This policy (together with the terms of service) sets out:
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of European Economic Area data protection law, (the "Data Protection Law"), the data controller is: Careology Health Limited of 2 Stephen Street, London, England, W1T 1AN under company number 10205660.
We will collect and process the following personal data from you:
Information you give us: This is information about you that you give us directly when you interact with us.
This is information about you that you give us by filling in forms on the site or App or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use the site or App, subscribe to our service, search for a product, place an order on the site or via the App, participate in discussion boards or other social media functions on or via the site or App, enter a competition, promotion or survey, submit a query, and when you report a problem with the site or App.
The information you give us may include your name, address, e-mail address, phone number, date of birth, financial and credit card information, personal description and photograph, login and password details.
To interact fully with the site and the App you will need to provide information about your existing health conditions and symptoms, such as the type, severity and side effects. You will also need to provide information about the medication that you are taking, and you can log when you have taken it. We will ask for details of your diagnosis, the course of treatment that you are currently on and the name and contact information of your healthcare provider.
You will also be able to input notes about how you are feeling and your thoughts so that you can journal your symptoms and mood electronically and share these with others.
You can also choose to import metrics on things such as your heart rate, blood pressure, temperature, weight, levels of activity either directly from wearable devices or via third party databases. Please note that when using third party devices or websites, those third parties' privacy policies will also apply.
Any information about your health is classed as sensitive personal data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive personal data is your consent. You can withdraw your consent at any time - for more information please see "Your rights". Please note that if you do not consent to our processing of your sensitive personal data, you will not be able to fully engage with the site or the App.
In this case we will have informed you when we collected that data if we intend to share your data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
If you allow your Permitted Third Parties permission to edit your information, then they will give us information about your symptoms, medication and treatment. You can always update your permission settings in your account.
If you are a Permitted Third Party, we may receive information about you from the patient. This information includes your name, telephone number, email address, relationship to the patient, job title and location.
If you decide to allow any third party wearable devices to connect with our Services, we will receive information about you such as your exercise, activity, heart rate, temperate, weight and blood pressure from these devices via Bluetooth.
We use information held about you in the following ways:
We will use this information to:
We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email, SMS/iMessage or in-app about our products and services. We will also analyse the information that you or a Permitted Third Party give us about your symptoms to suggest our commercial partners' products in the App by showing you cards in the Careology app. These cards will link to the commercial partners' website if you click on the link that says "find out more", or other similar wording. You can object to further marketing at any time by checking and updating your contact details within your account or selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to firstname.lastname@example.org
The information gathered will be used solely for marketing in connection with Careology's business and our commercial partners' products and will not be shared with any other third parties.
We may give your information to:
Our selected third parties may include:
We will disclose your personal information to third parties:
The data that we collect from you is stored within the European Economic Area ("EEA").
Protecting the safety of children when they use the Internet is important to us.
The site and App is intended for use only by persons who are at least 18 years of age. By using our Services, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using our Services or sending us personal information.
If you are under the age of 13 your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site or App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the site or App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We retain personal data for the length of your subscription. We will archive your personal data one year from the date of your last login to the site or the App, but you will still be able to reactivate your account. If you do not reactivate your account within 5 years of it being archived, we will delete all of the personal information that we hold about you. We may also retain aggregate or de-identified information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from aggregate information retained or used for these purposes.
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at email@example.com You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section;You can exercise the rights listed above at any time by contacting us at firstname.lastname@example.org
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Careology Health Limited
2 Stephen Street