Skip to contentright arrow
eMed previously Babylon Health

eMed Privacy Notice

1. What this policy covers

This policy explains how we use your data to deliver services. This includes:

  • private medical services which consists of audio and video digital consultations (collectively referred to as Medical Services) that are offered through our partners; and
  • the technology we may use to support our partners' services.

When we talk about eMed, us or we in this policy, we mean these 2 companies:

  • Babylon Healthcare Services Limited (BHSL): the company that provided Medical Services prior to Livi 
  • eMed Healthcare UK Limited (eMed UK): the company that provides necessary support to enable delivery of services.

All health data collected by BHSL, is held by us. BHSL is the controller of such health data. We share this data with eMed UK as a processor on behalf of BHSL (for more information on this, see how and why we share your data below). This means that we are responsible for how your personal data shared with us, prior to Livi providing Medical Services, is handled and what it is used for by eMed. If you wish to exercise any of your rights, both eMed companies act as one.

As communicated to you via email, Medical Services are provided by our partner Digital Medical Supply UK Limited, a company registered in England and Wales with its registered address at 1 Finsbury Market, London, EC2A 2BN with registered no: 11126560 (referred to as Livi). Medical Services are now accessible through the Livi App. Livi is the controller of any health and medical data collected from you when you use the Medical Services through Livi App. This means that Livi is responsible for how your personal data is handled and what it is used for. Please see Livi Privacy Policy to know more about what personal data is collected and how they use it. 

Livi may share some data with eMed to enable accurate charging of fees for the Medical Services accessed by you.

2. What data we hold and how we get it

Personal data is any information we have that can identify you, such as your name, medical history or credit or debit card details.

Personal details

If you use the Medical Services through your health insurer or one of our corporate customers, which may be your employer or your family member’s employer, we receive the following information from them to help us verify you as an authorised user to use the Medical Services. 

  • Full name;
  • date of birth;
  • Date on which your or your family member’s employment or insurance may end;
  • Date on which the employment is terminated or insurance policy is expired;
  • any other information needed in order to enrol and determine your eligibility; 

If you use the Medical Services directly as an individual customer subscribing to our subscription Programme, we collect the necessary information required for payment towards the programme.


Health and medical data

Starting from today, we will not collect or receive any information about your health. This is because you will receive Medical Services through our partner Livi. All health data collected to provide Medical Services to you will be processed by Livi in line with their Livi privacy policy and Livi terms and conditions.  

Details of your conversations with us

We keep a record of any of your conversations with us. This is so we have an easy way to monitor the quality of the services, train our staff and improve our services. This includes your emails, calls or live chat conversations with our support team. 

Credit and debit card information

If you make a payment, your credit and debit card details are processed by a third-party payment provider.

We do not store any of your credit or debit card information and we only keep details of the transactions on our secure servers.

Data processed in the past 

All personal data including health data collected and received before today in connection with the services will be stored by us as per Section 6 (how long we keep your data).

3. What we use your data for

This is how we use your data and the legal reasons for using it.

To verify you as authorised user 

If you use the Medical Services through your health insurer or your employer or one of our corporate customers, we process your personal information to verify if you are the same person as indicated by your insurer or your employer or our corporate customer, i.e., if you are authorised to use the Medical Services. We do this in our legitimate interests (if we are controllers of the data) or on the instructions of your insurer or your employer or our corporate customer (if we are processors of the data). The verification is carried out by a processor/sub-processor appointed by us and for this purpose we share the details with the processor/sub-processor. To know more, please see Section 5 (how and why we share your data)

To collect payments

If you use our services directly as an individual customer, we use your financial details to charge you for the services used and/or products purchased by you. We process this information to fulfil the contract between you and us. 

Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.

Keeping you up to date

We may contact you when marketing our services. This includes sending you product updates, surveys, feedback requests, offers, promotions and marketing information. We send this information based on your consent to receive such communications. You can opt out at any time by clicking on the unsubscribe link in every communication sent to you or by writing to us.

As part of providing you with a service, we may send transactional messages or essential information by text message, email or in other ways. For example, we may send you information on updates to our privacy policy or terms and conditions. 

Regulating the quality and safety of our service

We use your personal information for safety, training, regulatory, and compliance purposes.

This means that:

  • if we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council or Care Quality Commission; and
  • To detect and prevent fraud, we may need to share your personal and financial information with other healthcare providers, banks, financial institutions and fraud prevention services.

4. How we store and move your data

Personal information

Your personal information is stored on secure servers. We encrypt any data transmitted. Once we have your information, we use appropriate technical and organisational measures to try to prevent unauthorised access, deletion, modification of the data. We will take all steps reasonably necessary to make sure that your data is treated securely.

