At myrecovery we are dedicated to improving the lives of more people with musculoskeletal disease by evolving their care and treatment. We bring together patients, healthcare providers, academia, life science companies and regulators to evolve musculoskeletal care and treatment; combining the most advanced technology, data-driven knowledge and our expertise in musculoskeletal disease.
We are committed to protecting your Personally Identifiable Information (PII) and Protected Health Information (PHI) (PII and PHI, collectively hereafter Personal Information) and respecting your privacy. Transparency and clarity are important for us and we want you to feel in control of and understand how we handle your Personal Information. We appreciate that you do not want your Personal Information distributed indiscriminately and in this policy we explain how we collect information, what we do with it and what rights you have in relation to your Personal Information.
Please read this policy carefully so that you understand the terms and how they apply to you.
If you have any questions about how we process your information, please do not hesitate to get in touch by contacting us at DPO@myrecovery.ai
Important information and who we are
Please take the time to read and understand how this policy applies to you, according to the different categories of user described below and referred to throughout this document:
- as a Patient, who has been referred by a charitable organisation or your surgeon, doctor or other healthcare professional to download and use the App as part of your care and recovery process pre- or post- treatment, or invited to use the App as part of your involvement in a clinical study or research project;
- as a Healthcare Professional User (HCP), being an individual who accesses the App and Dashboard in your capacity as a person responsible (whether as a surgeon, doctor or other healthcare professional) for the medical care and treatment of Patients, and with permission from those Patients to monitor such activity and other medical data as they may submit to the App in order to inform their care pre- and post- treatment, or as a person administering a clinical research trial or study involving consenting App users for medical and device research purposes;
- as a Healthcare Administrator, being an individual or entity responsible for the management and oversight of a healthcare institution and its HCPs, or an employee of a healthcare organisation, and who is a registered user of the Dashboard for the purposes of managing and/or supporting HCPs engaged in medical care and treatment, as well as viewing practice summaries and statistics for your clinical practice, or being an administrator involved in a clinical study or research project; or
- as a Partner, being an entity (or individual acting on behalf of an entity) involved in research and development relating to the treatment of diseases, including the improvement of existing technologies and development of new technologies, to improve the treatment and care of patients and support patient safety, and who is a registered user of the Dashboard in order to access information relating to Patients pre- and post- treatment of health conditions and diseases and the use and effectiveness of medical devices or medication used by surgeons, doctors and other healthcare professionals as part of treatment.
Information we may collect from you
Personal Information means any information about an individual that can distinguish or trace an individual’s identity (Personal Information). It does not include data where sufficient information has been removed or randomised such that an individual can no longer be identified directly or indirectly (Anonymous Data).
We collect information about you if you:
register with or use our Site;
download and use our App; or
access our Dashboard. We may collect, use, store and process the following different kinds of Personal Information about you that you submit through your use of the Services:
Identity information including your first and last names, date of birth and gender that you provide by completing forms on the Site, the App or the Dashboard, including if you register as a user of the Services, upload or submit any material via the Services, or when you request any information;
- Contact information including your email address and telephone numbers;
- Login information including information in connection with an account sign-in facility, such as your login and password details; and
- Technical information including additional data which, when you access the Services we may (like most modern websites and online applications - for more information, please refer to the ‘All About Cookies’ website), by means of cookies and/or other similar technologies, automatically collect about you – such as the type of internet browser or mobile device you use, any website from which you have come to the Site, your IP address (the unique address which identifies your computer or mobile device on the internet) and/or the operating system of your computer or mobile device. See the Cookies & other technologies section for more information.
If you are a Patient:
By providing us with additional information about you and your recovery, we are able to provide better and more personalised services and information to you and the healthcare professionals responsible for your treatment, and as a result your healthcare professional will be able to better tailor the care to your individual needs. We may collect the following additional data (including medical data):
- Treatment-specific Health information including information about your surgery or treatment, including pre- and post- treatment care information, such as the dates and details of your treatment, the type of medical device you have received and the details of that device, and the details of your healthcare team;
- Other Health information including data relating to you, your treatment, and how your recovery is progressing, including pain scores, exercise compliance data, and responses to surveys and questionnaires, as well as any other content that you choose to create and post or upload to the App (which may include videos, photographs, audio, messages or other materials);
- Third-party Health App data including data collected where, if you install the App on to an Android or Apple device which has the respective Google Fit or HealthKit features enabled, we will request access to third-party health app data such as your exercise and fitness level through your device. You will be prompted by your device to allow access the first time this content is requested by us and, even if you grant us access, you can stop this access at any later point by changing the settings on your device. You are under no obligation to provide this information. However, if you should choose to withhold requested information, this may reduce our ability to provide you and your healthcare team with information on your recovery from treatment;
- Communication and App Usage information including details of any communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Services or content made available through the Services; information from videos you have watched or surveys that we may, from time to time, run on the Services for research purposes, if you choose to respond to, or participate in, them; and
- Location information including information provided by your device to enable us to show you content that is local to you and to help authenticate the use of the Services. We may approximate your location from your device using the GPS connection information used by your device to help your healthcare team understand your recovery from treatment, for example to understand your activity levels. Where we collect location data via the App, we will always prompt you about sharing your location and you can disable location sharing at any time through the settings of your device.
