Our policies
Privacy Policy
Evergreen Health Solutions Ltd (“we”, “us”, “our”, “Evergreen Life”), a company registered in England & Wales with company number 09484935 with registered offices at Evergreen House, Clowes Street, Salford, M3 5NA.
We are committed to protecting and respecting your privacy. We are a data controller under UK law. This means we are responsible for determining the purposes for which and the manner in which the personal information provided to us is processed.
Personal Information means information that identifies you personally such as your name or contact details, or data that can be linked with such information in order to identify you.
Please note that we interact with other third parties (including GPs, healthcare providers and NHS central services). In some cases we are simply processing your personal information on their behalf. Such third parties may also be data controllers in their own right and have their own privacy policies.
What does this statement relate to?
This statement sets out the basis on which any personal information we collect from you, or that you provide to us or that is provided to us by other third parties will be processed by us. Please read this statement carefully to understand our practices regarding your personal information and how we will treat it.
What personal information do we collect and how do we collect it?
You may give us information about you by entering information on our app or website, allowing us access to data about you held by third parties, filling in forms, or by corresponding with us by phone, e-mail or otherwise. You may also give us information, and we may collect and process information about you resulting from, any interactions you undertake or services you request or source from us.
It will be clear at the time what personal information we are requesting from you. If you do not provide the personal information necessary or withdraw your consent for the processing of your personal information, where this information is necessary for us to provide the relevant Services to you, we will not be able to provide these Services to you. You don’t have to provide data and can simply choose to stop using our app or website or our additional services.
Each time you use our app or website we may automatically collect the following information:
· technical information, including (but not limited to) the type of device you use, a unique device identifier, mobile network information, your mobile operating system, and time zone setting;
· information either accessed through your device or stored on your device which you have explicitly consented to sharing, and the providence of that data including the device used to collect that data, time, date; and location as reported by the device’s inbuilt GPS capability.
· details of your use of our app or website and services.
We will collect, create and retain the following information to set up your account and security profile, and administer and maintain your account, including for any technical updates to or technical support for the application:
· Your basic account profile information, including your name, physical address, email address, telephone number, date of birth, and gender, along with any photos of yourself that you choose to upload;
· Details of any support queries that you raise about technical issues you are experiencing with the application for which your email will be required to process your query;
· The username and password which you use to login to the application;
· Any other data that you choose to provide us with, other than through the usual functionality of the application.
The main categories of information that you can choose to add to your Personal Health Record (PHR), and which will, other than as set out in the general sections of this Privacy Policy, be retained by us only for this purpose and in accordance with your preferences in the Trusted Access features, are:
· Your physical measurements, including but not limited to your height, weight, waist to hip ratio, muscle mass percentage, body fat percentage, visceral fat rating, cholesterol, blood pressure, blood glucose, pulse, peak expiratory flow rate, oxygen saturation and respiration rate;
· Your medical history; you may include in your Personal Health Record your conditions, injuries, allergies and other health problems that you have previously suffered, including any personal medical records that are disclosed to you by your GP or other healthcare professional;
· Any existing medical conditions, including any photos that you upload that relate to the condition;
· Any medication that you take, including the frequency in which it needs to be taken and the medical condition that it seeks to address and any historical medications that you have taken previously;
· Your NHS medical number;
· The names and email addresses of PHR Contributors that you choose through use of our Trusted Access feature;
· Any other relevant contacts, such as the name, address and telephone number of your GP;
· Any vaccinations details, including the name, date, location of the body you had the vaccination and any reminders for re vaccinations and boosters along with any notes or photographs you may have recorded;
· Any documents or letters you upload, including appointment letters, referral letters, reports, results or any other document you have chosen to upload;
· Any health data imported from other sources, devices or apps.
· If you opt in to our Wellness Score function, we will store your score, and the answers to any questions we ask via our wellness checks.
· Any images or videos submitted in relation to further services we offer, including our Mole Checking Service.
You may choose to view certain parts of your medical records held by your General Practice or doctor’s surgery (“GP”). You can do this through the “GP Access” functionality of the mobile application or website. We will need to store the following additional information about you so that you can access this feature:
· your GP practice code
· your NHS Number
· your Name
· your Date of Birth
· your Address
· your Phone Number
If you choose to connect to a third party service which is a source of health data, such as your GP, we will retrieve information from that service and store it in your PHR so that you can have access to it at all times. Data retrieved and stored in this way will be treated by us in the same way as data which you have entered into your PHR manually.
