MyEyeSite Privacy Policy

Last updated 15 March 2021

WHAT IS MYEYESITE?

MyEyeSite is a website and web application developed through a collaboration between the following parties ("we" or "us"):

  • Moorfields Eye Hospital 

  • Loft Digital Limited 

  • UCL Institute of Ophthalmology 

MyEyeSite’s objective is to make the storage and sharing of complex medical data associated with chronic eye conditions easy for the patient. The patient is at the centre of the system. The patient in consultation with the clinician decides on what data should be stored, and the patient determines how it is shared and with whom the data will be shared. We also use the data saved on MyEyeSite for medical research purposes (e.g. identifying any correlations in eyecare conditions for specific patient types).  

MyEyeSite operates at the following web addresses https://www.myeyesite.health, https://www.myeyesite.org and https://www.myeyesite.app (the “Site”).

This Privacy Policy is provided by us. We are 'joint controllers' for the purposes of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018 (collectively the "Data Protection Laws"). This Privacy Policy applies to the personal data and special categories of personal data (e.g. health data, medical data) we collect in relation to the provision of the Site and responding to general enquiries. We take your privacy very seriously and ask that you read this Privacy Policy carefully as it contains important information about our processing and your rights. 

How to Contact Us

If you would like this Privacy Policy in another format (for example: audio, large print, braille) or have any questions in relation to our processing activities, please contact us at the details below:

Address:

Data Protection Officer 

Loft Digital Limited

Penrose House, 67 Hightown Road, Banbury, Oxfordshire OX16 9BE

Telephone number:

+44 (0)203 588 0150

Email:

support@myeyesite.health 

Topics covered

WHAT INFORMATION DO WE COLLECT?

WHERE IS MY DATA STORED?

HOW IS MY DATA SECURED?

HOW IS MY INFORMATION USED?

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

WHO WILL WE SHARE YOUR DATA WITH?

WHEN WILL WE DELETE YOUR DATA

WHAT ARE YOUR RIGHTS?

SITE COOKIES 

WHAT INFORMATION DO WE COLLECT?

User Account Data

In order to set up your account we collect your name, email address, phone number and password. It is optional to provide us with your profile picture, country and post code of residence. Once your account is set up we allocate you a user ID.  

Medical Data 

We collect your eye-care related medical data when you decide to upload it onto the Site. This should be limited to, at most:

  • NHS number 

  • Gender 

  • Date of birth 

  • The genetic data, if available, that causes the specific medical condition(s) 

  • Medical condition(s) 

  • Medical history (symptoms/diagnosis and when they occurred) 

  • Timeline of your history as a patient, covering:

    • Event information (e.g. appointments, letters received)

      • Title

      • Date

      • Hospital

      • Practitioner

      • Notes

      • Visual acuity

    • Eye images with simple metadata(left eye / right eye, title, notes, clinician entered notes) 

    • Documents with simple metadata (notes, title, clinician entered notes)

    • Clinician entered notes

  • Medical diagnosis provided by eye-care clinician 

Marketing Data 

When you register to our newsletter or when we send you information on functionalities on our Site, we process your name and contact details. You can unsubscribe at any time by contacting us using the details in the "How to Contact Us" section above or clicking the "unsubscribe" link in the emails that you receive.

Survey Data 

As part of our efforts to continuously improve our products and services, we carry out surveys from time to time. For this purpose, we process your name, email address and your survey feedback. 

Site Usage Data

We collect information about your usage of the Site through cookies including your IP address. Information about the cookies we use are detailed in the section "SITE COOKIES". 

General Enquiries

When you contact us for general enquiries we collect your name, contact details and information regarding your query.

WHERE IS MY DATA STORED?

All data is stored in secure data centres located in the UK.

HOW IS MY DATA SECURED?

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities. 

HOW IS MY INFORMATION USED?

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section "HOW IS PROCESSING YOUR DATA LAWFUL" for further detail).

Personal Data processed Purpose Legal Basis
User Account Data
  • Provide you with an account on our Site where you can store your Medical Data
  • Send you service messages in relation to your account
  • Contact you to ask about whether you will share your Medical Data for clinical research
  • To maintain and improve the operation of the Site
  • To carry out medical research
 Contract,
Legitimate Interest
Medical Data
  • Store your Medical Data within the Site for your reference
  • Transfer your Medical Data to a clinician of your choice, if and only if instructed by you.
  • To maintain and improve the operation of the Site
  • To carry out medical research
 Contract,
Legitimate Interest,
Explicit Consent,
Scientific Research
Marketing Data
  • To improve our products and services
Legitimate Interests
Site Usage Data
  • To improve the operation of the Site
 Consent
General Enquiries
  • Respond to your request for information about our Site
 Legitimate Interest

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL? 

