Privacy policy
Hello
Welcome to the Babylon privacy policy.
We take your privacy seriously. We want you to know why we need certain information from you, what we're doing with it, and how we keep it secure.
Table of contents
- 1. What this policy covers
- 2. What data we hold and how we get it
- 3. What we use your data for
- 4. How we store and move your data
- 5. How and why we share your data
- 6. How long we keep your data
- 7. Your rights
- 8. Changes to this policy
1. What this policy covers
This policy explains how we use your data to deliver our healthcare app, websites and services. This includes:
- Our private service
- Our NHS service, Babylon GP at Hand
- Our app, including any beta versions
- Our websites (www.babylonhealth.com and www.gpathand.nhs.uk)
- Some of our services we offer with our partners, or on behalf of them
- The technology we use to support our partners' services
We provide these services through 2 companies in our group:
- Babylon Healthcare Services Limited: the company that provides our medical services
- eMed Healthcare UK Limited (eMed UK): the company that supplies the technology and software for these services
When we talk about Babylon, us or we in this policy, we mean these 2 companies.
BHSL is the controller of any health and medical data we may collect from you when you use our services, and may share this data with eMed UK as a processor on behalf of BHSL (for more information on this, see how and why we share your data below). This means that we're responsible for how your personal data is handled and what it's used for through these 2 companies. If you wish to exercise any of your rights, both companies act as one.
Our NHS service is called Babylon GP at Hand. Babylon GP at Hand offers a digital-first primary care service to its registered patients. These services are provided by Babylon under a subcontract arrangement with the NHS.
Read more about GP at Hand.
See more about our registered companies.
2. What data we hold and how we get it
Personal data is any information we have that can identify you, such as your name, medical history or credit card details.
Personal details
When you register with us, we'll ask you for your:
- Name
- Date of birth
- Address
- Email address
- A copy of your ID (identity documentation), such as a driving licence
The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorised to do so.
Health and medical data
When you use our services, we collect information about your health, including:
- General health
- Symptoms, treatments and medications
- Consultations, such as notes and recordings
- Procedures, such as surgery, scans or X-rays
- Interactions with our services, like using our Symptom Checker or other digital services. These interactions may be shared with our clinical staff so that we can provide you with healthcare, and so that we can provide a better experience
Some of this information comes directly from you, but it can also come from third parties, such as your GP.
If you use Babylon GP at Hand, we'll get your medical history from your previous GP.
If you use our private service, we'll send your appointment notes to your NHS GP, if you give us your consent.
We share children's appointment notes with their NHS GP, in line with current medical guidelines.
Details of your conversations with us
We also keep a record of your consultations and your conversations with us. This is so we have an easy way to access your consultations to monitor the quality of our service and healthcare.
And, if you have consented, so that we can use them to improve our services. This includes:
- Your conversations with our Symptom Checker
- Your emails, calls or live chat conversations with our support team
- Video and/or audio recordings from consultations
We keep your health and medical data secure by applying technical and organisational measures to protect it.
Find out how long we keep your data.
Data from other sources
We might also receive some data about you and your health from other apps, devices and services.
This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a smartwatch with our app.
Credit and debit card information
If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.
We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.
Technical information and analytics
When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:
- The IP address used to connect your mobile phone or other device to the internet
- Your browser information, such as Google Chrome or Apple Safari
- Login and operating system
- The make and model of your device
- Resettable device identifiers
- Time zone, language and location settings
- Your mobile network provider and your location (based on your IP address)
- Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited
- Information about the products or services you viewed or used
- App response times and updates
- Information about your interactions, like what notifications you opened
- Any phone number used to call our customer service number
We work with other companies that provide us with analytics and advertising services. This is to:
- Help us understand how people interact with our services
- Provide the adverts for our services on the internet
- Measure the performance of our services and our adverts
Your health information is not used for these advertising services.
Cookies
We also use 'cookies'. Cookies are files saved on your phone, tablet or computer when you visit a website. They collect information about how you use the website and the pages you visit. We do not use cookies on your medical or health information.
You can find out more about how we use cookies in our cookie policy.
Information from third-party services
It's possible to connect your social media accounts, or your wearable device (like a smartwatch) with our services. For example, you can sign up for Babylon using your Facebook login details. If you choose to do this, we'll receive the following information about you from the third party:
- Name
- Email address
- Username or ID
- Health and lifestyle habits and information
If you use login details from third parties, they will also process your login data, and they are solely responsible for handling this.
We may also get information from other sources, such as companies who offer information on consumer trends.
We use this information to help us make our services better. We comply with data protection laws when we do this. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
If you have questions about the way your data has been handled, please contact DPO@babylonhealth.com.
3. What we use your data for
This is how we use your data and the legal reasons for using it.
Providing you with a service
We need your personal information to enter into a contract with you and deliver services.
We use your financial details to charge you if you use our paid service or buy our products.
We use your health and medical information to provide you with a healthcare service, including when it's in your vital interests. This includes giving you health advice, as well as diagnosis and treatments if you use our clinical services (our video and audio consultations, where you can talk with one of our medical professionals).
