At GeriDoc Ltd, our mission is to provide accessible and affordable health service to every person. We are passionate about high-quality and convenient healthcare. We are also committed to maintaining the highest level of compliance with all applicable privacy laws including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA),.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy explains how we use your personal data for our healthcare services and products, including, amongst others, our private service.
It also governs the use of your data through our App, or any of our websites, including the GeriDoc website and the GP at Hand website (and any reference to our App in this policy shall also include a reference to our websites).
This policy covers:
Who we are;
What personal data we hold and how we get it;
What we use your personal data for;
Sharing your personal data;
Data security and transfers; and
If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Officer:
Who we are
GeriDoc is a subscription-based health management service for the elderly based in Nigeria that affords them the opportunity to access a wide range of health advice on time, backed up with a prompt signposting and recommendations.
It is focused on the provision of prompt health surveillance advice to detect silent adult killer illness and diseases. It provides simplified health education to the service users and carers with the ultimate aim to improve the quality of life and enhance of life expectancy.
The registered office and principal place of business is Milton Keynes Midsummer Court, Midsummer Court,
Your relationship is with GeriDoc Limited. When this policy talks about ‘ GeriDoc , ‘us’ or ‘we’, it means GeriDoc Limited.
What personal data we hold and how we get it.
We use the following categories of personal data:
When you register with us, you will complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will provide us with the details of your carer or sponsors.
Health and medical information
The main type of information we hold about you is health and medical information: information about your health, allergies, past medical and surgical history, symptoms, any past treatments, consultations and sessions, medications and procedures. This includes details of your consultations with our doctors and any other allied health professional.
We get some of this information directly from you, when you register with us and when you use our healthcare services. If you have given consent for us to do so, we will send the consultation notes that we take during engagement with us to your registered GP.
(for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your GeriDoc medical record.
We retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. You can access recordings of your consultations at any time through the App.
We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us. Examples include where you decide to share information collected from a smart watch or similar device with our App
If you make any payments on the App, your credit/debit card details are processed directly by a third-party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.
Technical information and analytics
When you use our App, we may automatically collect the following information where this is permitted by your device settings:
(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address).5
(b) information about your visit, including products and services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number.
We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
We obtain and use your personal details and financial details in order to establish and deliver our contract with you.
We obtain and use your medical information because this is necessary for medical purposes, and the provision of healthcare information, advice or treatment. This includes the information collected through our consultations with you (such as phone/video calls and collateral information from your carers/sponsors), and medical history from your previous regular physician. It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your family physician, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms.
Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, This does not involve making any decisions about you – it is only about improving our products, services and software so that we can deliver a better experience to you and other GeriDoc users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times.
We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy, laboratory or specialist. We may also derive your approximate location from your IP address.
We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to, for example, troubleshoot bugs within the App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
We also store your medical information, such as notes from consultations and recordings of our consultations with you, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
We may use non-personal data (data from which an individual cannot be identified) to improve our products and services.
Sharing your personal data with others
We may share your personal data with members of our corporate group and our partners (such as our registered Specialist and allied health professionals). This is to help us deliver our services to you.
We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
Where you access our services through your health insurance provider or any of our commercial partners (including your carer, employers, sponsors) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us.
We will, where necessary for your treatment or care, share your information with your other health care providers. For example, your family physician, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
Your physician is not required to agree to a restriction that you may request. If physician believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. You then have the right to use another Healthcare Professional.
You have the right to request to receive confidential communication from us by alternative location. You have the right to obtain a paper copy of this notice from us, upon request, even if you have agreed to accept this notice alternatively i.e. electronically.
We reserve the right to change the terms of this notice and will inform you by mail of any charges. You then have the right to object or withdraw as provided in this notice.
We retain your medical records in accordance with national best practice guidance – in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
Retention period: GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation
Retention period: 20 years after the date of the last contact; or 10 years after the patient’s death if sooner
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data – including your primary care information, medication information and diagnostic information – on secure servers.
Where you have chosen a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology.
Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App.
You also have specific rights under the GDPR and DPA to:
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our Application.
Understand and request a copy of information we hold about you. Documentations of your appointments with us and other medical notes can be accessed via the App. For other information, you can make a request by email;
Ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical records for prescribed periods of time;
Ask us to restrict our processing of your personal data or object to our processing; and
Ask for your data to be provided on a portable basis.
You may also contact the Information Commissioner’s Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
It is designed to offer information and a means to enable you to obtain telephonic and in-person consultations and treatment for common medical conditions by facilitating the connection between you and nearby health care professionals through the use of the Application. For the avoidance of doubt, the capitalized word “Services” as used in this Agreement refers only to our Application, website and related content and does not refer to the telephonic and in-person consultations and treatment that users receive from health care professionals. None of the website or Application content should be considered medical advice or an endorsement, representation or warranty that any particular medication or treatment is safe, appropriate, or effective for you.
Right to Modify
We may at our sole discretion change, add, or delete portions of this Terms of Service at any time on a going-forward basis. Continued use of the Services following notice of any such changes will indicate your acknowledgement of such changes and agreement to be bound by the revised Terms of Service, inclusive of such changes.