We at Quincy respect your privacy and we commit to safeguarding your personal data.
This policy describes the information we collect or you share with us when you visit our website (quincy.health) (regardless of where you visit it from), access and use the Quincy Platform, use our Services or, in the case of patients, where your clinician uses our Services to manage your prescriptions. This policy explain, how your data is used, stored and safeguarded, and your choices regarding this information.
SCOPE
This policy outlines how we at QH Solutions Ltd collect and process your personal data through your use of our website (quincy.health), and through your use of Quincy Platform or Quincy App), the Quincy App our products and services (collectively our “Services”).
In this Policy, we use a number of definitions:
“Clinic”: means the medical practice using the Quincy Services to manage their patients’ prescriptions.
“Registered Practitioner”: means doctors, physicians and any professional with a license to prescribed regulated medicines in the UK.
“Admin”: refers to an employee of a Clinic who may manage the Clinic’s Quincy Account or who may input prescriptions into Quincy for approval by a Registered Practitioner.
Quincy provides software and solutions to enable registered medical practices and licensed pharmacies to manage their patients’ medical prescriptions and we do not provide medical advice, services or any dispensary services. All prescriptions managed via Quincy are fulfilled by the relevant pharmacy or licensed dispensary.
This privacy policy covers how we use information for different types of data subjects who interact with our service, namely:
Admins: we collect and process personal information of account administrators and other individuals employed by Clinics who are our customers and who interact with Quincy, the Quincy Services and the Quincy Platform.
Registered Practitioners: all Registered Practitioners must create an account with Quincy to issue prescriptions via the Quincy Platform. As part of this we collect and process personal information about you for the purposes of vetting your licensed status and for our own compliance purposes. We also collect information associated with your use of the Quincy Services in respect of Clinics that you have linked your account to.
Patients: we collect and process personal information about patients whose medical prescriptions are managed via the Quincy Platform. In most cases we are not responsible for the decisions about this data (known as the data controller) but rather process this information on behalf of your Clinic and Registered Practitioner. In cases where you pay for your medical prescriptions directly via Quincy, we will collect and process personal information associated with your payment and transaction information as well as your delivery address.
Website Visitors: we utilize cookies and similar technologies on our website for purposes set out in this Policy and our Cookie Policy and collect and process personal information about visitors to your website.
This policy does not apply to our workforce or other individuals who apply for a position at our company.
It is important that you read this privacy policy together with any other policy on data processing or other notices we may provide on specific occasions so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
DATA CONTROLLER AND CONTACT DETAILS
QH Solutions Ltd is the data controller for the purposes of this privacy policy and is responsible for your personal data; all references to “we”, “use” or “our” refer to QH Solutions Ltd.
Our details are as follows:
71-75 Shelton Street,
Covent Garden,
London,
United Kingdom,
WC2H 9JQ
In respect of data about patient we are not the data controller and only act on the instructions of your Clinic and Registered Practitioner.
HOW TO CONTACT US ABOUT YOUR RIGHTS AND DATA
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at team@quincy.health.
We are regulated by the Information Commissioner’s Office and you have the right to make a complaint at any time to them. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit, connect with, or are referred to.
INFORMATION COLLECTED ABOUT YOU
We have set out below the personal data about you we may collect, use, store and transfer when you interact with us through our Services. Personal data means any information from which you can identify you, it does not include information we collected on an anonymous basis.
Identity & Contact Data: includes your title, first name, last name, date of birth, email address, home address, telephone number, whether you are a patient, Registered Practitioner or Admin, your associated Clinic and:
in the case of Doctors, including your photographic ID and your relevant professional number (e.g., GMC number), to verify you are registered and of good standing. We utilize third-party partner, Yoti, who will use facial recognition technology to authenticate your identification for such purposes.
Medical & Prescription Data: as Clinic and Registered Practitioners use our Services to assist them in managing their patients’ medical prescriptions, naturally we receive various information about your medical situation and your prescriptions, including information about your prescription such as its unique ID number and the type, brand and quantity of medication, as well as any other information your Registered Practitioner may include on your prescriptions.
Financial Data & Transaction Data: includes your payment card details, billing address, as well as details about payments to and from you and other details of any purchases you have made from us.
Profile Data: includes your username and password, details of your Quincy account, information about the prescriptions and orders made by you, your profile and account preferences, and any information provided through direction interactions with us. In addition, if you are a Registered Practitioner, we also collect your GMC reference number or similar details from your responsible professional body, your field of specialism (e.g., pain, neurology, paediatrics etc.), details on any CQC checks against your clinic or GP practice, details of any patients you add to your account.
Usage Data: includes information created about you through your use of our Services, such as unique identifiers, activity logs, and your interactions with us.
Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or Services.
Marketing & Communications Data: includes your preferences in receiving marketing from us and our third parties, other interactions with us, such as feedback to surveys or with our technical support or customer services teams, as well as your communication preferences.