This information is based on:
- Providing you or planning for healthcare services in our 'legitimate interest'
- Performing tasks in the public's interest (for example, our NHS services)
- Your consent (for example, when you use our private service and agree to sharing information with your NHS GP)
The health and medical information we use includes information from your:
- Consultations, like notes, recordings, and transcripts
- Use of products like Symptom Checker and Healthcheck
- Your previous NHS GP, if you use Babylon GP at Hand
We might share this information with other health services. This is so we can give you the right care, including when it's in your vital interests. These services include:
- Your GP, if you use our private service
- Our NHS or clinical service partners
- Referral services like therapists, pharmacists and hospitals
We use your location to recommend services near you, like pharmacies and hospitals.
Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.
Improving Babylon's services
If you've given explicit consent, we use your health and medical information to improve our services, including our artificial intelligence systems. This helps us deliver better healthcare to you and other Babylon users.
We remove details that could identify you from this information, such as your name, address and contact details. These are called 'personal identifiers'.
The health and medical information we collect (with your personal identifiers removed) includes information from your:
- Medical records
- Consultations, like notes, recordings and transcripts
- Use of products like Symptom Checker and Healthcheck
This doesn't involve making any decisions which would have a big effect on you. We only use this information to deliver a better experience to you and other Babylon users. This explicit consent relates to when we use your personal data.
Helping health research
If you've given explicit consent, we use your data for health research. For example, to better understand health behaviour, disease risk or health outcomes.
We aim to publish our research results in peer-reviewed journals or by working with academics.
We may conduct research with partner organisations such as universities or other academic institutions.
The type of information we collect includes your:
- Medical records
- Consultation notes, recordings, and transcripts
- Use of products like Symptom Checker and Healthcheck
We remove any details that could identify you from this information. This includes your name, address and contact information.
Our research follows the Declaration of Helsinki ethical principles, which were developed by the World Medical Association.
As part of our research, we may use your contact details to invite you to take part in clinical trials. These trials might be about things like how frequently we give you medicine reminders or what exercise has the greatest impact on mood.
Using your data when it's in our 'legitimate
interest'
We sometimes analyse your data and how you use our products to help us manage our business better.
This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future.
This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
Keeping you up to date
We may contact you when marketing our service. This includes sending you product updates, surveys and marketing information. You can opt in or out at any time by going to 'Me', 'Settings' and 'Privacy Controls' in the app. You can also choose if you want to get app notifications in your device settings.
As part of providing you with a healthcare service or public service, we may send you health information by text message, email or in other ways. For example, we may send you public health messages or invite you to book an appointment for a free screening programme, such as cervical cancer screenings.
Regulating the quality and safety of our service
We use your health and medical information for safety, training, regulatory, and compliance purposes.
This means that:
- If we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council, Medicines and Healthcare Products Regulatory Agency or Care Quality Commission
- We may audit how you use our services, for example to review the quality of results provided by our products
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.
4. How we store and move your data
Personal health and medical information
Your personal health and medical information is stored on secure servers. This includes information like:
- Your primary care information
- Information about your medications
- Any information about a diagnosis of illness or other problems
We don't store any of this information on your mobile device.
If you've chosen a password or authentication method to access the app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.
We encrypt data transmitted to and from the app. Once we have your information, we use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to make sure that your data is treated securely.
Credit and debit card information
We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.
Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).
Where we store and process your health data
Your health data will be stored and processed in the UK only. We may sometimes need to work with companies outside of the UK or European Economic Area (EEA) to help us deliver services to you. This will always be in line with applicable data protection laws and will include using appropriate safeguards such as the execution of appropriate data transfer agreements incorporating European Commission approved Standard Contractual Clauses along with other safeguards where appropriate or confirming other controls to comply with UK data protection requirements.
5. How and why we share your data
To help us deliver our services we may share your personal data with other parts of eMed UK, such as Babylon GP at Hand, or partner organisations (including our NHS partners) who we work jointly or in connection with to provide you a service.
Service providers
Some companies provide services to you on our behalf, such as the live chat. We may share your personal data with them so that they can process it to provide these services.
These companies can only use your data based on our instructions and they cannot use the data for their own purposes.
They also have to act in line with data protection laws and contractual terms that specify how they can process data on our behalf.
Partners
If you use our services through your health insurer or one of our partners, which may be your employer, we may share some of your information with them. This could include your:
- Name
- Date of birth
- Email address
- Policy number
- Location
We may also share with them the fact that you have registered with us and used our services. But we will not share any details about your consultations or medical records, unless you consent to this.
Other healthcare providers
If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:
- Our clinical partners (including our NHS partners) who we work jointly or in connection with to provide you a service
- Your NHS GP
- Specialist referral services
- Therapists
- Pharmacists
- Hospitals
- Accident and emergency services
- Testing service providers
- Diagnosis centres chosen by you for things like X-rays and other imaging
- Other health and care bodies
By law, we may need to share information with these services to safeguard either you or others, or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
Protecting public health
We might process your health data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
- NHS Digital
- NHS England and Improvement
- Public Health England
- Local authorities
- Health organisations
- GPs
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
Aggregated or anonymous data
We may show on our website or share with our commercial partners data that does not personally identify you, but which shows general trends. This is 'aggregated' data and is not personal data.
