This privacy statement is effective as of (11 December 2018 ). Please note that this privacy statement may be updated from time to time to reflect any changes in the way we handle your personal data or any changes in applicable laws.
Who we are
NextGen Health Solutions is an online medical consultation service provider that enables patients to get quick and reliable medical care. Our health services are provided by under various brands (such as: NextGenGP, Talk2GP, Apna Doctor) whereas the corporate governance is held by NextGen Health Solutions. NextGen Health Solutions Pvt Ltd is registered in England and Wales (number 11184742). The registered address is Kemp House, 160 City Road, London, EC1V 2NX, United Kingdom.
Any reference to 'NextGen Health or NextGen GP / Apna Doctor / Talk2GP, 'us' or 'we' under this policy means NextGen Health Solutions and any other tradenames and subsidiary organisation that are controlled by NextGen Health Solutions. We remove personal identifiers, such as your full name, address and contact details from your medical information, and provide some or all of this data to our corporate organisation (NextGen Health Solutions) and our Partners who help us develop and maintain our symptom checker software and artificial intelligence system.
At NextGen Health we share a commitment to providing high quality and accessible health services to everyone. We are dedicated to ensuring that you have access to healthcare solutions that are intelligent, innovative and effective with ease. In doing so, we are aware that your privacy is very important to us. All personal data collected through the website will be treated as strictly confidential and will only be used as set out in this policy and in accordance with data privacy protection laws and regulations including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
Introduction to the Policy
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners.
This policy also explains how NextGen Health applies your personal data to facilitate healthcare service delivery in our private service and our NHS service (Talk2GP). It applies to the use of your data through our App, or any of our websites, including the NextGenGP website, NextGenGP App, NextGen GP app variants for NHS and other regions and the Talk2GP (NHS) website, Apna Doctor (South Asia) (and any reference to our App in this policy shall also include a reference to our websites and apps released by NextGen Health).
For any enquiries on how your data is collected, processed or shared, please contact us through:
Data Protection Officer, NextGen Health, Kemp House 160 City Road, London, EC1V 2NX Email: firstname.lastname@example.org
The following sections provide further details as to how NextGen collects and processes your personal data:
- Which categories of personal data do we collect and how do we collect it?
- For which purposes do we use your personal data?
- What personal data do we share with third parties?
- How long do we retain your personal data?
- What data security measures do we employ?
- What are your rights with respect to the personal data?
- Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
I. What Personal Data do we collect?
In facilitation of service delivery by NextGen Health, we collect the following personal data:
1. Personal Details
NextGen requires you to provide certain personal details such as: your name, date of birth, physical and email addresses and a copy of personal identification document(s).
2. Health and Medical Related Data
NextGen collects your health and medical data including information relating to: your health, symptoms, treatments records, consultations and sessions, medications, allergies and procedures. This also includes records and particulars of communication with our doctors, and records interactions with our digital services.
How do we Collect your Health and Medical Information?
We collect your health and medical information through the following ways:
1. By receiving the information directly from you either through your medical history from previous GP when you use our NHS service or directly when you register with us.
2. We may also collect information about you and your health from other Apps, devices, services and from third parties (e.g Facebook where you opt to connect your account with our service) where you have given your consent to that data being shared with us.
3. With your consent, we may send the consultation notes that we take when you use our other services including our private service to your NHS GP. Any consultations we receive from you is uploaded and stored electronically to your NextGen medical record.
Why do we collect your Health and Medical Information?
NextGen records and store records of your consultations with us to:
- Assist us to track your performance as far as health is concerned
- Help us to learn from them to enable us enhance our service delivery.
- Enable you to access and re-watch the consultations by the client.
3. Technical Information and Analytics
The following information may be automatically collected from your device when you visit our App for use as outlined under Part II of this policy:
- Information about your use of our App including the pages visited and other interaction details including contact details used to contact us.
- Technical information including your address, login details, device software and operating system, browser or app, time zone setting and your IP address.
4. Financial Information
What Financial Information do we Hold?
Payments made on the App are handled directly by a third party who will store all payment information and record the details of the transactions. We only retain details of the payment transactions which are stored in secure servers. We do not record or retain your credit/debit card information.
