Privacy policy

Liberate Pro Healthcare Limited Privacy Notice

Liberate Pro Healthcare is committed to protecting the privacy and security of the personal data of the users of our Liberate Pro application and website. This Privacy Notice explains who we are, how we collect, use, and share your personal data, and how you can exercise your data protection rights.  

Our name and contact details

Liberate Pro Healthcare Limited, 6th Floor, 2 London Wall Place, London, England, EC2Y 5AU. Our data protection officer’s name is Ms. Suzanne Ash and can be contacted at the following email address: dpo@liberateprohealth.com

What we do

Liberate Pro Healthcare Limited provides an information sharing platform between patients and their healthcare professionals. This provides patients access to the interactions, consultations and other communications with their doctors and other healthcare professionals. This allows the patient to be more informed by providing access to supplementary material delivered by Liberate Pro including conditions, treatments and other information that may be relevant to them.

Processing your personal data

We process and manage your personal data according to the relationship we have with you. This relationship helps us to provide you with the details of how we process your personal data. We interact with you as follows:

Health and Care Professionals

Liberate Pro is an information sharing platform provider for health and care organisations like your employer. This may be a GP practice, NHS Trust or other health or care provider. If you are working for a health or care organisation that uses Liberate Pro, we receive information about you in three ways:

  1. Liberate Pro account registration – when you sign up, or are signed up for, a Liberate Pro account
  2. Use of the Liberate Pro platform
  3. When you contact us directly, for example via email

Your employer is accountable for how your information is used in our platform (they are the “Data Controller/Data Fiduciary). They either provide us with information, or instruct us to collect this on their behalf, and instruct us how to use it. Liberate Pro Healthcare therefore operate as a “Data Processor” on behalf of your employer and we hold a legal agreement with your employer that sets out what we do with the data and how we keep it safe and secure. Please refer to your employer’s Privacy Notice for further details about how they process your personal data and ensure this complies with the law.

When an account is created for a professional within Liberate Pro, the following information about you is collected:

  • Name
  • Email address
  • Mobile number
  • Date of Birth
  • Job Title
  • Specialty
  • Address

We use this information to create and maintain your account within the Liberate Pro platform.

If you contact us for support in relation to your use of the Liberate Pro platform we will use any information you provide to us to respond to your enquiry and to assist you.

Patients

Liberate Pro Healthcare Limited provides an information sharing platform between patients and their healthcare professionals. This provides patients access to the interactions, consultations and other communications with their doctors and other healthcare professionals. If you are a patient, we receive information about you in two ways:

  1. Via healthcare organisations who use the Liberate Pro platform
  2. If you contact us directly, for example through our email or chat platform

Your health or care provider is accountable for how your information is used in our platform (they are the “Data Controller/Data Fiduciary”). When they want to use our platform to communicate with you, they either provide us with your information, or instruct us to collect this on their behalf, and instruct us how to use it. Liberate Pro Healthcare therefore operate as a “Data Processor” on behalf of your health or care provider and we hold a legal agreement with them that sets out what we do with the data and how we keep it safe and secure. Please refer to your health or care provider’s Privacy Notice for further details about how they process your personal data and ensure this complies with the law.

When an account is created for you by your health or care provider within Liberate Pro, the following information about you is collected:

  • Name
  • Email address
  • Mobile number
  • Date of birth
  • Address
  • NHS number

When your health or care provider uses the Liberate Pro platform to communicate with you we will also collect information regarding your medical conditions, diagnoses, treatment plans, diet, medicines, medical tests, lifestyle, and voice recordings.

If you contact us for support in relation to your use of the Liberate Pro platform we will use any information you provide to us to respond to your enquiry and to assist you.

Prospective buyers from health or care organisations

If you work for a commissioner in the NHS or someone who buys software or services for healthcare providers we will collect and process the following information about you as part of our interactions with you:

  • Name
  • Email address
  • Content of email communications with you and metadata (including delivery status)
  • Any additional information you provide to us through our communications with you

Liberate Pro Healthcare Limited is accountable for how your information is used for these purposes and act as the “Data Controller/Data Fiduciary”. We collect this information on the basis of our legitimate interests to discuss procurement, purchasing and implementation of our products.

