Service Management Plan
SERVICE MANAGEMENT POLICY
STATEMENT
The Organisation recognises the importance of service management and is committed to operating its business responsibly and in compliance with all legal requirements relating to ‘The Design,Manufacture and Support of Health and Financial Digital Platforms, typically to the Public Sector’. It is the Organisation’s declared policy to operate with and to maintain good relations with all regulatory bodies.It is the Organisation’s objective to carry out all measures reasonably practicable to meet, exceed or develop all necessary or desirable requirements and to continually improve service management performance through the implementation of the following:
Understanding and fulfilling the service requirements to achieve customer satisfaction
Establishing the Policy and objectives for service management
Designing and delivering services based on the Service Management System (SMS) that
add value for the customer
Monitoring, measuring and reviewing the performance of the SMS and the services
Continually improving the SMS and the services based on objective measurements.
This Policy is documented, implemented, maintained and communicated to all employees, suppliers and sub-contractors and is made available to the public. It is reviewed at least annually in accordance with the Management Review process implemented as part of the SMS.
Date of Issue 23/08/2024 Signed F Ndemera
Date of Next Review 22/08/2025 Fungai Ndemera
List of Services
All of the Organisation’s current services are listed in the Service Catalogue(s). Service Management Objectives
It is the Organisation’s objective to carry out all measures reasonably practicable to meet, exceed or develop all necessary or desirable requirements and to continually improve service management performance through the implementation of the following:
Understanding and fulfilling the service requirements to achieve customer satisfaction 2. Establishing the policy and objectives for service management
Designing and delivering services based on the Service Management System (SMS) that add value for the customer
Monitoring, measuring and reviewing performance of the SMS and the services 5. Continually improving the SMS and the services based on objective measurements 6. Meeting or exceeding the requirements of each customer’s Service Level Agreement 7. Enhancement of business reputation through excellence of service provision. Service Requirements
The requirements for each service provided are documented in the Managed Service Agreement and Service Level Agreement between the Organisation and each customer.
Known Limitations which can impact the Service Management System
The ability of the service desk software to deliver the required functionality – rectified either by customisation of the existing software or by consideration of an alternative product.
Possible failings of third parties outside of the direct control of the Organisation – rectified by ensuring that suppliers are managed in accordance with Section 8.3.4.1 of the Standard (Management of external suppliers) and that customers are managed in accordance with Section 8.3.3 (Service level management).
Staff understanding of, and compliance with, the Service Management System processes and procedures – rectified by ensuring that staff are managed in accordance with Section 7.1 (Resources).
Policies, Standards, Statutory and Regulatory Requirements and Contractual Obligations
General policies are documented and communicated to interested parties, as appropriate.
Information Security policies are included in the ISO 27001 Information Security Management System (ISMS) Process Documentation, where applicable.
The Organisation is certified to ISO 20000-1 : 2018 (Information Technology – Service Management)
The Organisation is committed to operating its business responsibly, in compliance with all legal requirements and to maintaining good relations with all regulatory bodies.
The Organisation’s contractual obligations to each customer are documented in the corresponding Managed Service Agreement.
Framework of Authorities, Responsibilities and Process Roles, including Designated Responsibilities for Plans, Service Management Processes and Services
Authorities, responsibilities and process roles are documented and maintained as part of the ISO 20000-1 : 2018 SMS Management System Processes.
Human, Technical, Information and Financial Resources are necessary to achieve the Service Management Objectives.
Human resources are highly valued by the Organisation and are recruited and trained to ensure that the highest standards are maintained. Management is in accordance with Section 7.1 (Resources) of the ISO 20000-1 : 2018 SMS.
Technical resources are under constant review to ensure that they always significantly exceed ‘fit for purpose’. Capacity is monitored and planned in accordance with Section 8.4.3 (Capacity management) of the ISO 20000-1 : 2018 SMS.
Information is only sourced from reliable and up-to-date web-based resources, including those provided by such suppliers as Microsoft, Freshdesk etc.
The success of the Organisation is dependent upon the quality of its service provision. Appropriate financial resources are therefore made available to ensure that the Service Management System constantly operates at optimum levels.
Approach to be taken for Working With Other Parties involved in the Design and Transition of New or Changed Service Processes
The ability of the other parties involved in the design and transition of new or changed services is thoroughly evaluated.
Those parties considered to lack the competence to perform to requirements are not included in further processes.
New or changed services are designed in accordance with Section 8.5 (Service design, build and transition).
The work required to develop the new or changed service is documented
When another party is to be involved, a Quotation is obtained for the specified work, and an agreement is reached on the amount of payment before work commences.
Acceptance criteria are documented and agreed upon.
On delivery, the new or changed service is tested rigorously against the acceptance criteria.
Payment is only made for the new or changed service on full satisfaction of the acceptance criteria.