If you are a HCP, Healthcare Administrator or Partner, we may collect the following additional data (the below categories of information are not collected from Patients):
- Employee information including Identity Information and Contact Information of your employees. You should properly inform your employees on the processing of their Personal Information according to the provisions of HIPAA and other relevant local regulations.
- Practice information including data relating to the management of a healthcare organisation, such as performance assessments and ratings, number of patient registrations, staff and patient demographic information, and number and type of treatments offered and patient outcomes.
We also collect, use and share anonymised data about our users pre- and post- treatment, such as statistical or demographic data, in order to help us and the third parties we collaborate with to improve existing technologies and develop advanced new technologies to improve the treatment and care of patients and support patient safety.
Anonymised Data could be derived from your de-identified Personal Information having been combined with a pool of data from other users of our Services, but is not considered Personal Information as it has been sufficiently anonymised such that it cannot be used to directly or indirectly reveal your identity. For example, we may use Anonymised Data in the following ways:
- Product Improvement: We may use Anonymised Data to improve our Service or help third-parties to evaluate their products and Services e.g. we may use your usage data to calculate the percentage of users accessing a particular feature of the App to inform how we develop and improve our products, or we may use Anonymised Data to help your healthcare provider or a manufacturer of medical devices or therapeutics understand how well their treatment, device or therapeutic is functioning and how it can be improved to inform and advance the development of more effective and safer treatments
- Research: We may use Anonymised Data for research purposes, whether scientific, marketing, or business in nature. This research may be made public through publications such as within a clinical studies, scientific articles, medical conferences or health reports e.g. we may aggregate pain score data that you provide following treatment to conduct research on the effectiveness of a particular treatment or calculate average recovery times for a particular treatment to better understand the recovery process
- Business Purposes: We may also licence, sell or otherwise share Anonymised Data with institutional clients, partners, investors and contractors for any purposes related to our business practices e.g. we may use Anonymised Data to develop, train and improve analytical healthcare systems based on machine learning or artificial intelligence technologies.
How is your Personal Information collected?
We use different methods to collect data from and about you, including through:
- Direct interactions: you may provide us with your identity and contact details when you register to use our Services. You may provide further data by submitting information to the App or Dashboard, responding to surveys or providing feedback.
- Automated technologies or interactions: when you interact with our Services, we will automatically collect technical data about the device you are using, your browsing actions and patterns and (if you enable location sharing) your location data, using cookies or other similar technologies (explained further below).
- Integration with third-party health apps: if you choose, when prompted, to grant the App permission to access other health or fitness related applications installed on your device, we may access and use your Third-party Health App data collected by those third-party applications, as defined above. You may disable such permissions at any time in your device settings and/or via the relevant third-party application.
How we use your Personal Information
We take the protection of your personal information very seriously and will only ever use your Personal Information lawfully and in accordance with the requirements of Data Protection Legislation.
Uses of Personal Information
The most common purposes for which we use your Personal Information are as follows:
- to enable us to perform our contract we have entered into or are about to enter into with you to provide you with the services and information offered through the Site, App and Dashboard (as applicable), subject to our EULA and Terms of Service with you, and to improve those services;
- where it is necessary for our legitimate interests (or those of a third-party) as a commercial organisation for the purposes of managing and planning our business, and your interests and fundamental rights do not override those interests, in which case we may (keeping our information secure at all times and in a way that is proportionate and respects your privacy rights) use your personal information which we collect in the course of running and/or improving our business and developing new products and services, including to:
- audit the downloading of the App and data from the Services;
- improve the layout and/or content of the pages of the Site, App and Dashboard and customise them for users;
- identify visitors to the Site and/or users of the Dashboard and App;
- conduct analysis and carry out research to further and improve medical care and treatment of health conditions and diseases;
- analyse aggregated and anonymised outcome data to provide recommendations on patients journeys and develop technology to automate guidance;
- forecast demand of service and to understand other trends in use, including which features users use the most and find the most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving the Services we deliver to you and other users. Strict confidentiality and data security provisions will apply at all times;
- troubleshoot bugs within the Services; and
- troubleshoot and help you with any questions/enquiries; or
- where we need to comply with a legal or regulatory obligation.
- as we believe necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Use of Protected Health Information
We may use Protected Health Information (PHI) in the same manner as Personal Information, described above, except our use and disclosure of Protected Health Information is further limited as provided by the administrative simplification provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) and the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information promulgated thereto.
Specifically, as described above, all uses or disclosures of PHI shall require Patient authorization or a valid authorization on the patient’s behalf, except: (1) uses or disclosures by or to the Patient; (2) uses or disclosures for treatment, payment or healthcare operations; (3) as part of any valid use or disclosure; or (4) in compliance with and pursuant to Applicable Law.
