Data Transparency Information for Dovetail Digital Limited t/a Dovetail Lab Date of publication: 2 July 2018 Version: 1.0
Dovetail Digital Ltd ("Dovetail" or "the Company") keeps limited personal data about patients and the public. When a person signs up to use our service or mobile application, we store their name, address, contact details and NHS number in order to identify them and provide our service and customer support.
Our service facilitates the movement of patient data from one place to another if the patient has given their explicit consent for this to take place. We do not store the data we transport but we do store a record of where it was sent from, e.g. your GP, and where it was sent to, e.g. a private hospital or a digital health application.
Data subjects are able to make a data subject access request, or other access requests by emailing the DPO directly or firstname.lastname@example.org
We will respond to all rights access requests within the GDPR-required one month period.
To comply with the law, information must be collected and used fairly, stored and not transferred to any other person unlawfully. This is captured in the data protection principles set out by GDPR. Those handling personal data must comply with these principles.
Personal data shall:
Be obtained, processed and used fairly, lawfully and transparently
Be collected for specified, explicit and legitimate purposes and not processed for any other purpose relation to the purposes for which they are processed in Be adequate, relevant and limited to what is necessary Be accurate and, where necessary, kept up to date Be kept for no longer than is necessary Be protected by appropriate security measures to prevent loss or unauthorised access In addition, personal data should not be transferred outside of the European Economic Area. In cases where this may be necessary, please seek the advice of the Data Protection Officer.
Third Party data processing
We use a third-party software vendor to do Know Your Customer or Identity Checks when you first sign up to use our service/mobile application. This involves taking a photograph of your identification documents and a selfie photograph which are matched. This data will be deleted as soon as the software has confirmed the identity of the person. A service level agreement with appropriate safeguards is in place.
Roles and responsibilities
Senior management have oversight of data protection matters at the company, with a reporting line through to the Board of Directors
The Data Protection Officer is the designated company contact for all matters related to data protection and first point of contact with the regulator (Information Commissioner’s Office).
Contact details for the Data Protection Officer: