WE RESPECT YOUR PRIVACY
(last update February 2018)
We respect your privacy and we take protecting it seriously. If you have any privacy related concerns, please contact us at: firstname.lastname@example.org.
Your.MD Services (hereinafter referred to as: ‘’Services’’) is offered by Your.MD Limited, incorporated and registered in the UK with company number 08727263 whose registered office is at 5th Floor, Holden House, 57 Rathbone Place, London W1T 1JU (hereinafter referred to as: ‘’Your.MD’’, ''We'').
This privacy statement describes how Your.MD collects and uses the information and/or data (the terms are used interchangeably) you provide. It also describes the choices available to you regarding our use of your information and how you can access the information. We will never use your data for any purpose not explicitly stated herein. Your.MD Services should only be used by persons over the age of 13 or older and capable in your country of residence of entering into legal binding agreement to use our Service.
COLLECTION OF INFORMATION
In order for you to be able to use our Services, we need to collect limited information (the term ''data'' or ''information'' is used collectively for the information stated below).
Device model, screen information, mobile service provider, installed App version, OS version, location (country and city), time zone (when using Your.MD services via mobile apps)
User agent (web browser type and version), screen information, geolocated country and region, time zone (when using Your.MD services via web app)
IP address at the time of usage (‘’IP address’'), Your.MD unique identifier namely profile ID, consultation ID
User’s interaction with the App/Services
FB Messenger, Kik, Skype, Slack, Telegram and other messenger identifiers (when using Your.MD services on these messenger platforms)
Logs with technical information as stated above
Logs on your usage of the Services as described in Analytical Information section
Logs with Symptom Checker Information as described in Symptom Checker Information Section
IP address, Your.MD unique identifier namely profile ID, consultation ID
Logs with technical data as described under Technical Information
Logs with Symptom Checker Information as described under Symptom Checker Information
Analytics provider’s unique user ID
Various information on how you use the Service such as: Sessions (Knowing when you start a session, and how), App remove (tracking if you delete the mobile App), App update (tracking you upgrade the app to the new version), Authentication (tracking whether you attempt to authenticate, whether you were successful, whether you used Google or Facebook), Acquisition channel (on which ad from Google/Facebook you clicked to get to our Services, which channel was used to get our Services – Google Ads, FB Ads, our older version of the App, organic or paid channel), Chat Activity (Whether you did any of the following actions in chat: a) Symptom check (all data inputted by the user, plus the outcome and feedback), b) general search (all data inputted by the user, plus the outcome and feedback), c) Quiz / self- assessment (plus outcome and feedback), d) Three strike, e) Navigation path through chat menu, f) Tutorial, g) OneStop Health™ partner Q&A, h) Consultation Report Activity (whether you: Opened a consultation report, viewed all tabs of the report - for different conditions, Clicked to OSH, Clicked to full article, provided Consultation feedback, Deleted reports, viewed consultation history, Health A-Z Activity (Whether you use the Health A-Z - all articles you view, save, share or download), OneStop Health™ Activity (whatever you view a partner, search for a partner, view or click on the partner link), Health Tracker activity (Whether you are logging your feelings, syncing with Google / S Health, viewing graphs, Notification activity (whether you opt out and to what notifications), Opening menu (what you select in the opening menu), General App Analytics (general activity within our Services such as whether you view the About Us section), Screen Activity (every screen you view, time spent on a specific screen)
Logs on your usage of the Quizzes, Self-Assessment and tools, BMI calculator (your answers, score etc.), the articles you view in the Health A-Z, Top Tips and on our OneStop Health™ Platform.
Symptom Checker Information
Your Profile: full name as per Google/FB profile, year of birth or age, gender, e-mail address, geolocated country and region (not specific enough to identify a street), time zone, Services preferences (push notifications enabled etc.), Country of residence, FB and/or Google account information (used for sign in and identification purposes only), messenger’s information, acquisition channel. The information collected, if you decide to share it with us is: health tracker data such as mood, step metrics, your notes, weight, heart rate, blood pressure, sleep, Influencing Factors (such as high blood pressure, smoker, coronary artery disease, stroke, chronic kidney disease, diabetes, obesity, chronic obstructive lung disease, cancer), Family History (of diseases such as coronary artery disease, diabetes, stroke, specific cancers), Vital Signs (including heart rate, blood pressure, oxygen saturation, temperature, weight and height), your Subjective Scores (such as mood assessments). This information will not be stored in Your Profile but only in technical logs.
