Privacy Policy

Last updated on 21 July 2021

Plain English Summary

Terminology

  • “You” means the user and the person giving their consent to share their healthcare information.
  • “We” refers to Ultramed Ltd
  • “Ultramed Account” is an online account that lets you gather, edit, store, and share personal health information.
  • “Questionnaire” is the set of questions you have been asked to answer on behalf of the hospital.
  • “Service” is the digital platform allowing patients to communicate with their healthcare organisation.
  • “Professionals” are employees of organisations using Ultramed whose identity and qualifications have been legally verified, for example, doctors and nurses.
  • “Healthcare organisations” are customers of Ultramed and are organisations that are involved in your care, for example hospitals.

Purpose of Ultramed

Ultramed provides an online platform allowing you to communicate with your care team from anywhere with internet access. We provide our service to you on behalf of your Healthcare organisation. The healthcare organisation uses our service to send you a questionnaire for you to complete to help get you ready for a procedure or operation. Once your questionnaire has been sent to your healthcare organisation, healthcare professionals can view your record to help make decisions about your care.

How is my information used?

We use your information to provide our service to you and to your healthcare organisation. This means collecting information from you, including information about your health, and sending it to your healthcare organisation. We also use your account information (e.g. your name, contact details and NHS number) to contact you if necessary to help you complete a questionnaire. We also use this information to verify your identity if you contact our support team. With your explicit consent, we may also use your information anonymously for research purposes.

To help us run and improve our service we also collect anonymous aggregated information. This includes information on the number of patients who have started or completed a questionnaire as well as information on how users use our service. 

We take your privacy seriously and we do not use your information for any purpose other than described in this Privacy Policy. We do not sell your information or use it for marketing purposes.

Is Ultramed free?

Ultramed’s business model involves contracting with healthcare organisations to use our service. The service is completely free for patients.

Can I delete or hide my Ultramed account if I change my mind?

The healthcare information you provide is used by medical professionals to make decisions about your care and forms part of your healthcare record. Your healthcare information must legally be retained for a minimum of 8 years (in some cases longer) after it was last used. Once your questionnaire has been submitted, your healthcare organisation controls your healthcare record and it cannot be hidden by Ultramed. 

Information that does not form part of your healthcare record such as your account information, can be deleted on request. If you have not yet submitted your questionnaire, you can also request that your unsubmitted questionnaire is deleted.

How is my information protected?

Ultramed takes great care to protect your information. Your information is encrypted as it is sent to us, as well as when it is stored. We keep your information on secure servers located in the United Kingdom and the European Union. We encrypt your data so no one can see your healthcare information except the healthcare organisation you have sent it to or those with a lawful basis. We are registered with the Information Commissioner’s Office (“ICO”), which regulates data protection in the UK, and our registration number is ZA092775.

Tracking, Cookies and Analytics

We use privacy-friendly analytics that do not use cookies and we have no way of identifying you through analytics. We use essential cookies for the functioning of our service, including allowing you to login and start a questionnaire.

This Privacy Notice

This privacy policy applies to the Ultramed Service (referred to in this privacy policy as the “Service”). The privacy policy is written generally as if you are the patient.

Agreement and Further Information

By continuing to use our service you are agreeing to our Privacy Policy. If you would like further information before you consent, please contact [email protected].

Full Privacy Policy

Explanation of Terms Used in This Statement

    • “User” or “You” means the user and the person giving their consent to share their healthcare information.
    • “Account holder information” includes your contact details (including your email address, postal address and postal code), NHS or Hospital number and your account password.
    • “Healthcare information” is any information related to your health and is a form of sensitive personal data.
    • “Ultramed account” is an online account that lets you gather, edit, store, and share healthcare information.
    • “Questionnaire” is the form asking users all the relevant medical questions relating to their health.
    • “Service” is the digital platform allowing patients to communicate with their healthcare organisation.
    • “Professionals” are employees of healthcare organisations using Ultramed whose identity and qualifications have been legally verified, for example doctors and nurses.
    • “Healthcare organisations” are customers of Ultramed and are organisations that are involved in your care, for example hospitals.

For the purpose of the Data Protection Act 2018 (the Act), the data processor is Ultramed Ltd of Tremough Innovation Centre, Penryn, Cornwall, TR10 9TA. Reg No. 9242021.

Ultramed Ltd’s Data Protection Officer is Dr Paul Upton, available at the above address.

Ultramed Account

Our Service requires the creation of an Ultramed Account. An account may be created by a user or by a healthcare organisation on behalf of a User. To create an Account, Ultramed must be provided with Account Holder Information.

