Privacy

Policy

up-wave

This is the Privacy Policy for the website hosted at www.careology.health (the "site") and the Careology app (the "App"), (together "our Services"). Our Services are operated by or on behalf of Careology Health Limited. We are committed to protecting and respecting your privacy.

This policy (together with the terms of service) sets out:

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By engaging with our Services you acknowledge you have read and understood this privacy policy.

For the purposes of European Economic Area data protection law, (the "Data Protection Law"), the data controller is: Careology Health Limited of 2 Stephen Street, London, England, W1T 1AN under company number 10205660.

Information we collect about you ("Content")

We will collect and process the following personal data from you:

Information you give us: This is information about you that you give us directly when you interact with us.

This is information about you that you give us by filling in forms on the site or App or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use the site or App, subscribe to our service, search for a product, place an order on the site or via the App, participate in discussion boards or other social media functions on or via the site or App, enter a competition, promotion or survey, submit a query, and when you report a problem with the site or App.

The information you give us may include your name, address, e-mail address, phone number, date of birth, financial and credit card information, personal description and photograph, login and password details.

To interact fully with the site and the App you will need to provide information about your existing health conditions and symptoms, such as the type, severity and side effects. You will also need to provide information about the medication that you are taking, and you can log when you have taken it. We will ask for details of your diagnosis, the course of treatment that you are currently on and the name and contact information of your healthcare provider.

You will also be able to input notes about how you are feeling and your thoughts so that you can journal your symptoms and mood electronically and share these with others.

You can also choose to import metrics on things such as your heart rate, blood pressure, temperature, weight, levels of activity either directly from wearable devices or via third party databases. Please note that when using third party devices or websites, those third parties' privacy policies will also apply.

Any information about your health is classed as sensitive personal data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive personal data is your consent. You can withdraw your consent at any time - for more information please see "Your rights". Please note that if you do not consent to our processing of your sensitive personal data, you will not be able to fully engage with the site or the App.

  • Information we collect about you from your use of the site or App: We will automatically collect information from you each time you visit the site or use the App.
    This includes:
    • Technical information
    • Information about your visit
    • Location Data
  • If you input a code that you have received from a Patient, Caregiver or a Medical Provider when you download the App, we will be able to tell which third party has provided you with this code.
  • Technical information may include the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from the site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
  • Location data - we may collect information through the site or the App as to your real time location to provide location services where requested or agreed to by you in order to deliver content, advertising or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the site or the App.
  • Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
  • Information we receive from other sources. This is information we receive about you:
    • From anyone that you give permission to enter information into the App on your behalf (such as a Caregiver or a Medical Provider) (“Permitted Third Party/Parties”). You can change your Permitted Third Parties under your settings in your account and change the permissions (read, edit etc.) allocated to each Permitted Third Party.
    • If you are a Permitted Third Party, then we receive information about you from the patient.
    • If you use any of the other websites or apps we operate or the other services we provide.
    • From third parties we work closely with such as the platform providers whose devices or operating systems are compatible with the site or the App.

In this case we will have informed you when we collected that data if we intend to share your data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.

We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

If you allow your Permitted Third Parties permission to edit your information, then they will give us information about your symptoms, medication and treatment. You can always update your permission settings in your account.

If you are a Permitted Third Party, we may receive information about you from the patient. This information includes your name, telephone number, email address, relationship to the patient, job title and location.

If you decide to allow any third party wearable devices to connect with our Services, we will receive information about you such as your exercise, activity, heart rate, temperate, weight and blood pressure from these devices via Bluetooth.

