top of page
Privacy Policy
​

1. Introduction

Welcome to the Kompas Health Ltd (trading as Myya or Myya-X) Privacy Policy, which contains essential legal information informing you of how we process your personal data.

 

At Kompas Health we have one purpose, to give you choice in accessing and improving your health. We do this by providing the highest quality healthcare via telehealth, through our secure and easy to use platforms.

 

Your personal data is central to us delivering quality healthcare and we are committed to keeping it safe and protecting your privacy.  We comply with the General Data Protection Regulation ("GDPR") and relevant implementing legislation.

 

This Privacy Policy explains how we use your personal data, to deliver our healthcare services and products to you from Kompas Health or one of our brands, so that you can make informed choices and be in control of your personal data.  This Privacy Policy also governs the use of your data through Kompas Health’s websites and Apps. Our websites delivering telehealth are: www.myya.health and www.myaa-x.com

 

Please take some time to understand this Privacy Policy, which must be read in conjunction with our Terms and Conditions, which can be found here.  It is important that you read this Privacy Policy together with any other fair processing notice that we may provide to you on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data.  This Privacy Policy supplements other privacy notices and is not intended to override them.

 

Changes to this Privacy Policy and your duty to inform us of changes to your personal data

 

We regularly review this Privacy Policy.  We may update this Privacy Policy from time to time, and notify you if we make any material changes.  This version was last updated on 1st Feb 2024. Historic versions can be obtained by contacting us.  By continuing to use our products and services after you’ve received notification of material changes, you are agreeing to the updated Privacy Policy.

 

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.

 

Third party links

 

Our Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their use of your personal data.  When you leave our website, we encourage you to read the privacy policy of every website you visit.

 

What this Privacy Policy covers

​

This policy explains how we use your data to deliver our healthcare app, websites and services. This includes:

  • our private service, including the registering and use of our services

  • our app

  • our websites (www.myya.health and www.myya-x.com);

  • some of our services we offer with our partners, or on behalf of them; and

  • the technology we use to support our partners' services.

​

Our healthcare services and products are delivered by:

  • Kompas Health Limited (trading as Myya or Myya-X)

  • Kompas Health Ireland Limited

​

Currently, we are overseen for CQC regulation under:

​

Using our technology delivered by:

​

The registered office of Kompas Health Limited is: 4-5 High Town, Hereford, United Kingdom, HR1 2AA

 

Our healthcare services operate under the following brands:

  • Kompas Health

  • Myya

  • Myya-x

 

Controller

When this Privacy Policy talks about ‘Kompas Health, ‘Myya’, ‘Myya-x’,‘we’, ‘us’ or ‘our’, it means Kompas Health Limited and Kompas Health Ireland Limited, who act as joint controllers in relation to your personal data. We act as a data controller and are registered with the Information Commissioner’s Office under registration number ZB509987.

 

If we provide your personal data to other companies in order to deliver healthcare services, we remain the data controllers of your personal data, complying with the General Data Protection Regulation ("GDPR") and relevant implementing legislation.

 

Contact details

We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy.  If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below.

  • By email: hello@myya.health

  • In writing: Data Protection Officer, Kompas Health Limited, 4-5 High Town, Hereford, United Kingdom, HR1 2AA

 

You have the right to make a complaint at any time to a data protection supervisory authority.

 

We ask that you please attempt to resolve any issues with us before contacting the ICO or the DPC.

​

2. What data we hold and how we get it

Personal data is any information we have that can identify you, such as your name, medical history or credit card details.

 

Personal details

When you register with us, we'll ask you for your:

  • name;

  • date of birth;

  • address;

  • contact details;

  • any information needed in order to register and determine your eligibility for telehealth care 

  • a copy of your ID (identity documentation), such as a driving licence or passport

  • selfie 

 

The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorised to do so.

​

Health and medical data

When you use our services, we collect information about your health, including:

  • general health (including information necessary to determine eligibility on one our programmes); 

  • symptoms, treatments, participation in our programmes and medications;

  • consultations, such as notes and recordings

  • procedures, such as surgery, scans or X-rays; and

  • interactions with our services, like using our Get Care online visits or other digital services. These interactions may be shared with our clinical staff so that we can provide you with healthcare, and so that we can provide a better experience

 

Some of this information comes directly from you, but it can also come from third parties, such as your GP.

​

If you use our private service, we'll send your appointment notes to your NHS GP, if you give us your consent.

​

We share children's appointment notes with their NHS GP, in line with current medical guidelines.

​

Details of your conversations with us

We also keep a record of your consultations, conversations  and chats with us. This is so we have an easy way to access your consultations to monitor the quality of our service and healthcare.