Where you use a third party service via our app or website, we will pass only that information to them which is required for the functioning of that service. This will normally be information which allows the service to identify you as the originator of the request, and information relating to the specific service you are requesting. It will not generally include any information from your PHR; we will make it clear if it does. When you sign up for such a service, there may be additional terms of use and a privacy policy relating to that service, which you should read and understand before using the service. We will always try to be clear about exactly what information is being communicated between our services and others.
In the case of the GP Access feature, your GP will not receive any of the information in your Personal Health Record except for:the fact that you are using the application; and
· A unique identifier so that the use of the service can be matched to you;
· If you order a repeat prescription, the specific medication you order and any notes you add
· If you book an appointment/consultation, the time, date, clinician, and any notes you may chose to add
· If you send messages to your GP practice, the text of the messages.
Trusted Access feature – other than your name, profile picture, the first line of your address and your next of kin, people you have shared your Personal Health Record with via the Trusted Access feature will only be able to see any information you have chosen to share with them. They will not be able to see or access your security information and other information you choose to withhold. You can at all times edit any information that they add to your Personal Health Record;
We may also receive information about you from third parties to facilitate provision of applicable Services. This may include information provided from your GP or other healthcare provider such as your name, NHS number and relevant contact details as well as sensitive information about you including your medical records. They provide such data to us to enable us to provide the services to you.
How do we use your personal information?
Evergreen Life will process your personal information:
1. To provide services to you or where we have a contract with you:
· To register you for our applicable services and manage your account and for our own internal administrative purposes.
· To provide you with applicable services and to ensure that our app and website presents the correct version and data for your device.
· To update you on any developments or information about applicable services. These are strictly service related communications and do not include marketing.
· To allow us to investigate and resolve queries, questions and complaints that affect your use of our services. Any personal information you submit to us via our app or website, or that is provided to us by other means, is generally required for providing relevant services to you. However, we may rely on other lawful basis for using your personal information.
2. Where we have a legal obligation:
To make disclosures as required by or in compliance with reasonable requests by regulatory bodies or as otherwise required by law or regulation.
3. Where it is in our legitimate interest:
· To review and enhance the quality of our services and products through details of your use of our app and website and applicable Services. This is in our legitimate interest to ensure we continue to improve the services we provide to customers.
· To allow us respond to general enquiries and feedback from you. This is in our legitimate interest in providing a responsive service to customers.
· For internal operations, including analysis and reports, troubleshooting, detection of fraud, log data analysis, testing, security, audit and statistical purposes. This is in our legitimate interest to protect our business interests and assess and improve our business effectiveness.
· Where we rely on legitimate interest as a ground for processing your personal information, we carry out a “balancing test” to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these balancing tests. You have a right to the information contained in these balancing tests on request and can find out more by contacting us using the details below.
4. Where we have your explicit consent:
· Where any of the personal information we use contains data concerning health related information and racial or ethnic information, religious or philosophical beliefs, trade union membership data, genetic/ biometric data and sex life or sexual orientation data (together “sensitive information”), in addition to the above, where you provide this data to us directly through your use of our app or website or applicable Services, we usually rely on you having provided us explicit consent to use such data when you provide us with this personal information. In some instances we may rely on Public Interest conditions or are required to process such data by law.
· Further details on how we process genetic data relating to our DNA testing service can be found in our DNA terms and conditions.
· Further details on how we process your responses to the Covid Check questionnaire and related personal information, please see below.
· We will rely on your consent in order to process images and other personal data in relation to our Mole Checking Service. Further details can be found in our Mole Checking Service terms and conditions.
5. Recommendations and Personalisation:
· We will use your personal information to recommend content, products and services that might be of interest to you, identify your preferences, and personalise your experience with Evergreen Life. Where any of the personal information we use contains Sensitive Information, in addition to the above, where this data is received from your GP or other healthcare provider we rely on the GP or healthcare provider having the legal basis to share such data with us. This will then form part of your Personal Health Record and be used for recommending health and wellbeing products and services in accordance with our Privacy Policy and Terms of Use.
· If you choose to use our “Wellness Score”, “Wellness Checks” and associated functionality you consent to us analysing your data in order to conduct analysis and research into improving health and wellness for everyone. In return you will receive the benefits of that research in the form of improved information. We will also use it in order to put you in touch with research programmes from accredited research organisations which you can choose to take part in. We will create a profile of you based on your use of our application, your medical history, conditions, symptoms, treatment, medications, vaccinations, measurements, health goals, achievements and concerns, referred to within your Personal Health Record, for use (but only where we consider that these complement, interface or align with or are relevant to, your use of the application and your profile), as follows:
· To provide you with a “Wellness Score” based on the data in your profile and in some cases also based on your answers to additional questions, data points or external data.
