January 28, 2020
Privacy Policy
WE ARE COMMITTED TO PROTECTING AND RESPECTING YOUR PRIVACY.
This Privacy Policy, together with our Terms and Conditions and Cookie Policy, sets out the basis on which any personal information that Healthbit Limited (registered in England with company number 07598677) of Kajaine House 57-67 High Street, Edgware, Middlesex HA8 7DD (“we”, “our”, “us”) collects from you (“your” and “you” refer to you and any person for whom a registered account has been created by you, or who uses the site on your behalf), or that you provide to us, will be processed by us and how we will treat it.
By using our Site (as defined below) you agree to the terms of this Privacy Policy. If you do not agree these terms you should not use our Site or provide us with any of your information.
For the purposes of Data Protection Legislation (meaning: (i) unless and until it is no longer applicable in the UK, the Data Protection Act 1998; (ii) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iii) any successor legislation to the GDPR or the Data Protection Act 1998), Healthbit Limited is the data controller of your personal information.
Information that we may collect from you
We may collect and process the following personal information about you for or in relation to the Healthbit website (the “Website”) and our related mobile application (comprising software, data and media) (the “App“). References in these Terms and Conditions to the “Site” mean, together, the Website, the App and all related content, media and underlying software and technology, including any future updates to any of them:
-
information that you provide by filling in forms on our Site. This includes information provided at the time of registration, including profile details obtained from other trusted identity providers that you select when registering or logging into our Site (such as Google, Facebook, Twitter, Windows Live, Yahoo and others);
-
if you contact us, we may keep a record of that correspondence;
-
information that you provide when interacting with the “Tracker” part of the Site, or other similar or related surveys;
-
personal health information, posts or other data that you upload to the Site;
-
prescription and adverse drug reaction information you might provide on the Site;
-
information provided by you in order to use any of the various tools on the Site, e.g. the treatment reminder tool;
-
information provided by you when you participate in any forum, discussion board or other social media function on the Site;
-
information collected through third party health, fitness or other applications (including, but not limited to, from wearable devices) which you link to your account with us;
-
details of your visits to the Site including, but not limited to, traffic data, location data, weblogs interaction data and other communication data, the resources that you access;
-
information that you provide when you report a problem with the Site;
-
preferences you have selected in order to personalise the Site for you;
-
the IP address of the device you use to access the Site; and
-
technical information including: for the Site, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and; for the App: the type of mobile device you use, your mobile operating system, the type of mobile browser you use and your time zone setting.
Use of personal information
To the extent that processing of your personal information is necessary in order for us to provide a service you have requested under a contract we have with you, we rely on that contract as the legal basis on which we process your personal information.
Otherwise, we rely on your consent as the legal basis on which we process your personal information. We will seek your consent when you register for the Site and we may seek further consents from you from time to time on the Site or by contacting you in other ways, including by email.
We process personal information about you in relation to our Site for the following purposes and in the following ways:
-
providing you with our services and enabling you to use the Site and the features available on or through the Site;
-
tailoring our services to your requirements and preferences;
-
providing you with links to news material and other websites which are designed to be specific to your user profile;
-
creating graphics and statements in an aggregated non-identifiable format, to provide users with graphical representations and statements about the data that you and other users have provided to the Site;
-
aggregating and anonymising (i.e. removing all identifiers which could otherwise be used to identify you) certain information about you and your use of the Site (including, for example, health or drug related data, information, posts, adverse event records and other data you upload to the Site and your browsing and Site usage history) with that of other users and sharing this with carefully selected third parties. We may not limit such third parties’ use of such aggregated information except that we do require them to agree not to seek to make such data personally identifiable;
-
recommending other users as friends that you may want to connect with based on their similarity to your user profile; and
-
presenting you with details of clinical trials and other activities that you may want to participate in
-
sending you administrative notices about your registration to, or membership of, our Site.
If we receive information about you from other sources (such as from any third party device or application you link to your account) we may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
In addition, if we or our owners undergo or propose to undergo a business transition, such as a corporate reorganisation, sale, merger or acquisition by somebody else of some or all of our shares or assets, we may share your personal information with parties connected with the proposed transaction as part of the process of those parties investigating our business and Site / App and your personal information may form part of the assets acquired by and transferred to the new party taking over the business and our Site. Any information transferred or shared in this way will remain subject to the promises given to you in the version of this Privacy Policy which applies at the relevant time, unless you agree to different terms.
Withdrawal of consent
You can withdraw your consent to any use we make of your personal information at any time by updating your privacy settings in the “manage settings” area of the Site or by contacting us in the manner set out at the end of this privacy policy. However, you cannot withdraw your consent for processing which is necessary in order for us to provide a service you have requested under a contract we have with you unless you also ask us to stop providing that service and end your contract with us.
-
“Community”, “Friends” and “Private”
-
There are three categories of interactions that you can have on the Site: “Community”, “Friends” and “Private”. The category of each post you make will affect which other Users can see that post. This is further explained on the Site.
-
Public User Content
-
Some of your posts and other data that you input to the Site (“User Content”) will be deemed to be “Public User Content” and is generally accessible by all visitors to the Site and by us. This is content that:
-
you post as a status update or tracker update and do not mark it as “Private” (this will be a “Community” or “Friends” interaction);
-
you post as a comment against another User’s post (this will be a “Community” or “Friends” interaction); or
-
you post in the open forums as a question or as part of a discussion (this will be a “Community” interaction).
