Privacy Policy
INTRODUCTION
Diligram Limited (“we”, “us”, “our”) designs and develops services and applications (“apps”) under the brand name ‘MyStaff app’ to enable clinical and non-clinical staff to refer to policies, guidelines and documents and complete tasks using technology. This Privacy Policy relates to the collection and use of information (also referred to as “data”) by us in connection to our services and apps.
WHEN DOES THIS PRIVACY POLICY APPLY
This Privacy Policy and accompanying Terms of Service (“Terms”) apply to their use of our services and apps, which are available through the Apple, Google Play, and any other app stores, in addition to our websites, subdomains, portals and APIs (Application Programming Interfaces).
WHO WE ARE
Diligram Limited, with registered office 923 Finchley Road, London, NW11 7PE, UK and business address of St John’s Innovation Centre, Cowley Road, Cambridge CB4 OWS, UK. The company is incorporated in the United Kingdom under company registration number 12865051.
OUR VALUES
We believe making data more easily available to healthcare workers will improve healthcare, but we are also aware that data needs to be handled securely and transparently. We believe your organisation should own its own data and should have choice about who has access to your data or who your organisation consents to view the data. Diligram respects the right to privacy and are committed to protecting information. This privacy policy explains how we collect, transfer, store, and use your organisation’s data.
NATURE OF BUSINESS:
Diligram signs individual contracts with its customers based on the Diligram services provided. Subsequent required Data Protection Agreements are also signed upon commencement of engagement. The data collected/processed through our systems (web, iOS, Android) varies from one customer to another. Any changes that affect the nature of data processing will be communicated to Diligram’s customers.
This includes, but is not limited to:
INFORMATION WE COLLECT
Examples of information that is automatically collected include:
Technical information from your smartphone or computer e.g. operating system, device type, features used on our apps, dates and times of interaction with our apps.
Location information from GPS (only if you decide to opt in and enable certain features/functionality e.g. air quality index)
During the course of using our services or apps, you may have the option to link other third-party services with your account. If you choose to do this, you are authorising Diligram to collect, store, and use information that you agreed these sites may share with us through their API.
Consent for collection of data is done at data controller (our customers) level with relevant data protection controls and commitments signed by Diligram (data processor) with the data controller (customer).
Data owners can opt out of PII data collection by indicating this to the data controller (our customer), who in turn will stop collecting data pertaining to the individual and upon receipt of a formal request, Diligram can delete/destroy the data pertaining to the same individual also (see: data retention). Opt out will halt all processing activities related to the individual.
Processing: Data processing by Diligram is limited to fulfilling minimal contractual obligations to each of its customers. Diligram is governed by a least privilege access and minimum necessary processing policies, conformance for which is monitored and certified by ISO 27001.
Data Retention: Under GDPR, our clients (healthcare organisations) are the data controllers and Diligram is the data processor. The clients will be given access to manage data. Diligram retains data with all-encompassing and comprehensive audit trails including and not limited to:
. Date update applied
. Time update applied
. Unique ID and name of user
. Item updated
. Old value of item
. New value of item
until indicated by the client/data controller to archive/delete and destroy it. Diligram has a procedure for deletion and validation: full data is destroyed. Typically, we do not delete ‘backups’, but this will be overwritten within 14 days after deletion. Diligram performs a check that all copies of data have been destroyed.
BUSINESS TRANSFERS AND LEGAL REQUIREMENTS
As we develop as a business, there is a possibility that we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution or other business-related event, your information may be part of the transferred assets. If we receive a legal request for access to your information (e.g. from a court order, law enforcement authority, regulatory agency, etc.) we may disclose your information to the extent permitted by law. We may also share your information with legal advisors, consultants, or courts in order to protect and defend our rights and users of our services and apps.
THIRD-PARTY ANALYTICS
We use third party analytics services to help us evaluate how users interact and use our services and apps. These analytics providers use cookies and other technology to track how users use our services and apps. Our main aim in using these analytics providers is to help us understand how to optimise and improve our services and apps for our users.
Google Analytics – https://www.google.com/analytics/terms/gb.html
Website Accessibility Policy
Effective Date: 19 June 2023
1. Introduction
Diligram Limited T/A ‘MyStaff app’ and ‘Diligram’ is committed to ensuring equal access and usability of its website for individuals with disabilities. We strive to comply with the relevant accessibility standards and guidelines to make our website accessible to all users, regardless of their abilities.
2. Scope
This policy applies to all web content and digital assets owned or controlled by Diligram Limited.