​

And, if you have consented, so that we can use them to improve our services. This includes:

  • your conversations with our chat messaging

  • information entered during your Get Care online visits

  • your emails, calls or chat conversations with our support team; and

​​

Note we do not video or audio record any telehealth visits.

​

We keep your health and medical data secure by applying technical and organisational measures to protect it.

​

Data from other sources

We might also receive some data about you and your health from other apps, devices and services. This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a smartwatch with us.

​

Credit and debit card information

If you make a payment on the website or app, your credit and debit card details are processed by a third-party payment provider. We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.

​

Technical information and analytics

When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:

  • the IP address used to connect your mobile phone or other device to the internet

  • your browser information, such as Google Chrome or Apple Safari

  • login and operating system

  • the make and model of your device

  • resettable device identifiers

  • time zone, language and location settings

  • your mobile network provider and your location (based on your IP address)

  • information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited

  • information about the products or services you viewed or used

  • app response times and updates

  • information about your interactions, like what notifications you opened; and

  • any phone number used to call our customer service number.

 

We work with other companies that provide us with analytics and advertising services. This is to:

  • help us understand how people interact with our services;

  • provide the adverts for our services on the internet; and

  • measure the performance of our services and our adverts

 

Cookies

We also use 'cookies'. Cookies are files saved on your phone, tablet or computer when you visit a website. They collect information about how you use the website and the pages you visit. You can find out more about how we use cookies in our cookie policy.

​

3. What we use your data for

This is how we use your data and the legal reasons for using it.

​

Providing you with a service

We need your personal information to enter into a contract with you and deliver services. We use your financial details to charge you if you use our paid service or buy our products.

 

We use your health and medical information to provide you with a healthcare service. This includes:

  • providing you with a health advice;

  • diagnosis and treatments if you use our clinical services (our video and audio consultations, where you can talk with one of our medical professionals); and

  • providing you with a service as part of our Get Care online visits.

 

This information is based on:

  • providing you or planning for healthcare services in our 'legitimate interest'

  • performing tasks in the public's interest 

  • when it is in your vital interests;

  • your consent (for example, when you use our private service and agree to sharing information with your NHS GP); and

  • to fulfil a contract with us (as a healthcare professional) as part of one of our services

 

The health and medical information we use includes information from your:

  • consultations, like notes, chats, emails, transcripts, documents shared

  • use of services like Get Care online visits; and

  • your previous NHS GP, if you shared your information

 

We might share this information with other health services. This is so we can give you the right care, including when it's in your vital interests. These services include:

  • your GP, if you use our private service;

  • referral services like therapists, pharmacists and hospitals

 

We use your location to recommend services near you, like pharmacies and hospitals. Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.

​

Improving Kompas Health's services

If you've given explicit consent, we use your health and medical information to improve our services. This helps us deliver better healthcare to you and other Kompas Health users.

We remove details that could identify you from this information, such as your name, address and contact details. These are called 'personal identifiers'.

​

The health and medical information we collect (with your personal identifiers removed) includes information from your:

  • medical records;

  • consultations, like notes, recordings and transcripts; and

  • use of services like Get Care online visits

​​

This doesn't involve making any decisions which would have a big effect on you. We only use this information to deliver a better experience to you and other Kompas Health users. This explicit consent relates to when we use your personal data.

​

Using your data when it's in our 'legitimate interest'

We sometimes analyse your data and how you use our services to help us manage our business better. This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future.

​

This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.

​

Keeping you up to date

We may contact you when marketing our service. This includes sending you service updates, surveys and marketing information. You can opt in or out at any time by contacting us at hello@myya.health

​

As part of providing you with a healthcare service or public service, we may send you health information by text message, email or in other ways. For example, we may send you public health messages or invite you to book an appointment for a free screening programme, such as cervical cancer screenings.

​

Regulating the quality and safety of our service

We use your health and medical information for safety, training, regulatory, and compliance purposes. This means that:

  • if we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the General Medical Council, Medicines and Healthcare Products Regulatory Agency or Care Quality Commission; and

  • we may audit how you use our services, for example to review the quality of results provided by our products.

​​

To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.

​

4. How we store and move your data

Personal health and medical information

Your personal health and medical information is stored on secure servers. This includes information like:

  • your primary care information;

  • information about your medications; and

  • any information about a diagnosis of illness or other problems.

 

We don't store any of this information on your mobile device. If you've chosen a password or authentication method to access the the website patient portal or app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.

​

Once we have your information, we use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to make sure that your data is treated securely.

​

Credit and debit card information

We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.

 

Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).

