Last Update: October 19, 2015
Lypy abides by the Information Governance Toolkit (the “IG Toolkit”), as provided by the Department of Health and regards the way organisations ‘process’ or handle information. It covers personal information, i.e. that relating to patients/service users and employees, and corporate information, e.g. financial and accounting records (“Personally Identifiable Data”) which directly, or used in conjunction with other provided information, enables the identification of a specific individual. Lypy has certified that it adheres to the IG Toolkit in regard to the processing or handling of information.
To learn more about the IG Toolkit, and to view Lypy’s self certification, please visit https://www.igt.hscic.gov.uk/
What information does Lypy collect?
When you use the Lypy Site or sign up for the Services, Lypy may collect certain contact information from you, including without limitation: first and last name, email address, and phone number (collectively, “Contact Information”). When purchasing Services, you will be required to provide additional information that may include a credit card number or other banking or payment information (“Billing Information”).
Lypy collects population wide cryptographically hashed Contact Information from sites that wish for their patients to access Lypy Services for the validation purposes. The cryptographically hashed Contact Information is non-reversible (it cannot be read once hashed) and is used exclusively to validate user supplied Contact Information.
To improve the navigation experience on the Lypy Site, Lypy also automatically receives and records information on our server logs from your browser, including the pages you request (“Site Information”).
In addition to the collection of Site Information, in connection with your use of the Services, Lypy may collect information that is created or provided by you for such purposes (collectively, “Service Information”). For example, if you receive an electronic or SMS message through the Services, Lypy will collect and maintain the metadata (phone number/electronic address, size and time of message and other transactional data). Service Information may include information that is Personally Identifiable Data. All attachments sent via the Lypy Service are encrypted and cannot be decrypted by Lypy services and as such the Service Information does not include the contents of letters.
How is Data used?
If you are not a user of Lypy (i.e., if you have not signed up to receive the Services), Lypy will use your Contact Information only for the purpose for which such information was provided. For example, if you have signed up to receive product information from Lypy, we will use your Contact Information only to send you that information. You may always opt-out of the receipt of any of those communications. Email opt out instructions are contained in each email.
Lypy takes reasonable precautions such as policy-based access control to protect Data in our possession from loss, misuse, and unauthorised access. Lypy follows generally accepted industry standards to protect the Data, both during transmission and once received by Lypy. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Lypy strives to protect your Data, Lypy does not guarantee its security.
Personal Information collected via this Site and Services is stored on servers located in the England, and these servers are subject to Lypy’s IT security policies and procedures. To discuss the security programmes, procedures and policies that we have selected and utilise to reasonably secure your personal information and Content, please contact email@example.com.
Does Lypy access Personally Identifiable Data?
The provision of Lypy Services happens in a non-interactive manner however for audit, problem resolution or benchmarking activities it is possible that Personally Identifiable Data might be witnessed by Lypy staff. All interventions that potentially involve the witness of Personally Identifiable Data by Lypy staff require authorisation and are subject to verbose audit.
Lypy staff are contractually bound to complete information governance training both at the start of their role and every year in position. If you have concerns about Lypy accessing your data please contact firstname.lastname@example.org.
Does Lypy disclose Personally Identifiable Data to third parties?
Lypy does not share or disclose any of your Personally Identifiable Data except as described in this Section.
- Agents, consultants and related third parties: Lypy uses third party vendors to perform certain business-related functions. Examples of such functions include data storage services, database maintenance services and payment processing. When Lypy employs such third party vendors to perform services on its behalf, Lypy will only provide them with the Personally Identifiable Data that they need to perform their specific function. Each third party vendor is required to keep such Personally Identifiable Data confidential and not to use such Personally Identifiable Data for any purpose other than providing services to Lypy.
- Business transfers: Lypy reserves the right to sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, Personally Identifiable Data may be part of the transferred assets. You acknowledge that such transfers may occur, and that any acquirer or successor of Lypy may continue to use your Personally Identifiable Data as set forth in this policy.
- Legal requirements and other circumstances: Lypy may disclose Personally Identifiable Data if required by law or if it believes in the good faith belief that such action is necessary to: (a) comply with a legal obligation, (b) protect and defend the rights or property of Lypy, or (c) to protect the property or safety of users of the Lypy Site or Services or any third party. If Lypy is required by law to disclose any of your Personally Identifiable Data, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by witness summons, court or administrative order. In addition, if Lypy does not believe the disclosure request has been properly issued, then Lypy will object to such request.
- Healthcare third parties: Lypy enables users to provide Personally Identifiable Data directly to commissioning party who hold their original patient records. If you have signed up for Lypy, you agree that Lypy may disclose Personally Identifiable Data as a means of updating the hospital record held within the care settings to maintain accuracy.
Information about, correction or deletion of Contact Information
You can request information about all personal information we have stored about you by contacting us at email@example.com.
The same applies to your request to have all these personal information deleted.
In the event that you have volunteered Contact Information and/or provided Billing Information, you may correct or amend that information by editing your account profile or email us at firstname.lastname@example.org.