· To send you content, articles, paper and information.
· To share insights from our own analysis and research where we consider that these complement, interface or align with or are relevant to, you, your use of the application and your profile.
· To analyse the data you provide, and other data in your PHR, alongside that of others who have opted in, for the purposes of research.
· To improve the wellness checks and information we provide to you and other users.
· To tell you about other mobile apps, or devices, products and services relating to the management, measurement, monitoring, diagnostics, testing and care of the relevant health or medical condition or stated wellbeing. They may be those of Evergreen Life itself, its affiliate companies within the Evergreen Life group of companies, or third parties selected by Evergreen Life. Your visit will be according to the terms and conditions and privacy policy for their website so please read these carefully.
· Contact you with details of clinical studies or trials run by third parties which may be of interest to you. In doing so, we will allow you to contact the third party in order to sign up to the trial if you so wish. It will always be your choice whether to take part or not.
When will we share your personal information?
Information about our customers is an important part of our business and we are not in the business of selling our customers” personal information to others. We share personal information only as described below:
· Transactions Involving Third Parties: We make available to you services, software, and content provided by third parties for use on or through the Evergreen Life app or website. You can tell when a third party is involved in your transactions, and we share information related to those transactions with that third party. You will be given an opportunity to refuse to allow us to share that information. For example, you can choose to order prescriptions from online pharmacies using Evergreen Life and we provide those sellers information to facilitate your subscription, purchases, or support.
· In the Public Interest of Public Health or of Archiving Research and Statistics: We may share insights we discover and your personal data, including your sensitive data, with specific 3rd parties including the NHS, health organisations, and academic and non-profit research institutions. If we share such data, we will always ensure it is in accordance with this Privacy Policy as well as our Data Processing and Retention Policies, and is subject to adequate and appropriate security measures, such as pseudonymisation (taking steps so you cannot be directly identified from the data shared). Wherever possible this data will be made anonymous prior to sharing.
· Protection of Us and Others: We release account and other personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and other agreements, or protect the rights, property, or security of Evergreen Life, our customers, or others.
· At Your Choice: Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.
We will not:
· Sell your personal or sensitive data to anyone else, without your specific consent.
· Give any third party direct real-time access to your data. We do not provide access into our system from outside.
· Share tracking IDs or cookies with advertisers, insurance companies, or any other third parties.
Third-Party Service Providers
We employ and utilise other companies, individuals, programs and platforms to perform functions on our behalf. Examples include sending communications, processing payments, analysing data, providing marketing and sales assistance and conducting customer relationship management. These third party service providers may have access to personal information needed to perform their functions, but may not use it for other purposes than either (i) we have agreed with them (which reflect the lawful basis on which we process your personal data); or (ii) you agree with them directly when the third party is a data controller (which will be subject to that third party’s privacy information and terms of use). We may then receive some information back from that third party relating the function or service provided (e.g. if you have made payment via the third party then we will receive information on that transaction).
COVID-19: Covid Check and sharing of personal data
The Evergreen Life app has been updated during the COVID-19 pandemic to request additional personal information from you, for the purpose of supporting research into the spread of the COVID-19 virus within the UK. This is collected through our Covid Check questionnaire. We also request your explicit consent when completing the Covid Check, which is for us to share your responses and personal information with NHS England.
If you provide your consent we will share the following personal information with NHS England:
· Compliance with UK Government guidance
· COVID symptoms status
· COVID risk factor
· Postcode outer code (first 3 digits)
· Year of birth
· Gender
Prior to sharing any of this personal information, it is processed in such a way so that it can no longer be attributed to you without the use of additional information, which is kept secure and separate from the information shared with NHS England (known as Pseudonymisation).
If you have any questions or wish to withdraw your consent, please contact us.
NHS England is seeking to co-ordinate the public health response to the COVID-19 virus within England and engage with symptom tracking apps (including Evergreen Life app) to support the national response strategy, which is known as “Project OASIS”). Project OASIS has been established by NHS England, through NHSX (responsible for digital, data and technology within the NHS) and the jHub (the Innovation Centre for the MoD). The project will focus on public health and scientific research into symptoms, diagnosis and treatment, as well as tracking the spread and containment of COVID-19. Please see here for more details on Project OASIS.
How do we store your personal information?
We will retain your personal information for as long as needed to fulfil the purposes of providing our services to you or for a period specifically required by applicable regulations or laws. For example, where you are registered for any of our Services, we generally keep your personal information for the duration of time you utilise that Service.