Additional Users Profiles - name (family name not required), year of birth, gender
Third Party Profile - name (family name not required), year of birth, gender
Chat History (your search history, selected symptoms, duration, rejected symptoms, questions and answers to clarify symptoms, probable conditions, personal factors that affect the diagnosis (age and gender), reasons for you not understanding our Symptom Checker, whether the questions asked are deemed relevant, the fact that you do not have the condition our Symptom Checker calculated based on your entries, Push Notification tokens, triage message, consultation ID)
Notes inserted by you via Health Tracker (available only for some versions of our Services and currently not used outside the Health Tracker)
USE OF INFORMATION
We use your data to provide our Services and to make constant improvements with troubleshooting, testing, research, internal analytics and surveys to ensure the best user experience, but only on an anonymised basis. When you use the services of any of the Providers available through our OneStop Health™ Platform you accept our Provider’s privacy policies available in the section "Our Providers".
We use Your Profile (and Additional User profiles you may insert) information for the purposes of the Symptom Checker to help us better understand your reported symptoms. We do not tie Your Profile with Chat History (symptoms you choose) when checking the performance of the Services, but we need to tie Your Profile and IP address with Chat History in limited cases of solving technical errors bugs. You can set up an account by signing in with your Google or Facebook account. By doing so you give us permission to access and use your information as permitted by such services. We will use your Google/Facebook email address and registered name obtained from such services for identification purposes. If you use the same Google/FB account for Web App and mobile App sign in, you will be able to access past consultation Reports from Web App in our mobile App. This would also mean that we can send you Notifications to Mobile App based on your behaviour in our Web App.
*Psedonymisation is a procedure by which identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. This means the processing of personal data is done in a manner that the personal data can no longer be attributed to you. It is done without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that Your Profile data are not attributed to you in an identifiable form.
We do not use this data for the Symptom Checker's calculation: health tracker data such as mood, step metrics, your notes, weight, heart rate, blood pressure, sleep, Influencing Factors (such as high blood pressure, smoker, coronary artery disease, stroke, chronic kidney disease, diabetes, obesity, chronic obstructive lung disease, cancer), Family History (of diseases such as coronary artery disease, diabetes, stroke, specific cancers), Vital Signs (including heart rate, blood pressure, oxygen saturation, temperature, weight and height) and your Subjective Scores (such as mood assessments) for Symptom Checker calculation.
We may send you various Push Notifications based on the Symptom Checker’s results, Consultations, Sympthoms, Conditions (Contextual Push Notifications), Health Goals (Health Goals Push Notifications) Self-Assessments and other events based on your behavior within our Services and/or Your Profile data (Event Based Push Notifications). Event Based Push Notifications may be sent as reminders for inactivity (not completing authentification etc.), to recommend articles based on your Health A-Z search and/or to recommend OneStop Health™ Service providers available in your territory. We might also use Your Profile data namely age, gender and acquisition channel to send various push notifications related to such characteristics. For example we might send an article we think may be of interest to users in a certain age group or send you articles we think might be interesting to you. Push Notifications are sent in an anonymised manner using push tokens, a technical solution that which allows messages to be sent to you but do not directly identify you. We do store the notifications sent to each push token so that we can throttle the frequency of messages sent to each person and avoid sending excessive or repettitive communications. We do not store information that individually identifies you directly with the information on the push notifications you have been sent. For more information about various types of Push Notifications please see our Terms of Service.
OneStop Health™ Platform
We can help you stay focused on your health priorities. Via our Health Goals section, you can choose the health-related topics that are of interest to you and we will send you useful and actionable information, written by doctors.
Our Health Tracker service enables you to store information about your wellbeing and your Chat History (for some versions, while in other consultations are stored in the ''Profile'' area of our Services under section ''Consultations''). Some version will store this information only if you tell us that the result of our Symptom Checker was useful. Newer versions allow you to delete Consultation Reports by clicking on the trash bin icon at the top right side of the Report. You can also add your own data via the notes section (only in some versions of our Services) and sync with your health and fitness apps data to get useful insights relevant for your health. We will use this data only on an anonymised basis to help improve our Services. Some verions enable storing your own Notes. Notes will be stored for your conveniance only and will not be used by us. You can access your Notes by contacting us at email@example.com when using the versions without the Notes feature available. Please make sure you do not store any sensitive information (such as but not limited to medical health records, doctor's diagnosis, prescriptions etc.) in Notes. We store this information only in tehcnical logs, but not in Your Profile and we do not use them for the Sympthom Checker calculation.
