Privacy Policy - UK GDPR

Last updated: 12/31/2025

1. Who We Are

Pt Pal is a digital rehabilitation and patient-engagement platform developed by Health Tech Pal Corp (“we”, “us”, “our”). Pt Pal is provided to patients under licence by healthcare providers. In most deployments, the healthcare provider acts as the Data Controller, and Health Tech Pal Corp acts as a Data Processor, unless otherwise stated.

Data Protection Contact: Chief Information Officer
Data Protection Lead Email: info@ptpal.com

2. Scope of This Policy

This Privacy Policy explains how personal data is collected, used, shared, stored, and protected when using Pt Pal mobile applications (iOS and Android) and the Pt Pal web application. This policy complies with UK GDPR and GDPR.

3. Personal Data We Collect

Pt Pal primarily processes personal and health data that is provided by healthcare organisations as part of clinical care delivery.

In most cases, personal and clinical data displayed within Pt Pal is:

  • Sourced from the healthcare provider’s electronic medical record (EMR) or other clinical systems, and/or

  • Entered by clinicians or authorised registration staff acting on behalf of the healthcare provider

This data may include:

  • Patient identifiers and contact details

  • Clinical context relevant to rehabilitation

  • Treatment plans, activities, and outcome measures

Pt Pal does not collect this information directly from patients through the application.

Limited Patient Interaction Data

Patients may interact with the application by:

  • Viewing assigned activities or content

  • Completing tasks or exercises

  • Engaging with rehabilitation programmes

Any data generated through these interactions is contextual to care delivery and is made available to the patient’s authorised clinician as part of treatment monitoring.

Technical & Usage Data

Pt Pal processes limited technical and usage data, including:

  • Session identifiers

  • App navigation and feature usage

  • Health & Wellness Data: rehabilitation activity, exercise data, patient-reported outcome measures, engagement data.

  • Technical & Usage Data: device identifiers, IP address, app usage, log and performance data.

  • Connected Services (Optional): Apple Health and Google Fit where enabled.

    This data is used solely for security, performance monitoring, and user experience improvement, and not for advertising or marketing.

4. How Personal Data Is Collected

Data is collected directly from users, automatically through use of the service, from connected devices or services where permission is granted, and from healthcare providers where lawfully shared.

5. How We Use Personal Data

To deliver and operate the Pt Pal service, support rehabilitation programmes, enable clinician monitoring, send service-related notifications, maintain security and performance, and analyse in-app usage for usability improvements. We do not sell data or use it for advertising.

6. Legal Basis for Processing

Processing is based on performance of a contract, consent where required, legal obligation, public interest in healthcare, or legitimate interests.

7. Automatic Data Sharing with Clinicians

Data entered into Pt Pal is automatically shared with the patient’s assigned clinician or healthcare provider as part of care delivery. This occurs without repeated manual action and is limited strictly to the patient and their authorised provider.

8. Consent Through Use of the Service

By creating an account and accepting this Privacy Policy and Terms of Use, users consent to automatic transmission of their data to their clinician. This processing is essential and cannot be disabled without discontinuing use of the platform.

9. Cookies, Session Tokens, and Usage Analytics

Pt Pal does not use cookies on its mobile or web platforms. We do not use cookies for advertising, profiling, or tracking.

Secure session tokens are used for authentication and session management. In-app usage and navigation data is collected solely for internal service improvement and user experience optimisation.

10. Data Storage & Security

We apply encrypted data transmission, secure cloud infrastructure, role-based access controls, and ongoing security monitoring.

11. Data Retention

Data is retained only as long as necessary to provide the service, meet legal obligations, or comply with healthcare provider requirements, and is securely deleted or anonymised when no longer required.

12. Data Breaches

We maintain procedures to identify, investigate, and report data protection incidents in accordance with applicable law.

13. Your Rights

Users have rights to access, rectify, delete, restrict, object, request portability, withdraw consent, and avoid automated-only decisions. Requests can be made to info@ptpal.com and will be responded to within 30 days.

14. Opt-Outs & Essential Processing

Some processing is essential to the operation of Pt Pal and cannot be opted out of. Optional processing can be managed via app or device settings.

15. Children

Pt Pal is not intended for use by children without appropriate consent. Concerns can be reported to info@ptpal.com.

16. Policy Updates

If how personal data is used changes, users will be informed and consent re-obtained where required.

17. Third-Party Links

Links to third-party services are governed by their own privacy policies.

Contact Us

You may contact us at:

info@ptpal.com​

Phone: 877-55-PTPAL (78725)