Last updated: 11 April 2023
What this policy covers
As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.
This policy is intended to help you understand:
One Voice Consulting Limited, we and us, refers to OVACtech and OVAC Group and any of our corporate affiliates. We offer cloud computing software as a service. We refer to all our products, together with our other services and websites as "Services" in this policy.
This policy also explains your choices surrounding how we use information about you, which includes how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use Sermegon or interact with any other aspect of our business.
Where we provide the use of Sermegon under contract with an organisation (for example, your employer or service provider) that organisation controls the information processed by the Services. For more information, please see Notice to End Users below. This policy does not apply to the extent we process personal information in the role of a processor on behalf of such organisations.
Sermegon collects only the minimum information needed to provide the service. Please note that under the principles of data minimisation under data protection laws, we will collect only the personal data we actually need.
What information we collect about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
If we become aware that a minor/child is providing data, we will commit to deleting this data within 24 hours. Parents or legal guardian must supervise the registration and use of a Sermegon account for a minor under 16 years of age at all times.
Information you provide to us
We collect information about you when you input it into Sermegon or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include our products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include.
Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features such as surveys.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Information we collect automatically when you use Sermegon
We collect information about you when you use Sermegon, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services.
Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services.
We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. Server and data centre Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, public databases, and from our business and channel partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalised features for you.
Third Party Providers: We may receive information about you from third party providers of business information and publicly available sources (like social media platforms), parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals; Local Authority; your family or friends – with your permission; organisations we have a legal obligation to share information with i.e. for safeguarding, DHSC, NHS Digital, the police or other law enforcement agencies if we have to by law or court order. This information could include physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), IP addresses.
Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as user research.
National Data Opt-out policy: As part of our partnership with the NHS, we collect, process and disclose patient information. We always make sure that we do so for individual care purposes only; we only use and/or disclose anonymised personal information for improving the software solution and technical upgrades only. As such, we are compliant with the National data opt-out policy.
Legal bases for processing
We collect and process information about you only where we have legal bases for doing so under applicable EU laws and UK GDPR. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services.
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development.
You give us consent to do so for a specific purpose; or
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g., your employer, service provider or health and care provider) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
How we use information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalise your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate, maintain, and improve the Services. Our Services also include tailored features that personalise your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analysing the activities of your team to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you and your team. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our websites. To opt out of this personalisation, please contact firstname.lastname@example.org
For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful. We use information and collective learnings (including feedback) about how people use our Services to troubleshoot, to identify trends, usage, activity patterns, and areas for integration and to improve our Services and to develop new products, features and technologies that benefit our users and the public. We automatically analyse and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features, to better integrate the Services you use, or to provide you with insights based on how others use our Services. We also test and analyse certain new features with some users before rolling the feature out to all users.
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you. We also communicate with you about services downtime, enhancement and upgrades.
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve the Services. Where you give us express permission to do so, we share information with a third-party expert for the purpose of responding to support-related requests.
For safety and security: We use information about you and your Service use to verify accounts and activity, to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent or illegal activity, including violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
How we share information we collect
Our services promote collaboration, so this means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers. We DO NOT sell your information to advertisers or other third parties.
If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number, the health and care organisations can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS Digital service called the Personal Demographic Service (PDS). A health or care organisation sends basic information such as your name, address and date of birth to the PDS in order to find your NHS number. Once retrieved from the PDS, the NHS number is stored in our case management system. These data are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice.
We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you.
The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.
You have the right to object to the processing of your NHS number in this way. This will not stop you from receiving care but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have.
How we store and secure information we collect
We use industry standard technical and organisational measures to secure the information we store. Data is stored on UK Cloud Based Servers.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information
The length of time information is stored depends on the type of information, as described in further detail below. After such time, we will either delete or de-identify your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided, but when requested details that can identify you will be removed.
Tenant accounts: If the Services are made available to you through an organisation (e.g., your care provider), we retain your information as long as required by the administrator of your account.
How to access and control your information
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance. We will respond to any request to exercise your rights within two months.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time.
If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings.
Notice to End Users
Where our Services are made available to you through an organisation (e.g., your employer), that organisation is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organisation's policies. We are not responsible for the privacy or security practices of an administrator's organisation, which may be different than this policy.
Administrators are able to:
require you to reset your account password;
restrict, suspend or terminate your access to the Services;
access information in and about your account;
access or retain information stored as part of your account;
install or uninstall third-party apps or other integrations
In some cases, administrators can also:
restrict, suspend or terminate your account access;
change the email address associated with your account;
change your information, including profile information;
restrict your ability to edit, restrict, modify or delete information
Even if the Services are not currently administered to you by an organisation, if you use an email address provided by an organisation (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organisation or refer to your administrator’s organisational policies for more information.
Our Data Protection Officer, Mrs Ngozi Fakeye, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, can be contacted by email via email@example.com
Your information is controlled by One Voice Consulting Limited and OVACtech Limited. If you have questions or concerns about how your information is handled, please direct your enquiry to firstname.lastname@example.org.