DXS International plc (“DXS”) is committed to protecting and respecting your privacy as defined in the Data Protection Act 1998 (the “DPA”) and now the Data Protection Regulation (GDPR) (EU) 2016/679. When processing medical records, the healthcare organisation to who the personal data has been provided shall be the Data Controller and DXS shall be the Data Processor (as defined in the DPA and GDPR).
a) Process the personal data only in accordance with the Data Controller’s instructions and these terms;
b) Implement appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against
accidental loss, destruction, damage, alteration or disclosure. DXS is an NHS IG Toolkit accredited and ICO registered company.
What websites and applications are covered by this policy?
DXS Point of Care
DXS Pharmacy Knowledge Base
What information is being collected?
We may collect and process the following information about you:
Information you give us. You may give us information by filling out forms on the Application or on our Website or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use DXS applications or websites. The information you give us may include your name, date of birth, NHS number, address, email address and phone number (“Registration Information”).
Information we collect about you. Each time you use DXS Point of Care, the MyVytalCare application or our website we may automatically collect the following information: technical information, including the internet protocol (“IP”) address used to connect your computer to the internet or local area network, your login information (excl. passwords), Browser type and version, time zone settings, Browser plug-in types and versions, operating system and platform; and
Information about your visit to or usage of one of our web platforms or applications, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our applications or website (including date and time) and page response time.
(collectively referred to as “Usage Information”) DXS applications may, from time-to-time, contain links to third party Applications or websites. If you follow a link to any of these Applications or websites, please note that these Applications or websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Who is collecting it?
DXS International plc and its subsidiaries.
How is it collected?
Registration and usage information is collected during use of the products and submitted to our content update servers which reside in the EU.
Who will your information be shared with
We may disclose your personal information:
International Transfers of your personal information
We share some of your personal data with other DXS group companies which operates in various countries (including, for example U.S and South Africa) to administer and manage group functions, including registrations.
Your personal data will also be shared with companies providing services under contract to the DXS group, such as LatticeWorx (in the U.S), the developers of the DXS Point of Care application.
If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets if you have provided your express consent to the disclosure of your information;
If DXS International plc or substantially all its assets are acquired by a third party, in which case personal data held by it about its end users may be one of the transferred assets provided that have given your express consent to the disclosure of your information.
If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to protect your vital interest or the vital interest of other end users;
If we are required to disclose “usage” statistics to Clinical Commissioning Groups.
To your healthcare organisations, if you have given your express consent to the disclosure of your information to the healthcare organisation.
DXS is a global organisation. For the purposes explained in this policy, your information will be transferred to other companies within the DXS group and our suppliers in countries outside of the EEA such as the U.S. and South Africa, which may not have the same level of protection laws as those in the country in which you are located. Details of the recipients are provided in the ‘Who will your information be shared with’ section.
How is this data safeguarded?
We take commercially reasonable steps to protect your personal information. This includes setting up processes and procedures to minimise unauthorised access to or disclosure of your information, and we use reasonable efforts to obtain the agreement of our Affiliates and third-party service
providers to take steps to protect the confidentiality, security, and integrity of personal Information we share with them. However, no electronic data transmission or storage of information can be guaranteed to be 100% private and secure.
How will the information be used?
We use information held about you in the following ways;
How long will the data be stored?
Your personal information will be used to provide you with the DXS services relevant to you as well as information about our services that we believe may benefit you.
Information you give us. We will use your Registration Information to manage your account, subscribe you to opt-in services, and for our own internal administration purposes;
Information we collect about you. We will use your Usage Information to monitor, gather and use “usage” statistics to gauge where future enhancements should be focused. We do not disclose information about identifiable individuals and “usage” statistics will always be anonymised.
To improve the Online Portal to ensure that consent is presented in the most effective manner for you and for your computer; and
As part of our efforts to keep the Online Portal safe and secure.
We will never sell your data to third parties, and it will only be used to provide you with the service you have agreed to and to keep you informed about our products and services.
DXS data retention is determined by our service level agreement (SLA) with our clients “the data controller”.
What right does the data subject have?
If at any point you believe your information need to be updated or removed you can request to see this information and have it corrected or deleted.
How can the data subject raise a complaint?
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. firstname.lastname@example.org. If you’re not satisfied with our response or believe we are processing your personal data not in accordance with the law you can direct your complaint to the Information Commissioner’s Office https://ico.org.uk