This is the App privacy notice of CareLoop Health Ltd (“CareLoop Health Ltd”, “we”, “us”, “our”)
We are company number 13219481 registered in the United Kingdom.
Our registered office is at CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.
Effective date: 20/01/2022
Last reviewed: 20/01/2022
CareLoop Health Ltd, with registered office and business address of: 46 Grafton Street, Manchester M13 9NT. Registered in England, Company number 13219481.
Because the work CareLoop Health Ltd does takes place in the UK, the European Union’s “General Data Protection Regulation” (GDPR) applies to our processing of your personal data, even if you do not live in Europe. By installing and using our App you are deemed to have consented to us collecting your data and sharing it with your clinical team.
This is information about you, your health and your symptoms, as well as data shared by your phone such as your IP address and location. The minimum amount of data necessary for the App to function will be collected.
Examples of information that is automatically collected include:
We automatically collect certain information when you visit, use or navigate the Apps and/or websites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Apps and other technical information. This information is primarily needed to maintain the security and operation of our Apps, and for our internal analytics and reporting purposes.
The information that we collect from you will be transferred, stored, and processed within the European Economic Area (“EEA”). By using our Apps, you consent that information may be transferred, stored and processed outside your country of residence (if you currently reside outside the EEA). Your data will be stored for a period as long is deemed reasonably necessary by CareLoop Health Ltd for business and legal purposes and longer. It will then be permanently deleted. Symptom data is shared with your clinical team via a secure server. The server is hosted in a secure AWS IS027001 hosting environment.
We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfil business obligations
Personal identifiable information (PII) is information that may be used to identify you as an individual. Examples of PII include name and email address. We do not collect any PII through the App
Pseudonymised information refers to information that does not contain PII and does not allow us to identify you. We may use pseudonymised information to understand, improve, and customize your experience with our Apps. Pseudonymised information is shared with members of your clinical care team who will be able to deanonymise your data in order that they may be able to better treat your symptoms.
De-identified information may be shared with third party affiliates. For example, aggregated information may be shared with researchers to better understand health conditions or with companies developing treatments. We may share your de-identified data with research partners for legitimate scientific studies that have the approval of an institutional research ethics committee and are using the CareLoop platform in that study. We will only share de-identified data if you have consented to data sharing.
Aggregated information refers to de-identified information that is combined with that of other users’ de-identified information to give an aggregate overview of certain statistics. It is by definition anonymous. We may use aggregated information to understand, improve, and customize our users’ experience with our services and Apps. Aggregated information may be shared with third party affiliates, agents or business partners.
Third party affiliates, agents, or business partners – we may engage with other third-party companies or individuals to perform certain business functions on our behalf. Examples may include providing technical assistance, order fulfilment, customer service, improving your experience of this App, and marketing assistance. These third-party organisations will only have access to the de-identified and aggregated information necessary to perform their functions. We will not share, sell, rent or trade any of your information with third parties for their promotional, marketing or any other purpose.
As we develop as a business, there is a possibility that we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution or other business-related event, your information may be part of the transferred assets.
If we receive a legal request for access to your information (e.g. from a court order, law enforcement authority, regulatory agency, etc.) we may disclose your information to the extent permitted by law. We may also share your information with legal advisors, consultants, or courts in order to protect and defend our rights and users of our services and Apps.
We place great importance on the security of all PII associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
Our Apps are designed with stringent security protocols. All data transport between your App and our servers is encrypted.
Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify any new risks when we define / develop new features.
However, with any electronic transmission and storage of data comes risk and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. If there is a personal data breach, our Data Protection Officer will report it to the competent supervisory authority without undue delay (not less than 72 hours after becoming aware of it). If a personal data breach is likely to result in a high risk to your rights and freedom, our Data Protection Officer will communicate the breach to you without delay.
You have a number of legal rights under the EU’s General Data Protection Regulation (GDPR). In summary, those include rights to:
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the United Kingdom Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation
If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer using the contact details given below
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or by calling +44 303 123 1113
We do not knowingly solicit data from or market to children under 16 years of age. By using the Apps, you represent that you are at least 16. If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 16, please contact us firstname.lastname@example.org
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Please submit any questions, concerns or comments you have about this policy or any requests concerning your personal data to email@example.com or write to our Data Protection Officer at:
CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.