Privacy/Cookies Policy

If you are a MyDESMOND user or subscriber, or just visiting our website, this policy applies to you. This Privacy Policy will help you understand what information we collect, why we collect it and what we do with it.

Who we are

MyDESMOND is a service that has been created by the Leicester Diabetes Centre, and is available for healthcare organisations under license from the University Hospitals of Leicester NHS Trust. The Leicester Diabetes Centre is part of the University Hospitals of Leicester NHS Trust. You can find out how to contact us by visiting www.leicesterdiabetescentre.org.uk.

University Hospitals of Leicester NHS Trust is registered as a “data controller” with the Information Commissioner’s Office, under registration number Z7882087.

Our Data Protection Officer is Saiful Choudhury and can be contactable through infogov@uhl-tr.nhs.uk or you can write to the Head of Privacy, University of Hospitals Leicester, Information Governance, County Hall, Glenfield, Leicester LE3 8RA.

Why we need information from you

We hope that by using one of the digital health programmes available on the MyDESMOND platform you will be better able to understand and manage your health. The e-learning section of all programmes allows you to learn more about your health including conditions (such as type 2 diabetes) through a range of interactive sessions, and the self-management trackers allow you to update, track and manage a range of health-related measures (e.g. blood pressure & cholesterol), as well as activity and diet levels. The decision maker section allows you to create and review plans for lifestyle changes relevant to you. You can input information about your goals and get emails to remind you of your progress.

We need information from you in order to personalise these services for you.  This includes information about age, ethnicity, and other risk factors associated with health outcomes. If you do not provide this information, this will reduce the accuracy and relevance of the content on your alloted programme within the MyDESMOND platform.

 

The information that we collect about you

You will either have been referred to a local centre who receive your details from your GP or Practice Nurse in order to invite you to use the MyDESMOND website, or you may have referred yourself to your local centre or you may receive an invitation from an existing user as part of the “buddies” feature of the programme.

We then collect two kinds of information once you start using one of the programmes on the MyDESMOND platform:

  • Information you give us:
    • You give us information by registering, logging in to, and using the MyDESMOND site, by filling in and updating forms on MyDESMOND and responding to questions. The information you give us may include: 
      • NHS Number
      • your name,
      • address,
      • e-mail address,
      • phone number,
      • ethnicity and date of birth,
      • as well as information about your health and wellbeing that you submit through interacting with the content.

All programmes on the MyDesmond platform will work best when the information you submit accurately reflects your health experience.

 

Cookies

  • Information we gain through how you use the site (cookies).
    • Cookies are small files placed on your computer that collect standard internet log information and visitor behaviour. We use this information to track visitor use of the website and compile statistical reports on activity. You can find out more by visiting https://ico.org.uk/for-the-public/online/cookies/. You can set your web-browser not to accept cookies, but this might impact on some of the features of the website.
  • below is a list of cookies used for this site:

Category: Necessary (1) 

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. 

COOKIE NAME 

EXPIRY 

Description 

PHPSESSID 

Session 

Preserves user session state across page requests. 

  

Category: Functional (1) 

These allow the website to remember choices you make. 

COOKIE NAME 

EXPIRY 

Description 

cookieconsent_status 

1 Year 

Prevent the cookie information box reappearing after you have closed it. 

  

Category: Statistics (3) 

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.  

COOKIE NAME 

EXPIRY 

Description 

_ga 

2 years 

Registers a unique ID that is used to generate statistical data on how the visitor uses the web site. 

_gat 

1 day 

Used by Google Analytics to throttle request rate 

_gid 

1 day 

Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 

 

 

  • Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States, and which we then use to make the site work and to understand how it is being used. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage. The way in which Google operates Google Analytics is set out in Google's Privacy Policy- external site. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google- external site; however by opting out, the site may not function correctly.

What we do – and don’t do – with information about you

We will:

  • store the information you provide so that you can continue to access and make use of the MyDESMOND website;
  • make available your information with your local centre as part of your direct care;
  • provide access to an administration area of the website for your local centre to download/extract reports of activity 
  • Advise your local centre to ensure they abide by all NHS standards when handling identifiable information;
  • For those on a condition-specific programme advise your local centre to use the extracted data to match against your routine care records (this will include HbA1c/blood glucose levels);
  • Be sent an anonymous and password-protected version of the matched data from each local centre, which will be analysed for audit purposes and stored in accordance with NHS standards for record handling.
  • Provide access to a forum and chat functionality where you can choose to chat and share information with other users, if you want.
  • Provide access to a secure messaging system which allows you to securely and confidentially send questions to experts at the Leicester Diabetes Centre. Your username will be attached to your message, and your message will only be viewed by admin staff and the expert who answers your question.
  • Provide you with the ability to sync your MyDESMOND account with Fitbit, Google Fit or Garmin. If you choose to sync your account then we will share the information you have provided with Fitbit, Google or Garmin. Their use of your data is governed by their own privacy policies, rather than ours – see:

https://www.fitbit.com/uk/legal/privacy-policy

https://policies.google.com/privacy

https://www.garmin.com/en-US/privacy/connect/policy/

We may:

