Effective Date: December 1, 2018
We are the data controller of any data for purposes of applicable data regulations and registered as such by the United Kingdom Information Commissioners Office. The information below contains specific information related to our use of your data in accordance with the General Data Protection Regulation 2016/679/EU. At any time, you may exercise your rights under the aforementioned directive by writing to firstname.lastname@example.org
GROUNDS FOR DATA COLLECTION
Processing of your Personal Information (meaning, any information which may potentially allow your identification with reasonable means, such as your name, email address, telephone number or similar information; hereinafter “Personal Information”) is necessary for the performance of our contractual obligations towards you and providing you with our Service, to protect our legitimate interests, and to ensure compliance with legal and financial regulatory obligations.
If you choose not to provide Personal Information or Health Information (as defined below), you may not be able to create a profile or register with the Service and your use of the Service may be limited.
HOW WE RECEIVE INFORMATION ABOUT YOU
While you may use some of the functionality of the Service without creating a profile or registration, certain tools of the Service require registration and provision of your information, including Personal Information.
If you choose to register and create an account via the Service, then you will be asked to submit Personal Information which may be associated with your Health Information.
Whenever you submit information via our Service, including, but not limited to, by telephone or email, we may collect Personal Information and other Health Information you provide to us in order to provide you with our Service.
If you choose to sign up to our Service via third-party accounts, including, but not limited to, Facebook, Google, LinkedIn, Twitter; we will have access to basic information made publicly available from such accounts , such as your full name, home address, email address, birth date, profile picture, friends list, personal description, as well as any other information you made publicly available on such account, or agreed to share with us.
You are not required to provide any personal information described above to us. However, if you do not do so, you may not be able to use our Service, or the functionality of our Service may be reduced.
WHAT TYPES OF INFORMATION WE COLLECT
By using the Service, we may collect the following types of information from you:
Account details – When you create an account to use the Service you will be asked to provide your name, email address, date of birth, gender and country of residence.
Personal Health Information – You may choose to use certain features of the Service that will allow you to input other Personal Information with respect to your health. This information may include but is not limited to; the medications you take, the intensity and location(s) of pain you are feeling, your mental well-being, physical measurements, your doctor’s name (collectively your “Health Information”).
Voluntary information – When you communicate with us (for example when you send us an email, use a “contact us” form, or reply to any surveys, competitions & promotions we may run) we collect the Personal Information you provide to us.
Technical information – We may collect certain technical information about the smartphones, mobiles, computers or other electronic devices you use to access our Services. Such technical information includes but is not limited to; the type of device (which can include unique device identifying numbers), its operating system, your IP address, the device approximate location.
Location information – We may collect information about your exact location when you choose to share that information. Even when you don’t actively share your exact location, the IP address of the device you use to access our Service may tell us an approximate location, but this will be no more precise than the city, state or country you are using your device in.
Site usage data – When you use our Sites, we collect information about how you use it. This includes but is not limited to; the pages you look at, the type of computing or mobile device you use, the Internet browser you are using, geo-location and language of your operating system.
App usage data – The App automatically collects certain non-identifiable information when you use the App. This includes but is not limited to: type of computing or mobile device you use, your device’s operating system, the language of your operating system and crash reports. We may collect data related to the usage of our Service for the purpose of improving our Service, e.g. page views, sessions, and button clicks.
Data from other sources - If you choose to connect our Service with 3rd party services such as social networks or other health apps, we may collect information from these services in order to provide the expected functionality to you. Any information we collect will always be used in compliance with the policies of the relevant 3rd party. This data may include but is not limited to health data collected via other services, as well as basic social network profile information.
COOKIES & SIMILAR TECHNOLOGIES
A cookie is a small piece of text which is sent to a visitor’s browser. The browser provides this piece of text to the device of the originating visitor when this visitor returns.
We use a combination of “session” and “persistent” cookies on our Sites. A persistent cookie will allow you to save your settings and customisations. If you log in to our Sites, and you allow it, a persistent cookie could recognise you so that you will not need to log in every time you use the Sites. Persistent cookies may hold personal data, but only if you are a registered user or have otherwise consented to the provision of personal data in accordance with the terms of this Policy.
Session cookies are temporary and expire once your browsing session ends. Persistent cookies remain on your device until their expiration date or until you delete the cookie.
Cookies do no damage to your computer and you have choices about managing them.
Most browsers are initially set to accept cookies. If you’d prefer, you can set your browser to approve or reject cookies on a case-by-case basis or reject all cookies. Refusal of cookies at our Sites may result in an inability to visit certain areas of our Sites or to receive personalised information when you visit our Sites.
Analytics: We are constantly trying to improve the delivery of services to you via our Sites. To help us do this, we may measure the effectiveness of our web presence by determining when you accessed the Site, and what you clicked on within the Site. We use “Google Analytics” to help us achieve that goal.
Google Analytics collects information such as how often users visit the Sites, what pages they visit when they do so, and what other sites they used prior to coming to the Sites.
Google Analytics collects only the IP address assigned to you on the date you use the Sites, as well as information regarding your operating system, language and information regarding your use of the Sites, rather than your name or other identifying information.
We do not combine the information collected through the use of Google Analytics with Personal Information.
HOW WE USE THE INFORMATION WE COLLECT
Information that is stored about you may be encrypted and/or pseudonymised. Pseudonymised means that the key to re-identifying the data with an individual is held separately from the data itself, this protects the security of your data.
We may also use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site, apps and products and developing new products and services. Data that is anonymised means that it is stripped of all identifying information and it is not possible for you to be re-associated with that data. Anonymisation is different from pseudonymisation.
