Teladoc Health UK Limited (“Teladoc”)
Privacy Notice – Patients
Effective Date: 01 October 2023
Introduction
This is the Privacy Notice for the utilisation of a range of Teladoc services (“Platforms”) including:
Teladoc “Telemedicine” services – access to a range of health services via phone, video and internet; including GP 24/7, Expert Medical Opinion, Nutrition & Fitness and Mental Health
Teladoc “MyStrength” services – access to interactive Wellness and Mental Health mobile apps/portals in connection with the provision of wellness and mental health services
The Platforms are provided by Teladoc Health UK LTD, a private limited company registered in England and Wales with registered offices at Floor 5, Aspect House, 84-87 Queens Rd, Brighton and Hove, Brighton BN1 3XE (“Teladoc”, “We” or “Us”).
When being provided with the Telemedicine and MyStrength services (“the Services”), you (the “Data Subject”, “the Patient”, “You” and “Your”) will be required to provide information about You, including information about Your health status which is considered as sensitive information (all together your “Personal Data”).
This Privacy notice describes the kinds of Personal Data We collect about You, why We collect it, how it is collected and how We use it, how We protect it and under what circumstances We share it with third parties. This Notice also describes how You may access the Personal Data and the rights You have concerning Your Personal Data. Please review it carefully.
At Teladoc We are committed to protecting and respecting Your privacy. Teladoc operates globally and is committed to full compliance with all applicable laws and regulations of any jurisdiction, and especially the UK General Data Protection Regulation (“the GDPR”). The Data Controller is Teladoc.
Fundamental Principles
Teladoc's privacy practices comply with the GDPR which includes the following protections:
Processing Your Personal Data lawfully, transparently and fairly
Limiting Your Personal Data use to legitimate purposes
Limiting the processing and storage of Your Personal Data to the minimum necessary
Making sure that the privacy notice is accurate and sufficient
Maintaining open and transparent privacy policies
Being accountable to You for processing Your Personal Data
Making sure Your consent is informed and easy to withdraw
Defining and protecting Your sensitive/special categories of data
Ensuring third parties (external doctors) apply similar or equivalent standards of privacy controls where they process Your Personal Data on our behalf
Not transferring Your Personal Data outside of the EU unless the recipient has provided appropriate safeguards approved by the GDPR.
Giving You the right to concise, timely, comprehensive information regarding our processing of Your Personal Data
Giving You the right to rectify incomplete, inaccurate, unnecessary, or excessive personal data
Giving You the right to object (where applicable)
Making sure We have procedures to support Your exercising of any data subject rights,
Applying security measures, including technical and procedural support for integrity, confidentiality and availability must be provided
Maintaining the confidentiality of Your Personal Data even after our relationship with You has terminated.
What Personal Data is collected and How We obtain Your Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, contact details or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In addition to these identifiers, Personal Data also includes “Data concerning health” or “Health Data” which means Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Teladoc collects only Personal Data which is relevant and necessary for the provision of the Services including the operation of the software.
It is not mandatory for You to provide Your Personal Data. However, should You not provide this information, Teladoc may not be able to provide You with our Services via the Platforms.
Personal Data You Provide to Teladoc
During the course of You using the Services, You will provide and Teladoc will collect Your Personal Data. In addition to information regarding personal identification, demographics and contact details Personal Data will be include:
Telemedicine – Where telephone calls, emails, and other communications take place between You and Teladoc and/or Teladoc’s service providers these will be recorded and logged. As such, We will collect and maintain all information discussed during such communications including the date and time of the communications, and the contents of the communications.
MyStrength – Where You access the MyStrength Apps or Portals you may decide to participate in certain interactive activities which require assessment of how You are feeling. You may also decide to seek non-medical advice from our team of guides. Any such input will be recorded and logged.
Personal Information Teladoc Collects About You From Other Sources
In connection with the Services, and always upon Your prior authorization, We may collect medical records from Your past or current health care providers.
We may also gather Personal Data from local or national authorities for specific purposes or from third party organisations in those cases where You may have accessed our Platforms through a third-party online service.
Purposes for which your personal data is processed and legal basis
Teladoc collects, processes, and potentially discloses Your Personal Data on a lawful basis, as below.
Contractual obligations
We will use personal data firstly to fulfil any contractual obligations that exist between Us and Yourself; where We request Personal Data be provided to meet the terms of any such contract You will be required to provide the relevant Personal Data, or We will not be able to deliver the Services You want. In such cases the lawful basis of Us processing the Personal Data is that it is necessary for the performance of a contract.
Legitimate interest
We may also process Your Personal Data in accordance with Our legitimate business interests; this is on the considered measure that We need the Personal Data to achieve reasonable various purposes.