​

Where we store and process your health data

Your health data will be stored and processed in the UK only. We may sometimes need to work with companies outside of the UK or European Economic Area (EEA), including Kompas Health affiliate companies or Curoflow, to help us deliver services to you. This will always be in line with applicable data protection laws and will include using appropriate safeguards such as the execution of appropriate data transfer agreements incorporating European Commission approved Standard Contractual Clauses along with other safeguards where appropriate or confirming other controls to comply with UK data protection requirements.

​

5. How and why we share your data

To help us deliver our services we may share your personal data with other parts of Kompas Health, for example affiliate companies or partner organisations who we work jointly or in connection with to provide you a service.

​

Service providers

Some companies provide services to you on our behalf, such as the patient platform for booking appointments, chat, Get Care online visits and pharmacy partners. We may share your personal data with them so that they can process it to provide these services.

​

These companies can only use your data based on our instructions and they cannot use the data for their own purposes.

​

They also have to act in line with data protection laws and contractual terms that specify how they can process data on our behalf.

​

Partners

If you use our services through your employer, insurance benefit or one of our partners, which may be your employer, we may share some of your information with them. This could include your:

  • name;

  • date of birth;

  • email address;

  • policy number; and

  • location.

​​

We may also share with them the fact that you have registered with us and used our services. But we will not share any details about your consultations or medical records, unless you consent to this.

​

Other healthcare providers

If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:

  • clinical partners you've consented us to contact (including our NHS partners) who we work jointly or in connection with your care

  • your NHS GP;

  • specialist referral services;

  • therapists;

  • pharmacists;

  • hospitals;

  • accident and emergency services;

  • testing service providers;

  • diagnosis centres chosen by you for things like X-rays and other imaging; and

  • other health and care bodies and providers.

 

By law, we may need to share information with these services to safeguard either you or others, or conduct a public task. We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.

​

Protecting public health

We might process your health data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics.

In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:

  • NHS Digital;

  • NHS England and Improvement;

  • Public Health England;

  • local authorities;

  • health organisations; and

  • GPs

 

We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.

​

Aggregated or anonymous data

We may show on our website or share with our commercial partners data that does not personally identify you, but which shows general trends. This is 'aggregated' data and is not personal data.

​

This might include, for example, the number of users of our service or trends in a particular location.

​

Statistical data in the public's interest

We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in the Royal College of General Practitioners Research and Surveillance Scheme.

​

We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge and help our members and the general public.

​

5. How long we keep your data

Kompas Health follows advice from the Department of Health and the British Medical Association on how long to keep information found in medical records. We will only retain personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with the patient.

​

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

​

Details of retention periods for different aspects of your personal data are set out below:

​

GP records - includes medical records, consultations with clinicians -

GP records are kept for 10 years after the patient’s death or after they’ve permanently left the country. Records may be kept  longer if there are genetic implications for the patient’s family. Electronic patient records can't be destroyed or deleted for the foreseeable future.

​

Communications with support teams, including phone calls, emails and live chats- 

1 year after the patient has left Kompas Health

​

If the patient has not used the service- 

If the patient is registered and are no longer receiving the service as a benefit and have never used the service, no medical data would have been created. Personal data will be retained for up to 7 years

​

If the patient has not used the service- 

If the patient has been invited by a family member or eligible by a company scheme, but never activated the service. Personal data will be retained for up to 2 years

​

6. Your rights

You're in control of your personal information. Under data protection law, you have the right to:

  • remove or change your consent at any time, if we are using your data in a certain way based on it.

  • ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. 

  • ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.

  • ask us to restrict any automated (computer-made) decisions made with your data

  • ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.

 

To exercise your rights, please contact us at hello@myya.health

​

If you have any general queries about how we process your information, please contact us at hello@myya.health

​

4-5 High Town, Hereford, United Kingdom, HR1 2AA

​

We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.

​

We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:

​

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Phone: 0303 123 1113

​

7. Changes to this policy

We might update this policy from time to time.If we make any important changes, we'll let you know, and give you the chance to review them.

​

If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data. If you don't agree to the changes, then you can stop using our services at any time.

​

 

Contact            FAQ            Legal            Privacy Policy            Cookies            T&Cs

© 2023 Kompas Health Ltd trading as Myya    

Company registered in England and Wales (14615249) and Ireland (743436)

Consultation and prescribing is carried out by GMC and IMC regulated and registered medical practitioners. Signature Pharmacy is our partner pharmacy.  Dispensing and shipping of medicines is completed by a UK licensed, General Pharmaceutical Council registered Pharmacy (GPhC: 9012267). 

bottom of page