Public User Content may, in addition to being processed for the purposes set out under the heading “Use of personal information” above, be processed for the purposes of posting such Public User Content on the Site and any other websites or newsletters of any description that we operate from time to time.
Marketing
The Site provides you with the opportunity to opt out of receiving marketing information from us or to opt in to receiving marketing information. We will usually inform you (before collecting your information) if we intend to use your information for marketing purposes.
You can exercise your right to prevent such processing by selecting the appropriate opt in/opt out button each time you submit a form containing your contact information on the Site. You can also exercise the right at any time by contacting us in the manner set out at the end of this privacy policy or by clicking on “unsubscribe”.
Where and how we store your personal information
Except as set out below, the information we collect from you is held on servers physically located within the UK or the European Economic Area (“EEA”).
If you ask us to link personal health and activity information collected using third party applications and/or devices to your Healthbit account, we will seek your consent to use a partner operating outside the UK and EEA to help us extract and download the information to our Site. If you do not give us your consent we will be unable to link such information to your account. If you give us your consent, by doing so you agree to the transfer, storing and processing of your information outside the UK and EEA. We will remind you of this when we seek your consent. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
We will use appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage of your personal information.
Password
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Disclosure of your personal information
-
We will not sell your personal information in a personally identifiable format to third parties without your prior consent.
-
We may share your personal information with selected third parties, including:
-
any member of our group of companies, which includes our subsidiaries, our ultimate holding company and its subsidiaries;
-
prospective and actual successors in title to our business;
-
suppliers and external agencies we engage to process information on our behalf;
-
third parties (including, but not limited to, professional indemnity insurers, brokers, auditors and other professional advisors);
-
in a non-identifiable form only, to carefully selected third parties, which may include patient charities, healthcare bodies, pharmaceutical and other research organisations (“Research Partners”); and
-
to the extent that disclosure is required by law or any regulatory authority.
-
Personal information of minors
-
Our Site is not directed to minors and we do not knowingly collect any personal information from children under 16 years of age through the Site. If you are the parent or guardian of a child under the age of 16 from whom you think we have collected personal information, please contact us. If we become aware that a child under 16 has provided us with personal information about themselves without our having received the consent of their parent or guardian, we will take reasonable steps to attempt to remove the information from our Site and terminate the child’s account.
-
Cancellation of your registration
-
If your registration is cancelled, by you or by us, this will result in the permanent deletion of your account from the Site. It will typically take up to one month to delete an account. Some information may remain in backup copies for a further 90 days. After deletion of your account, we may retain certain parts of your data so that it can be shared in aggregated, non-identifiable form with our Research Partners (as defined above). We may also retain Public User Content (for example, any posts you may have made in our forums or messages you may have shared with other users) and any messages that you may have sent to us through our Help section. We will not retain any other data about you for any other purpose after deletion of your account.
-
The internet
-
Given that the internet is a global environment, using the internet to collect and process personal information necessarily involves the transmission of information on an international basis. Therefore, by browsing the Site and communicating electronically with us, you acknowledge and agree to our processing of personal information in this way.
-
The transmission of information via the internet is not completely secure. Although we do our best to protect personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or processing.
-
Our Site may, from time to time, contain links to other websites or applications which are outside of our control and are not covered by this Privacy Policy. We do not accept any responsibility or liability for other sites’ or applications’ privacy policies. If you access other websites or applications using the links provided, please check their policies before submitting any personal information.
-
Cookies
We use cookies to help improve the Site in a variety of different ways. Please check our cookie policy for details of the cookies that we are currently using on the Site and for details of how to manage them.
Changes to our Privacy Policy
We will post any material changes that we may make to our Privacy Policy in the future on the Site, and, where appropriate, we will notify you of the change by email or by posting a notice on the Site This will ensure that you are always aware of the information we collect, how we use it and the circumstances under which we may disclose it.
Access to information
Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with Data Protection Legislation. We will respond to any valid access request within 30 days and will make available your information to you in a commonly used electronic format (normally a single csv file which may be downloaded from a link activated in your user account). To obtain a copy of the information we hold about you please contact us in the manner set out at the end of this privacy policy.
Erasure or rectification of information
Data Protection Legislation gives you the right to ask us to erase information held about you if it is no longer necessary in relation to the purposes for which it was collected or processed. You also have the right to ask us to rectify inaccurate information we hold about you or to complete incomplete information about you. Your right of erasure and/or rectification can be exercised in accordance with Data Protection Legislation. If you make a valid erasure or rectification request we will take reasonable steps to erase or rectify your information so far as required by Data Protection Legislation. However, Data Protection Legislation allows us to retain and continue processing your information in certain circumstances and if any of those circumstances apply we may continue to hold and process your information (in accordance with this privacy policy) despite your request for us to erase it. Such circumstances include (but may not be limited to) where our continued holding and/or processing of your information is necessary:
-
for exercising the right of freedom of expression and information.
-
for compliance with a legal obligation that requires processing of personal data by EU or member state law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
-
for reasons of public interest in the area of public health.
-
for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in so far as the erasure of the information would be likely to render impossible or seriously impair the achievement of the objectives of the archiving purposes in the public interest, or the scientific and historical research purposes or the statistical purposes.
-
for the establishment, exercise or defence of legal claims.