This might include, for example, the number of users of our service or trends in a particular location.
Statistical data in the public's interest
We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in the Royal College of General Practitioners Research and Surveillance Scheme.
We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge and help our members and the general public.
You can contact us directly if you do not want your data to be used in this way by email at: DPO@babylonhealth.com.
If you use our Babylon GP at Hand service
We may need to share your personal data to help the NHS manage their medicines. This is because clinical commissioning groups (CCGs) use pharmacists and prescribing advice services to support local GP practices. And they may need information that identifies you to be shared.
These pharmacists work with GP at Hand to provide advice on medicines, and to make sure that medicines are right for your needs, safe, and cost-effective.
Where we need to ask for specialist prescribing support as part of your care, the CCG medicines management team may help us to get medications on behalf of Babylon GP at Hand.
We collect your information to make sure you get the best possible care and treatment. The information we collect when you use our GP at Hand services can also be used for things beyond your individual care and if the law allows it. This could include improving quality and standards of care, research into the development of new treatments, and planning services. Most of the time, any data used for research and planning is anonymised, so that you cannot be identified. If this is the case, it means that we don't use your confidential patient information
You have a choice about whether you want your confidential patient information to be used in this way. To find out more, or to register your choice to opt out, please visit this information page from the NHS. If you choose to opt out, your patient information will still be used to support your individual care.
Integrated care
If you are a Babylon GP at Hand patient, we will share your records with North West London Whole Systems Integrated Care or other systems for other locations in which Babylon GP at Hand operates.
This gives other members of the scheme like NHS Trusts and the ambulance services access to your data. We do this to provide 'integrated care' for you. This is healthcare that's delivered to you by different organisations that work separately.
It also helps with research and statistical studies, based on medical and public interest research.
Find out more more about whole systems integrated care (WSIC).
If you do not want to share your data in this way, you can fill out this form on this page and send it to us.
Your summary care records
Your summary care records are an electronic record of important patient information, created from GP medical records.
Your summary care records data can be seen by authorised staff in other areas of the health and care system involved in your direct care. If you're based in Birmingham, Sandwell and Solihull, this will involve the use of Your Care Connected (YCC).
You can choose not to share this data at any time. To do this, complete and send an SCR opt-out form.
We may keep or share information about you, if we need to:
- Comply with a law, regulation, legal process, or government request
- State our legal rights or defend against legal claims
- Stop, find, or look into illegal activity, fraud, abuse, breaking our terms, or threats to the security of our services or the physical safety of anyone
6. How long we keep your data
We follow advice from the Department of Health and the British Medical Association on how long to keep information found in your medical records. This is called a 'retention period'.
We might also keep some information that doesn't identify you to help improve our business and our services.
In some circumstances, we might keep data longer if the law says we have to.
Your information |
How long we keep it (its 'retention period') |
GP recordsThis includes medical records, consultations with GPs and symptom checker interactions |
We keep your GP records for 10 years after your death or after you've permanently left the country. We may keep your records longer if there are genetic implications for your family. We work on the advice from clinicians in this situation. Electronic patient records can't be destroyed or deleted for the foreseeable future. |
Video consultations |
If we keep your video consultations, they are kept in the same way as your GP records (although that period of time could change if our product changes). |
Voice (or audio) consultations |
We keep your voice consultations in the same way as your GP records (although that period of time could change if our product changes). |
Symptom Checker |
We keep your interactions with our Symptom Checker in the same way as your GP records. They are also available in the app for 1 month (although that period of time could change if our product changes). After 1 month we can provide them if you ask us for them. |
Healthcheck and Digital Twin records |
We keep your records from these services for 2 years after you close your account, unless you agree to them being a part of your medical record. If you do, we will store them in the same way as your GP records. . |
Communications with support teams, including phone calls, emails and live chats |
1 year after you leave the Babylon service. |
Maternity records |
We keep your records for 25 years after the birth of your last child. |
Records on any treatment for a mental disorder (as described in mental health legislation) |
We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner. |
If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: DPO@babylonhealth.com
7. Your rights
You're in control of your personal information. Under data protection law, you have the right to:
- Remove or change your consent at any time, if we are using your data in a certain way based on it. You can
do this by:
- Going to the app, selecting 'Settings' and then 'Privacy controls'
- Going to the Babylon Health website, selecting 'Your account' and then 'Privacy'
- Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. See: how long we keep your data).
- Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.
- Ask us to restrict any automated (computer-made) decisions made with your data
- Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
To do any of these things, please complete our online webform
Alternatively, please contact us on DPO@babylonhealth.com
184, 192 Drummond St
London
NW1 3HP
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
8. Changes to this policy
We might update this policy from time to time.If we make any important changes, we'll let you know, and give you the chance to review them.
If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.