Who we are
MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the MyWay Digital Health eLearning suite and services outside Scotland.
What data do we collect?
For consenting users, we collect demographic data, e.g. name, email address, and if selected may note if diagnosed within 12 months, age, gender, ethnicity and whether you have completed any structured education before. We store any data input by you. In addition, general auditable information and bug reporting data are also collected to help improve the service we offer.
How do we collect your data?
We collect data and process data when you register online for any of our products or services and use or view our website via your browser’s cookies. We track your progress through these education resources and data may also be collected via surveys or from feedback. We may also monitor how you use the site.
With your explicit consent, we will follow up with you in a few months to ask you further questions about your diabetes management after completing the course. Also with your explicit consent, we will share whether you have completed online structured education with your healthcare teams.
How will we use or share your data?
The MyWay Digital Health eLearning suite focusses on holistic diabetes management and education. It is only available to users that have given their explicit consent. We collect data in order to provide access to a range of education resources. Visitors to the site, who do not register for Structured Education, will not have data stored on the system, however, we do log the IP address of everyone who visits the site.
The website does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.
We collect and process information about you only where we have a legal basis for doing so under applicable laws. The legal basis depends on the website you use and how you use them. This means we collect and share information for the following purposes:
• to provide the services and to protect the safety & security of the services. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements.
• if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
• for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
• to protect your vital interests or to protect public interest. For example, anonymised data may be used for regional and national quality reporting. The service does not involve any automated decision making (eg: profiling).
When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How do we store data?
We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable approved hosting provider. Our current providers are ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.
Data storage is on your local device unless you manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.
We will retain data for as long as the eLearning service, in your area, is under an Agreement. eLearning data will be destroyed, if required, as per stated timeframe within our data retention policy. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.
MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority within 72 hours. If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for the management of security incidents and breach monitoring are in place.
What are your data protection rights?
- We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
- The right to erasure – you have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org . Note exercising these rights relates to the data retained or processed by MWDH only.
If you wish to opt-out of the eLearning service, please contact us at our email: email@example.com, and your information will be promptly and securely removed from our system.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
- Keeping you signed in
- Understanding how you use our website
- Auditable activity (in addition, please see the Third-Party Cookies section below)
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Forms related cookies – when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence. A mix of first-party and third-party cookies are used.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How to manage your cookies
You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or ‘break’ certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.
- This site may use Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
If you are unsure whether you need cookies or not it is usually safer to leave them enabled in case it does interact with one of the features, you use on our site. This Cookies Policy was created with the help of the GDPR Cookies Policy Generator
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Privacy policies of other websites
How to contact us?
MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to the Data Protection Officer in your region. Any clinical questions must be directed to your local healthcare team.
How to contact the appropriate authorities?
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office via https://ico.org.uk