For the purpose of the Data Protection Act 1998 ("Act"), the data controller is Imperial College, of the address shown above. Our nominated representative for the purpose of the Act is Professor Justin Cobb. We are committed to protecting and respecting your privacy and security.
2. Collection of Personal Information
We may collect and process the following personal information about you:
- any data which you provide when you complete and submit an application to register for the website or completing any form or questionnaire on the website. In the case of Patients, this may include certain kinds of medical information (see section 3 below);
- any data that you provide via postings to forums and blogs and any other posting that you make to the public areas of the website;
- if you contact us (whether via email, telephone or other means), the details of such correspondence;
- details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data;
- information about you received from third parties, for example a friend, Patient, Doctor or other person who wants to tell you about the website;
For all users of the website, general information collected and stored by us might include your name, date of birth, e-mail address, telephone number, postal address, occupation, place of work or other professional information.
3. Patient Information
- information relating to:
- your gender
- your weight
- your height
- your address
- your living arragements
- your contact details
- the names of your "Responsible Care Providers" and their place of work (as defined under Terms & Conditions)
- Information relating to your medical condition, as may be updated by you from time to time, including as to:
- your medical condition, including affected joint and type of condition,
- treatment details
- other medical disorders
- your disability status
- your mobility
- levels of pain relating to the condition
- levels of anxiety arising from the condition
- personal aspiration relating to the condition and progress as against those aspirations
- other relevant information relating to the condition, including your usual lifestyle activities, eg work, study, housework, family or leisure activities
4. IP Addresses
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
5. Storage and Retention of Your Information
The data that we collect from you may be transferred to, and stored on a single dedicated server based in a UK data centre, run by Rackspace, built to rigorous standards and conforming to ISO 27001 certification. All traffic between users and the server is encrypted using a 256bit SSL (Secure Sockets Layer) certificate. Site is protected by Cisco firewall to preventing network attacks.
All personal information you provide to us will be encrypted using the industry standard AES algorithm (AES has been adopted by the United States government as their approved encryption algorithm and is in use by all the major banking groups). In addition, all traffic between users and the server is encrypted using a 256bit SSL (Secure Sockets Layer) certificate. The website has been built using Linux based industry standard web technologies, using its mature security framework to authenticate every user accessing the site.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
6. Use of your Information
We may use personal information held about you (subject in each case to the requirements of the Act) in the following ways:
- to ensure that content from our website is presented in the most effective manner for you and for your computer and for generating aggregated statistics about users, traffic patterns etc of the website;
- to carry out our obligations arising from any contracts entered into between you and us;
- to allow you to participate in interactive features of the website, when you choose to do so; and
- to notify you about changes to the website.
Use and disclosure of Patient Information
If you are a Patient with a registered JointPRO account by registering for a JointPRO account you consent to Imperial College researchers viewing your clinical profile and the information contained on such profile (which will include the information referred to in section 3 above (Patient Information) in pseudonymised form). We may allow some or all of the following categories of persons to view your clinical profile and the information contained on such profile (which will include the information referred to in section 3 above (Patient Information)). We will only do so where you have expressly consented to such sharing (either via your account privacy settings or by virtue of your invite to such persons to access your profile). In some cases you may access the website using a code which indicates that you are being cared for by a particular institution and/or you are participating in an [academic/clinical] study ("site-specific code"). In such cases, the site-specific code will allow for your information to be shared (in pseudonymised form) with the institution which is providing your care and/or conducting the [academic/clinical] study in question:
- Your Responsible Care Providers (namely GPs, Consultants and Physiotherapists);
- Other Clinical Team Members who are assisting your Doctor or Physiotherapist with your clinical care (as verified by your Doctor or Physiotherapist);
- (where you access the website using a site-specific code) the managers and senior administrative staff at the institution providing you with care (such as your hospital), whether that institution is a private healthcare provider or an NHS organisation;
- (if you are signed up to a specific academic/clinical study), to the Academic Researchers who are involved on such study; and
- (if you are an NHS Patient or a Patient in private care who has explicitly consented to this), the relevant national records system that monitors all admissions, appointments and attendances at NHS hospitals and/or private hospitals, as applicable (such as the Hospital Episode Statistics (HES) database administered by the Health & Social Care Information Centre (HSCIC), the National Joint Registry (NJR) or such other replacement national records system, and/or the database administered by the Private Healthcare Information Network (PHIN) concerning private healthcare, as applicable).
For the avoidance of doubt, where a Patient is involved in a specific academic/clinical study or you have accessed the website using a site-specific code, the Patient Information will be stored in pseudonymised form. Imperial College researchers will also only be able to access Patient Information in pseudonymised form.
This means that each Patient's data will be categorised by way of a specific numeric/code-based Patient ID rather than the Patient's name. For [academic/clinical] studies, only the Lead Investigator for the relevant study (and the super-administrator responsible for the administration of the website) will hold the key enabling this Patient ID to be linked to the Patient's name. Where you have accessed the website using a site-specific code, only a single lead administrator at the institution providing you with care (and the super-administrator responsible for the administration of the website) will hold the key enabling this Patient ID to be linked to the Patient's name.
We may use Patient Information in anonymised or aggregated form for any purpose provided that such use does not enable the Patient Information to be linked to a named individual (and therefore no longer comprises personal data for the purpose of relevant Data Protection legislation, or confidential information). Such use might include:
- use in aggregated form (ie collected together with similar data from other Patients) to provide information to other users of the website regarding certain metrics relating to specific medical conditions (such as average time for recovery, for example);
- sale or licensing of part or all of the aggregated data-set created from Patient's contributions to the website for commercial purposes (for example to manufacturers of implants or prosthetics) although we would normally only do so where such use or exploitation had the potential for improving the health and wellbeing of patients.
In the event that Imperial College is acquired by or merges with another legal entity, or transfers its operations to a new legal entity, your personal information may be passed to the purchasing/merging/new legal entity amongst the transferred assets and activities. This will enable your use of the website to continue despite the change of ownership.
Our third party contractors (for example, web developers) who assist us with the operation of the website may also have access to your JointPRO account although only for the purpose of operation and maintenance of the website. Such third party contractors are bound by strict obligations of confidentiality in relation to such access.
Where you have consented to the disclosure of Patient Information to the relevant national records system that monitors all admissions, appointments and attendances at NHS hospitals and/or private hospitals, as applicable, your information will be disclosed to the Health and Social Care Information Centre and/or the National Joint Registry in accordance with the terms prescribed by the Department of Health from time to time and/or (if applicable) your information will be disclosed to the Private Healthcare Information Network (PHIN) in accordance witht the terms you have agreed with your private hospital or other independent healthcare provider. This includes the right for your personal details and health information to be held and used by contractors working on behalf of the Health and Social Care Information Centre, Department of Health and/or the National Joint Registry and/or (if applicable) the Private Healthcare Information Network (PHIN) for this project. Imperial College may pass your information to such contractors in order to facilitate this.
7. Your Rights
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of Ten Pounds (£10) to meet our costs in providing you with details of the information we hold about you.
You have the right to ask us to not to process your personal data for any of the above purposes at any time by emailing Emily@jointpro.co.uk