Quizzes, Self-Assessments and Tools, BMI calculator, Top Tips
We store the data related to your interactions with these sections and use them solely to improve the user experience. We do not take this data into account when you are using the Sympthom Checker and we do not add it into Your Profile. We collect your answers to our quizzes, self-assessments, BMI calculator and the scores/outcome.
Health A-Z (Health Library)
You can find health information within the ''Health A-Z'' (''Library'') section of our Services. We do not store the information about which conditions within the ''Health A-Z'' section or ''All Articles'' you click on. You can store preferred Articles in newer versions of our Services by clicking on the ''Save Article'' icon and the Article will be saved in the ''Health A-Z'' under the ''Saved Items'' section. You can review saved articles without an internet connection.
HealthKit for iOS users
Our App uses HealthKit to make your user experience better. Any personal data gathered from HealthKit and also any other health or fitness data (“HealthKit Data’’) gathered from our Services will never be used for advertising or data mining purposes neither used for, or disclosed to any third parties. We will use HealthKit Data solely for providing our Services, namely for the purpose of providing health, motion, and/or fitness services in connection with our Services, to improve health management, or for the purpose of health research, all with your permission only. We do not conduct health-related human subject research.
Influencing Factors, Family History, Vital Signs, Your Subjective Scores
Influencing Factors (such as high blood pressure, smoker, coronary artery disease, stroke, chronic kidney disease, diabetes, obesity, chronic obstructive lung disease, cancer), Family History (of diseases such as coronary artery disease, diabetes, stroke, specific cancers), Vital Signs (including heart rate, blood pressure, oxygen saturation, temperature, weight and height), your Subjective Scores (such as mood assessments) can be colected if you decide to voluntarily share them with us, but won't be used for the Sympthom Checker's calculation. The data is stored only in technical logs but not in Your Profile.
Improving our Services
We use your data to improve our services and your experience with conducting internal analytics, troubleshooting, root cause analysis in the event of an error or bug, testing, research and surveys. We store your Chat History and Your Profile data in separate databases, meaning that whatever you type into our chat is not connected to information that could personally identify you (Your Profile data). This way we can check how well we did without knowing anything personal about you. For example, if we want to improve the Health Tracker, your data will be aggregated in most cases and if we need to access a specific Profile, we will do so by using the Your.MD ID so that your name or email will not be seen or needed. In limited cases, we will need to access your Chat History and IP address/Your.MD identifier/Consultation ID to trace bugs, solve technical errors and distribute answers.
We cannot provide all services necessary for the successful operation of our Services by ourselves. We therefore share collected information with our Providers for the purposes of offering the Services to you and improve your user experience.
We use the information we collect with the help of our Analytics Providers to constantly improve our Services and make it better for you. We chose our Providers carefully and we set the most restrictive controls they offer to ensure they do not use your data for any purposes other than providing services to us. The Analytics Providers process the information we share - namely various information on how you use the Services by their own unique user ID’s, but they also have access to your IP address.
Google Analytics for Firebase
Google Analytics for Firebase Analytics allows us to collect data on the usage of the Services via our App. We use your data only for the purposes of our internal analytics to improve our Services and we do not allow sharing of your data with other parties and their products or services. We are using the following Google Analytics for Firebase features: Authentication, Remote Config., Crash Reporting, Events (about usage of our App in an pseudonymized way), Analytics in general, Firebase Cloud Functions and Firebase Communication Manager. We use the Firebase Authentification only to enable you to sign in with your Google or FB account. We do not collect any other data from your Google or FB account and we so not send any data to Google or FB. We use Firebase Analytics' own unique user ID, which does separate one individual from another, but does not personally identify you.
For more information, please see
AWS Analytics does not access or use your data for any purpose other than to provide services to us, as legally required and for maintaining the AWS services. We have chosen strong encryption for your data. For more information, please see.
When you visit the Web App or our website, your web browser automatically sends the IP address and information on how you use the Services. We use your data only for the purposes of our internal analytics to improve our Services. We do not use any other features apart from the Google Analytics (‘’GA’’) and we do not allow sharing of your data with Google’s other products and services. We never disclose any of your Chat History to Google. Google can share your data only in limited situations where a) it concludes that it is required by law or has a good faith belief that access, preservation or disclosure of customer data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or b) in certain limited circumstances when third parties carry out tasks on Google's behalf (e.g., data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. GA uses IP addresses to provide and protect the security of the service, and to give website owners a sense of where in the world their users come from (also known as "IP geolocation"). Apart from this GA works on aggregated data. Please see these links for more information:
https://www.google.com/policies/privacy/partners, https://support.google.com/analytics/answer/6004245?hl=en, https://www.google.com/policies/privacy/.