Service provision – We will use the Personal Information you provide to us for the provision and improvement of our Service to you. This includes but is not limited to; maintaining your account, backing up your data in case you lose or change your device, diagnosing problems with our infrastructure, making our service more useful, customising and personalising its content for you, ensuring regulatory compliance. We may use your Personal Information to investigate misuse of your Account, including fraud and debt collection. We may use your Personal Data to help us develop new products and services and improve our current Service.
Marketing purposes – We may use your Personal Information (such as your email address) to communicate with you. We may also send you promotional material concerning products or services which we believe may interest you by building an automated profile based on your Personal Information, for marketing purposes. Such marketing messages may be delivered by including but not limited to; email, SMS, push notification.
- You can opt out of receiving marketing materials from us by either using the Marketing controls in the Service, clicking on the unsubscribe link in the emails we send you, or emailing us at email@example.com. Please note that even if you opt-out of receiving marketing messages, we may still use and share your Personal Information with third parties for non-marketing purposes (for example to fulfil your requests, communicate with you and respond to your enquiries, etc.). In such cases, the companies with whom we share your Personal Information are authorized to use your Personal Information only as necessary to provide these non-marketing services.
Analytics, surveys and research – In line with our aim to improve our services and develop new and exciting features for our users, from time to time we may conduct surveys or test features, and analyse the information we have to develop, evaluate and improve these features.
Protecting our interests – we may use your Personal Information when we believe it’s necessary in order to take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of our Service and protect the rights and property of Bodymap Apps, its users and/or partners.
Enforcing of policies – we may use your Personal Information in order to enforce our policies, including but limited to our Terms and Conditions.
Compliance with legal and regulatory requirements – we also use your Personal Information as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
WE DO NOT DISCLOSE YOUR PERSONAL HEALTH INFORMATION TO ANY 3RD PARTIES WITHOUT YOUR EXPRESS PERMISSION.
Service providers & Data Processors – We will share your Personal Information with our Service Providers and Data Processors (“Our Providers”) as is reasonably necessary to provide the Service to you. Our Providers include but are not limited to; Google, Microsoft, Amazon, Oracle. We are the Data Controller of any data for purposes of applicable data regulations, and as such, have verified that Our Providers comply with the ‘adequacy of protection’ or specific certification as defined by the GDPR.
Merger, acquisition or sale – We may transfer your Personal Information in its entirety in the event of a merger, acquisition or sale.
Law authorities, regulators, Government – We may disclose your Personal Information where we are required to do so by law to assist with investigations, or to comply with certain regulations.
We do not disclose personal information to anyone else except as set out above. We may provide third parties with aggregate statistical information and analytics about users of our Service, but we will ensure that no one can be identified from this information before we disclose it. Please refer to anonymisation above.
The Service enables you to share your Personal Information via email or print. Whilst we take great care to keep your Personal Information confidential and secure, any information you choose to share outside of the Service is solely your responsibility. You should exercise caution when disclosing any information (including Personal Information) in such ways, as you do not know who will access or use such information and for what purposes.
HOW WE PROTECT YOUR INFORMATION
We take security seriously. We use reasonable and appropriate data protection measures, such as robust technologies, security policies, and procedures, to reduce the risk of misuse, alteration, accidental destruction or loss, and unauthorized disclosure or access to our systems and data. For example, we encrypt the transmission of sensitive information using secure socket layer technology (SSL). We follow industry standards and best practices to protect your personal data during transmission and once we receive it. We limit access of your information only to those employees or partners that need to know the information in order to enable the carrying out of the agreement between us.
While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Information, we cannot ensure or warrant the security and privacy of your Personal Information or other content you transmit using the service, and you do so at your own risk. Please email any Service or application security questions to firstname.lastname@example.org.
USE OF ANONYMISED & AGGREGATED DATA
We may make use of and disclose to affiliates and third parties anonymised & aggregated data, as described above, on commercial terms that we can determine at out sole discretion, for purposes such as but not limited to; research purposes, in order to understand behaviour patterns, in order to increase engagement and adherence.
INTERNATIONAL DATA TRANSFERS
The personal information we collect may be only transferred to and stored in countries within the European Union and European Economic Area or to third countries that the European Union have deemed to have an equivalent level of data protection.
We will retain your Personal Information for as long as necessary to provide our Service. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined by considering the type of information that is collected, the purpose for which it is collected, national guidelines and regulatory requirements, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
EEA RESIDENTS RIGHTS
If you are a resident of the European Economic Area, you have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to receive a copy of the personal information we hold about you in a commonly used and machine-readable format;
- the right to opt-out of receiving direct marketing messages;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the blocking or deletion of your personal information where the processing does not comply with applicable data protection laws.
However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the ‘Contacting us’ section below.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
LINKS TO OTHER WEBSITES OR APPS
PROTECTION OF CHILDREN AND MINORS UNDER EIGHTEEN (18)
Our Service is intended for use by persons 18 years of age and older. We do not knowingly collect or use any personal information provided by children or minors under the age of eighteen (18). If you are a parent and become aware that a child or minor under the age of eighteen (18) has provided us with Personal Information, please contact us using the information below “Contacting us” and we will take reasonable steps to delete the minor’s information from our active databases. We reserve the right to check our user base from time to time and remove users whom we have grounds to believe are in fact minors, including without limitation, restricting those user accounts, or deleting them, as we may deem appropriate.
IF YOU ARE A CHILD OR A MINOR UNDER THE AGE OF EIGHTEEN (18), PLEASE DO NOT PROVIDE US WITH ANY PERSONAL INFORMATION.
CHANGES TO THIS NOTICE
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the top of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information. We may contact you by email to notify you of any significant changes.