example, we may ask you to provide us with your RX Code (a unique code associated with your Patient ID at Moorfields Eye Hospital) in order to download the App and submit a PIN code. You may also provide us with information about your health as part of the tests you run during your use of the App (such as which eye you tested and what the test result was). If you contact us (or our service provider) with any questions or concerns about how to use the App, you may also provide us with other information about you to allow us to support you in your use of the App, such as your name or contact details (for example, your email address, phone number, or address). You may also choose to provide us with further information during any support enquiry that you make to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

Given the nature of the App, some of the personal information that you provide may include sensitive personal information, such as health-related information. We need to use this information in order to give you the benefit of the App i.e. so we can monitor your response to treatment in order to provide you with appropriate medical healthcare. Where appropriate, we will use the information that you provide to us through the App in connection with other information we hold about you as your healthcare provider (such as your NHS ID, Patient ID or Prescriber ID), in order to provide you with our medical healthcare services.

Information that we collect automatically

When you use the App, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

Specifically, the information we collect automatically may include information like the type of mobile device you use, your mobile device’s unique device ID, and information about the way you use the App. When you run tests through the App, we may also automatically collect information about the test you have run, such as test start time, test duration, and number of test runs. We may also use your information to automatically calculate your SDH score (the vision test result) and the SDS standard deviation (a measure of the variability of the vision test results).

Collecting this information enables us to keep the App secure, and to better understand who has run the test and how best to provide you with appropriate healthcare. It can also help us to identify any problems with the App and to support you with any trouble-shooting or questions, if you are having problems using the App.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.

In general and in connection with the App, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

Who does Moorfields Eye Hospital share my personal information with?

We may disclose your personal information to the following categories of recipients:

to our third party services providers and partners, including Roche Products Limited, ATP, LLC (trading as PPD Medical Communications), Genentech Inc, Roche Polska. Sp. z o.o., F. Hoffmann-La Roche AG, ClearDATA Networks, Inc. and Vital Art and Science, LLC. These parties provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of the App), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information;
to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to an actual or potential successor (and its agents and advisers) of our activities as a healthcare provider, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
to any other person with your consent to the disclosure.

Legal basis for processing personal information

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. Specifically, we will typically only use your personal information to enable you to access and use the App so we can monitor your health and carry out our role as a healthcare provider on your behalf. We may also use your personal information to provide you with support services in relation to your use of the App.

As such, we will normally collect personal information from you only where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for example, if you are very unwell and we need to use your information in order to get you medical help).

If we ask you to provide personal information to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Where we collect and use your health information (for example, information about the medical tests that you have undertaken and provided to us through the App), we will only do this where we have a lawful basis to do so. Such bases may include for your medical treatment or if we have your explicit consent.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

Cookies and similar tracking technology

A cookie is a small text file that is downloaded onto your device when you access the App (collectively, “Cookies”). It allows the App to recognise your device and store some personal information about your preferences or past actions.

The App uses the following types of cookies and tracking technologies, for the following purposes:

Strictly Necessary Cookies. These cookies are strictly necessary to provide you with the App and to use some of its features, such as logging in.
Analytical Cookies. These cookies allow us (and our third party service providers) to count visits and traffic sources so we (and our third party service providers) can measure and improve the performance of the App. The data collected by these cookies is only used for purposes that are strictly necessary to understand how you use the App and help us improve the App from a product development perspective. The data collected by these cookies is not shared with advertising or marketing agencies, or sold to any third party.

These cookies are set using Google Analytics which is provided by Google Inc. and its subsidiary, Firebase, Inc (“Google”) to help us (and our third party service providers) manage these analytics. The information generated by the cookies about your use of the App will be transmitted to and stored by Google on servers in the United States. We use the IP-anonymisation feature of Google Analytics, which means that your IP address is anonymised at the earliest possible stage before being transmitted to Google’s servers. Only in exceptional cases (for example, a failure of the EU based system) will the whole IP address be first transferred to a Google server in the United States and anonymised there. In no event will Google associate your IP address with any other data it holds.

How does Moorfields Eye Hospital keep my personal information secure?

We have ensured that our third party service providers and partners use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

Our third party service providers and partners strive to use reasonable physical, technical, and administrative safeguards (such as firewalls, encryption, identity management, and intrusion prevention and detection) to protect the information you share with us through the App from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. All data uploaded into the App is encrypted in transit and at rest. However, we cannot guarantee the absolute security of your personal information, as no data transmission over the internet or data storage system is guaranteed to be 100% secure. We recommend that you take any available precautions to protect your personal information you submit via the App. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your App account might have been compromised), please contact us immediately in accordance with the “Contact Us” section in this Privacy Notice.

International data transfers

Your personal information will be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, the App servers are located in the United States, and our group healthcare bodies and third party service providers and partners operate in the United Kingdom, United States, Poland and Switzerland. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing contractual obligations on recipients to protect personal information they process from the UK in accordance with UK & European Union data protection law, as applicable.

We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.

Data retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the App service you have requested, or to comply with applicable legal, tax or accounting requirements).

Subject to your data protection rights (described below), when we have no ongoing legitimate business need to process your personal information, we will delete it within our databases as per our statutory obligations. We will also make the necessary request to delete your information of the Roche Global Privacy Office. The request is validated and analysed. The request is then executed, but it may not be possible to delete all information where Roche have a statutory obligation to retain data.

Your data protection rights

You have the following data protection rights:

If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

How to contact us

If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details:

Head of information governance (IG) / DPO

Moorfields Eye Hospital NHS Foundation Trust

Kemp House | 152-160 City Road

London

EC1V 2NX

moorfields.ig@nhs.net

020 7521 4625

The data controller of your personal information is Moorfields Eye Hospital NHS Foundation Trust.