Google Analytics Cookies
Our Internal Analytics
Our internal analytics is based on using Chat History and an IP address/Your.MD identifier/Consultation ID, but the data is stored in a separate database. This means we can review Chat History without seeing any of Your Profile data, so your data is kept confidential with pseudonymisation. We analyse Chat History to constantly improve our and make them better for you.
ONESTOP HEALTH™ PLATFORM PROVIDERS
We will not provide any of Your Profile or Chat History information to our Providers. We choose our Providers carefully and we request that they use your data solely for the purposes of providing their services to you. If you click on the link provided within the chat or click on one of the Providers within the OneStop Health™ section of our Services, you will leave our Services and be redirected to our Providers’ service. Please be aware that by doing so, your data processing will be governed by our Provider’s Privacy Policies. Please see the links below.
Although we choose our Providers carefully, we are not responsible for the actions of these companies, the content of their sites, products or services, the use of information you provide to them, or any products or services they may offer. Our links to the OneStop Health™ Platform Providers and any other third parties’ services does not constitute our sponsorship of, or affiliation with, these companies. Nor is such linking an endorsement of such third party’s privacy or information security policies or practices, or their compliance with laws. Information collected by third parties, which may include personal information is governed by their privacy practices. The Providers and other third parties websites or services may place their own cookies or other files on your computing or smart device, collect information or solicit personal information from you. We encourage you to learn about the privacy practices of Providers and third parties with which you interact. We are not responsible or liable for your interaction with Providers and third parties, the information requests initiated by them, or the subsequent use, treatment or dissemination of information you voluntarily choose to provide to them.
Ask The Midwife
Doctor Care Anywhere
Golden Era Club / RevereCare / Cera
MDalgorithms – MDAcne
National Migraine Centre
TrialReach – Antidote
My Pocket Doctor
London Osteoporosis Clinic
Hay Fever Relief
Doctor On Call
We request from our tracking providers to use the collected data only for providing services to us whereas any other usage is prohibited. We share only your IP address with them.
HOKO tracking. In order for our Services to be free, we need to know how many users visit our OneStop Health™ Providers. We currently use the HOKO tracking Provider to track the visits to OneStop Health™ Providers from our Services. HOKO can use the data collected from you solely to the extent needed to track sessions for Your.MD and to adapt the service to our preferences, whereas any other usage of such data including, but not limited to, building a users’ profile, tracking for the purposes of behavioral advertising, disclosing users’ data to third parties is strictly prohibited. HOKO may transfer (or otherwise make available) data only to third parties that process such information on HOKO's behalf in order for HOKO to be able to provide the HOKO Service, under the condition that such third parties adhere to the same limitations about the usage of data as HOKO. We plan to use our own tracking and stop using HOKO in the future. We will use our own tracking tools only for the purposes of providing our Services as stated herein. For more information, please see:
THIRD PARTY TECHNOLOGY
To make our Services simple to use, you can use it with these messengers: FB Messenger, Telegram, Kik, Slack and Skype (“Messengers’’). To make our Health Tracker more efficient, you can also sync your data from other service providers with our Health Tracker. When you use our Services via Messengers or in combination with other services, your data processing is governed by their individual privacy policies you accepted when registering for their service, so please read their respective privacy policies carefully before you start using their services.
Our Your.MD bot on Skype is enabled by Microsoft Bot Framework. The Microsoft Bot Framework is a set of web-services that enable intelligent services and connections using conversation channels you authorize. As a service provider, Microsoft will transmit content you provide to our bot/service in order to enable the service. For more information about Microsoft’s privacy policies, please see their privacy statement here: http://go.microsoft.com/fwlink/?LinkId=521839.
FB and Google Accounts
You can set up an account by signing in with your Google or Facebook account. By doing so you give us permission to access and use your information from that service as permitted by that service. We use your email to identify your identity in the Profile tables. We enable Google or Facebook authentification when you use Web App or mobile App. This way you can access past consultation reports from the Web App when you log in to mobile App with the same credentials. Some services enable you to use them as a Guest, so without Google/FB authentification, but this means that you will not be able to retrieve your information.
SHARING OF INFORMATION
Sometimes we need to disclose the Information for other lawful purposes, as customary for all developers.
