Tamedocs (“Tamedocs”, “we”, “us”, “our”) of Suite 1, 3rd Floor, 11-12 St James’s Square, London, SW1Y 4LB are committed to protecting and respecting your privacy. Tamedocs are committed to the protection of the personal data we process in line with the data protection principles set out in the EU General Data Protection Regulation and UK General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA18”).
This privacy notice (“this Notice”) explains what personal data Tamedocs collects from individuals who visit the Tamedocs website, contact us using our web forms, by email, phone or through one of our social channels; or other marketing communications (“you”, “your”). It also explains what information we collect automatically when you visit our website and the information we collect when you set up an account.
Tamedocs is the data controller for the purposes of the GDPR in instances where you make an enquiry with us, registered in the UK with the Information Commissioner’s Office, registration number ZA795669.
As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold and in meeting our data protection obligations when processing personal data. Tamedocs are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.
We update this Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this Notice periodically to check for updates.
Information you provide to us
We process all information you give us, either through our website www.tamedocs.com (our site) or by corresponding with us by telephone, email or otherwise. This includes information you provide when you use our site, subscribe to a service, search for a product or service, or other social media functions linked to our site, or when you report a problem with our site.
Information processed following an enquiry
We may process the following information:
- Email address
- Telephone number(s)
- Any information you share through our social media channels
- Device information
- Location data
We use your name, address, email address and telephone number to contact you about your enquiry.
Information processed when setting up an account with Tamedocs
The list of information processed may include the following:
- Email address
- Telephone number(s)
- Business name (if applicable)
- Date of Birth (optional)
- Bank account details
- Photographs (optional)
- Medical / Health data or reports. This information is strictly protected, only accessible by participants that need access, such as the account holder, their authorised third-party representative, insurance claim handlers or healthcare professionals.
- Platform log-in data (encrypted password)
- Platform usage data
- Device information
- Location data
- Insurance policy number
- Insurance claim number
- NHS identification number
- Identification documents (e.g. copy of passport, other identity card)
- Information required for legal and regulatory compliance
Cookies and Web Beacons
To learn more about cookies, web beacons and what you can do to opt out of receiving them, please visit https://www.allaboutcookies.org/.
We may use your data for the following purposes and on the following lawful bases:
|Purpose||Lawful Bases for Processing|
|Responding to correspondence from you||It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means|
|Setting up an account as patient, insurance company, General Practitioner, or Government agency||When you set up an account with Tamedocs, we rely on the contract between us as the lawful basis for processing|
|Sending you information such as Tamedocs news and information which may be of interest||When you agree to be contacted for marketing, we will rely on your consent, which may be withdrawn at any time by emailing email@example.com|
|Business management, forecasting and statistical purposes||It is our legitimate interest to identify areas for managing current business relationships, develop new products and services, and for managing our business|
|Improving our website and the overall website visitor and user experience||It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website|
|Delivery and performance of our Platform services in accordance with our Terms and Conditions||It is necessary to process your personal data to facilitate performance of the service contract|
|Providing information on your account, such as access history, document upload, document download and document deletion||It is necessary to process your personal data to facilitate performance of the service contract|
|Prevention and detection of crime including money laundering, fraud or other crimes||We have a legal obligation to report any such activity to the relevant authorities and regulators|
|Storage of encrypted health and medical data in order to facilitate insurance claims||We process this data with the explicit consent of the user. This consent may be withdrawn at any time by emailing firstname.lastname@example.org|
|Providing you with updates about our Platform, such as additional features||It is our legitimate interest to provide accurate and up-to-date information to users of our Platform and to increase features of our Platform in order to continually improve and expand the services we provide|
|Improving our Platform and website and the overall Platform user and website visitor experience||It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our Platform and website|
|Ensure maintenance of a secure connection between our Platform and your device||It is our legitimate interest to ensure the integrity and security of personal data flowing through our systems|
|Initiate action against any user who acts outside any laws, regulations or our Terms and Conditions||It is our legitimate interest to ensure protection of our company products, services, and reputation|
|Analyse and track use of our Platform for reporting and analytical purposes||It is our legitimate interest to monitor our Platform usage in order to continually improve the user experience|
We will share your personal data outside the United Kingdom (UK) and the European Economic Area (EEA). This is necessary for the purposes of providing our services to you, but we will only share it where appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs), to ensure your personal data is protected to the same standard expected within the UK and EEA.
Our website includes links to other third-party websites and social media platforms. Once you navigate away from our site via one of the links, the site may collect your IP address and may set a cookie on your device. When you use one of these links, you are sharing information to another website or service and this Notice will no longer apply. Please read the privacy notices provided by the particular service website you are directed to before posting any personal information using these links.
|Sendgrid (Twilio)||We share details including name and email address. This is necessary for the automated sending of essential emails when using our platform and service, such as email verification. No marketing materials are sent from this provider.||https://www.twilio.com/legal/privacy||US
Data transfers protected by SCCs
|Stripe||We share payment and personal details relating to your account and payment methods. This is necessary to process payments from customer accounts and in order to facilitate the product and contract.||https://stripe.com/en-gb/privacy||US
Data transfers protected by SCCs
|AWS||Cloud service provider used to store all company and platform user documents and information.||https://aws.amazon.com/privacy/||UK|
The GDPR provides you with certain rights in relation to the processing of your personal data, including to:
- Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are processing it lawfully
- Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
- Request personal data provided by you to be transferred in machine-readable format (“data portability”)
- Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below)
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it)
- Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Tamedocs
Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation, laws, and regulations to which we are subject. If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us at email@example.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about the way in which we are handling your personal data.
We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
Information held by us will be securely deleted if an account remains unused for a continuous period of 2 years. If financial transactions have been made on an account, we will store the information for a maximum period of 7 years in accordance with UK law, after which they will be securely deleted. Uploaded medical documents will be automatically securely deleted after 3 months unless the user saves them using the ‘my medical records’ function. If saved, the documents will remain active and accessible to the user for as long as the account remains active. Should the account remain unused for a continuous period of 2 years, the information held will be securely deleted.
At the end of the retention period, your personal data will be securely deleted in accordance with the Tamedocs Personal Data Retention and Destruction Policy.
You can contact Tamedocs in relation to data protection and this privacy notice by emailing firstname.lastname@example.org.