EBISU HEALTH LIMITED
Ebisu Health Limited want you to understand and be reassured how serious we are about protecting your private information. We are compliant with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
Please note that links from our website may take you to external websites which are not covered by this policy. Make sure you have checked the privacy policies of each website before submitting any personal information. We are not responsible for personal information collection, use and storage policies of external websites.
This policy explains how we use and store your personal data so that you can make choices based on the information we give you and be in control of what happens to it. This policy will be subject to updates and we will notify you when we make changes.
This policy tells you;
• Who Ebisu Health Limited are
• What personal information we obtain
• What we use your personal information for
• How we share your personal information
• How long we store your information for
• Information storage, security, transfers
• Your rights explained
Ebisu Health Limited, Kemp House, 160 City Road, London EC1V 2NX
Tel: 0844 0200315
Who Ebisu Health Limited are
We are a private healthcare company registered in England and Wales, our registration number is 11019842. We provide remote medical advice and treatment through secure video links with healthcare professionals, including GPs and Advanced Nurse Practitioners. Our registered address is
Ebisu Health Limited, Kemp House, 160 City Road, London EC1V 2NX
When we talk about “Ebisu”, “Ebisu Health”, “our”, “us” or “we”, we mean Ebisu Health Limited.
We remove personal identifiers, such as your name, address and contact details from your medical information, and provide some or all this data to Comarch Ltd who are responsible for developing and continuing to maintain our software and video communication system.
What personal information we obtain
Your Personal details
After registering an account with us, you will provide basic information such as your name, date of birth, address and email address. We also ask you for documents and evidence to confirm your identity. Identity verification is carried out by a third-party partner.
Your Medical Information
To ensure we carry out safe and effective services, we require you to provide us with accurate detailed information about your health, such as current symptoms, medications and treatment, previous healthcare and other important medical history. Any digital information you send to us, will also be uploaded electronically to your Ebisu account. If you have used our services previously, we will already have some of your information. All our clinicians will be able to access your consultation notes made after previous appointments with us. We do not have any access to your NHS, GP or hospital specialist notes.
If you give your consent, we will share the consultation notes made at Ebisu with your own GP or hospital specialist. We will never do this without your consent unless there is a legal requirement to disclose information, or disclosure is required in the interest of public safety.
We do not keep any video recordings of our consultations with you, but contemporary notes are made following each consultation, which form part of your medical records. These records are stored securely in accordance with our data protection policy. You can request a copy of your medical records at any time.
Your Financial information
When you make a payment on our website, your credit/debit card details are processed through PayPal, who store all card payment information and transaction details. Ebisu also hold records and details of transactions on our secure server, but we do not keep your credit or debit card number or details.
Your Technical information and data analysis
When you use our website, we may collect information (when permitted by your device settings); This information includes
(a) technical information, including the address used to connect your device to the Internet, your login information, system and operating system type and version, browser version and your location (based on IP address).
(b) information about your visit, including products and services you used, and the phone number used to call our customer service number.
What we use your personal data for
• We obtain and use your personal details and financial details to deliver services to you and continue to improve our website.
• We obtain and use your medical information because it is necessary for medical purposes, including diagnosis and the provision of medical advice and treatment. This includes the information collected through consultations with you. It may also include sharing information with other healthcare professionals as necessary for the provision of care, such as your GP, therapists, pharmacists, hospitals, accident and emergency services, and other healthcare providers e.g. when you have requested a private referral.
• With your consent, we will use your medical information to improve our products and services. This information may include the notes made during your consultation, but it does not involve or change any decisions made about your healthcare. This information is always anonymised by removing personal identifiers, such as name, address and contact details and strict confidentiality and data security provisions always apply.
• With your consent, we may also obtain and use data about your precise location to help find your nearest pharmacy or other healthcare services in your area.
• We may use your email address and/or phone number to contact you with suggestions and recommendations relevant to your health, if we think they may interest you. This is in the legitimate interest of marketing our products and services to you and you always have a right to opt out at any time.
• Sharing personal information and financial details may be necessary in the interest of detecting fraud and its prevention, and to ensure we keep our site as safe and secure as possible.