We also collect, use and share aggregated data about you. This includes statistical or demographic data, which could be derived from your personal data but is not considered personal data in its own right as this data on its own would not allow anyone to directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Our Services do involve the collection of certain types of information which we treat particularly sensitively. We refer to this information as “Special Category Data” and it includes:
information about your health, in particular your health Medical & Prescription Data; and,
biometric data, in particular for Registered Practitioners we use facial recognition technology to verify your account.
We have implemented additional safeguards with regards to the collection, use and storage of this data.
INFORMATION PROCESSED WHERE WE ARE NOT THE CONTROLLER
How your data is collected
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact, Financial, Profile, Marketing and Communications Data by interacting with us through our website or Services, filling in forms or completing any registration process, or by corresponding with us. This includes personal data you provide when you:
create an account in the Quincy Platform;
subscribe to any of our mailing lists or request marketing to be sent to you;
select your marketing and communications preferences;
complete a survey; or
give us feedback or contact us.
When using the Services. Through your use of our Services, and in particular the Quincy Platform, we will collect, process and store your Usage Data. Where your employer has registered has assigned you an account to use our Services through the Quincy Platform, we may also receive your Profile Data when you use the Service.
When your Clinic or Registered Practitioner shares it with us. If you are a patient and your Clinic or Registered Practitioner uses Quincy to manage prescriptions, we will receive your Medical & Prescription Data. Our platform will use this to create records of your prescriptions on behalf of your Clinic and Registered Practitioner.
Automated technologies or interactions. As you interact with both our website and Services, we automatically collect various information about you, such as the device you use when you interact with us, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
Identity & Contact Data from the following parties:
Get Address: we utilise the Get Address look-up tool to help you complete your address details. This tool works by cross referencing Ordnance Survey's complete list of UK postcodes with various other data sources.
GMC & CQC: for Registered Practitioners registering an account with us, we verify both your status, as well as that of your clinic or GP practice, with your responsible professional body (e.g.,, the General Medical Council) and Care Quality Commission, respectively.
Technical Data from the following parties:
analytics providers such as Google Analytics;
advertising networks; and
search information providers.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as our third-party payment processors, or social media platforms, such as LinkedIn, where you sign up to Quincy through referral from these platforms.
HOW WE USE YOUR INFORMATION
We collect, process, store and disclose personal data for a variety of different reasons, but in all cases when the law allows us to.
For the personal data identified in this policy where we act as the data controller, we rely on the following lawful basis to processing your data:
Consent: we use your consent as a legal basis for processing your personal data or for the purposes of marketing communications, in particular, where you register your interest with us through our website or otherwise (such as at a trade show or networking event). You have the right to withdraw consent at any time by contacting us, or by opting out through any marketing communication we may provide.
Contractual Obligations: where we need to perform the contract we are about to enter into or have entered into with your employer.
Regulatory or Legal Obligations: where we need to comply with a legal obligation.
Legitimate Interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We rely on a wide range of legitimate interests as a business:
for marketing activities (other than where we rely on your consent);
to correspond or communicate with you;
to verify the accuracy of data that we hold about you;
to preserve the integrity of our network and information security and, in particular, for us to take steps to protect your information against loss or damage, theft or unauthorised access;
for prevention of fraud and other criminal activities;
to improve our website, products and Services, in particular through analysing how you interact with us through our website, products and Services to more generally improve your user experience;
for the management of queries, complaints, or claims, including when complying with a request from you in connection with the exercise of your data protection rights;
for the establishment and defence of our legal rights.
Where we act a data processor on behalf of our customers, we will predominantly rely on contractual obligations, legitimate interests and legal obligations as justification for processing your data.
SPECIAL CATEGORY DATA
For certain types of information identified in this policy as Special Category Data, we rely on the following lawful bases:
· Medical & Prescription Data: for all health and medical related data provided to us by your Clinic or Registered Practitioner, we process this information as a data processor unless you pay for your subscriptions directly through Quincy and we are arrange in delivering them to you. This means that it is your Clinic or Registered Practitioner who determines the lawful reasons for processing this data but the will most likely be processing your personal information in order to supply a medical dispensary service to you (i.e., for the performance of a contract with you), and to deliver health care services to you (i.e., the provision of managed pain or therapeutic relief by fulfilling your prescription). Where we are arranging delivery of prescribed medication to you we rely on performance of a contract with you as the basis for processing your personal information.
· Identity Data: in light of the sensitive nature of prescribing medication, we ensure our verification process for Registered Practitioners is as rigorous as it can be. A key aspect of this process involves us using a third-party verification provider who uses facial recognition technology to scan your face against the ID you have submitted. When you scan your face using the verification tool, you will be asked to confirm that you provide your Explicit Consent to your use of your image for this specific purpose. Our verification process is there to ensure only licensed professionals are able to raise prescriptions through Quincy. However, if you are uncomfortable with providing consent to the use of our facial recognition technology, we can provide alternate means of verifying your identity.