Apart from sharing the information with our Analytics and OneStop Health™ Providers, as stated in Section “Our Providers’’ and “Usage of Information’’, we may also disclose information in the following cases:
if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request;
to exercise or protect the rights, property or personal safety of the Company, our users or others;
to enforce this privacy statement, including investigation of potential violations thereof;
upon fulfilling legal requirements of local legislation to supply certain services/information a third party might legally request from us
to detect, prevent, or otherwise address fraud, security or technical issues;
if Your.MD is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your information via our website;
to respond to claims that any content published within our Services violates any right of a third party
STORING OF INFORMATION AND SECURITY
We follow generally accepted industry standards and internal procedures to protect information submitted to us, during transmission, storing and processing. We store your information for as long as needed to provide our Service. We may store the information longer, but only in a way that it cannot be tracked or associated back to you. We delete the logs that we keep of the IP addresses you have used after approximately 6 months. If you have any concerns about the security of our Services, please contact us at firstname.lastname@example.org.
We have restricted access to production environments and monitoring of user activities. The Information is encrypted and key protected, and we have integrated commercially reasonable efforts to assure that your information remains secure when maintained by us. However, please be aware that no security measures are perfect or impenetrable.
We use AWS hosting for storing of information and they provide multiple security certificates. For more information, please see https://aws.amazon.com/security/.
DELETION OF INFORMATION
We store your information for as long as needed to provide our Service. We may store the information longer, but only in a way that it cannot be tracked back to you. When the information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.
Storing might be different depending on the territory of collecting the information and the applicable legislation, but we always strive to store the information only as long as it is needed for the purposes of providing, improving or personalizing our Services.
We make sure we do not collect more information than is needed to provide our Services and we strive to limit our Providers to do so as well. We have integrated protocols to allow us to process Chat History in a pseudonymised way, but you are always free to opt out of the information collection by not using our Services or uninstalling the App.
You can deactivate notifications by changing the notification settings in accordance with the instructions of the operating system running on your device.
E-mail: You can opt out from e-mail notifications by unsubscribing or sending us a request to email@example.com.
iOS: You will be asked to accept or refuse push notifications after the App is downloaded. If you do not accept, you will not receive push notifications. Please note that if you accept, mobile phones will allow you to disable push notifications later on by using the settings on your mobile phone.
Android: After an App is downloaded, you will automatically receive push notifications. You can always disable those within the mobile phone settings.
Health Goals: You can turn on/off the Health Goals notifications in the Profile Section of our Services.
Analytics: You can opt out of our information processing and Google Analytics for Firebase by sending an email to firstname.lastname@example.org and/or opt out of Google Analytics by installing this browser add-on https://tools.google.com/dlpage/gaoptout.
Deleting Your Account: If you do not want to use our Services anymore, you can always delete the Mobile App and/or stop using the Web App and/or Messengers. We will delete your account on receipt of the request sent to email@example.com. The same will be done if you withdraw your consent for data processing needed to provide Your profile and the Services. We reserve the right to delete your account after a long period of inactivity.
As you can see we use our Providers for limited purposes only and we strive to limit their usage of the information. For this reason we do not offer Provider specific opt-out service, but you can always opt out from analytics and tracking we use by uninstalling our App or stop using our Services. You can opt out from Third Party Technology (messengers we use) and OneStop Health™ Platform data collection by not using these specific services. For now we do not offer our Services without authentification by FB or Google, so if you do not feel comfortable with us using this type of authentification, you are free not to use our Services or uninstall the App at any time.
The Services are also offered via our Web App at webapp.your.md. The Web App offers limited functionality as explained in our Terms of Service. You can also use our Web App without signing in, and as a ‘’Guest’’, but this would mean that you will not be able to retrieve your past consultations. Your data including Your Profile and Chat History will still be stored when you use our Services as a Guest. Apart from this data being stored, we do not process Guest data in any other way and we delete it after it’s no longer needed for technical purposes. In the future, we will also implement the use of the Services as a Guest for our Mobile App.
CONTACT AND ACCESS TO PERSONAL INFORMATION
If you have any questions, please contact us at: firstname.lastname@example.org.
Your.MD is a trademark of YOUR.MD AS, incorporated and registered in Norway with company number 999260993 whose registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1 , 0252 Oslo,Norway and it is offering the Your.MD Services (hereinafter referred to as: “Services’’ or “App’’) via its subsidiary Your.MD Limited, incorporated and registered in UK with company number 08727263 whose registered office is at this date at 5th floor, Holden House, 57 Rathbone Place, London, W1T 1JU, UK (hereinafter collectively referred to as: ‘’Your.MD’’).
We are committed to keep your information accurate, complete and up-to-date. You can request that we correct or delete the information, provided that we are not required to retain such information by law or for legitimate business purposes. To make such request or ask us about this privacy statement please send us an email to email@example.com. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
Matteo Berlucchi, CEO