Privacy/Cookies Policy

If you are a MyDESMOND user or subscriber, or just visiting our website, this policy applies to you. This Privacy Policy will help you understand what information we collect, why we collect it and what we do with it. You can use the drop-down boxes below to find out more about how your information is used.

Who we are

MyDESMOND is a service that has been created by the Leicester Diabetes Centre, for organisations licenced to the DESMOND National Programme. The Leicester Diabetes Centre is part of the University Hospitals of Leicester NHS Trust. You can find out how to contact us by visiting www.leicesterdiabetescentre.org.uk.

University Hospitals of Leicester NHS Trust is registered as a “data controller” with the Information Commissioner’s Office, under registration number Z7882087.

Our Data Protection Officer is contactable through mydesmond@uhl-tr.nhs.uk or you can write to the Head of Privacy, University of Hospitals Leicester, Information Governance, County Hall, Glenfield, Leicester LE3 8RA]

Why we need information from you

We hope that by using MyDESMOND you will be better able to understand and manage your Type 2 diabetes. The e-learning section of MyDESMOND allows you to learn more about Type 2 diabetes through a range of interactive sessions, and the self-management trackers allow you to update, track and manage a range of health-related measures (e.g. blood pressure & cholesterol), as well as activity and diet levels. The action plan section of MyDESMOND allows you to create and review plans for lifestyle changes relevant to you. You can input information about your goals and get emails to remind you of your progress.

We need information from you in order to personalise these services for you.  This includes information about age, ethnicity, and other risk factors associated with Type 2 diabetes. If you do not provide this information, this will reduce the accuracy and relevance of the content on MyDESMOND.

 

The information that we collect about you

Your local DESMOND Organisation will receive your details from your GP or Practice Nurse in order to invite you to use the MyDESMOND website, or you may receive an invitation from an existing user as part of the “buddies” feature of the programme.

We then collect two kinds of information once you start using MyDESMOND:

  • Information you give us:
    • your name,
    • address,
    • e-mail address,
    • phone number,
    • ethnicity and date of birth,
    • as well as information about your health and wellbeing that you submit through interacting with the MyDesmond site.
    • You give us information by registering, logging in to, and using the MyDESMOND site, by filling in and updating forms on MyDESMOND and responding to questions. The information you give us may include:

We use this information to provide the personalised MyDESMOND service to you. Depending on the information you enter, the logic behind MyDesmond will show you different information in consequence, based on clinical guidance (age and ethnicity are risk factors associated with Type 2 diabetes). You can resubmit or vary information if you like – but MyDesmond will work best when the information you submit accurately reflects your health experience.

 

  • Information we gain through how you use the site (cookies).
    • Cookies are small files placed on your computer that collect standard internet log information and visitor behaviour. We use this information to track visitor use of the website and compile statistical reports on activity. You can find out more by visiting https://ico.org.uk/for-the-public/online/cookies/. You can set your web-browser not to accept cookies, but this might impact on some of the features of the website.

 

  • Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States, and which we then use to make the site work and to understand how it is being used. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage. The way in which Google operates Google Analytics is set out in Google's Privacy Policy- external site. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google- external site; however by opting out, the site may not function correctly.

What we do – and don’t do – with information about you

We will:

  • store the information you provide so that you can continue to access and make use of the MyDESMOND website;
  • make available your information with your local DESMOND Organisation as part of your direct care;
  • provide access to an administration area of the website for your local DESMOND Organisation to download/extract your name, date of birth, practice and NHS number;
  • Advise your local DESMOND Organisation to ensure they abide by all NHS standards for handling identifiable information;
  • Advise your local DESMOND Organisation to use the extracted data to match against your routine care records (this will include HbA1c/blood glucose levels);
  • Be sent an anonymous and password-protected version of the matched data from each local DESMOND Organisation, which will be analysed for audit purposes and stored in accordance with NHS standards for record handling.
  • Provide access to a forum and chat functionality where you can choose to chat and share information with other users, if you want.
  • Provide access to a secure messaging system which allows you to securely and confidentially send questions to experts at the London Diabetes Centre. Your username will be attached to your message, and your message will only be viewed by admin staff and the expert who answers your question.
  • Provide you with the ability to sync your MyDESMOND account with Fitbit or Google Fit. If you choose to sync your account then we will share the information you have provided with Fitbit or Google. Their use of your data is governed by their own privacy policies, rather than ours – see:

https://www.fitbit.com/uk/legal/privacy-policy

https://policies.google.com/privacy

We may:

  • use the anonymous information your local DESMOND Organisation give us as part of internal clinical audit, to measure or understand the effectiveness of the MyDESMOND service that we offer to you and others;
  • use the information you give us as part of the administration of MyDESMOND and for internal operations, such as troubleshooting, so as to improve our site and ensure that content is presented in the most effective manner for you and others using MyDESMOND;
  • need to share information about your use of the site with our web hosting company and our web developers, but only to the extent that is needed for the running and maintenance of the MyDESMOND website. Where possible this will not include any information which could be used to identify you personally. Our webhosting company and developers are subject to strict obligations of confidentiality and won’t be able to use your data for anything else.