We will enter into business associate agreements with the Patient’s Providers who are “Covered Entities” when we are a “Business Associate,” as those terms are defined by HIPAA. We will use and disclose Protected Health Information only for those uses and disclosures permitted by HIPAA and under the applicable business associate agreement. We may use or disclose Protected Health Information to provide Services to the Patient or the Provider. We may also use Protected Health Information for our proper management and administration or to carry out our legal responsibilities.
No General Marketing to Patients
For Patient users, to help the surgeon, doctor or other healthcare professionals involved in your care to better track your progress pre- or post- treatment, we may contact you via email, over the phone or through the App, requesting you to fill out a survey or answer questions about your treatment and recovery progress. We may still contact you, even if you uninstall the App. Please note, we will only contact you with information related to your treatment and use of the Site and App, including to share articles, referrals or other content related to your treatment which we think would be of particular interest to you. We will not, without your express opt-in permission, use it to send you general marketing emails on behalf of third-parties.
If you are a Patient, we may share your information, including information that you submit to the App, with:
- your nominated surgeon, doctor or healthcare professional responsible for your care and other non-clinical healthcare personnel involved in the administration of your care, for the purposes explained above so they can understand and evaluate your condition and recovery progress. In accordance with the terms of our contractual arrangements with surgeons, doctors and healthcare professionals, your surgeon, doctor or healthcare professional will be legally required only to share this information to the extent necessary to provide your treatment to you;
- our Partners, to enable them to improve existing technologies and treatments and develop new and advanced technologies and treatments to provide patients with more effective and safer care;
- registry providers, for tracking post-treatment progress for surgical implants or medical devices in cases where individual users have separately consented to this;
- if required or authorised by law or a legal process, such as to law enforcement bodies to assist in their functions and courts of law; and
- third-parties in connection with negotiations prior to any merger, sale of our assets, financing or acquisition of part or all of our business to another company (at this stage, we would only share Anonymous Data and not your personal information).
In the event that we undergo re-organisation or are sold to a third-party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third-party.
We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.
We may disclose aggregate statistics about visitors to the Site and users of the App and Dashboard in order to describe our services to prospective partners, sponsors and other reputable third-parties and for other lawful purposes, but these statistics will include no personally identifiable information.
We place great importance on the security of all personal information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site, App or Dashboard whilst it is in transit over the internet and any such submission is at your own risk.
You are responsible for keeping your password confidential to prevent unauthorised access to your Personal Information and we ask that you do not share your password with anyone.
Data Storage, Security and Transfers
We are committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We store all your Personal Information on secure servers.
Where you have chosen a password that enables you to access certain parts of our App or Dashboard, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Your personal information which we collect is generally transferred to and stored on secure third-party servers located in the United States. Such storage is necessary in order to process the information. Any transfers made will be in full compliance with the Data Protection Legislation.
We retain Personal Information for as long as necessary to provide our products and fulfil our contract with you, to fulfil the purposes we have collected it for, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary.
We may also retain aggregate information without limit beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
The information we provide in this section is a brief summary of your rights under HIPAA and other relevant local legislation and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Accessing, Changing, and Deleting Your Information: You may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at DPO@myrecovery.ai. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your Personal Information as soon as possible. Your rights to access, change, or delete your Personal Information are not absolute. We may deny you such rights when required by law or if the request would likely reveal Personal Information about a third party.
Cookies & other technologies
When you interact with the Services, we try to make that experience simple and meaningful. When you visit the Site or access or use the App or Dashboard, a web server sends a cookie or other similar technology to your computer or mobile device (as the case may be). Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access or use a mobile App and which store and sometimes track information. A number of cookies we use last only for the duration of your web or App session and expire when you close your browser or exit the App. Other cookies are used to remember you when you return to the Site, App or Dashboard and will last for longer.
The cookies and/or other similar technologies we use collect information, such as the type of internet browser or mobile device you use, any website from which you have come to the Site, App or Dashboard, your IP address and/or the operating system of your computer or mobile device.
- make sure we have enough capacity for the number of users that we get;
- customise elements of the promotional layout and/or content of the pages of the Services; and
- collect anonymous statistical information about how you use the Services (including how long you spend on the Services and which devices you use to access them) and where you have come to the Services from, so that we can improve the Site and learn which parts of the Services are most popular with users.
Some of the cookies used by the Services are set by us, and some are set by third-parties who are delivering services on our behalf. These third-parties each have their own cookie policies. As we make changes to our App and Services, the list of third-parties is subject to change. An up to date list of third-parties can be provided on request.
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting the ’All About Cookies‘ website which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device.
Please note, however, that by blocking or deleting cookies used on the Services, you may not be able to take full advantage of the Services.
The Services may, from time to time, contain links to external sites. We have not reviewed the content of and are not responsible for the privacy policies or the content of such sites.