Who we are

MyWay Digital Health Ltd (MWDH Ltd) is a medical software company, founded by NHS specialists in diabetes and healthcare management, responsible for the My Diabetes My Way (MDMW) service outside Scotland.

What data do we collect?

For consenting MDMW Users, we may collect demographic and medical data relating to your diabetes condition, eg: name; address; contact details; IP address; date of birth; height; weight; GP practice; type of diabetes; blood pressure; laboratory test results; smoking status; eye and foot screening info; goals; appointment data; and medication. We may store any data input by you (eg: blood glucose readings). In addition, general auditable information and bug reporting data is also collected to help improve the service we offer.

How do we collect your data?

We collect data and process data when you register online for any of our products or services and use or view our website via your browser’s cookies. For consenting MDMW Users, we collect data from primary care systems, and the systems your GP practice uses, relating to your diabetes. We track your progress through education resources, available on our website. Data may also be collected via a customer survey or from feedback. And we may also monitor how you use the site.

With your explicit consent, in using any of our products and services, you are opting-in and agreeing to automated data collection from healthcare systems and other third parties.

MWDH Ltd may also receive your data indirectly from NHS systems and from third party systems (e.g. blood glucose data from your monitor or tracker).

Any data you input directly into the website, or app, will contribute to the care record you can access on your device. Please note, this data is not currently shared with your healthcare team and you should not assume your healthcare team will be aware of any manual data inputs.

How will we use or share your data?

The MDMW service focusses on holistic diabetes management. It is only available to Users who have given their explicit consent. We collect data in order to manage your account, giving you: secure access to your medical records; access to tailored education resources; and in some cases, the ability to upload results. Visitors to the public site (who have not logged in), have data stored on the system, however we do log the IP address of everyone who visits the site.

The website, and/or App, does not currently allow you to share data with other users, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk. The service does not currently permit data transfers.

We collect and process information about you only where we have the legal basis for doing so under applicable EU/UK laws. The legal basis depends on the services you use and how you use them. This means we collect and share information for the following purposes:
• to provide the services and to protect the safety & security of the services. For example, we send some data you provide to NHS systems as part of your health record or verification step when first registering. Your data may also be used to help improve the products and services MWDH offer, for service evaluation and audit, and for more general feature improvements such as machine learning functionality. We may pass non-identifiable data to third parties.
• if it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services, and to protect our legal rights and interests. Note, we may need to process your data to comply with a legal obligation.
• for a specific purpose not listed within this policy, where you have given us consent to do so. For example, we may publish testimonials or featured customer stories to promote our services, with your permission.
• to protect your vital interests or to protect a public interest. For example, we share your data with healthcare professionals and feedback into local healthcare teams (eg: to improve structured education) and anonymised data may be used for regional and national quality reporting.

The service does not involve any automated decision making (eg: profiling) however it will tailor lifestyle and education recommendations, based on your data profile (eg: type of diabetes, medications).

How do we store data?

We take data security very seriously. Any data elements we store are held in a secure data centre managed by a reliable hosting provider. Our current provider is ISO 27001 accredited and CyberEssentials Plus certified, partnering closely with MWDH in ensuring we comply with GDPR and the Data Protection Act. MWDH also have supporting policies and procedures which cover physical and technical security measures which address our approach to information risk management.

Data storage is on your local device unless your manually export the data. Data is encrypted while being sent from the service to your device as per standard encryption for data transfers over the internet.

We will retain data for as long as the MDMW service, in your area, is being funded. Upon termination of funding all data will be securely and completely destroyed. Given current volumes, the process to delete any personal data is documented and manually erased or scrubbed in accordance with ISO27001 standards.

MWDH have implemented controls to ensure that regulatory obligations regarding data protection are followed, documented, and results logged. In the unlikely event of a data breach, we will assess the risk and where appropriate, notify the competent supervisory authority (in the UK, this is the ICO) within 72 hours. If the risk assessment indicates a high risk for you, we would also communicate any breach of personal data directly to you. Specific procedures for management of security incidents and breach monitoring are in place.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. You are entitled, at any time, to:

• the right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.
• the right to rectification – you have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete the information you believe is incomplete.
• the right to erasure – you have the right to request that we erase your personal data, under certain conditions.
• the right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.
• the right to object to processing – you have the right to object to our processing of your personal data, under certain conditions.
• the right to data portability – you have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you.

If you would like to exercise any of these rights, please contact us at our email: support@mwdh.co.uk or by using the Contact Us form. Note exercising these rights relates to the data retained or processed by MWDH only. For detailed data protection queries, you may be directed to another data controller.

If you wish to opt out of a service or unsubscribe from our Newsletter, please notify us via the Contact Us form and your information will be promptly and securely removed from our system.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org. For more general information on cookies see the Wikipedia article on HTTP Cookies.

How do we use cookies?

This is the Cookie Policy for MyWay Digital Health. We use cookies in a range of ways to improve your experience on our website, including:
• Keeping you signed-in
• Understanding how you use our website
• Auditable activity (in addition, please see the Third-Party Cookies section below)

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

• Account related cookies – if you create an account with us then we will use cookies for the management of the sign-up process and general administration. These cookies will usually be deleted when you log-out however in some cases they may remain afterwards to remember your site preferences, such as language or location.
• Login related cookies – we use cookies when you are logged in so that we can remember this fact. This prevents you from having to log-in every single time you visit a new page. These cookies are typically removed or cleared when you log-out to ensure that you can only access restricted features and areas when logged in.
• Surveys related cookies – from time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages.
• Forms related cookies – when you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

A mix of first-party and third-party cookies are used.

How to manage your cookies

You can set your browser not to accept or delete cookies (see your specific Browser Help for how to do this). However, in many cases, removal may downgrade or ‘break’ certain elements of functionality. It is recommended that you leave on all cookies if you are unsure whether you need them, in case they are used to provide a service that you use. For more general information on cookies see the Wikipedia article on HTTP Cookies.

Third-Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

• This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
• From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

If you are unsure whether you need cookies or not it’s usually safer to leave them enabled in case it does interact with one of the features, you use on our site. This Cookies Policy was created with the help of the GDPR Cookies Policy Generator

Privacy policies of other websites

The MyWay Digital Health website may contain links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

We keep our privacy policy under regular review and place any updates on this web page. This privacy policy was last updated on 1 June 2020. For material or substantial changes to this policy, please note you may be contacted by email, if we have your email on file.

How to contact us?

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at email: support@mwdh.co.uk or by using the Contact Us form where you will be directed to the most appropriate data protection team. MWDH control your self-input or other direct updates to your personal data. For more detailed queries you may be passed to another Data Protection Officer in your region. Any clinical questions must be directed to your local healthcare team.

How to contact the appropriate authorities?

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office via https://ico.org.uk