  • use the anonymous information your local centre  give us as part of internal clinical audit, to measure or understand the effectiveness of all digital health programmes available on the MyDESMOND platform that we offer to you and others;
  • Anonymised reports will be created from the data to better understand the impact of MyDESMOND and its range of programmes and inform future service delivery. These anonymised reports may be shared through publication in relevant health or medical journals and /or with NHS England, other home-nation bodies and local centres. This is to ensure that the NHS and local health care providers can evaluate and plan the best way to provide care
  • use the information you give us as part of the administration of MyDESMOND and for internal operations, such as troubleshooting, so as to improve our site and ensure that content is presented in the most effective manner for you and others using MyDESMOND;
  • need to share information about your use of the site with our web hosting company and our web developers, but only to the extent that is needed for the running and maintenance of the MyDESMOND website. Where possible this will not include any information which could be used to identify you personally. Our webhosting company and developers are subject to strict obligations of confidentiality and won’t be able to use your data for anything else.
  • ask you from time to time about your experience in using MyDESMOND and its range of programmes, and use the information you provide to analyse and improve the service we offer you;
  • need to share your information with other organisations as part of our legal compliance obligations: for instance, the Care Quality Commission inspects the Trust regularly and can ask to see the information we hold.
  • need to use your information in connection with legal proceedings, or to investigate and respond to any complaints you may make.

 

We don’t:

  • share information with other users of the website.
  • share the information you give us with any commercial organisations not previously mentioned.

 

The legal basis for processing your information

“Processing” means doing anything with your information, for example collecting, storing or deleting your information. Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

  • The processing is necessary for us to comply with our legal obligations, such as obligations to provide a safe service. We are under legal obligations to have systems in place to proper records (under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014;
  • MyDESMOND is a service provided by the Trust as part of the NHS and forms part of the exercise of our functions under the NHS Act 2006, which include the supply of health services.

 

Because our service is a ‘health’ service, we will also process ‘sensitive’ information (known as “special category personal data”). The normal legal basis for this is:

  • The processing is necessary for the purposes of preventive medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
  • processing is necessary for reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of health care.

 

We will respect your confidentiality and wherever possible, we will respect your wishes in terms of how we use your information.

 

Keeping your information up to date

It’s really important that the information you give us is kept up-to-date, so that you can monitor your progress yourself and for those users who are signed up to a condition-specific programme (e.g. type 2 diabtes, chronic kidney disease) so that those with an interest in your health, such as your GP, can find out how you are getting on. You can keep your information up-to-date:

  • by changing your information on your MyDESMOND account page – click on the link on the top right of any page - , and
  • on the specific information you provide on, for instance, your BMI, blood glucose, and activity logs – click on the dashboard on the top left of any page.

 

How long we keep your information for, and when you stop using MyDESMOND

We keep information on your account for 24 months if the account remains active. After 24 months you will be offered the option to renew your account; if you agree you will continue to have access for another 24 months. This option will be made available every 24 months thereafter.  If the account is deactivated or unused all information is archived after six months, and any personal indentifiable information removed after 24 months. This is so that we meet our compliance obligations, and in case you want to use the service again in the future. You can find out more about the retention periods for healthcare related information in the NHS Records Management Code of Practice, available via https://www.gov.uk/government/publications/records-management-nhs-code-of-practice

 

Keeping your information safe and secure and where your data is stored

We use a range of physical, technical and organisational security measures and processes to keep your information safe and secure, such as:

  • password login;
  • encryption on our website;
  • carrying out regular privacy impact assessments
  • training for staff on information security and data protection;
  • restricting the number of staff that can see identifiable information you provide to the website, only to those that need to know or see the information in order to do their jobs.

Our servers are based in the UK, but your data may be transferred outside of the UK where you have chosen to sync your account with Google Fit, Fitbit or Garmin or where you have not opted-out of Google Analytics. This is because Fitbit and Google use servers which are outside of the UK and your information will be stored on these servers. You can find out more about Fitbit’s privacy policy (https://www.fitbit.com/uk/legal/privacy-policy), Google’s privacy policy (https://policies.google.com/privacy) or Garmin's privacy policy (https://www.garmin.com/en-US/privacy/global/policy).

You can find out more about how the NHS keeps online information safe, and what you can do to help with this, by reading the guidance note at http://www.nhs.uk/nhsengland/thenhs/records/healthrecords/documents/patientguidancebooklet.pdf

 

Please remember:

  • You provide information at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure;
  • You are responsible of your username and password: keep them safe and secure!
  • If you believe your privacy has been breached or infringed, please contact us immediately by emailing mydesmond@uhl-tr.nhs.uk

 

Your rights

You have control over much of the information you supply to us by choosing what you input into the MyDESMOND system. You can limit this but this may mean that the MyDESMONDservice does not work well and may give you an inaccurate picture of your health.

You also have the right to:

  • ask us to let you know what information we hold about you
  • ask us to amend the information we hold about you if you think it is incorrect
  • ask us to delete any information we hold about you
  • ask us to limit the way in which we use your information
  • ask us to send your information on to a third party
  • make a complaint to the Information Commissioner’s Office about the way in which we have used your information. The ICO can be contacted by visiting https://ico.org.uk.

You should be however be aware that the accuracy and relevance of the programme will depend on the level of information you provide to us.

We will not make a charge in the first instance for providing you with the information we hold about you or.

You can contact our Data Protection Officer to find out more about how we use your information or to exercise any of your rights mentioned above. Our Data Protection Officer is contactable through infogov@uhl-tr.nhs.uk or you can write to the Head of Privacy, University of Hospitals Leicester, Information Governance, County Hall, Glenfield, Leicester LE3 8RA.

Children

You must be aged 18 or above to use MyDESMOND.

Changes to this policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. This page was last updated on 16/10/2023.

 

How to contact us

You can contact us by emailing mydesmond@uhl-tr.nhs.uk with any questions or concerns.