This privacy notice provides information on how The Online Menopause Centre Limited (OMC) uses personal data relating to users (“you“) of its website at www.onlinemenopausecentre.com (“the Website“), and its software (Heydoc) and to users of any of the services accessible via the Heydoc system.
We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
Who are we?
The OMC provides video consultations and bespoke treatment plans to women in the UK who suffer from menopause related conditions. This is done purely online at the comfort of the patient’s home or workplace, without the inconvenience and expense of travelling to a clinic.
As experts in our field, we provide women with up to date, unbiased information about the various treatment options available to help educate and empower them to make proper informed decisions about their health.
The OMC is a trading name of the Online Menopause Centre Ltd, a company registered in England & Wales with company number 12321723.
If you have any questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Officer:
Address: Data Protection Officer, Online Menopause Centre Ltd, 6 Sherwood Road, London NW4 1AD
What personal information we hold about you?
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with an up to date photograph for identification purposes during your online consultations. You are responsible for the accuracy of the information that you provide to us.
Health and medical information
The main type of information we hold about you is health and medical information: such as symptoms, treatments, consultations, medications and procedures. This includes details of your consultations with our doctors, and interactions with our digital service, Heydoc. Your interactions with our digital service may be shared with our doctors in order to provide you with a better experience and for the purposes of providing you better health care.
On what basis do we use your personal data? We use the data that you provide to us when you register with the OMC, and the data that we collect during your consultations or contact us, as follows:
to provide you with the Services that you request from us in accordance with our obligations under any agreement entered into with you;
to communicate with you in the event that any services requested are unavailable or if there is a query or problem with your order;
for record keeping purposes;
where you have provided your consent, your name, email address and contact number may be used to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you (you may unsubscribe from this at any time by contacting us using the contact details in section 10 below);
to notify you about changes to our Services.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
We may also use and disclose your personal data:
- for internal operations, including troubleshooting, data analysis, testing, measuring advertising effectiveness, research and/or survey purposes;
- to perform a range of other business functions to optimise the Services and introduce new offerings;
- for compliance with legal obligations, or protection and enforcement of legal rights; and/or to detect or prevent fraudulent activity.
There are times where you may need to give us specific permission. Where your consent is required, we will provide you with all the details you require in order to make your decision. Sometimes we may be asked by legal authorities to process your personal data and at other times, it might be in order to protect your vital interests. There may also be instances where we have special permission because the interests of the public are deemed to be of greater importance than your confidentiality.
Where do we obtain your personal data from?
In most cases we collect your personal data directly from you. There are times where we might need get information from your relatives, other GPs or health professionals and from the results of blood tests and diagnoses such as mammograms and pelvic ultrasounds. Where we get your personal data from other sources, we will inform you.
Who might we share your personal data with?
We may need to share your personal data with health authorities, NHS Trusts, special health authorities, legal authorities and ambulance services. With your consent and, subject to strict sharing protocols about how it will be used, we may also share your information with social services, education services, local authorities, voluntary sector providers as well as the private sector.
All payments via credit or debit card are processed through our third-party processor “Stripe” that will store all payment information and transaction details. We will not retain your credit or debit card details.
How long we hold your personal information
We retain your medical records in accordance with national best practice guidance – Records Management Code of Practice for Health and Social Care 2016 (Information Governance Alliance, July 2016) https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
Data Storage and Transfer
We do not store your personal data on our website. All personal and health data, including medication and diagnostic information are stored on secure servers of Heydoc.
Your data is physically stored on servers which have achieved the highest level of security certification, as used by banks and government services. Our servers are located in London, United Kingdom. Only a very limited number of authorised staff from Heydoc Limited can access these servers. Data is replicated continuously, with multiple copies stored between security centres to ensure immediate failover. Data in transfer is fully encrypted using the most secure cryptographic technologies available (256-bit level of encryption). This means that when you access your data via the internet the Heydoc server will negotiate a secure link with the end user via a process called SSL. This is the same technology used for online banking and credit card transactions and is known to be the most secure system available.
What Information Do We Collect?
Information you voluntarily submit to the website
We may collect personal information from you such as your name or email address. For example, you may voluntarily submit information to the Website by leaving a comment, subscribing to a newsletter, or submitting a contact form.
Automatically collected information
We automatically collect certain information about you and the device with which you access the Website. For example, when you use the Website, we will log your IP address, operating system type, browser type, referring website, pages you viewed, and the dates/times when you accessed the Website. We may also collect information about actions you take when using the Website, such as links clicked.
We may log information using cookies, which are small data files stored on your browser by the Website. We may use both session cookies, which expire when you close your browser, and persistent cookies, which stay on your browser until deleted, to provide you with a more personalized experience on the Website.
How your information may be used
We may use the information collected in the following ways:
To operate and maintain the Website
To send you promotional information, such as newsletters. Each email promotion will provide information on how to unsubscribe from future emails
- To send you administrative communications, such as administrative emails, confirmation emails, technical notices, updates on policies, or security alerts
- To respond to your comments or inquiries
- To track and measure advertising on the Website
- To track, measure and analyse the statistical performance of the Website
- To protect, investigate, and deter against unauthorized or illegal activity
Third-party use of data
We may share your information with third parties when you explicitly authorize us to share your information. Additionally, the Website may use third-party service providers to service various aspects of the Website. Each third-party service provider’s use of your personal information is dictated by their respective privacy policies.
The Website currently uses the following third-party service providers:
Google Analytics – this service tracks Website usage and provides information such as referring websites and user actions on the Website. Google Analytics may capture your IP address, but no other personal information is captured by Google Analytics.
From time to time, we may use anonymous data, which does not identify you alone, or when combined with data from other parties. This type of anonymous data may be provided to other parties for marketing, advertising, or other uses. Examples of this anonymous data may include analytics or information collected from cookies.
Users may, at any time, prevent the setting of cookies, by the Website, by using a corresponding setting of your internet browser and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular internet browsers. However, if users deactivate the setting of cookies in your internet browser, not all functions of our Website may be entirely usable.
On the Website, you may subscribe to our newsletter, which may be used for advertising purposes. All newsletters sent may contain tracking pixels. The pixel is embedded in emails and allows an analysis of the success of online marketing campaigns. Because of these tracking pixels, we may see if and when you open an email and which links within the email you click. Also, this allows the Website to adapt the content of future newsletters to the interests of the user. This behaviour will not be passed on to third parties.
Information and Accuracy
All content provided on this Website is for information purposes only. The owner of this Website makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. We are not responsible for the republishing of the content found on this Website on other websites or media without our permission. All opinions are those of the author alone.
Links to other websites
Your data protection rights
You also have specific rights under the GDPR and DPA to:
- wherever we process data based on your consent, withdraw that consent at any time.
- understand and request a copy of information we hold about you.
- ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time;
- ask us to restrict our processing of your personal data or object to our processing; and
- ask for your data to be provided on a portable basis.
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113