For What Purpose do we Hold the Financial Information?
We hold the transactions details for the purpose of recording and maintaining a proper transactional history with our clients.
II. For What Purpose do we Use Your Personal Data
We use your information as follows:
- Your medical information helps us understand your health condition and consequently helping us in formulating solutions for you. We use the information for the purpose of diagnosis and understanding the condition we are dealing. This includes information collected from you directly in the course of consultations with us, information recorded through our digital devices, medical history from your previous NHS GP if you use our (Talk2GP (NHS service)).
- Your personal and financial details assist us in performing our obligations under the contract you enter with us.
- With your express consent, we use your medical information to enhance our healthcare service delivery and improve on our technology. This medical information includes information directly provided and information collected through our digital devices. This information will be used for the purpose of enhancing our capacity in providing healthcare solutions to you and to other NextGen users.
- Location details provided directly by you and those collected from your devices will be used for the purpose of referring you to the nearest pharmacy.
- Where you have opted to receive our updates and marketing messages, we will use the contact details you provide to send you such updates and marketing contents with the option of opting out.
- By learning and understanding the way users use our App and websites, we may use such information to analyse the demand for services and understanding trends. We will also use this information to improve our Apps for convenience of our App users.
- We may share the personal and financial details collected for the purpose of aiding investigations and/or detection of fraud.
- Medical data collected in the manner prescribed under this policy may be stored for regulatory and compliance purposes. NextGen may make disclosures to the relevant regulatory bodies such as General Medical Council, MHRA, and Care Quality Commission upon request the authorities.
In using the data as outlined herein, NextGen guarantees observation of strict data security measures to maintain confidentiality and security of your personal data.
III. What Personal Data do we Share and who are the Third Parties we Share the Data with?
- NextGen may share personal data with third party companies hired to provide certain services on NextGen's behalf. However, we ensure that third parties who receive such information act strictly in compliance with General Data Protection Regulation (GDPR) and other data protection regulations to ensure maintenance of confidentiality of the personal data so shared.
- Other healthcare professionals as may be necessary for the provision of care to you, such as your GP (if you use our private service), specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you.
- NextGen may share your personal data with members of its corporate group and its partners (such as the Talk2GP (NHS) partnership, where you access our NHS service). This is to help NextGen deliver our services to you.
- NextGen may store or disclose personal information about you in compliance with a law, regulation, legal process, or request by authorities; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Save for the sharing your personal information in compliance with the law, regulation, legal process or at request by authorities as indicated above, NextGen shall not share your personal information with any third party your consent.
IV. How long do we retain your Personal Data?
In retaining your personal information and medical records, NextGen ensures compliance with all the laws and regulations governing record keeping. In particular, NextGen does so in line with the NHS code of practice, and summary guidance issued by the British Medical Association. The below is an outline of NextGen's data and record retention policy. However, NextGen may update this retention policy as may be required by the law or regulations.
|Type of record||Retention period|
|Maternity Records||25 years after the birth of the last child.|
|GP Records||10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.|
|Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation||20 years after the date of the last contact; or 10 years after the patient's death if sooner.|
V. What Data Security Measures do we Employ?
NextGen shares a commitment towards protecting the integrity of your personal data. In doing so, we ensure that all your data which we collect is stored in secure servers and apply other strict procedures to safeguard your personal data against any form of privacy violation.
To ensure the confidentiality of your personally identifiable information, we employ physical, electronic and managerial security methods such as encryption to help protect against unauthorized access.
VI. What are your Rights with Respect to the Personal Data?
Whenever we rely on your consent to process your personal data, you may withdraw your consent at any time by accessing the privacy settings in the App. As the owner of the personal data, you are also entitled to the following under the General Data Protection Regulation and the Data Protection Act (2018):
- Right to withdraw consent any time where personal data processing is based on such consent.
- Access to your personal data that we hold for verification of its accuracy.
- Right to ask us to remove or make such modifications to the data as may be necessary to ensure accuracy of such data and that such data is up to date.
- Ask us for your data to be provided on a portable basis.
- Ask us to restrict or refrain from processing such data.
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
NextGen Health Solution is on the ICO register (registration number ZA445402)
For any questions or concerns, you may contact us by sending an email email@example.com