How Your Personal Information Is Managed
It is important that you read this notice, together with any other documents we may provide when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
The General Data Protection Regulation (GDPR)
Personal data is data which relates to any living individual who can be identified from that data, or from that data and other information; such as an expression of opinion about the individual.
What is the GDPR?
The General Data Protection Regulation 2018 (GDPR) replaces the Data Protection Act 1998 (DPA) in governing how personal data is managed by a "controller" or "processor".
In this respect, a data controller is a person (or business) who determines the way in which, personal data is processed. A data processor is anyone who processes personal data on behalf of the data controller (not including the data controller's own employees).
A "Data Subject" is a person whose data is being processed.
THE COMPANY is both a controller and processor of personal data. This means that we are responsible for deciding how we hold and use personal information about you, whether you use our services directly or via a third-party.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data.
It also requires that the controller shall be responsible for, and be able to demonstrate, compliance with the principles.
The GDPR Provides the Following Rights For Individuals:
The right to be informed – the Company must provide details (such as those provided in this privacy notice) of how the Company processes information to the data subject. This information must be available at any time personal data is obtained.
The right of access – Data subjects have the right to know what information the Company has in relation to them. Data subjects then have the right to access this information.
The right to rectification – Data subjects have the right request we update inaccurate or incomplete information that is being processed or stored by the Company. We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can request for us to update or amend it.
The right to erasure – Data subjects have the right to request we delete any information the Company have in relation to them.
The right to restrict processing – Data subjects have the right to block or suppress the Company processing their information. However, it may be necessary to keep your information in order to perform a task which is in the public interest or for the purposes of establishing, exercise or defending legal claims.
The right to data portability – Data subjects can request that the Company make their information available to move, copy or transfer personal data easily from one environment to another.
The right to object – Data subjects can object to processing their information for activities such as marketing.
Individuals also have rights in relation to automated decision making and profiling. However, the Company does not carry out this type of processing.
Who Is Collecting Your Information?
The Independent General Practice Ltd. is the registered business name for the following branches and services:
MyMama Ltd is a Limited Liability Company registered in Malta (MyMama Ltd C 95398). The Company’s Platform enables individuals in Malta, the EEA and/or the UK (hereafter referred to as “Customer”, “Customers”, “you”, “your”, “yourself”) to connect in real-time, via encrypted video, instant messaging and picture messaging, to a team of qualified professionals (hereafter referred to as the “Team of Professionals”, “Individual Professional”) via the Platform in order to gain qualified and professional advice and in the case of healthcare professionals be provided with related administrative services that might include referrals, prescriptions and sick notes (only if deemed adequate and at the discretion of the Individual Professionals).
Company Registered Address:
1, Emerald Court, Victor Scerri Street, Naxxar, Malta, NXR1032.
Contact email address:
Any information collected or produced as part of these services will be managed in accordance with the Company’s information security policies & procedures.
The Company’s Lawful Basis For Processing Data
To process your data lawfully the Company must have a legal basis to do so. Set out below are some of the ways in which the Company process your personal data.
We normally process personal data if it is:
- Necessary to provide you with a service - to enable us to carry out our obligations to you arising from any contract entered into between us and you.
- In our or a third party's legitimate interests to do so - see details below.
- Necessary for the performance of a task carried out in the public interest.
- Required or allowed by any applicable law.
- With your explicit consent.
Generally, we will only ask for your consent to processing if there is are no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.
To process special category data we rely on additional legal grounds and generally, they are as follows:
- With your explicit consent.
- It is necessary for the purposes of occupational medicine, for the assessment of the working capacity of the employee, or the management of health and social care systems and services.
- It is necessary to establish, make or defend legal claims or court action.
- It is necessary so that we can comply with employment law.
- It is necessary for a public interest purpose in line with any laws that are applicable.
This should assist in protecting the public against dishonesty, malpractice or other seriously improper behaviour for example, investigating complaints, clinical concerns, regulatory breaches or investigations e.g. the Health Inspectorate Wales/Care Quality Commission or GMC or ICO.
Please note that not all of the above legal bases will apply for each type of processing activity that the Company may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.
Special Category Data
Information about an individual, that is likely to be of a sensitive or private nature and could be used in a discriminatory way, is described as sensitive personal information and identified as special category data. This type of information needs to be treated with greater care than other forms of personal data.