Job Applicants and Prospects

If you apply for a role at Liberate Pro Healthcare Limited we will collect the following information about you:

  • Name
  • Telephone number
  • Email address
  • Employment history and other data in your CV or otherwise submitted to us
  • Assessments completed by you as part of the application process
  • Feedback about you from our staff and your referees

Liberate Pro Healthcare Limited is accountable for how your information is used for these purposes and act as the “Data Controller/Data Fiduciary”. We collect this information on the basis of our legitimate interest to assess job applications and to take steps necessary to enter into an employment contract with you. We also collect it because we have a legal obligation to ensure applicants have the right to work.

Your data may, in certain circumstances be provided to other regulatory or law enforcement bodies, but only in compliance with the law and where strictly necessary.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, including profiling, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.

You may give, manage, review or withdraw your consent to the Data Controller/Data Fiduciary through a Consent Manager (applicable to Indian context). Email address of our Consent Manager registered with Data Protection Board of India is pratima.kotian@alphamd.com.  

Your rights

Where Liberate Pro Healthcare Limited acts as the Data Controller/Data Fiduciary we will respect your rights under data protection law. We verify all requests through email before actioning them and reserve the right to deny a request where we are unable to verify your identity satisfactorily. This also applies to requests submitted on your behalf by someone else.  

If you have any queries regarding exercising your rights, we encourage you to contact us. Please email to our Consent manager on contact mentioned above. 

  • Access – you have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the personal data we process.
  • Rectification – you have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete or not updated. This right always applies.
  • Erasure – you have the right to ask us to erase your personal data where it is no longer required for purpose for which it was collected, or you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or it is being processed unlawfully, or when it must be erased to comply with a legal obligation, or it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.
  • Restriction – you have the right to ask us to restrict the processing of your personal data where it is inaccurate (allowing us to verify the accuracy), or it is being processed unlawfully (and you want us to stop processing rather than erasing it), or where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or it is no longer required for purpose for which it was collected and you want us to keep it for the establishment, exercise or defence of legal claims.
  • Portability – this only applies to personal data you have given us. You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you. This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated.
  • Objection – you have the right to object to processing your personal data if we are using legitimate interests as our lawful basis for processing, or it is being used for direct marketing.
  • Withdrawing consent – you can withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
  • Grievance redressal – you shall have the right to have readily available means of grievance redressal in respect of any act or observance of any omission to execute obligations by data fiduciary in relation to the personal data processing or the exercise of your rights under the provisions of DPDP Act. 

      You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office / Data Protection Board of India, only after exhausting this opportunity of grievance redressal with data fiduciary or consent manager.

    • Nominate – you shall have the right to nominate, in such manner as may be prescribed in DPDP Act, any other individual, who shall, in the event of your death or incapacity, shall exercise your rights in accordance with the provisions of the Act. 
    • You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office.

    Your Duties 

    With the rights, comes the duties. We encourage you to perform the following duties: 

    • Not to impersonate another person while providing personal data for a specified purpose. 
    • Not to suppress any material information while providing personal data for a specified purpose. 
    • Not to register a false or frivolous complaint or grievance with Data controller / Data fiduciary or Supervisory authority. 
    • Furnish only verifiably authentic information, while exercising right to rectification or erasure. 

    Dealing with your requests

    We will deal with your requests as soon as possible but may take up to 1 month (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances.

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

    Compliance with global standards 

    Liberate Pro platform continuously strive and has established compliance with various International Data Privacy & Security Standards such as Cyber Essentials, Data Security and Protection Toolkit, DTAC and India’s Digital Personal Data Protection Act. These standards provide a framework for data protection, transparency, and accountability, ensuring that users have control over their personal data and that the organization handle it responsibly. 

