This policy was last reviewed and updated in January 2019.
SLaM is committed to ensuring that the data you provided is stored and protected at all times. We take the privacy of our Healthlocker users very seriously and all personal data is treated as confidential.
SLaM is registered with the Information Commissioner’s Office (ICO) who are the regulatory body set up to uphold information rights – Ref: Z6032780
What personal information do we collect?
Information that Healthlocker collects - and why we hold this information:
Name - To address you properly and to identify your account. Your name will also be used to verify your account if you want to connect to your care team
Email Address - To identify you and contact you in relation to Healthlocker
Date of Birth - This allow us to verify your account so that you can connect to your care team
NHS Number - This allows us to verify your account so that you can connect to your care team
Healthlocker may use this information for:
Administration of the Service
To provide you with a Healthlocker account and to connect this to your care team we need to use your information to verify who you are.
Communication with you
Improvement and development
From time to time, we may conduct surveys to better understand how to improve features.
What else do we collect?
Healthlocker will securely store anything you choose to include and your communication with the care team section. Anything you enter in Healthlocker fields will be held in confidence but can be viewed by you and your care team.
Healthlocker also collects analytical data for the purposes of service and quality improvement.
How is your information shared?
South London and Maudsley NHS Foundation Trust, as Data Controller, will not share your data with anyone without your explicit consent, unless the law permits us to do so.
We share data only with our authorised Data Processors, who must act at all times on our instructions as the Data Controller under the Data Protection Act 2018. Our data processors are outlined below:
Data Processor - Mixpanel
What data they process and why:
Mixpanel is a business analytics tool which collects analytical data from Healthlocker. This data is used for service improvement.
Microsoft Azure is a cloud computing service created by Microsoft for managing applications and services. SLaM uses azure to manage Healthlocker and store its contents. Microsoft only stored data within the UK
SmartSurvey is used to collect information from you, which you would like to share with your care team and will be used by your Care Team as part of your ongoing care. The data is not personal identifiable data but may be sensitive
Before you submit any information, it will be made clear to you why we are asking for specific information, and it is up to you whether you provide it.
The trust does not and will never sell any data.
How long do we retain your personal data for?
Your personal data will be held and processed for as long as you have a Healthlocker account. Once you close your account, we will securely hold the data in line with the NHS retention schedule to ensure we can respond to any future queries or complaints and to comply with legal and regulatory requirements.
Is your information safe?
The files transmitted between Healthlocker and the Electronic Patient Journey System (ePJS, the trust’s electronic record system) is a secure data flow which sits within the Azure data centre. Any data transferred is treated with due care in accordance with Confidentiality: NHS Code of Practice by the Department of Health.
The files transmitted between SmartSurvey and ePJS is a secure flow which sits within a secure UK data centre.
We use the information you have provided to verify your account and to promote safety and security by investigating suspicious activity or violations to our terms of service.
Right to Access
You have the right to request access to your personal data which we hold. You can do this by submitting an information request, free of charge, to the data protection office: firstname.lastname@example.org
Right to Rectification
If you believe that any of your personal data is inaccurate or incomplete you have the right to ask for this to be corrected. To do so please put your request in writing to email@example.com
Right to Erasure (Right to be forgotten)
In some circumstances you may ask us to erase your Healthlocker account and data which the account contains. However, there are some situations whereby we would be unable to erase your data, such as when we need to comply with regulatory requirements.
In certain circumstance you have the right to move, copy or transfer your personal data to another organisation. This works slightly differently to your rights of access as you may be entitled to the same amount of information under the right of portability as you would be entitled to under the right of access.
You have the right to object to us processing your data unless we can demonstrate legitimate grounds for processing your data or for if the processing of your data is for the establishment or defense of a legal claim
We may be required under law to share your information if there is a legal request which we must comply with such as a search warrant or court order.
How will we notify you of changes to this policy?
We may amend this policy in the future to ensure it is kept up to date with legal requirements. We will notify you when we make any changes to this policy and invite you to review before continuing to use Healthlocker.
How to contact us with questions or concerns
If you have any additional questions regarding this policy, please feel free to contact us at: