Privacy policy, last updated 27th November 2020
INTRODUCTION
Vital Signs Solutions Limited (collectively, ‘Vital Signs Solutions,’ ‘we,’ ‘our’ or ‘us’) is developing innovative products that enable users to monitor and manage their health (‘self-management’), and assist users in making positive lifestyle changes to control or help prevent diseases, including but not limited to diabetes and cardiovascular disease (collectively our ‘Services’).
PocDoc
Our core PocDoc product consists of a test (the ‘PocDoc Test’), which users purchase from our webshop which is hosted on Shopify Inc. Users undertake a PocDoc Test with a sample of their blood, and then upload a picture of their test result to the ‘PocDoc App,’ together with their Personal Data, health and other information. This information may differ subject to which PocDoc Test you purchase but could include some or all of:
· Contact information;
· Date of birth;
· Geographic location;
· Vital statistics, e.g. height, weight;
· Symptoms associated with the PocDoc Test being used; and
· Elements of existing medical history and health as it relates to the PocDoc Test being conducted.
Your test result, Personal Data and information will be securely stored on our servers and will be processed by us. You may access your results via the PocDoc App or via your personal account at https://www.mypocdoc.co.uk. Your account with us is only accessible to you when logged in to your account using your email address and password. You may receive recommendations and support to enable you to make positive lifestyle changes.
Covid-19
Our technology application can also allow users to upload their results from Covid-19 antibody and or antigen tests. Users buy a Covid-19 antibody or antigen test device from one of the manufacturers that is collaborating with us (the ‘Covid Test’), which they then use to test a sample of their blood. The user then uploads their test result to the ‘Covid App,’ together with an image of the test, their Personal Data and other information. Information collected under this app may be shared with the health service, and aggregated reports without your personal data will be shared with the testing manufacturer.
Personal Data
Vital Signs Solutions is committed to ensuring the privacy of its customers, users, suppliers, employees and other stakeholders. It is important that you read this Privacy Policy carefully together with our Terms and Conditions, and any other information provided to you to understand our policies and practices regarding your Personal Data (as defined below) and how we will treat it.
Any Personal Data you enter into either of our Apps, and your test results, is stored securely on our servers in the United Kingdom. You are able to access your test results either on your smartphone or from your secure account via our Website.
This Privacy Policy applies to the websites https://www.vitalsignssolutions.com and https://www.mypocdoc.co.uk (collectively the ‘Websites’); and to the associated PocDoc App and Covid App, collectively referred to as the ‘Apps’ which are used to upload pictures of your test result from the PocDoc and Covid Tests, and to process your Personal Data and information in order to provide our Services.
Our Apps are available via various platforms such as the Apple iTunes Store, Amazon App Store and Google Play (‘App Store’). You should make sure that you read the privacy policy provided by the App Store to understand how your Personal Data (including payment information) may be processed when making a purchase.
You should also read the privacy policy on the Shopify website to understand the implications for your Personal Data when you place an order for our Tests online.
By using our Apps, Websites and Services you must be willing to be bound by the data practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, then we cannot make our Apps and Websites available to you and you should stop accessing and using them.
This Privacy Policy also applies to Vital Sign Solutions’ employees.
IMPORTANT INFORMATION AND WHO WE ARE
The data controller is Vital Signs Solutions Limited a company registered in England and Wales under number 09768347 with its registered office at Unit 25 Milton Road, Cambridge Science Park, Cambridge, England, CB4 0FW.
This Privacy Policy explains how we collect and use your Personal Data and is provided in accordance with our obligations under applicable privacy and data protection law, including Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (‘Applicable Data Protection Law’).
For the purposes of this Privacy Policy, the term ‘Personal Data’ means any information which identifies you or which allows you to be identified when combined with other information. It does not include data where your identity has been removed (‘Anonymised Data’). For the purposes of Applicable Data Protection Law, Vital Signs Solutions Limited is a data controller processing personal data.
INFORMATION WE COLLECT AND HOW
Operation of Our Websites and Apps
When you use our Websites, Apps and Services, we may collect certain Personal Data, or personal information that can be used to identify you. A list of the information we collect from you is provided in the Introduction section of this policy on the first page.
Any data that does not enable you to be identified will not be considered Personal Data.
Vital Signs Solutions may collaborate with clinicians or other healthcare professionals and you may consent and or request your information to be shared with these groups who will analyse your results and could provide you with further information and support. This could include a consent and or request to share your information with your own personal clinician.
If you are using our Covid App, we may share your Personal Data with Public Health England (PHE). We will ask for your consent (via a tick box on your App) before sharing any of your Personal Data with PHE, third party clinicians, or other healthcare professionals, including your general practitioner.
We may also collect Personal Data automatically, or from third-party partners or services. The Personal Data we collect includes:
Basic Identifiers and Contact Information
We collect some information from you when you provide it to us directly, such as via an email or online form, through the support feature embedded in our Apps, or through another form of inquiry. This information may include your name, email, and phone number as well as other information.
Device Information
When you download and use our Apps and access our Services, we automatically collect information on the type of device you use, operating system, resolution, application version, mobile device identifiers (such as your device ID, advertising ID), language, time zone and IP address.
Usage Information
We collect information automatically about your activity through the Apps, such as the date and time you use the Apps, features and Services you have used, your in-app purchases history, subscriptions, your interaction with advertisements, and data generated when you use our Apps.
Location and Other Information
We may collect, with your consent, other information such as precise geolocation (latitude and longitude) using information including GPS, Bluetooth or Wi-Fi connections.
Information we obtain from third parties
We may receive information about you from our third party service provider (principally Google Analytics), who collect this information through our Websites in accordance with their own privacy policies.
Health data and special category data
The information you provide when using our Apps and Website may include health-related information such as details of pre-existing conditions, medications, vital signs, dietary information, personal notes or any other information uploaded to the Apps. Such categories of data may be considered Special Categories of Personal Data for the purposes of the Applicable Data Protection Law unless they are adequately anonymised. By agreeing to the Terms and Conditions you give Vital Signs Solutions consent to process your Special Category Data.
Aggregated Anonymised Data
The information we collect from you may be combined with information provided by others, but only in an anonymised format, to produce aggregated anonymised data sets for research purposes. We refer to this combined data as ‘Aggregated Data.’ Aggregated Data is not considered to be Personal Data as it does not reveal your identity.
Aggregated Data may be used for the operation of our Apps and the Services we provide to you, and to provide general statistics regarding use of our Services. We may also use such anonymised Aggregated Data and provide it to third parties for medical research purposes.
However, if you or we combine or connect Aggregated Data with any of your Personal Data that enables you to be directly or indirectly identified, we will treat such data as Personal Data to be used in accordance with this Privacy Policy.
USE OF COOKIES AND GOOGLE ANALYTICS
Vital Signs Solutions’ Websites may use ‘cookies’ and similar technologies to enhance the users’ experience when using the Websites. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. Our Websites use cookies and similar technologies to distinguish you from other users. This helps us to provide you with a good experience when you browse our Websites and allows us to improve our Websites. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Websites may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.
We use Google Analytics. The information generated by the Google Analytics cookie (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our websites and/or services compiling reports on activity and providing other services relating to activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf.
PROVIDING PERSONAL DATA TO THIRD PARTIES
You should be aware that when using our Website and Apps, you are providing your Personal Data to third party providers. Any charges for using our Apps and our tests are administered by the App store used to download our Apps, and the Shopify web-shop used to purchase our tests. We recommend that you refer to the privacy policies of the relevant App store and Shopify, to make sure you understand how your Personal Data, including your financial Personal Data, may be used when you purchase Apps and Tests.
CHILDREN UNDER FOURTEEN
We do not knowingly collect personally identifiable information or Personal Data from children under the age of fourteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use our Websites or Apps.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We may collect and use your personal information and Personal Data to operate our Websites and Apps.
The legal bases we rely upon to use your Personal Data may include the contract we have with you, your consent and our legitimate interests, or where we need to comply with a legal or regulatory obligation. Please contact us if you require further details concerning the specific legal ground(s) we are relying on to process your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We offer here non-exhaustive examples of the ways in which we use your Personal Data and the legal bases we may rely upon to do so:
● To provide and maintain our Services, including to register you as a new user, recognise you when you return to our Apps, and perform essential business operations, our legal basis for processing is performance of a contract with you which you entered into with us when you download our Services and accept our End User License Agreement.
● To administer our Apps and Services (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data), our legal basis for processing is legitimate interests for running our business, provision of administration and services.
● We may use your Personal Data if you apply for employment with us, processed under consent and then under contract if you become employed by us.