Account holder information

Your Account holder information includes:

  • Your name and date of birth.
  • Your contact details including your email address, telephone numbers, postal address and postal code.
  • Your hospital specific identifier (commonly called a hospital number or medical record number).
  • Your national identifiers e.g. NHS number in England or CHI number in Scotland.

Use of your data

We do not use or disclose personal data except as described in this policy. Your data will be available to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. This means that Ultramed may transfer records if our services are transferred or if we take on other companies, those companies will be considered part of the access group. We may transfer our rights and obligations under this Privacy Policy to another organisation, but this will not affect your rights or our obligations under this Privacy Policy. 

Where essential to deliver a service contract with Ultramed, a third-party contractor may have access to your information. Third-party contractors are contractually obligated to apply equivalent privacy and security to personal data and must have the appropriate Information Commissioner Office registration, Information Governance training and assurance in place.

Healthcare information

Healthcare information is strictly controlled and is only shared with your consent. By submitting a questionnaire, you are giving consent for your healthcare information to be sent to the relevant healthcare organisation for use in providing healthcare services to you. Healthcare organisations act as the data controller for any healthcare information received.

If you explicitly consent, we may also use your anonymised healthcare information for research purposes.

We do not ask users for their healthcare data, however they may inadvertently disclose healthcare information about themselves when communicating with Ultramed for support purposes

Account holder information

Ultramed may use Account holder information:

  • To provide important information about the Service, including critical updates and notifications.
  • To verify we are speaking to the right person.
  • To confirm if a submission has reached the hospital.
  • To assist you with the creation of your account.

Retention of healthcare information

Healthcare information provided by you is used by healthcare professionals to make medical decisions and forms a healthcare record. Ultramed will retain your healthcare record for a minimum of 8 years (in some cases longer) after last usage or last data addition (whichever is later) to provide a medico-legal audit trail.

Retention of non-healthcare information

Personal information which is not healthcare information, including account holder information, is retained for 10 years after last usage or data addition (whichever is later) before being permanently deleted. Retention is for your convenience should you wish or need to re-access your Ultramed account. You may request that your non-healthcare information be deleted at any time. Ultramed retains backups for 60 days and any deleted data may be present in backups up to 60 days after the time of deletion.

Lawful disclosures

Ultramed may access and/or disclose Account holder information if such action is necessary to:

  1. Comply with the law or orders served on Ultramed.
  2. Protect or defend the rights or property of Ultramed (including the enforcement of our agreements).
  3. Act in urgent circumstances to protect the personal safety and welfare of users of Ultramed services or members of the public.

Data storage

Ultramed stores all data on servers located in the UK and the European Union. Our data centres are ISO 27001 certified.

Security of personal information

Ultramed is committed to protecting the security of personal information. We use a variety of security technologies and procedures to help protect personal information from unauthorised access, use, and disclosure. For example, we store Account holder information and healthcare information on servers with limited access that are located in controlled facilities. We encrypt all data at rest and in transit. We are registered and compliant with the NHS Data Security & Protection Toolkit and we have completed Cyber Essentials Plus. We undergo annual penetration testing.

Use of Cookies

A cookie is a small file stored on your device. We use privacy-friendly analytics that do not use cookies and we have no way of identifying you through analytics. We use essential cookies for the functioning of our service, including allowing you to login and start a questionnaire. 

We use the following cookies:

Cookie

Name

Purpose

Expiry

Further Information

Cloudflare

__cfduid

Used by our Web Application Firewall to protect our site from malicious traffic

1 Month

Authentication

auth._token.auth0

Contains the user’s authentication token for Ultramed services.

Session

auth.strategy

Indicates the authentication method for the user.

Session

auth0.ssodata

Enables Single Sign On functionality across Ultramed Apps

24 Hours

auth._refresh_token_auth0

Enables token refresh, avoiding the user having to re-login on the same device.

Session

This cookie may not be in use on some versions of the Ultramed app.

For more information regarding cookies visit: www.allaboutcookies.org 

Changes to this privacy policy

We may update this privacy policy at any time. When we do, we will change the “last updated” date on the privacy policy. If there are material changes to this privacy policy we will notify Users, by email or directly to the User Account.

We encourage you to review this policy periodically. Your continued use of the Service constitutes your agreement to this privacy policy, as amended.

Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to the Commercial Manager. 

Email: [email protected]

Phone: +44(0) 20 3322 4545 

Address: Ultramed Limited, Tremough Innovation Centre, Penryn, TR10 9TA