We are allowed to process your personal data and special categories of personal data based on the following legal bases for the purposes explained in the previous section "HOW IS MY INFORMATION USED":

Legitimate Interests - We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section "HOW IS MY INFORMATION USED" explains the personal data processed on this basis. 

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed "WHAT ARE YOUR RIGHTS" to find out how.

Contract - It is necessary for our performance of the contract you have agreed to enter with us (i.e. the terms of use of the Site). If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract. 

Consent:

(a) To store your Medical Data and to share it with the clinicians(s) and research institutions(s) of your choice, we need your consent.

(b) To send you our newsletter we will ask for your consent. 

You can withdraw this consent at any time by following the instructions in the marketing communication (e.g. clicking "unsubscribe" in the marketing email) or reaching out to us using the information in the "How to Contact Us" section.

Scientific Research - It is necessary for us to process your special categories of data for scientific research purposes. 

WHO WILL WE SHARE YOUR DATA WITH?

We use processors for services such as support for our IT and email systems, carry out our surveys and assist our scientific research activities. If you would like to know the names of our service providers, please contact us using the details at "How to Contact Us". 

We share your data with eye-care clinicians of your choice for them to provide eye-care related medical advice to you. In that case, the clinicians will act as a separate controller of your data. Please refer to their privacy policy for information on how they process your data. 

We also share your data with external research institutions for scientific research purposes which act as separate controllers of your personal data and special categories of data. We will inform you of such data share in advance. Please refer to their privacy policy for information on how they process your data. 

WHEN WILL WE DELETE YOUR DATA 

Personal data Retention period
User Account Data + Medical Data Until you delete your account or after 3.5 years of inactivity
* Deleting your data - If you wish to delete your User Account Data and Medical Data, please get in touch with us as explained in the section "WHAT ARE YOUR RIGHTS". We would like to keep certain types of data to support our scientific research, but we will give you the choice of either:
- Removing personal data, but retain pseudo-anonymised clinical and genetic data (including retinal scans) for legitimate research purposes, recognising that we may not in the future be able to re-identify this data and reconnect it with your personal information; or
- Removing all User Account Data and Medical Data.
Marketing Data Until you tell us that you no longer wish to receive marketing material.
Survey Data 2 years
Site Usage Data 2 years
General Enquiries 6 months from the time the enquiry is resolved

What will happen to my data in MyEyeSite when I die?

We would like to keep your MyEyeSite data to use for research purposes, for example to help discover new therapies for future generations. To enable this, when a data subject whose personal data is held with MyEyeSite dies MyEyeSite will remove all details of the user’s name from the data. This data will then be stored indefinitely and MyEyeSite will make it available for authorised and legitimate research purposes.

WHAT ARE YOUR RIGHTS?

As a data subject, you have certain rights in relation to your personal data under the Data Protection Laws, these are explained below. Please note that certain exceptions and exemptions may apply. 

The right to access – You have the right to request us for copies of your personal data.

The right to rectification – You have the right to request that us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete. We want to make sure that your personal information is accurate and up to date. From time to time we may ask you to confirm your details with us to ensure the records we have are up to date.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions. 

The right to withdraw consent – You have the right to withdraw your consent at any point. 

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that us to transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

To invoke any of the above rights, please contact us using the details in the section "How to Contact Us". 

What if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. If your rights under the Data Protections Laws are breached, you may be entitled to compensation for damage caused. You also have the right to complain to the Information Commissioner's Office. Information about how to do this is available on its website at www.ico.org.uk.

SITE COOKIES

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website, to compile statistical reports on website activity and for functional operation of the website.

Our site uses  the following cookies:

Cookie Name Expiration Description Owner Type
ss_cid 2 years This cookie is set by websites that uses SquareSpace platform. The cookie is used to identify unique visitors and tracks a visitor's sessions on a site. Squarespace Analytics
ss_cvt 30 mins This cookie is set by websites that uses SquareSpace platform. The cookie is used to identify unique visitors and tracks a visitor's sessions on a site. Squarespace Analytics
ss_cvr 2 years This cookie is set by websites that uses SquareSpace platform. The cookie is used to identify unique visitors and tracks a visitor's sessions on a site. Squarespace Analytics
ss_cpvisit 2 years This cookie is set by websites that uses SquareSpace platform. The cookie is used to identify unique visitors and tracks a visitor's sessions on a site. Squarespace Analytics
ss_cvisit 30 mins This cookie is set by websites that uses SquareSpace platform. The cookie is used to identify unique visitors and tracks a visitor's sessions on a site. Squarespace Analytics
crumb Session This cookie is set by websites that uses SquareSpace platform. The cookie is used to prevent cross-site request forgery (CSRF). Squarespace Analytics

For further information on Google Analytics cookies visit https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

For further information about cookies, in general, visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.