● We may also use your Personal Data to inform you of other products or services that we and/or our business partners provide. We may also contact you via surveys to conduct research about your opinion of our Websites, Apps, and Services.
PURPOSES FOR WHICH WE WILL SHARE YOUR PERSONAL DATA
We may share your Personal Data for certain purposes with our business parties or affiliates in accordance with Applicable Data Protection Law, as set out below.
Sharing with our service providers and partners
We may share your Personal Data with our third party business service providers who perform functions on our behalf. These may include:
● Health professionals/clinicians;
● IT service providers and system administrators;
● Data hosts and providers of programming or technical support;
● Professional advisers including lawyers, bankers, auditors;
● Healthcare providers or researchers (generally they would be receiving anonymised Aggregated Data for medical research purposes which is not personal data, but if it is pseudo-anonymised it can return to being personal data); and
● Third-party analytics partners to analyse website traffic and understand customer needs and trends or our third-party marketing service providers to help us to communicate with.
For corporate transactions
We may transfer your Personal Data if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.
When required by law
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce legal rights
We may also share Personal Data: (i) If disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
Cross-border data transfers
Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have provided appropriate safeguards to ensure that their level of data protection is in agreement with this privacy policy and applicable law, for example in accordance with the rules and procedures known as the EU-US Privacy Shield, or under contractual provisions which have been deemed by the European Commission to provide sufficient safeguards for Personal Data.
We will ask for your consent before transferring your Personal Data outside of the EEA.
DATA SECURITY
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Your account username is your email address. Your email address and password, and all of the data you upload and enter into our Websites and Apps is transmitted in encrypted form and is securely stored on Amazon Web Servers (AWS) servers in the United Kingdom. We do not disclose your account details, or email addresses to anyone except when legally required to do so. However, it is your responsibility to keep your password secure.
You must ensure that you chose a secure password when you open an account to use our Websites and Apps. It is your responsibility to follow the guidance provided when setting passwords follow the guidance provided.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
DATA RETENTION
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Your Personal Data, image of your test and the results from that test will be processed as soon as you upload them to the App. Your Personal Data will be retained for at least ten years.
Should you opt out of using our Apps and services you will be able to re-join and access your Personal Data within three months.
Your Personal Data will be reviewed regularly and at least once every year for relevance. Any Personal Data deemed no-longer relevant is deleted.
If we have taken steps to anonymise your personal data (so that it can no longer be associated with you) we may use this indefinitely for analytical, research and statistical purposes and to help us to improve our products and services.
YOUR RIGHTS
Your right to withdraw consent at any time
Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact Vital Signs Solutions using the contact details provided at the end of this privacy policy. This will not affect the lawfulness of any processing carried out before you withdraw, nor ongoing contractual or other obligations requiring us to process data for example due to a court ordered law enforcement request.
Your right to access the Personal Data we hold about you
You have the right to make a request to access your Personal Data collected through our Websites and Apps (known as a “Data Subject Access Request” or “SAR”).
We aim to respond electronically to all SARs within one month. In circumstances where it may take us longer than one month to respond (for example if your request is particularly complex or if you have made a series of requests), we will notify you. We do not charge a fee for responding to a SAR. However, we may charge a reasonable fee if your SAR is manifestly unfounded or excessive.
Other rights
Right of rectification - You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
Right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
Right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
Right to data portability – You have the right to ask that we transfer your Personal Data to another organisation, or to you, in certain circumstances.
OPT-OUT & UNSUBSCRIBE
We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from us by contacting us or selecting the “Unsubscribe” option on their email.
CHANGES TO THIS PRIVACY POLICY
We may occasionally update this Privacy Policy to reflect company and customer feedback and any changes in data protection regulations. We encourage you to periodically review this Privacy Policy to be informed of how we are protecting your information.
CONTACT INFORMATION
Vital Signs Solutions Limited welcomes your questions or comments regarding this Privacy Policy. If you believe that we have not adhered to this Privacy Policy, please contact us at info@vitalsignssolutions
Vital Signs Solutions Ltd.,
Unit 25 Milton Road, Cambridge Science Park, Cambridge, CB4 0FW, United Kingdom
Questions, comments and requests regarding this privacy policy are welcome and should be addressed to the Data Protection Officer at our address given above.
We ask that you try to resolve any issues with us first, although you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information.
The ICO is the UK regulator for data protection and upholds information rights. Vital Signs Solutions is registered with the ICO with registration number ZA762054.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510