Our data processing activities conducted on the lawful basis of legitimate interests are:
To provide You with the Services
To send notifications on subjects You have subscribed to, or otherwise asked us to keep You informed of
To improve the quality of the Services, and to better understand Our customers’ needs by requesting feedback/testimonials, or We may send survey forms that We ask You to complete
To allow Us to understand the scale and range of Our customer base; for statistical analysis and market research
To recognise when customers re-engage with Our Services
To improve our website so content is delivered more efficiently
Legal obligations
We may also process Your Personal Data in order for Teladoc Health to comply with Our various legal obligations; this might include:
Providing for financial commitments to relevant financial authorities
Complying with industry regulatory requirements and any self-regulatory schemes
Carrying out required business operations and due diligence (e.g. administration, security, reorganisations, investment, or corporate/asset sales)
Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud
To investigate, claim for or defend Ourselves against any claims we may receive/interpose in relation with the provision of the Services
Consent
We may process your Personal Data for the purposes of providing You with the Services subject to Your informed consent.
Where We process Your Health Data, other than where We have Your consent to do so We shall be processing this Health Data on one or more of the following lawful bases:
It is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional
It is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices
It is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
Teladoc may create de-identified information defined as data that does not include Your name, address, birth date, or other information that could be used to identify You (the “Anonymised data”) for the purposes of, among others, reviewing or evaluating the performance of our systems in providing the Services, improving the quality or timeliness of our Services, medical research, or demonstration of the reliability of our information management.
Data Retention
Teladoc will retain Your Personal Data as long as it is needed for the provision of the Services to You and after that, for the statutory periods for the only purpose of attending eventual responsibilities that might arise from the provisions of the Services and to comply with applicable laws.
At the end of that retention period, Your Personal Data is securely destroyed or permanently de-identified in accordance with Data Protection Laws and Regulations. Such permanently anonymized data is no longer Personal Data and is retained by Teladoc indefinitely for the purposes as above.
Access to Your Personal Data
We will never share Your Personal Data for any purpose other than those strictly necessary for rendering the Services for Your benefit (i.e. communication to medical professionals and IT-related partners). In any such cases, We insist that those third parties retained to provide support services to Teladoc adhere to our Privacy Policy and Principles as well as all applicable Data Protection Laws and Regulations.
Notwithstanding the above, You should be aware that Teladoc may be called upon to disclose Your Personal Data, including Your Health Data, by a duly empowered branch of Government or Court in any country in which our patients are citizen.
International Transfers of Your Personal Data
In order to better protect Your Personal Data, Teladoc uses data centres based only in the UK, EU, and the USA. For that reason, Your Personal Data may be transferred to the EU and the USA. These international transfers of Your Personal Data comply with all the privacy, security and contingency measures and regulations provided by Data Protection Laws and Regulations and take place following either: contractual obligations, temporary adequacy agreement, Standard Contractual Clauses, or other derogation to allow the international transfer of Your Personal Data.
Where You travel overseas it may be necessary for the performance of the Services required, that we have to transfer Your Personal Data to doctors located in the country or the region where You are travelling to.
You should note that in these instances the local data protection regulation applicable to the processing of Your Personal Data in that country may differ in the level of protection from that granted by UK regulation, including the GDPR. We do however confirm that the clinicians We retain to provide our services are required to adhere to our Privacy Policy and Principles as well as all applicable local Data Protection Laws and Regulations.
Security Enforcement
We safeguard Your Personal Data with tested and certified technical and organisational security controls. We educate our staff and external doctors on our Privacy Policy and Principles as well as all globally applicable data privacy laws.
Your data subject rights
We strive to keep your Personal Data accurate and current; and We will update or disclose it to You whenever You request us to do so. You are responsible for communicating modifications, rectifications, or additions to Your Personal Data in order that Teladoc may change it accordingly and keep it current.
You are able to access Personal Data held about You and can request corrections or deletions in accordance with relevant regulation and legislation.
When the GDPR is applicable, You have rights including:
Right of access
Right to rectification
Right to withdraw Your consent to the processing of Your Health Data
Right to erasure
Right to restriction of processing
Right to object to processing
Right to data portability
Note that data subject rights would not be applicable to Anonymised data as defined above.
You may exercise Your data subject rights by emailing Us, indicating Your name, what service was used and Your telephone number, and attaching Your ID (two from: passport, driving licence and utility bill.
Our contact details
If You have any questions regarding this Privacy Notice, then please contact Teladoc’s UK Data Protection Officer via:
Email - ukdpo@teladochealth.com
Phone - 0203 499 0736
Post - Teladoc Health, Floor 5, Aspect House, 84-87 Queen’s Road,
Brighton, East Sussex. BN1 3XE.
Changes to the Privacy Notice
Please note that this Privacy Notice may be changed by Us from time to time to reflect, amongst other things, changing legislation and regulation.
user_hashdocid