3. Accessibility Standards
We aim to meet the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA success criteria as the benchmark for accessibility. These guidelines are developed and maintained by the World Wide Web Consortium (W3C). Our goal is to ensure that our website is perceivable, operable, understandable, and robust for all users.
4. Accessibility Features
4.1. Alternative Text: We provide alternative text descriptions for images and other non-text content, enabling screen readers and assistive technologies to convey the information to users.
4.2. Keyboard Navigation: Our website is designed to be fully navigable using a keyboard interface, allowing users who rely on keyboard input to access all content and functionality.
4.3. Colour Contrast: We ensure sufficient colour contrast between text and background elements to make the content readable for users with low vision or colour blindness.
4.4. Text Resizing: Users can adjust the text size using browser settings to improve readability according to their preferences.
4.5. Clear Structure and Headings: Our website content is organized using clear headings and logical structure, facilitating easy navigation and comprehension.
4.6. Form Accessibility: We strive to make all online forms accessible by including appropriate labels, input validation, and clear instructions.
4.7. Video Accessibility: We provide closed captions or transcripts for videos on our website to ensure that users with hearing impairments can access the content.
5. Ongoing Efforts
Diligram is committed to continuously improving the accessibility of our website(s). We regularly monitor and test the website(s) for compliance, address any identified issues promptly, and provide relevant training and support to our website team to ensure accessibility considerations are integrated into our development and maintenance processes.
6. Feedback and Assistance
We value feedback from our users regarding the accessibility of our website. If you encounter any difficulties accessing our content or have suggestions for improvement, please contact our accessibility team at [contact email or phone number]. We will make reasonable efforts to address your concerns and provide you with the information you need.
7. Compliance
MyStaff App will periodically review this policy to ensure its continued relevance and effectiveness. We aim to comply with applicable accessibility laws and regulations in the jurisdictions where we operate.
8. Accessibility Statement
We maintain an accessibility statement on our website, outlining our commitment to accessibility, providing information on available accessibility features, and offering contact details for users to report any accessibility-related concerns.
9. Resources and Assistance
We may provide additional resources, such as accessibility guides or FAQs, to assist users in accessing our website. These resources will be made available on the website or upon request.
10. Training and Awareness
We provide regular training and awareness programs to our employees and website team members to ensure they understand the importance of accessibility and are equipped with the knowledge and skills to create and maintain an accessible website.
11. Review and Updates
This policy will be reviewed periodically to ensure its ongoing relevance and compliance with evolving accessibility standards. Updates to this policy will be effective immediately upon posting on our website.
Please note that this policy is subject to change without prior notice, and the latest version will always be available on our website
HOW WE PROTECT YOUR INFORMATION
We place great importance on the security of all PII associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
Diligram is designed with stringent security protocols. It uses state-of-the art electronic surveillance and multi-factor access control systems. All data transport between your app and our servers is encrypted
We use a risk management process based on a HIPAA template. It allows us to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by Diligram, and also implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with HIPAA standards.
However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. If there is a personal data breach, our data protection officer will report it to the competent Supervisory Authority without undue delay (not less than 72 hours after becoming aware of it). If a personal data breach is likely to result in a high risk to your rights and freedom, our Data Protection Officer will communicate the breach to you without delay.
Diligram takes security very seriously and is governed by its industry-standard Information Security Management System (ISMS) policies, which encompass all aspects of security from secure software development to device encryption across the entire organisation. Diligram:
Exceeds the standards of NHS Data Security Protection Toolkit (DSPT: https://www.dsptoolkit.nhs.uk/OrganisationSearch/D2A6I) is Cyber Essentials Plus certified (Search for “Diligram Limited” here: https://iasme.co.uk/cyber-essentials/ncsc-certificate-search/
YOUR RIGHTS
You have a number of legal rights under the EU’s General Data Protection Regulation (GDPR). The following section explains your rights:
Your organisation has a right to request a copy of data
Your organisation has a right to erasure (delete), rectify, restrict, and object to the processing of data
We are obligated under the GDPR to provide any requested information within one month of receiving a request. However, if a large number of requests are received or requests are complex, the time limit may be extended by a maximum of two further months.
Your organisation has a legal right to access, rectify, erasure and object to the use of data free of charge. However, a reasonable fee may be charged for “repetitive requests”, ‘manifestly unfounded or excessive requests” or “further copies”.
Your organisation has a right to the rectification of inaccurate data.