Approach to be taken for the Interfaces between Service Management Processes and their integration with the Other Components of the SMS
The Service Desk is the primary interface between the service management processes and the constituent components of the SMS. Whenever possible, seamless integration is provided, e.g. in the automated escalation of incidents which are in danger of exceeding their SLAs or in the automated raising of a Service Desk call generated by an alert from the network monitoring software.
All staff are trained to ensure maximum familiarity with the SMS processes and are therefore able to provide a human interface with SMS components whenever necessary.
Approach to be taken for the Management of Risks and the Criteria for Accepting Risks
Service management risks are primarily managed through the change management process.
Risks are identified at the planning stage, at appropriate points during the plan development and when substantial changes are to take place subsequently. PDCA methodology is effectively applied.
Risk Assessment considers:
Inputs
Outputs
Activities
Responsibility and accountability for risk mitigation.
Risks are only accepted when the rollback time for a potential change is within prescribed limits for both the Organisation and the affected client(s).
Technology used to support the SMS
The Service Desk is the primary technology used to support the SMS.
How the effectiveness of the SMS and the Services will be Measured, Audited, Reported and Improved
Reports are produced for each customer each month to ensure that the SMS is delivering the best possible service.
Internal audits are undertaken annually in accordance with Section 9.2 (Internal audit) of the ISO 20000-1 : 2018 SMS.
External audits are undertaken annually by QMS International Limited.
Management Reviews are undertaken annually in accordance with Section 9.3 (Management review) of the ISO 20000-1 : 2018 SMS.
| Your information | How long we keep it (its 'retention period') |
|---|---|
| GP records: This includes medical records, consultations with GPs and monitor health at home modules interactions | We keep your GP records for 10 years after your death or after you've permanently left the country. We may keep your records longer if there are genetic implications for your family. We work on the advice from clinicians in this situation. Electronic patient records can't be destroyed or deleted for the foreseeable future |
| Video consultations | If we keep your video consultations, they are kept in the same way as your GP records (although that period of time could change if our product changes). |
| Voice (or audio) consultations | We keep your voice consultations in the same way as your GP records (although that period of time could change if our product changes). |
| Communications with support teams, including phone calls, emails and live chats | 1 year after you leave the CheckUp Health service. |
| Maternity records | We keep your records for 25 years after the birth of your last child. |
| Records on any treatment for a mental disorder (as described in mental health legislation) | We keep your records for 20 years after the date of your last consultation. Or 10 years after your death if that is sooner. |
If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: Support info@checkuphealth.co.uk
Data from other sources
We might also receive some data about you and your health from other organisations we are contracted with, apps, devices and services.
This will only happen if you've agreed to sharing that data with us. For example, if you decided to share information collected from a health monitoring device that linked to our app.
Credit and debit card information
If you make a payment on the app, your credit and debit card details are processed by a third-party payment provider.
We don't store any of your credit or debit card information and we only keep details of the transactions on our secure servers.
Technical information and analytics
When you use our app, or visit our website, we may collect the following data, where this is allowed by your device or browser settings:
The IP address used to connect your mobile phone or other device to the internet
Your browser information, such as Google Chrome or Apple Safari
Login and operating system
The make and model of your device
Resettable device identifiers
Time zone, language and location settings
Your mobile network provider and your location (based on your IP address)
Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited
Information about the products or services you viewed or used
App response times and updates
Information about your interactions, like what notifications you opened
Any phone number used to call our customer service number
We work with other companies that provide us with analytics and advertising services
This is to:
Help us understand how people interact with our services
Provide the adverts for our services on the internet
Measure the performance of our services and our adverts
Your health information is not used for these advertising services
Source of The Personal Data and Hho we may Share it With
Other healthcare providers
If it's needed for your treatment or care, we will share your data with your other health and social care providers. These include:
Our clinical partners (including our NHS partners) who we work jointly or in connection with to provide you a service
Accident and emergency services, Hospitals
Diagnosis centres chosen by you for things like X-rays and other imaging
Other health and care bodies
Your NHS GP
Pharmacists
Specialist referral services
Therapists
Testing service providers
By law, we may need to share information with these services to safeguard either you or others, or conduct a public task (in the case of our NHS services). We may need your consent, or to rely on our legitimate interests to provide you with healthcare before we can share this information.
Overseas Transfers
The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with optimum uptime services.We work with third parties servers which may be hosted outside UK to deliver efficient services.We take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. This will always be in line with applicable data protection lawful mechanisms (such as appropriate contractual terms) and subject to strict safeguards.
For further information on how we protect your data if we transfer it outside of the EEA, contact us by email at: info@checkuphealth.co.uk
Protecting public health
We might process your data to protect public health. Your data could be vital to help research, monitor, track and manage public health emergencies, like pandemics. and in cases where such an activity is a legal requirement.