Sensitive personal information may include:
- Racial or ethnic origin
- Political opinion
- Religious or other similar beliefs
- A physical or mental health condition
- Sexual Orientation
When a data subject presents for an appointment, they will be required to provide, or a clinician may generate/obtain and document information that may contain sensitive or special category data, including information relating to a physical or mental health or condition.
Requirements For Sharing Special Category Data With Third-Parties
The Company may act as a processor of personal data but become a controller in obtaining special category data during an appointment. the Company may also be a controller and need to transfer information to a third-party where the third-party acts as a processor. In these instances:
Third-parties will be identified to the data subject prior to transfer of information. Consent may be required for the Company to share personal information with third-parties, irrespective of their original role. Third-parties will be required to have a contractual agreement with the Company. As part of this contract third-parties will be required to demonstrate that they have attained a suitable level of information security and have met the standards set by GDPR in acting as processor.
How Personal Data Is Collected
The Company will collect personal data:
- In direct communications (such as website, telephone, letter or video) with the data subject or a third-party controller.
- When a data subject completes a consent form, template, questionnaire or registration form.
- As part of financial processing.
A Cookie is a small file that is requested by your internet browser and stored on your computer or device. This cookie file contains various information about websites you have visited. This can include information such as your location, the type of device you are using etc. However, in some instances, some personal data can also be stored, such as when you add items to a shopping cart or enter form information. We use analytics programs (Such as Google Analytics), which collects cookie information to provide us with statistical data about visitors to our websites.
This data includes how many visits we had, which pages were visited, what device was used and details of from where the visitor was directed to our website.
What Personal Data Is Being Collected Or Generated?
The Company will need to obtain a minimal amount of personal data to:
- Contact a data subject, provide details of an appointment.
- When the Company need to make changes to an appointment.
The type of information includes:
- Information that you provide when you enquire, become a customer, patient or apply for a job.
- Details of correspondence.
- Details of the type of service you have received from us.
- We do not store credit/debit card information, unless we have your consent.
Data subjects are permitted to arrange appointments anonymously. However, the data subject will need to provide identifiable details, which will need to be recounted in communications with the Company to provide a continual service, such as receiving results.
The minimum amount of personal data that a data subject is required to provide is contact information, name and phone number. However, as part of an appointment, an Individual Professional may also need to obtain or create sensitive personal information about a data subject, which includes information relating to a physical or mental health condition.
Data subjects are not compelled to provide any information. However, if you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations. Withholding or providing inaccurate information may also affect the ability of our Individual Professionals to provide an effective and safe service.
How Will Personal Data Be Used?
The information the Company collects will be confidential and only ever be used for the purposes of undertaking or providing our services. The Company will not use or pass on personal data to market services that are unrelated to those that have been consented. However, with consent, the Company may use personal data to inform a data subject about a follow-up or related service.
Sensitive personal data will only be disclosed to those involved with the Individual Professionals involved in your online consultation, and in accordance with Maltese laws.
We may use your personal data to:
- Full-fill our obligations to you in relation to a contractual agreement to provide a service, including financial obligations.
- Provide you with information about products or services that we provide.
- Notify you about a change to the service requested.
- Respond to a request.
- Ensure the accuracy of information we hold about you.
- Support an Individual Professional directly involved in your care.
- Assess the quality of service you have received.
Where Is Personal Data Stored?
Information is stored as an electronic record on a central database. A secure back-up of information is also stored externally, by an ISO accredited IT support provider.
Personal data, including special category data, may be stored temporarily as part of communications, such as email or in a hardcopy transferable format, such as a data disk or paper record.
Who Will It Be Shared With?
With consent, the Company may share information with third-parties. Examples of third-parties include:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored.
- Third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
The Removal of Information
Data subjects have the right to withdraw consent or request a copy/transferal/removal of certain information by filing a request to [email protected]
Join our mailing list!
Sign up to receive email updates about new services, access to promotions and discounts, special announcements and a few surprises - all delivered to your inbox. We promise to keep it fun and not to overwhelm you with emails!
Do you want to become an insider?
Fill in the details below if you WANT IN...
You can unsubscribe easily, at any time.