Dictate IT Live - Privacy Policy

Last updated 21-May-2018

​1​ Purpose of this Policy

This privacy policy (“Privacy Policy”) applies to the use of ‘Dictate IT Live’, our automated speech recognition service (“Service”) including the Dictate IT Live mobile application (the “App”) and our website www.dictateitlive.co.uk (the “Website”). References to Services include use of the App and Website unless otherwise stated. This Privacy Policy sets out how we use your personal information and personal information uploaded via your use of the Service and your rights in respect of our processing of such personal information.

This Privacy Policy will inform you of how we use the personal information about you and your patients which is processed by us when you use the Service.  Please note that it should be read in conjunction with our Dictate IT Live Service Terms of Use and our Cookie Policy.

2​ Who are we and what do we do?

The Service is operated by Dictate IT Limited, (“Dictate IT”, “we”). We are the UK’s largest provider of dictation, transcription and medical communication workflow solutions to NHS secondary care. Our registered office is at 96A Clifton Hill, London, NW8 0JT and our registered company number is 04930122. Dictate IT is registered with the UK Information Commissioner’s Office as a data controller with registration number: Z8578963 in respect of some of its uses of personal data.   

​3​ How to contact us?

If you have any questions about this Privacy Policy please contact us by sending an e-mail to live@dictate.it

4​ Our use of personal information

In this Privacy Policy the following terms have the following meanings:

  1. Account Data” means the personal data that we collect and process about you as a user of the Service (such as your email address which is required for you to register an account in order to use the Service), the IP addresses of the devices you use to access the Service and analytics data relating to your use of the Service, such as a log of when error messages are shown and a log of the App’s connection attempts;
  2. Data Protection Legislation” means the GDPR, together with all other applicable laws and regulations relating to the processing of personal data and privacy, including any binding guidance and codes of practice issued from time to time by any relevant supervisory authority;
  3. Dictated Data” means and all personal data that exists within the audio data dictated on your Device using our Service and/or in the text that we send back to you via our Service which may include patient names, dates of birth, contact details, symptoms, diagnoses, treatments and such other personal data as you may include in your dictation via the Service;
  4. "GDPR" means the General Data Protection Regulation (EU) 2016/679;
  5. References to “controller”, “processor”, “processing”, “data subject” and “personal data” shall have the same meaning as defined in GDPR.

From a data protection perspective, we shall act as a “processor” in respect of Dictated Data and we shall act as a “controller” in respect of the Account Data.

Dictate IT agrees to comply with its obligations under Data Protection Legislation in respect of its provision of the Services.

We use Account Data and Dictated Data for the following purposes:

Account Data & Dictated Data: Fulfilment of Services to you.  

We use the Account Data and Dictated Data to fulfil the supply of the Services to you as well as to improve the recognition accuracy of the Services.  

Who do we share personal information with for this purpose?

We will share Account Data and Dictated Data with our data hosting provider, AWS, in order to perform the Services. We will also share Account Data with our payment provider, Stripe in order to perform the Services.  

Account Data: Analytics.

We analyse Account Data from your interactions with the Service (such as the functions of the Service which you use, error messages you recieve, and the times of day at which you use the Service).  This information is used to gain insights into our customers’ use of the Service and allows us to improve the Service.

Who do we share personal information with for this purpose?

We share the Account Data with Fabric (Google Inc), an analytics service provider in order to assist us with such analysis.

Account Data: Business administration and compliance.

We may also use the Account Data:

Who do we share personal information with for these purposes?

We may share your Account Data with professional advisers, potential purchasers of our business or assets and/or governmental or regulatory authorities.

​5 Consent to processing of personal data

You and we each agree to comply with our respective obligations under applicable Data Protection Legislation in respect of the Service. Without prejudice to the generality of the foregoing, you confirm that you have, and will continue to have, any and all necessary consents, permissions and notices in place to enable us to provide our Service to you, including the right for Dictate IT (and its group companies and suppliers) to use Dictated Data to improve the Service (including recognition accuracy) and including new features and/or functionality for our Service.  

6​ Our use of cookies and similar technologies

Our Service uses certain cookies of which you should be aware. When you first visited the Website you will have been shown a banner asking that you approve the use of the cookies used on the Website. You can review which cookies are used, and edit your consent choice on our cookie settings page https://dictateitlive.co.uk/Home/CookieSettings. You can also see our Cookie Policy to find out more about cookies we use and how to manage and delete cookies.

​7​ Third Party Links and Services

Our Service contain links to third party websites and services. Please remember that when you use a link to go from our App or Website to a third party website or you request a service from a third party, this Privacy Policy no longer applies.  

Your browsing and interaction on any third party website, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.  

We do not monitor, control, or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.

This Privacy Policy applies solely to personal information collected by us through our Service and does not apply to third party websites and third party service providers.

8​ How long do we keep personal information for?

We keep the Account Data during the period for which you have a subscription to the Services and for a period of eighteen (18) months following your termination of the use of the Services.

We keep the Dictated Data for a period of eighteen (18) months from the date on which we received the Dictated Data from you.

To improve the accuracy of our recognition we develop models to work with the information processing techniques that we use. These models are kept indefinitely however the models do not themselves constitute personal data as defined by the Data Protection Legislation.

 

9​ Transfer of personal data

We only process personal data obtained via the Service within the UK and we use AWS data centres located in London, UK.

​10​ Confidentiality and security of personal data

We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect such information from loss, misuse or alteration.

We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

All of our employees and data processors (i.e. those who process personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of the Service and we only store personal information in highly secure NHS Information Governance compliant data centres. Personal information is protected by a variety of technical controls and safeguards to ensure security and privacy including AES 256 encryption at rest and in transit.

​11​ Data Subject rights

Under Data Protection Legislation data subjects have various rights in respect of their personal information which data controllers must comply with such as the right to rectification and erasure. Please note if you exercise your data subject rights in respect of Account Data this may impact our ability to provide the Service. In respect of the Dictated Data we shall, on written request, provide reasonable assistance to you in respect of any request you receive from a data subject in respect of the Dictated Data provided that we shall be entitled to recover all costs incurred by us in providing such assistance.

12​ Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time.

To ensure that you are always aware of how we use the Account Data and Dictated Data we will update this Privacy Policy from time to time to reflect any changes to our use of personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you by e-mail of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use personal information.