Summary of how and why we use your information
We have summarised below the various ways we use your personal data and our legal basis for doing so.
Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest
To register your account with Quincy
(a) Identity
(b) Account
(c) Profile Data
Performance of a contract
To verify your identity and status as a Registered Practitioner and those of your Clinic.
(a) Identity
(b) Contact
(c)Profile Data
(d) Special Category Data (namely a facial recognition scan)
(e) Communications
(a) Performance of a contract; and, (b) Necessary for our legitimate interests.
In respect of biometric processing for identification purposes we rely on your Explicit Consent.
MARKETING
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. In general we employ the following data control mechanisms when we use your personal data for the purpose of direct marketing:
Consent
When you register for an account with us or subscribe, you are invited to consent to receiving marketing and other promotional information from us. You may withdraw this consent at any time by contacting us. Withdrawing consent will not prevent us from sending service messaging (such as planned downtime, upgrades, patches or changes to our terms and policies).
Promotional offers from us
Where you have provided your consent, we may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your opt-in consent before we share your personal data with any third party for marketing purposes save for our third-party service providers.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
COOKIES AND OTHER TECHNOLOGIES
Cookies come in a variety of forms but are essentially small data files used to collect and store information about you. We use them both on our website and within our Quincy Platform for a variety of different functions:
for the smooth and safe operation of our website and Services;
to manage your preferences and remember you for future visits;
to analyse how you use our website and Services in order to continually make improvements;
to manage your access to secure areas of our Services, such as your Quincy account.
The majority of these cookies are linked to your browser session (session cookies) and disappear once you close your browser. Others remain on your device for a longer period (persistent cookies).
For further information about the cookies we use, please see our Cookie Policy [].
INFORMATION SHARING AND DISCLOSURE
We share the information we collect or that is provided to us as follows:
Sharing with our Partners
We may share your personal data with the parties set out below for the purposes we have identified above.
We use a number of external Third Parties, who help us provide Quincy and our services. Currently, we use the following trusted Partners:
Our Partner Pharmacies: Quincy is not a pharmacy and does not provide dispensary services, but does facilitate the transmission of your prescriptions and associated data to the relevant pharmacy responsible for fulfilling your order. Unless you have been informed by your Clinic of the relevant pharmacy fulfilling your order this will be Chemist Click.
Payment Providers: our payment provider will receive your Financial Data where you choose to arrange payment of your prescriptions through us.
AWS: our cloud provider.
Framer: our website hosting provider.
Microsoft Office 365: for our working environments and productivity tools.
Pipedrive: to help us send targeted marketing and advertising to you and to manage your consent preferences.
The GMC and other relevant professional bodies: as part of confirming the identity of a Registered Practitioner.
Yoti: for the purpose of conducting facial recognition-based identity checks.
Google Analytics & Segment: to help us analyse how users interact and use our website.
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
International Transfers
Unless identified, your data is hosted and processed within the UK or the EEA. Where we do utilise a third-party located outside the UK or the EEA, we ensure that any transfers are done on the basis of compliant transfer mechanisms.
HOW WE SAFEGUARD YOUR DATA
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
RETENTION AND DELETION
As a general rule, we retain your account data for as long as you keep your account active. In the event you decide to delete your account, we permanently delete your account data immediately .
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data by contact us (see the below section for further information).
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR DATA, YOUR RIGHTS
Pursuant to the UK General Data Protection Regulation (“UK GDPR”) you have certain rights regarding your personal data.
You can enforce your rights by contacting us, or in most cases, by deleting your account and/or by ending your use of our Services.
Right to Correction: if you believe any of the information on your profile to be inaccurate you have a right to request that we correct this. This right also extends to various other information we collect about you which you can request a copy of (see Right to Copies below).
Right to Copies of your data: you have a right to request a copy of the information that we hold about you along with an explanation from us as to why we process that information. We will provide this information to you free of charge for a first request, but will charge for reasonable administrative costs for further requests.
Right to erasure: you have a right to request the deletion of your data at any time. If you submit such a request to us we will consider carefully and reply with an explanation as to why we are required to retain certain information either by law or for our own legitimate reasons. Where, after review, we identify any data we do not need to retain for these purposes, we will delete that data as per your request.
Right to object or complain: you have a right to complain about how we are processing your data to our principal Data Protection Authority, the Information Commissioner’s Office here or in writing at the following address:
Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5A
Should you have any concerns about how we are processing your data, we invite that you submit those questions to team@quincy.health.
UPDATES TO OUR POLICY
As we further enhance our website and improve our services, we may make changes to this policy from time to time. If we make any major changes, or any changes which directly affect the services provided to you or the data collected or processed by us, we will notify you of those changes by a prominent banner on our website. However, we encourage you to periodically review this policy for the most up to date version.