Credit and debit card information

We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.

Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).

Where we store and process your health data

Your personal data will be mostly stored in the UK only. We may sometimes need to work with companies outside of the UK or European Economic Area (EEA), including eMed affiliate companies, to help us deliver services to you. This will always be in line with applicable data protection laws and will include using appropriate safeguards such as entering into a contract incorporating standard protection clauses issued in accordance with data protection law in the UK.

5. How and why we share your data

To help make Medical Services accessible to you, we may share your personal data with other affiliates of eMed, and our partner organisation - Livi who provide Medical Services on behalf of us. 

eMed affiliates

We have affiliates in the UK and USA. For efficiency, eMed affiliates support us in enabling delivery of services to you. Any transfer of personal data between us and our affiliates is governed by an intra-group data sharing agreement and is done in line with applicable data protection laws.

Service providers

Some companies provide services to us. This helps us in ensuring delivery of services to you, such as storage of data, verifying you as an authorised user to use the Medical Service etc. We may share your personal data with them so that they can process it to provide these services. These service providers act in line with data protection laws and contractual terms that specify how they can process data on our behalf as processors or sub-processors. These companies can only use your data based on our instructions and they cannot use the data for their own purposes.

Partners

Livi

Our partner Livi provides Medical Services to you. 

If you use the Medical Services through your health insurer or one of our corporate customers, which may be your employer or your family member’s employer, Livi will also help us verify if you are authorised to use Medical Services by your health insurer or the employer. For this purpose, we share your personal data as shared by your insurer or the employer with Livi and Livi processes this personal data as a processor. 

In case of any complaints or grievances that may be raised by you or your employer or your insurer directly with us which may contain health data, we will share it with our partner Livi to enable resolution of the complaints or grievances. Similarly, in case of any grievances or complaints raised by you directly with Livi and upon your request that eMed be involved in the complaint resolution process, Livi will share such information with us. Both eMed and Livi will process the data as Controllers to enable complaint resolution and take other necessary steps. 

Other partners

If you use the services through your health insurer or one of our corporate customers, which may be your employer, we may share some of your information with them. This could include your:

  • name;
  • date of birth;
  • email address;
  • policy number; and
  • location.

We may also share with them the fact that you have registered to use the Medical Services.

Aggregated or anonymous data

We may show on our website or share with our commercial partners data that does not personally identify you, but which shows general trends. This is 'aggregated' data and is not personal data.

This might include, for example, the number of users of the service or trends in a particular location.

Sharing for other purposes

We may keep or share information about you, if we need to:

  • comply with a law, regulation, legal process, or government request;
  • state our legal rights or defend against legal claims; and
  • stop, find, or look into illegal activity, fraud, abuse, breaking our terms, or threats to the security of our services or the physical safety of anyone.

6. How long we keep your data

We follow advice from the Department of Health and the British Medical Association on how long to keep information found in your medical records. This is called a 'retention period'.

We might also keep some information that doesn't identify you to help improve our business and our services.

In some circumstances, we might keep data longer if the law says we have to.

Your informationHow long we keep it (its 'retention period')
Medical records, this includes consultations, audio recordings of consultations, if any, information on your participation in one of the Programmes and other health data (collected before today)

We keep your medical records for 10 years after your death or after you've permanently left the country.

We may keep your records longer if there are genetic implications for your family. We work on the advice from clinicians in this situation.


Communications with support teams, including phone calls, emails and live chats1 year after you leave the service.
Maternity recordsWe keep your records for 25 years after the birth of your last child.
Records on any treatment for a mental disorder (as described in mental health legislation)We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner.

7. Your rights

You're in control of your personal information. Under data protection law, you have the right to:

  • remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by writing to us.
  • ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. See: Section 6 - how long we keep your data.
  • ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.
  • ask us to restrict any automated (computer-made) decisions made with your data
  • ask for your data to be provided in a portable format that allows you to move, copy or transfer it or ask us to send it in this format to someone else.

To exercise your rights, please complete our online webform here.

If you have any general queries about how we process your information, please contact us via email at DPO@babylonhealth.com or via post to DPO, 184-192 Drummond Street, London, NW1 3HP.

We'll ask you for proof of identity. Data protection laws give us one month to get back to you.

We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 0303 123 1113

8. Changes to this policy

We might update this policy from time to time. If we make any important changes, we'll let you know, and give you the chance to review them.

If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data.

If you don't agree to the changes, then you can stop using our services at any time.