• Your medical information is also used for safety, regulatory, and compliance purposes. e.g. demonstrating compliance to regulatory bodies such as the General Medical Council, MHRA, and Care Quality Commission. We also carry out regular audit of your consultations, prescribing and use of services/products to ensure clinicians are providing the high standards of remote medical care we aspire to deliver. Strict confidentiality and data security provisions will always apply.
• We may use your information for technical purposes and internal operations such as troubleshooting, research and surveys.
How we share your personal information
• We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
• We may share with our commercial partners anonymised data that shows general trends, for example, the number of users of our service. It does not disclose any of your personal information.
• When necessary and appropriate, we may share your personal information with other health and social care providers e.g. your GP, specialist consultant, therapists, pharmacists, hospitals, accident and emergency services and other healthcare providers. We may have a legal and ethical obligation to share personal information with safeguarding services if situations warrant this, but we will keep you informed wherever possible.
• We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
How long we store your medical records for (retention policy)
We have a legal and ethical obligation to ensure patient records are stored and protected securely and comply with data protection and other relevant laws. Ebisu Health follow the advice given by Department of Health (2006) Records management: NHS code of practice and which is summarised by the BMA as follows;
GP records - GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records - 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation-20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
All your personal information, including medical records and consultation notes are stored on a secure server.
When you register, you will be asked to create an account and choose a password. You are responsible for keeping this password safe and confidential. Please do not let other people know your password or access your account, where personal and sensitive information is at risk.
We do not store any credit or debit card numbers or details. Payments are processed via PayPal and transactions are encrypted using SSL technology.
Your data may be processed or stored via destinations outside the European Economic Area, but this is always in accordance with data protection law and managed with strict safeguards in place. e.g. we are partnered with third parties to manage and maintain some of our digital platform who may have servers outside the UK or EEA
1. you have the right to be informed
Ebisu have a legal and ethical obligation to provide you with concise, transparent, readable and easily accessible information about your personal information and explain how we make use of it. This policy is written specifically for this purpose. If you would like to know more about your rights, you can contact Ebisu at email@example.com.
To understand your rights further or to make enquiries relating to the protection of your personal data, you can also contact the Data Protection regulator in the UK;
Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113
2. You have the right to access and understand your personal data
You have the right to ask us to provide a copy of your information and to be informed of the following
Why we have been using your information
What information we were using
Who we have shared the information with
How long we will hold your information
In the interest of patient confidentiality and for data security, we will need to verify your identity before providing you with a copy. We can provide this copy free of charge, but subsequent copies may incur an Administration Fee.
3. You have the right to ask us to change, correct or delete information
This is, however, subject to our legal obligation to store medical records for certain periods of time. (see above-retention policy). Please inform us of the information that requires altering and we will attempt to correct any inaccuracies.
4. You have a right to ask for a copy your data to be transferred on portable basis.
This is known as data portability, and it gives you the right to obtain a copy of your personal information for your own purposes, in a compatible electronic format. This right allows you to move, copy or transfer your personal information more easily from one device or system to another, safely and securely. This does not incur any charge.
5. You have a right to withdraw your consent allowing us to process your information by;
Objecting to direct marketing.
Object to us using your information for our own legitimate interests (i.e. to improve our business or when making changes to our services and products).
Restrict how we use your personal data (You have the right to ask us to stop using your personal data in any way other than storing a copy, if it is inaccurate and we have not corrected it, you have objected to us using it for our own legitimate interests or we have used it in an unlawful way).
6. You have rights related to automated-decision making and profiling
Any automated decision-making or profiling that we undertake is solely for tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect on you or otherwise significantly affect you, and you have the right not to be subject to such decisions.
To Contact us
For any questions or concerns, you can contact us by sending an email to firstname.lastname@example.org
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, provided you have accepted them. Cookies contain information that is transferred to your computer’s hard drive.
There are different types of cookies. We use;
• Strictly necessary cookies: required for the operation of our website e.g. enable you to log into secure areas of the website or make use of electronic payment services.
• Analytical/performance cookies: used to track the number of visitors to our website. We can use them to improve the way our website works for you e.g. ensuring patients can navigate around the site easily.
• Functionality cookies: used to recognise a patient when they return to our website, so we can e.g. personalise the service or greet you by name.
• Targeting cookies: record a patient’s visit to the site, what services and products were used, and any links that were followed. This helps us deliver information to the patient that maybe relevant to their individual health or suggest products and services. We may share this cookie information with third parties.