When determining the relevant retention periods, we will consider factors including:
· our contractual obligations and rights in relation to the information involved;
· legal obligation(s) under applicable law to retain data for a certain period of time;
· statute of limitations under applicable law(s);
· our legitimate interests where we have carried out balancing tests (see section on “How do we use your information above);
· (potential) disputes; and
· guidelines issued by relevant data protection authorities.
Otherwise, we securely erase or anonymise your personal information where we no longer require your information for the purposes collected.
What about third-party sites?
Our app, website and other services we offer may contain links to other independent third-party websites or mobile applications (“Third-party Sites”).
These Third-party Sites are not under our control, and we are not responsible for and do not endorse their content or their privacy policies (if any). You will need to make your own independent judgement regarding your interaction with any Third-party Sites, including the purchase and use of any products or services accessible through them.
Please note that if you access our service using your NHS login details the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Policy and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
What rights do you have?
By law, you have a number of rights (subject to certain conditions) when it comes to your information.
Further information and advice about your rights can be obtained from the data protection regulator in your country (ICO). You can exercise any of these rights by contacting us through our details below.
· The right to object to processing; you have the right to object to certain types of processing, including processing where we rely on our legitimate interest as a grounds for processing.
· The right to be informed; you have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
· The right of access; you have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
· The right to rectification; you are entitled to have your information corrected if it is inaccurate or incomplete.
· The right to erasure; this is also known as “the right to be forgotten” and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure, there are exceptions.
· The right to restrict processing; you have rights to “block” or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be “blocked” to make sure the restriction is respected in future.
· The right to data portability; you have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
· The right to lodge a complaint; you have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator. See details of the UK data protection regulator in the contact us section below.
· The right to withdraw consent; if you have given your consent to anything we do with your information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your information with your consent up to that point is unlawful). Note that such withdrawal in certain circumstance may mean we can no longer continue to provide the Services to you.
· We usually act on requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests or further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
DNA Customers:
DNA Test Service – Additional Privacy Notice
Please note: This Notice provides additional information on how we may process your personal data when providing the DNA Test service, which applies as well as the Evergreen Life’s wider Privacy Policy.
Collection of Information
Purchasing the Service: Where you purchase our DNA Test service from us, we will need to collect the following information from you:
· your personal details, including your name
· contact information, including your email address and delivery address (if you have purchased the DNA Test for someone else, as a gift or otherwise, then you must ensure you have permission to share their delivery/contact details with us, if you do not intend to take personal delivery);
· any queries that you raise with us, for instance, you may submit a question by email or through our App to us about the DNA test.
Our third-party payment provider will need to collect your payment details in order to process your order.
Our lawful basis for processing this data will be both contract and for our legitimate interests.
Collecting the Sample: In order to carry out the DNA testing, we will also need to collect your DNA sample, this is in the form of a saliva sample (“DNA Sample”). Your kit will be sent to you, and your DNA Sample processed and handled by our third-party laboratory, ‘Eurofins’.
When taking the DNA Test, you must register the DNA Test Kit, and provide consent for us to perform the DNA Test and process your personal data. This is because conducting the DNA Test means we will process your medical (sensitive/special category) data, and we rely on your consent to do this. We will request your consent when submitting the DNA Test to us during the process of registering your kit.
The person taking the DNA Test is responsible for providing consent. You can provide consent by clicking to ‘confirm’ where this option is made available to you by Evergreen Life on our App, or otherwise providing explicit consent in a method requested by us. Failure to provide consent will result in us not being able to provide you with your DNA Test report.
Please refer to our wider Privacy Policy for further information on your Data Rights.
Use of Information
We will only use the data that we collect about you for the following purposes and in accordance with your PHR preferences:
· to deliver the DNA test kit to you, so that your DNA Sample can be collected;
· to perform the DNA test, our third-party laboratory will perform the test on the DNA Sample which you have provided to us;
· to analyse your DNA test result, we will review the results received from our third-party laboratory so that we can provide you with a report on your DNA (provided via our App and your Personal Health Record);
· We will store your full DNA Test report and raw genotyping data for any future use or services we make available to you (this means we hold more data from your result than we can present in the report, but may be for relevant for different reports and services in future);
· to contact you about your DNA test, we will contact you once your results are ready to view on your Personal Health Record, or if there is a problem with your DNA test, or if we have further information about your order or DNA test results;
· to respond to your queries that you submit through our website, App or via any other communication medium such as email or letter regarding your DNA test;
· to contact you about new DNA test services or similar services;
· to verify your user credentials when you attempt to login to the application;
· with your prior consent, to make other services and products available to you, including via our third-party partners, related to the processing and use of the DNA Test results.