 

  • ask you from time to time about your experience in using MyDESMOND and use the information you provide to analyse and improve the service we offer you;
  • need to share your information with other organisations as part of our legal compliance obligations: for instance, the Care Quality Commission inspects the Trust regularly and can ask to see the information we hold.
  • need to use your information in connection with legal proceedings, or to investigate and respond to any complaints you may make.

 

We don’t:

  • share information with other users of the website– there are ‘characters’ who form part of your MyDESMOND® group, but these are not real people.
  • share the information you give us with any commercial organisations not previously mentioned.

 

The legal basis for processing your information

“Processing” means doing anything with your information, for example collecting, storing or deleting your information. Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

  • The processing is necessary for us to comply with our legal obligations, such as obligations to provide a safe service. We are under legal obligations to have systems in place to proper records (under the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014;
  • MyDESMOND is a service provided by the Trust as part of the NHS and forms part of the exercise of our functions under the NHS Act 2006, which include the supply of health services.

 

Because our service is a ‘health’ service, we will also process ‘sensitive’ information (known as “special category personal data”). The normal legal basis for this is:

  • The processing is necessary for the purposes of preventive medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
  • processing is necessary for reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of health care.

 

We will respect your confidentiality and wherever possible, we will respect your wishes in terms of how we use your information.

 

Keeping your information up to date

It’s really important that the information you give us is kept up-to-date, so that you can monitor your progress yourself and so that those with an interest in your health, such as your GP, can find out how you are getting on. You can keep your information up-to-date:

  • by changing your information on your MyDESMOND account page – click on the link on the top right of any page - , and
  • on the specific information you provide on, for instance, your BMI, blood glucose, and activity logs – click on the dashboard on the top left of any page.

 

How long we keep your information for, and when you stop using MyDESMOND

We keep information on your account for 24 months if the account remains active. If the account is deactivated or unused all information is archived after six months, and permanently deleted after 24 months. This is so that we meet our compliance obligations, and in case you want to use the service again in the future. You can find out more about the retention periods for healthcare related information in the NHS Records Management Code of Practice, available via https://www.gov.uk/government/publications/records-management-nhs-code-of-practice

 

Keeping your information safe and secure and where your data is stored

We use a range of physical, technical and organisational security measures and processes to keep your information safe and secure, such as:

  • password login;
  • encryption on our website;
  • carrying out regular privacy impact assessments
  • training for staff on information security and data protection;
  • restricting the number of staff that can see identifiable information you provide to the website, only to those that need to know or see the information in order to do their jobs.

Our servers are based in the UK, but your data may be transferred outside of the UK where you have chosen to sync your account with Moves, Google Fit, or Fitbit, or where you have not opted-out of Google Analytics. This is because Fitbit, Google and Moves use servers which are outside of the UK and your information will be stored on these servers. You can find out more about Fitbit’s privacy policy (https://www.fitbit.com/uk/legal/privacy-policy) or Google’s privacy policy (https://policies.google.com/privacy) or Moves privacy policy here (https://moves-app.com/privacy ).

You can find out more about how the NHS keeps online information safe, and what you can do to help with this, by reading the guidance note at http://www.nhs.uk/nhsengland/thenhs/records/healthrecords/documents/patientguidancebooklet.pdf

 

Please remember:

  • You provide information at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure;
  • You are responsible of your username and password: keep them safe and secure!
  • If you believe your privacy has been breached or infringed, please contact us immediately by emailing mydesmond@uhl-tr.nhs.uk

 

Your rights

You have control over much of the information you supply to us by choosing what you input into the MyDesmond system. You can limit this but this may mean that the MyDesmond service does not work well and may give you an inaccurate picture of your diabetes.

You also have the right to:

  • ask us to let you know what information we hold about you
  • ask us to amend the information we hold about you if you think it is incorrect
  • ask us to delete any information we hold about you
  • ask us to limit the way in which we use your information
  • ask us to send your information on to a third party
  • make a complaint to the Information Commissioner’s Office about the way in which we have used your information. The ICO can be contacted by visiting https://ico.org.uk.

You should be however be aware that the accuracy and relevance of the programme will depend on the level of information you provide to us.

We will not make a charge in the first instance for providing you with the information we hold about you or.

You can contact our Data Protection Officer to find out more about how we use your information or to exercise any of your rights mentioned above. Our Data Protection Officer is contactable through mydesmond@uhl-tr.nhs.uk or you can write to the Head of Privacy, University of Hospitals Leicester, Information Governance, County Hall, Glenfield, Leicester LE3 8RA.

Children

You must be aged 13 or above to use MyDESMOND.

Changes to this policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. This page was last updated on 10/07/18.

 

How to contact us

You can contact us by emailing mydesmond@uhl-tr.nhs.uk with any questions or concerns.  

 

You can also use the ‘feedback’ button on every page to email us with comments about the site.