Pungo limited is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Processor under the UK Data Protection Act of 2018, reference ZA658349.
Personal data is provided to us via the following avenues;
· When you, the clinician/professional, register with us we will process your name, your employer, job title and your contact details. Your patient's personal details.
· When making a referral the following patient details are collected – Name, DOB, contact details, NHS number and gender.
· In addition to this, you may choose to provide us with the health and medical information of your patient, if you’ve obtained the relevant explicit consent. For example, you may wish to include health and sensitive information such as symptoms, treatments, medications, referrals, allergies and ethnicity.
· When choosing to provide this information, we require explicit consent before doing so.
Note - When patient data is involved, Joy is the data processor and you are the controller and are required to have your own processes in place for ensuring that you are capturing and processing personal data in a compliant manner. Joy has features within it to help you meet compliance, such as consent capturing.
· You may list a service on the Joy platform such as an activity or class. Details of that information such as contact details for the service are stored securely within our database.
As per the Data Protection Act and refined by the General Data Protection Regulation, you have multiple rights which can be exercised. This includes;
· requesting a copy of your personal data that we hold
· updating the personal data that we hold in order to keep your data accurate
· the ability to provide your data in a commonly used format for transfer elsewhere
· updating your consent and objecting to direct marketing and;
· requesting that your data is erased (we will always do this unless we have a valid reason. If your data cannot be deleted, we will provide you with the justification.)
If we do not address your request or fail to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via www.ico.org.uk
or by telephone on 0303 123 1113.
DECLARATION OF SHARING
We use third party solutions for the hosting of our website and application (mobile and web), including analytics to better our service and provide the best experience. Our website is hosted with WordPress and our app we host within Amazon Web Services (AWS) but we have reviewed this from a security and privacy perspective and have proceeded on the basis that it meets our requirements. We ensure that we carry out data minimisation to capture the minimal amount of information through this route.
As part of the Joy App we provide you with a list of services which can be used as referrals for your patients, we have carried out baseline reviews against the services as part of our obligations as a data processor to ensure there is a level of security.
We will hold your data for the duration of service or until you delete the data. When you choose to delete the data it will permanently be deleted upon request.
If you are using Joy’s services for the purpose of processing a child's data, you must ensure that you have the appropriate processes, procedures and protections in place for doing so. If a child has used this website without parental consent, please contact firstname.lastname@example.org
Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We have ensured that we use the absolute minimum and have only one cookie in use on the website – you can edit your cookie settings with the cookie banner when you access this website.
Throughout the website we may provide links to external parties and partners for further information and content. Whilst we take every precaution to ensure that your time on this website is safe and secure, Pungo Limited cannot guarantee the security of third-party sites and must advise that the usual internet safety precautions should be used.
REVIEW, UPDATES AND CONTACT
This policy will be updated regularly and was last reviewed on 18/11/2020