App Privacy Policy

Version: 1.7

Last Updated: 20 January 2022

Privacy Policy – Apps

This is the App privacy notice of CareLoop Health Ltd (“CareLoop Health Ltd”, “we”, “us”, “our”)

We are company number 13219481 registered in the United Kingdom.

Our registered office is at CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.

Effective date: 20/01/2022

Last reviewed: 20/01/2022

INTRODUCTION

CareLoop Health Ltd (“CareLoop Health Ltd”, “we”, “us”, “our”) designs and develops applications (“Apps”) to empower users to manage their health condition and improve their health outcomes. This Privacy Policy relates to the collection and use of information (also referred to as “data”) by us in connection to our Apps.

WHEN DOES THIS PRIVACY POLICY APPLY

This Privacy Policy and accompanying Terms of Service (“Terms”) apply to your use of our Apps, which are available through the Apple, Google Play, and any other App stores, in addition to our websites, subdomains, portals and APIs (Application Programming Interfaces).

WHO WE ARE

CareLoop Health Ltd, with registered office and business address of: 46 Grafton Street, Manchester M13 9NT. Registered in England, Company number 13219481.

OUR VALUES

We believe that making data more easily available to patients will improve healthcare, but we are also aware that data needs to be handled securely and transparently. CareLoop Health Ltd respects your right to privacy and are committed to protecting your information. This privacy policy explains how we collect, transfer, store, and use your data.

YOUR CONSENT

Because the work CareLoop Health Ltd does takes place in the UK, the European Union’s “General Data Protection Regulation” (GDPR) applies to our processing of your personal data, even if you do not live in Europe. By installing and using our App you are deemed to have consented to us collecting your data and sharing it with your clinical team.

WHAT INFORMATION WE COLLECT SENSITIVE PERSONAL DATA

This is information about you, your health and your symptoms, as well as data shared by your phone such as your IP address and location. The minimum amount of data necessary for the App to function will be collected.

Symptom Data The App collects self-reported symptom data. Data is linked to an individual via a unique CareLoop identifier which is allocated via the care team running the study or implementation project for which CareLoop is deployed. The information that the App requests will be retained by the project team in compliance with the protocol of the study or implementation project and used as described in this privacy policy.
Entries into a daily diary Data entered into the diary is not transferred to our database. It is your choice whether to share this data with anybody else.

Examples of information that is automatically collected include:

We automatically collect certain information when you visit, use or navigate the Apps and/or websites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Apps and other technical information. This information is primarily needed to maintain the security and operation of our Apps, and for our internal analytics and reporting purposes.

HOW INFORMATION IS TRANSFERRED AND STORED

The information that we collect from you will be transferred, stored, and processed within the European Economic Area (“EEA”). By using our Apps, you consent that information may be transferred, stored and processed outside your country of residence (if you currently reside outside the EEA). Your data will be stored for a period as long is deemed reasonably necessary by CareLoop Health Ltd for business and legal purposes and longer. It will then be permanently deleted. Symptom data is shared with your clinical team via a secure server. The server is hosted in a secure AWS IS027001 hosting environment.

WHAT WE DO WITH THE INFORMATION

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfil business obligations

PERSONAL IDENTIFIABLE INFORMATION (PII)

Personal identifiable information (PII) is information that may be used to identify you as an individual. Examples of PII include name and email address. We do not collect any PII through the App

PSEUDONYMISED AND AGGREGATED INFORMATION

Pseudonymised information refers to information that does not contain PII and does not allow us to identify you. We may use pseudonymised information to understand, improve, and customize your experience with our Apps. Pseudonymised information is shared with members of your clinical care team who will be able to deanonymise your data in order that they may be able to better treat your symptoms.

De-identified information may be shared with third party affiliates. For example, aggregated information may be shared with researchers to better understand health conditions or with companies developing treatments. We may share your de-identified data with research partners for legitimate scientific studies that have the approval of an institutional research ethics committee and are using the CareLoop platform in that study. We will only share de-identified data if you have consented to data sharing.