In a public health emergency, your information may be shared in a way that is appropriate and lawful with organisations such as:
GPs
Local authorities
Health organisations
NHS Digital
NHS England and Improvement
Public Health England
We will limit the use or sharing of data to the period of the emergency and will only share data to the extent necessary.
Aggregated or anonymous data
In situations where we may need to show on our website or share with our commercial partners data that does not personally identify you, which shows general trends. This is 'aggregated' data and is not personal data may be shared.
This might include, for example, the number of visitors to our websites, number of App downloads, users of our service or trends in a particular location.
Statistical data in the public's interest
We may also use data that does not identify you personally as part of statistics that we collect on certain types of illness, symptoms and conditions. This might include us contributing medical data and participating in such schemes from time to time. These schemes may be project related, or government rleated scheme.
We may show these summarised statistics to our partners. They will always be anonymised. This is so we can improve our medical knowledge on how we support you in service delivery and help our members and the general public.
You can contact us directly if you do not want your data to be used in this way by email at: info@checkuphealth.co.uk
Your rights
Please be aware that you have the following data protection rights and you are in control of your records:
The right to be informed about the personal data the Company processes on you
The right of access to the personal data the Company processes on you
The right to rectification of your personal data
The right to erasure of your personal data in certain circumstances
The right to restrict processing of your personal data
The right to data portability in certain circumstances
The right to object to the processing of your personal data that was based on a public or legitimate interest
The right not to be subjected to automated decision making and profiling; and
The right to withdraw consent at any time
Making changes within your App
Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:
Going to the the website, under Privacy Policy, Under Your consent and use the given email address to advise us of your choices, you can:
Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't..
Ask us to restrict any automated (computer-made) decisions made with your data.
Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
Where you have consented to the Company processing your [personal data/[and]sensitive personal data] you have the right to withdraw that consent at any time by contacting us using the methods below.
Email info@checkuphealth.co.uk
Write to us: Data Protection officer.
The Flame Lily HQ.
CheckupHealth
144 Penn Road,
Wolverhampton,
WV3 0EE
We'll ask you for a proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the Information Commissioner's Office (ICO). If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
Cookies
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
Cookies and Other Technologies
The Flame Lily and our third-party service providers use a variety of technologies to assess how our sites or mobile applications are used, to personalize your experience and to deliver you marketing, including online content, tailored to your interests. Some technologies we may use include the following:
Cookies
A cookie is a small file placed on your device when you visit a site that can be understood by the site that issued the cookie. We use the information collected by cookies to remember who you are to log you in and your preferences, to provide you advertisements, offers or other content tailored to your interests and to assess how our sites are used. You can accept or decline cookies through your browser settings. To learn more, please look at the cookie settings available in your specific web browser(s). Please note, however, that without cookies you may not be able to use all of the features of our Sites or other websites and online services. Please click here for a list of all The Flame Lily Cookies.
Other Technologies
We may use third-party web analytics services on our Sites, such as those of Google Analytics. These service providers help us analyse how visitors use the Sites. The information obtained for this purpose (including your IP address and other information collected by automated means) will be disclosed to or collected directly by these service providers. To learn more about Google Analytics, and how to opt out, please click here.
The providers of third-party plug-ins and widgets on our Sites, such as embedded videos and social media sharing tools, may use automated means to collect information regarding your use of the Sites and your interactions with the plug-ins and widgets. We may also receive information you have made available to those third party services, including the geographic location of your mobile device and other information about you (such as name, email address, gender, locale, time zone, languages, social media profile URL, personal website URL, biographical information, birthday, photo, list of devices, education history, work history, hometown, interests, current city, political views, favourite athlete and teams, relationship status and information, religion, name of significant other, and certain security settings information) and your contacts on those services. This information is subject to the privacy policies or notices of the third party providers of the plug-ins and widgets.
Links to external websites
The Company’s website may contains links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
Data Security
The Company takes every precaution to protect our users’ information.The company uses security measures in relation to the personal data processed, e.g. firewalls, browser certification technology, encryption, limited access, use of passwords.Only users who need the information to perform a specific task (for example, consultations, our clinical team) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/ the Internet.
If you share a device with others we recommend that you do not select the “remember my details” function when that option is offered.
If you have any questions about the security at our website, you can email info@checkuphealth.co.uk
Changes to this privacy statement
We will update this privacy statement from time to time. We will post any changes on the statement with revision dates. If we make any material changes, we will notify you and give you a chance to review them.If you agree to the changes, you don't need to do anything. Just keep using our services as when and you need them with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.
Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact:
Email: compalints@theflamelily.co.uk
Write to us: Complaints department, The Flame Lily HQ. Checkup Health 144 Penn Road WV3 0EE