    Supplementary material

    We ensure that your personal data is:

    • Processed lawfully, fairly and in a transparent manner.
    • Collected only for specified, explicit and legitimate purposes.
    • Collected is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you. This means we collect the minimum amount of personal data that we need to deliver an individual element of the service (Data minimisation). 
    • Accurate, consistent, and complete i.e. kept up to date. 
    • Accurate and where necessary, kept up to date.
    • Not kept in a form which allows for you to be identified for longer than is necessary.
    • Only processed in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

    Security

    We have put in place appropriate administrative, technical, and physical security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed, or accessed without authorisation. These safeguards vary based on the sensitivity of the information that we collect and store. While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data. These measures include confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used and ISO27001-based organisational security policies.

    We have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

    We may process the information you provide to us either directly or we may utilise a third-party data processor appointed by us. We may transfer and store the data that we collect from you to a cloud service provider (Microsoft Azure) which has data servers which are based in a variety of locations, including outside the European Economic Area (which includes all EU Member countries as well as Iceland, Liechtenstein and Norway; the “EEA”). For any transfer, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the law.

    Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected or until you ask us to delete it. At the end of that retention period i.e. Account lifetime, or as per applicable legal requirements (for example: in cases of legal obligations pursuant to fraud), we will either delete your data completely or anonymise it, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. 

    Data will not be shared with other parties, except for the purposes that have been set out in the privacy policy. Data shall be shared, without obtaining prior consent from the provider of information, with Government agencies mandated under the law to obtain information including personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences. Liberate pro will act upon a request in writing received from the Government agency which states clearly the purpose of seeking such information, and also states that the information so obtained shall not be published or shared with any other person. 

    Changes to our privacy policy

    We reserve the right to make changes to this Privacy Policy at any time. If we change our privacy policies and procedures, we will post those changes on our website to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. The policy will be updated if there is a change in the purpose of data collection; which further triggers re-consenting of users before continued use of the service (if consent was the lawful basis). 

    Cookies

    A Cookie is a small piece of code that is sent from a website you browse, and stored in your web browser. Cookies relay certain information to us or to third parties that enables us to:

    1. recognise your computer;
    2. store your preferences and settings;
    3. understand the web pages you have visited;
    4. enhance your user experience by delivering content and advertisements specific to your inferred interests;
    5. perform searches and analytics; and
    6. assist with security administrative functions.

    For a detailed list of cookies we use including information about the type of cookie, expiry periods and links to third party sites please contact dpo@liberateprohealth.com

    Pixels or web beacons

    Pixels or web beacons may also communicate information from your Internet browser to a web server. Pixels can be embedded in web pages, videos, or emails, and can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the web beacon, the IP address of your computer, and the URL of the web page from which the web beacon was viewed.

    We sometimes work with third parties to advertise, provide or complement our Services, and these partners may set and access their own Cookies, pixel tags and similar technologies on your device. Likewise, if you receive email from us, we may use these technologies to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

    The information collected and stored through these technologies includes IP address, unique identifiers, time stamps, browser type and other browser information, referring website, and more generally, what web pages you visit and how you interact with them, and what ads You view and how you interact with them. We and our partners, including Google Analytics, may also use these technologies for analysing usage trends, assisting with fraud prevention, and providing certain features to you.

    NHS National Data Opt-out 

    Liberate Pro is currently compliant with the National Data Opt-out Policy as we do not share your confidential patient information for purposes beyond your individual care.

    Organizations that process confidential health information have to put systems and processes in place so they can be compliant with the national data opt-out. We respect and apply your opt-out preference if we use or share information for purposes beyond your individual care.

    Liberate Pro does not share confidential information for purposes beyond your individual care. We may use anonymized data only for research and quality improvements, so that you cannot be identified. Confidential patient information isn’t needed or used for these purposes.

    To find out more or to register your choice to opt out, please visit Choose if data from your health records is shared for research and planning – NHS (www.nhs.uk)

    *NB If you choose to opt out, and limit use of your data by health care organizations, Liberate Pro will still continue to process your data for the purposes of your individual care, as necessary to provide that care.  You can change your choice at any time.

