Privacy

1. Introduction

Privacy and information governance are the backbone of the software services SleepHealth Solutions Limited (“SleepHealth / “we”) provide, and are of particular importance in healthcare.
This Privacy Notice explains how we handle personal information in accordance with applicable data protection laws such as the General Data Protection Regulation (“The GDPR”) and the Data Protection Act 2018.
SleepHealth Solutions operates a specialised platform that is used to manage communications and information in health care and social care systems, with the potential of linking the information across multiple health care or social care organisations. We are “data controllers” for people entering through our website.

This notice applies to our software, and services. We’ve tried to make it easy to read, but if you do find anything unclear, please get in touch.

Who are we?

Our full company name is SleepHealth Solutions Limited and our:

  • Office is at 33 Turbine Way Ecotech Business Park Swaffham Norfolk PE37 7XD
  • Company Registration Number is: 12704767
  • ICO Registration Number: ZB333059
  • NHS Data Security and Protection Toolkit Organisation Code is 86K53
  • Our Data Protection Officer (DPO) is Mrs Louise Dowie

You can contact our DPO: customersupport@SleepHealthSolutions.co.uk or IG-Smart Ltd via email dpo@ig-smart.com or by phone (+44) (0) 20 7167 4268.

What we do?

SleepHealth Solutions uses decision support software for Sleep Medicine to deliver a structured review, in line with the most up to date guidelines to ensure that patients receive the best possible treatment for their condition. We also provide sleep tests via our website.

2. What personally identifiable information do we collect about you, how and why?
As a person coming directly through our website

We collect the following information about you, and link them to a unique identifier in our system:

  • Name
  • Email address
  • Age/Date of Birth
  • Full address/Post code
  • Marital status/Family/Lifestyle/Social circumstance
  • Employment/Career history
  • Payment information (if appropriate)
  • Physical and/or Mental Health Data
  • Gender (self-declared or observed)
  • Details about your weight
  • Whether you are a smoker or non-smoker

We use the following contact information when we communicate with you using our software:

  • Mobile phone number
  • Other contact phone numbers (if applicable)
  • Email address
  • IP address
  • General Wellness Data
  • Other (medical information related to your condition and/or observational data captured during the SleepHealth Solutions consultation)

We use this information to enable our Patient Support staff to communicate with you, either through SMS and email messages sent on our platform, or for them to call you.

We safely collect, store and transmit communications and documents sent to you, or received from you through SleepHealth Solutions software.

Most of the personal information we process is provided to us directly by you. All processing undertaken will be fully compliant with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Collection of this data allows SleepHealth Solutions to provide clear audit trails to improve the software and maintain the clinical safety of our products and services. SleepHealth Solutions also monitor the functioning of the software and to prevent fraud, cyberattacks and other dishonest behaviour.
We may also rely on legitimate interests as a lawful basis to use your contact details to tell you about other relevant solutions that we have built that we think you may be interested in, subject to your right to object to direct marketing.

In terms of delivery of products and services. We use your personal information to take and handle orders, deliver products and services, and communicate with you about orders, products and services.

We work to protect the security of your personal information during transmission by using encryption protocols and software.

3. How the SleepHealth Solutions software works

Consultants will use SleepHealth Solutions Clinical Decision Support Software (www.SleepHealthSolutions.co.uk) to support a clinical review based on national guidance (National Institute for Health and Care Excellence – NG202).

This requires a person’s data to be inputted or transferred onto the SleepHealth Solutions system, this data is entered onto a sleep database hosted on a secure server by Microsoft Azure which protects your data in the cloud. Microsoft Azure is an NHS approved platform.

The software supports history taking, relevant to the disease condition and provides prompts to consider guidelines-based treatment interventions, together with providing the user with medical alerts.

We only ever act on your instructions and in line with our data processing agreement with you.

4. What is the legal basis for processing this data?

4.1 SleepHealth Solutions will act as data controller and data processor for people accessing our service directly through the SleepHealth Solutions website.

Our other legal bases for processing personal data where we are data controllers are to perform our contract to provide a service, when the contract is with you (GDPR Act. 6 (1)(b)), or our legitimate interests, provided they are not overridden by your individual interests, rights and freedoms surrounding data protection GDPR Act. 6 (1)(f).

As data controller, SleepHealth Solutions retains individuals’ data in an anonymised fashion for the following purpose(s).