Aggregated information refers to de-identified information that is combined with that of other users’ de-identified information to give an aggregate overview of certain statistics. It is by definition anonymous. We may use aggregated information to understand, improve, and customize our users’ experience with our services and Apps. Aggregated information may be shared with third party affiliates, agents or business partners.

Third party affiliates, agents, or business partners – we may engage with other third-party companies or individuals to perform certain business functions on our behalf. Examples may include providing technical assistance, order fulfilment, customer service, improving your experience of this App, and marketing assistance. These third-party organisations will only have access to the de-identified and aggregated information necessary to perform their functions. We will not share, sell, rent or trade any of your information with third parties for their promotional, marketing or any other purpose.

CareLoop uses third party hosting and software development services, AWS and DevRank, to host the server component of the software platform and develop the website and Apps that enables researchers and clinicians to view the data sent from end users’ phones. DevRank and AWS have access to the data collected by the CareLoop platform. These third party providers comply with all Data Protection regulations.

BUSINESS TRANSFERS AND LEGAL REQUIREMENTS

As we develop as a business, there is a possibility that we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution or other business-related event, your information may be part of the transferred assets.

If we receive a legal request for access to your information (e.g. from a court order, law enforcement authority, regulatory agency, etc.) we may disclose your information to the extent permitted by law. We may also share your information with legal advisors, consultants, or courts in order to protect and defend our rights and users of our services and Apps.

HOW WE PROTECT YOUR INFORMATION

We place great importance on the security of all PII associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.

Our Apps are designed with stringent security protocols. All data transport between your App and our servers is encrypted.

Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify any new risks when we define / develop new features.

However, with any electronic transmission and storage of data comes risk and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. If there is a personal data breach, our Data Protection Officer will report it to the competent supervisory authority without undue delay (not less than 72 hours after becoming aware of it). If a personal data breach is likely to result in a high risk to your rights and freedom, our Data Protection Officer will communicate the breach to you without delay.

YOUR RIGHTS

You have a number of legal rights under the EU’s General Data Protection Regulation (GDPR). In summary, those include rights to:

Access your personal information
Require us to correct any mistakes in your information which we hold
Require the erasure of personal information concerning you in certain situations
You have a legal right to access, rectify, erasure and object to the use of your data free of charge. However, a reasonable fee may be charged for “repetitive requests”, “manifestly unfounded or excessive requests” or “further copies”
We are obliged under the GDPR to provide any requested information within one month of receiving a request. However, if a large number of requests are received or requests are complex, the time limit may be extended by a maximum of two further months
Receive the personal information concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations
If your personal data was shared with a third party, then you have a right to request information about the identities of those third parties
You have a right to object to the processing of your personal data for the process of direct marketing, including profiling
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
Object in certain other situations to our continued processing of your personal information
Otherwise restrict our processing of your personal information in certain circumstances
You have a right to complain to the EU’s Data Protection Authority (DPA) if you think your rights have been infringed upon (https://ico.org.uk/make-a-complaint/your-personal-information-concerns/) or telephone +44 303 123 1113

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the United Kingdom Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation

If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer using the contact details given below

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or by calling +44 303 123 1113

CHILDREN

We do not knowingly solicit data from or market to children under 16 years of age. By using the Apps, you represent that you are at least 16. If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 16, please contact us atdpo@careloophealth.com

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of the date listed previously at the start of this document. This Privacy Policy may be changed or updated at any time in the future without notice to you. This Privacy Policy is available for you to review at all times on our Apps and website. It is recommended that you regularly review it. By using our Apps after we have updated our Privacy Policy, you are deemed to have accepted any changes.

CONTACTING US

Please submit any questions, concerns or comments you have about this policy or any requests concerning your personal data to dpo@careloophealth.com or write to our Data Protection Officer at:

CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
CookieConsent	37 years 8 months 21 days 17 hours	This cookie stores the user's consent state for the current domain.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others