Your organisation has a right to receive a copy of data in a structured, commonly used, machine readable format that supports re-use. Your organisation also has a right to transfer data from one controller to another without hindrance, and to store data for further personal use on a private device.
If your organisations data was shared with a third party, then you have a right to request information about the identities of those third parties. Your organisation has a right to object to the processing of data for the process of direct marketing, including profiling.
Your organisation has a legal right to not be subject to a decision based solely on automated processing which may significantly affect you, unless it is authorised by law or you explicitly consent and the appropriate safeguards are in place.
Your organisation has a right to complain to the EU’s Data Protection Authority (DPA) if you think your rights have been infringed upon
CHILDREN
We do not knowingly collect Information from children under the age of 14 through our apps. Our apps are intended for use by persons 18 years of age and older. If you discover that your child has been using our apps without your consent, or someone has been using the apps on behalf of your child without your consent, please contact us using the information below in the “Contacting Us” section and we will take steps to delete the information from our databases.
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is effective as of the date listed previously at the start of this document. This Privacy Policy may be changed or updated at any time in the future without notice to you. This Privacy Policy is available for you to review at all times on our apps and it is recommended that you regularly review it. By using our apps after we have updated our Privacy Policy, you are deemed to have accepted any changes.
CONTACTING US
Please submit any questions, concerns or comments you have about this policy or any requests concerning your personal data to info@mystaffapp.org or write to our Data Protection Officer at:
Diligram Limited,
St John’s Innovation Centre,
Cowley Road,
Cambridge CB4 OWS
UK
Modern Slavery and Human Trafficking Statement
INTRODUCTION
This statement sets out Dililgram’s actions to understand all potential modern slavery risks related to its business and to put in place steps that are aimed at ensuring that there is no slavery or human trafficking in its own business and its supply chains.
Diligram recognises that it has a responsibility under the Modern Slavery Act 2015 to take a robust approach to slavery and human trafficking and is committed to preventing slavery and human trafficking in its corporate activities, and to ensuring that its supply chains are free from slavery and human trafficking.
OUR BUSINESS AND SUPPLY CHAINS
Diligram provides a digital quality management software platform for NHS and other healthcare organisations, to support their management of care quality, patient safety and compliance processes. We operate in the UK. This statement applies to employees at all levels including directors as well as contractors.
Our supply chains comprise mainly human resources who perform skilled services or third-party suppliers who provide software development services. However, as a software company, Diligram does not have an extensive range of suppliers where modern slavery or human trafficking would generally be a material risk, and our supply chains are based in low risk countries where modern forms of slavery are not prevalent.
RELEVANT DOCUMENTATION
Diligram operates the following policies that describe its approach to the identification of modern slavery risks and steps to be taken to prevent slavery and human trafficking in its operations. Our policies are clearly defined and communicated to all employees and contractors.
DIGNITY AT WORK
We have a zero-tolerance approach to any victimisation, bullying or harassment either in the workplace or any work-related setting.
WHISTLEBLOWING POLICY
Diligram encourages all its workers, customers and other business partners to report any concerns related to the direct activities, or the supply chains of Diligram. This includes any circumstances that may give rise to an enhanced risk of slavery or human trafficking. Diligram’s whistleblowing procedure is designed to make it easy for workers to make disclosures, without fear of retaliation.
RECRUITMENT
Presently, Diligram predominantly carries out its recruitment processes in-house. Where additional recruitment expertise is required, Diligram uses only specified, reputable employment agencies to source labour and always verifies the practices of any new agency it is using before accepting workers from that agency.
EMPLOYMENT
All our employees are treated fairly and equally and are paid at least the national minimum wage. Our employees will not be forced to work more than the number of hours permitted in law, and normal working hours will not exceed 48 hours per week average unless the employee expressly agrees.
DUE DILIGENCE
The organisation undertakes due diligence when considering taking on new suppliers, and regularly reviews its existing suppliers. The organisation’s due diligence and reviews include:
- Evaluating the modern slavery and human trafficking risks of each new supplier;
- Reviewing on a regular basis all aspects of the supply chain based on the supply chain mapping;
- Conducting supplier audits should this be deemed prudent;
AWARENESS-RAISING PROGRAMME
Diligram will raise awareness of modern slavery issues by circulating information relating to modern slavery and human trafficking to staff in its employee handbook.
SENIOR MANAGEMENT TEAM APPROVAL
This statement was approved on 10th June 2023 by Diligram’s senior directors who will review and update it annually.
Leslie Golding
CEO, UK Diligram