  • Service evaluation
  • Academic research and publications
  • Development of healthcare guidelines
  • The legal bases for retaining the data include:
  • 9(2)(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
  • 9(2)(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
  • 9(2)(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
  • 9(2)(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

We always seek your consent for us to maintain data and during the first consultation specific questions are asked seeking consent for this. Enrolment into the SleepHealth Solutions clinical database happens with consent and in addition we hold a version of this without personal data called the “Research Database”, is not obligatory and the decision to withdraw from the consent would not affect the healthcare you receive in any way. If someone wishes/agrees to enrol, they will be free to withdraw at any time and without having to give a reason.

5. Your Rights

You have various rights under data protection law that we need to make you aware of:
The rights available to you depend on our reason for processing your information.

Your right of access:
You have the right to ask for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification:
You have the right to ask to rectify information you think is inaccurate. You also have the right to ask for information to be completed if you think it is incomplete. This right always applies.

Your right to erasure:
You have the right to ask for erasure of your personal information in certain circumstances.

Your right to restriction of processing:
You have the right to ask to restrict the processing of your information in certain circumstances.

Your right to object to processing:
You have the right to object to your personal data being processed, and we will respect your objection unless there is a clear lawful basis for continuing to process your data (e.g., if SleepHealth Solutions Ltd. is subject to a legal obligation).

Your right to data portability:
This only applies to information you have given. You have the right to ask for the transfer of information you gave from one organisation to another or to give it to you. The right only applies if processing information is based on your consent or under, or in talks about entering into a contract and the processing is automated. You are not required to pay any charge for exercising your rights. SleepHealth Solutions will respond to you within one month.

6. Direct Marketing & Consent

SleepHealth Solutions only conducts direct marketing activities when it has a legitimate interest to do so (e.g. communicating with existing clients or prospective clients that have expressed an interest in our products). We do not therefore rely upon consent for direct marketing purposes.

6.1 Right to opt out If ever it is necessary to obtain consent from you for marketing (or other) purposes, we will ensure that it is freely given, specific, informed and unambiguous – and will respect your right to opt out.

6.2 Notification Settings SleepHealth Solutions users do not have to manage their own notification settings. We do not use any notifications in the browser. All communications which the user receives are clinically relevant. This app. is designed to support non-specialists in delivering guideline level care. It is therefore inappropriate to disable communications.

7. Automated decision making & profiling

Notwithstanding the fact that you have a right to object to automated decision making or profiling in a manner which produces legal effects concerning you or similarly significantly affects you. We do not conduct automated decision making or profiling in such a manner. Our solution provides recommendations; however, Healthcare Professionals make the ultimate decision in terms of management.

8. Do we share this data with third parties?

Personal data will only be shared with third parties if required to do so by law. Personal data is not shared with any third parties for direct marketing purposes. SleepHealth Solutions may however contract third party data processors that provide solutions and services that enable us to meet your care needs. They include but are not limited to: –

  • Microsoft Azure

There are GDPR and Data Protection Act 2018 compliant contracts in place with data processors that state that processors will not share any personal information with any organisation apart from SleepHealth Solutions.

9. How long do we retain data for?

Client data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collated it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You may also contact us at: info@sleephealthsolutions.org to request that we delete the data that we hold about you.

Client data are generally kept in line with the Records Management Code of Practice for Health and Social Care 2016. However, we would delete the data earlier than suggested by this code if we are informed that the condition of Article 9(3) GDPR and s. 11(1) Data Protection Act 2018 no longer applies.

SleepHealth Solutions will however maintain anonymised data indefinitely unless we receive your request that your data be no longer be made available for research purpose. You may make this request either directly to SleepHealth Solutions Ltd. or through your corresponding centre. Data for those who withdraw from the Research Database will not be available for future research. Data that has already been included in research studies cannot be removed from those research datasets.

10. How do we keep your data secure?

SleepHealth Solutions Ltd. has appropriate organisational and technological controls in place to secure your data, which include (but are by no means limited to) encrypting data at rest to the AES 256 bit standard, and in transit using TLS v1.2, as a minimum, complying with the NHS Data Security & Protection Toolkit (86K653), and maintaining Cyber Essentials Certification NCSC Certificate Search – Cyber Essentials

Use of Cookies

Our website uses cookies so that we can understand user behaviour and create consistency across multiple visits, for example so you can continue an online support conversation that you were having with us. Please refer to our cookies & website policy for more detail about the use of cookies on the public website, and in our product.