How we use your information

We use information held about you in the following ways:

  • Information you give to us:

We will use this information to:

  • Identify you and enable you to use our Services.
  • Show you your health status.
  • Show a Permitted Third Party your health status.
  • If you give us information about your Healthcare Provider, we will let them know that you are using the App,
  • Enable you to communicate in the App with a Permitted Third Party.
  • To enable you to log your medication(s) and set reminders for you to take your medication(s).
  • To enable you to write posts about how you are feeling that can be shared with Permitted Third Parties, who can respond to these posts if you have selected this option under your permission settings.
  • Analyse your answers about your symptoms and suggest products from our commercial partners that we think might be helpful for your symptoms. We will not share your personal data with these commercial partners.
  • De-identify your information and then use this data for our own research purposes and to develop machine learning algorithms.
  • Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you and us including:
    • Administering your account with us.
    • Verifying and carrying out financial transactions in relation to payments you make online or through the App.
    • Notifying you about changes to our service.
  • Provide you with information about our Services and our commercial partners’ products that we feel may interest you. We will only do this if you have given your consent to receiving marketing material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. See ‘Our promotional updates and communications’ section.
  • Ensure in our legitimate interests that:
    • Content from the site is presented in the most effective manner for you and for your computer or mobile device.
    • We provide you with the information, products and services that you request from us.
  • Information we collect about you from your use of the site or App

We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:

Our promotional updates and communications

Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email, SMS/iMessage or in-app about our products and services. We will also analyse the information that you or a Permitted Third Party give us about your symptoms to suggest our commercial partners' products in the App by showing you cards in the Careology app. These cards will link to the commercial partners' website if you click on the link that says "find out more", or other similar wording. You can object to further marketing at any time by checking and updating your contact details within your account or selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to support@careology.health

The information gathered will be used solely for marketing in connection with Careology's business and our commercial partners' products and will not be shared with any other third parties.

Who we give your information to

We may give your information to:

  • Any Permitted Third Party.
  • Selected third parties.

Our selected third parties may include:

  • Organisations that process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through the site and the App in particular those providing website and data hosting services, customer service support services, providing fulfilment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
  • Analytics and search engine providers that assist us in the improvement and optimisation of the site and subject to the cookie section of this policy (this will not identify you as an individual).
  • Payment processing providers who provide secure payment processing services.

We will disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
  • If Careology Health Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Careology Health Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

Where we store your information

The data that we collect from you is stored within the European Economic Area ("EEA").

Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism or your consent, and that it is treated securely and in accordance with this privacy policy.

Child safety

Protecting the safety of children when they use the Internet is important to us.

The site and App is intended for use only by persons who are at least 18 years of age. By using our Services, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using our Services or sending us personal information.

If you are under the age of 13 your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.

Payment processing

Payment details you provide will be encrypted [using secure sockets layer (SSL) technology]before they are submitted to us over the internet. Payments made on the site or App are made through our payment gateway provider, [name]. You will be providing credit or debit card information directly to [name] which operates a secure server to process payment details, encrypting your credit/debit card information and authorising payment. Information which you supply to [name] is not within our control and is subject to [name]'s own privacy policy and terms and conditions.

How we protect your information

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site or App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the site or App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

How long we keep your information

We retain personal data for the length of your subscription. We will archive your personal data one year from the date of your last login to the site or the App, but you will still be able to reactivate your account. If you do not reactivate your account within 5 years of it being archived, we will delete all of the personal information that we hold about you. We may also retain aggregate or de-identified information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from aggregate information retained or used for these purposes.

Your rights

  • You have the right under certain circumstances:
    • to be provided with a copy of your personal data held by us
    • to request the rectification or erasure of your personal data held by us;
    • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
    • to object to the further processing of your personal data, including the right to object to marketing (as mentioned in 'Our promotional updates and communications' section; and
    • to request that your provided personal data be moved to a third party.
  • Your right to withdraw consent:

Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at support@careology.health You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section;

You can exercise the rights listed above at any time by contacting us at support@careology.health

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

Changes to this policy

Any changes we make to our privacy policy in future will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail. This policy was last updated on 10 December 2018.

Contact Us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:

GDPR

Careology Health Limited

GDPR@careology.health

2 Stephen Street

London

England

W1T 1AN