We will not use your DNA related information for any other purpose without your consent and you may withdraw your consent at any time.
Use of anonymised data: We carry out research, along with carefully selected research partners, using anonymised and aggregated data from the Evergreen Life community including from DNA Testing. Therefore, while we don’t know or share whose data we are using, you will actually be helping to unlock more of our genetic code and support wider understanding of our health and wellbeing.
Use of data for clinical trials: No identifiable data will be used for clinical trials without your explicit and informed consent. You may be contacted on the App for this consent.
Results and Report
We will receive and store your DNA test results, all related correspondence, materials and information from our third-party testing laboratory. Results will be released to you in the form of a report as part of your Personal Health Record contained within the Evergreen Life App.
This report will contain the genotypes and insights from your genetic data which are included within the DNA Test specification on our App at the time of order, and that are actionable and targeted within our mission of empowering our users to take control of their own health and wellbeing.
However, we will also store the raw genotyping data we obtain from your Sample, which will be kept secure and may be requested or managed by you in accordance with your rights under the UK GDPR. This means we hold more data about you than will be provided within your initial report, but may be relevant for future services and reports. Therefore, from time to time and for as long as we are permitted to hold your genotyping data, we may update your DNA Test report and make more results and insights available to you as we discover them (but do not guarantee that we will provide any additional insights or reports after the initial DNA Test). Please note that we will not use your results for any other purpose without your permission.
Security and destruction
As further explained in the ‘When will we share your personal information’ section of our Privacy Policy, we impose appropriate obligations to protect the security and privacy of your information where we use third-party providers.
Once the DNA test has been performed, any remaining DNA Sample will be stored securely by the third-party testing laboratory on our behalf. You can request for the destruction of your DNA Sample at any time, at which point it will be securely destroyed. Our third part laboratory will destroy your DNA Test results within 1 month of providing them to Evergreen.
If you have any questions on the policy or how we use your data generally please contact us.
Website Visitors:
If you are only a Visitor and have not subscribed to the application, then we will not usually ask you to provide any health, wellbeing or medical data. If we do, we will make it clear to you why we are asking for it and as appropriate, seek your agreement to use it. Please note that if you or someone on your behalf makes any public posts to message boards or social media about your health, wellbeing or medical circumstances, you will be regarded as having agreed to such publication.
However, we will collect the following:
· Contact information, including your name and email address in the event that you register interest in using our application;
· Any queries that you raise with us, for instance you may submit a question by email to us about our application;
· Any interactions that you have with us on any of our chosen social media platforms. For instance, you may decide to like our Facebook page or send us a tweet on Twitter;
· All other information that you choose to provide us.
· We may use the data that we collect about you in the following ways:
· Respond to your queries that you submit through our website or via any other communication medium such as email or letter;
· Contact you about the launch of the application where you have registered an interest in hearing about this;
· Help us to improve our website, including its content, layout and navigation;
· To verify your user credentials when you attempt to login to the application.
· Analyse user traffic and other metrics relating to the use of our website.
· Technical information, including (but not limited to) the type of device you use, a unique device identifier, mobile network information, your mobile operating system, and time zone setting.
Tracking
We track user actions within our website and engage in anonymous statistical analysis to improve your experience, both via our website and in our app. We also request permission to track how you interact with our website and app, however, this personal data will not be collected without your permission, as more detailed in our website cookie policy. This may include the use of tracking technologies and receipt of information from third party service providers. Please note that cookies and other tracking technologies placed by the third party, will usually be subject to that third party’s cookie information and settings.
·
Changes to this Privacy Notice
We update our privacy notice from time to time and any changes we may make to our privacy notice in the future will be posted on our application and website and, where appropriate, notified to you. The new terms may be displayed on-screen and you may be required to read and acknowledge them to continue your use of our website and services.
Contact Us
If you have any questions, comments and requests regarding this Policy, please get in touch with us:
Evergreen Health Solutions Limited
Evergreen House,
Clowes Street,
Manchester,
M3 5NA
Our email address is [email protected]
Our phone number is 0161 768 6063
Data Protection Officer contact details:
Email: [email protected]
Phone: 0161 768 6063
If you are not satisfied with our response to a complaint you have made, or think we aren’t complying with data protection law, you can make a complaint to the UK data protection regulator – the Information Commissioner’s Office:
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire
SK9 5AF
Phone number: 0303 123 1113
Email: [email protected]
Website: http://ico.org.uk/concerns/