    Twitter Tweet Button, Facebook Like Button and LinkedIn Button, YouTube and Instagram:

    These are functions provided by Twitter, Facebook, LinkedIn, YouTube, Instagram respectively, companies with whom we are not related. By simply clicking on these push-buttons on the Website, the function makes it possible to share liking of Liberate Pro articles and other content on the relevant social media site, without having to exit the page. This way the user links his/her/its relevant social media profile to Liberate Pro and makes this information accessible to anyone on the web, subject to the terms of use and privacy policies of each social media platform. For further information on the use of the Personal Information by the social media platforms, please consult the following links:

    Links to Other Sites

    Our Website may contain links to other websites. Therefore, it is important that you know that our Privacy Notice does not extend to those third-party websites, as their policy(ies) may differ from ours.

    India –Digital Personal Data Protection Act (DPDPA), 2023 

    “Liberate Pro Healthcare Limited” business operations are in compliance with the Digital Personal Data Protection Act, 2023 as further detailed below: 

    • What is the process for collecting and processing your personal data 

    For the types of personal data collected and details of the purposes for which Liberate Pro collects and uses personal information, please refer to the Processing your personal data section.  

    • Whom to contact in case of inquiries or complaints?  

    On how to contact liberate Pro with any inquiries or complaints, please see Our name and contact details section. 

    • Who we share your personal data with? 

    Regarding the type or identity of third parties to which Liberate Pro discloses personal information and the purposes for which it does so, please see the  

    Security section.  

    • What are your personal data rights? 

    Regarding the right of individuals to access their personal data and the choices and means Liberate pro offers individuals for limiting the use and disclosure of their personal data, please see our Your rights” section.   

    In addition, The DPDP Act empowers the Central Government to call for any information from the Data Protection Board of India, the data controller / data fiduciary or any intermediary. 

    • What are your personal data duties? 

    Liberate pro encourages its users to perform some basic duties while providing personal data for a specified and legitimate purpose, please see our Your Dutiessection. 

    • Do you perform Cross-border data transfers outside India? 

    Liberate Pro do not transfer your data to countries under India’s “negative list”. Where appropriate, cross-border transfers of Personal Data of individuals outside India, are performed using lawful transfer mechanisms pursuant to DPDP. These agreements also incorporate the protections and requirements provided for under Chapter IV of the DPDP.  

    • How processing of Child’s data is carried out? 

    We adopt a range of measures to try to ensure that no information is knowingly solicited from individuals who do not meet the minimum age or any other applicable age requirements. 

    Processing of any personal data of a child or a person with disability, is done through verifiable consent of the parent or lawful guardian. No processing shall be done to cause any detrimental effect on the well-being of your child. Also, Liberate pro does not undertake tracking or behavioral monitoring or targeted advertising directed at your child. 

    • What is the Grievance Redressal Mechanism? 

    Liberate pro takes your data protection questions and concerns seriously, and we are committed to resolving complaints about our collection or use of your data in a time bound manner. If you believe your data protection rights have been infringed, we encourage you to contact us by sending an email to dpo@liberateprohealth.com. The Grievance Officer shall redress grievances   expeditiously and within 7 days from the date of receipt of grievance. 

    Individuals with inquiries or complaints regarding this Privacy Policy should first contact Liberate pro through e-mail (see contact details above).  

    When a privacy question or access request is received, we have a dedicated team which triages the contacts and seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. If you are unsatisfied with the reply received, you may refer your complaint to the Data Protection Board of India. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances. 

    • Audits 

    Data protection and security practices and procedures employed are audited on a regular basis through independent auditor. The audit of reasonable security practices and procedures is carried out by an auditor at least once a year or as and when Liberate pro or a person on its behalf undertake significant upgradation of processes and resources. 

    • Data Protection Impact Assessment (DPIA) 

    This includes identifying and assessing all risks and threats that may affect the data and thereby protecting the data confidentiality via undertaking necessary steps as may be deemed to be considered necessary. This DPIA has been carried out at the start of this major project involving the use of personal data as it has the potential to result in significant change to existing processes.