Effective date: May 26th 2020.
The primary purpose of the mySymptoms Consumer App is to enable users to monitor their food intake and symptoms, then to share their symptoms and other data inputted into the Consumer App with their clinician if they choose to do so. The Consumer App seeks to operate on an anonymised basis, meaning it is not designed to store or process your personal data in a form that identifies anyone.
SkyGazer Labs seeks to operate on the basis that it does not process your personal data. To do this, we require that your account is registered with an anonymous username, unique to mySymptoms, that doesn't personally identify you. Furthermore, personally identifiable data must not be entered into the Consumer App. Both of these conditions are put in place to protect your privacy.
Any data you enter into the Consumer App is stored securely in your account and is only accessible to you when logged in to your account using your anonymous username and password. Optionally, you can also share or revoke access to your data with your clinicians at any time. They can only identify your account if you provide them with your anonymous username which they can then de-anonymise your personal and they can associate it with your real name on their systems.
It is always sensible though to explain how we would process personal data, so in circumstances where certain personal data may be processed this policy will apply.
The data controller is SkyGazer Labs Ltd. a company registered in England and Wales under number 07287061 with its registered office at Lakin Rose, Pioneer House Vision Park, Histon, Cambridge, Cambridgeshire, United Kingdom, CB24 9NL
When you use our Platform and Services, we may collect certain Personal Data or personal information that can be used to identify you.
The information you upload to the Consumer App will not be considered Personal Data so long as you upload your information using a username which does not enable you to be identified. Your anonymised personal information is stored on our provider's servers in Ireland.
If you request your information to be shared with clinicians or other healthcare professionals, your information will be securely shared from servers in Ireland to the Clinic App. Following your request, the clinician will receive an invitation from the Consumer App. Local cookies on the Clinic App will enable your information to be de-anonymised, at which point it will be considered Personal Data. Only your clinician will be able to view your de-anonymised information. We will not be able to view your de-anonymised information. If you choose to share your information with your clinician, you need to agree with your clinician that they may process your Personal Data and they will be considered the Data Controller for the information that is then in their possession. You must be satisfied that your clinician will hold and process your Personal Data in a legal and acceptable way, we cannot control their use once you share your data.
We may also collect Personal Data automatically, or from third-party partners or services. The Personal Data we collect includes:
We collect some information from you when you provide it to us directly, such as via an email or online form, through the support feature embedded in our Services, or through another form of inquiry. This information may include your name, email, and phone number as well as other information. Please note that We do not link and store your name or email address with any information you upload: Your name and email address are stored separately.
When you download and use our Services, we automatically collect information on the type of device you use, operating system, resolution, application version, mobile device identifiers (such as your device ID, advertising ID), language, time zone and IP address.
We collect information automatically about your activity through our Services, such as the date and time you used a service, features you have used, your in-app purchases history, subscriptions, your interaction with advertisements, and data generated when you use our Services.
We may collect, with your consent, other information such as precise geolocation (latitude and longitude) using information including GPS, Bluetooth or Wi-Fi connections.
The information you provide when using our Services may include health-related information such as details of symptoms, medications, dietary information, personal notes or any other information uploaded to the Platform. Such categories of data may be considered Special Categories of Personal Data for the purposes of the Applicable Data Protection Law unless they are adequately anonymised.
The anonymised information we collect from you may be combined with the information provided by other anonymous users to produce aggregated anonymised data sets for research purposes. We refer to this combined data as "Aggregated Data." Aggregated Data is not considered to be Personal Data as it does not reveal your identity.
Aggregated Data may be used for the operation of the Platform and the Services we provide to you, and to provide general statistics regarding use of our Platform and Services. We may also use such anonymised Aggregated Data and provide it to third parties for medical research purposes.
We use Google Analytics. The information generated by the Google Analytics cookie (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our websites and/or services compiling reports on activity and providing other services relating to activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google's behalf.
We do not knowingly collect personally identifiable information or Personal Data from children under the age of fourteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use our Platform or Services.
We may collect and use your personal information and Personal Data to operate our website and Platform, and to provide the Services you have requested.
The legal bases we rely upon to use your Personal Data may include the contract we have with you, your consent and our legitimate interests, or where we need to comply with a legal or regulatory obligation. Please contact us if you require further details concerning the specific legal ground(s) we are relying on to process your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We offer here non-exhaustive examples of the ways in which we use your Personal Data and the legal bases we may rely upon to do so:
To provide and maintain our Services, including to register you as a new user, recognise you when you return to our Apps, and perform essential business operation, our legal basis for processing is performance of a contract with you which you entered into with us when you download our Services and accept our End User License Agreement.
To administer and protect our Services (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data), our legal basis for processing is legitimate interests for running our business, provision of administration and services.
We may use your Personal Data if you apply for employment with us, processed under consent and then contract if you become employed by us.
We may also use your Personal Data to inform you of other products or services that we and/or our business partners provide. We may also contact you via surveys to conduct research about your opinion of our Platform and Services.
We may share your Personal Data for certain purposes with our business parties or affiliates in accordance with Applicable Data Protection Law, as set out below.
We may share your Personal Data with our third party business service providers who perform functions on our behalf. These may include:
We may share or otherwise "sell" information with advertising partners who distribute advertising in our Services.
We may transfer your Personal Data if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
We may also share Personal Data: (i) If disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We will ask for your consent before transferring your Personal Data outside of the EEA. You may provide your consent by clicking the 'consent box' which will appear on the Consumer App interface when you make a request which requires any such transfer of your Personal Data outside of the EEA.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Your passwords are stored in the mySymptoms' database in encrypted form. We do not disclose your account details, or email addresses to anyone except when legally required to do so. However, it is your responsibility to keep your password secure.
You must ensure that the username you create to upload your data to the Consumer App does not enable your data to be personally identified. If you request your information to be shared with clinicians or other healthcare professionals, your information will be securely shared from servers in Ireland to the Clinic App. Local cookies on the Clinic App will enable your information to be de-anonymised.
Information between your browser/App and the Platform is transferred in encrypted form using Secure Socket Layer (SSL). When transmitting sensitive information, you should always make sure that your browser can validate the Platform's certificate.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will keep your Personal Data for at least six years from the date of the last interaction for insurance and liability purposes. Should you opt out of using our Services you will be able to re-join and access your Personal Data within six years.
The retention of your Personal Data will be reviewed regularly and at least every six years for relevance. Any Personal Data deemed no-longer relevant is deleted.
Where we have taken steps to anonymise your personal data (so that it can no longer be associated with you) we may use this indefinitely for analytical, research and statistical purposes and to help us to improve our products and services.
You have the right to make a request to access your Personal Data collected through our Platform and Services (known as a "Data Subject Access Request" or "SAR").
We aim to respond electronically to all SARs within one month. In circumstances where it may take us longer than one month to respond (for example if your request is particularly complex or if you have made a series of requests), we will notify you. We do not charge a fee for responding to a SAR. However, we may charge a reasonable fee if your SAR is manifestly unfounded or excessive.
You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
You have the right to ask us to erase your Personal Data in certain circumstances.
You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
You have the right to object to the processing of your Personal Data in certain circumstances.
You have the right to ask that we transfer your Personal Data to another organisation, or to you, in certain circumstances
We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from us by contacting us or selecting the "Unsubscribe" option on their email.
We ask that you try to resolve any issues with us first, although you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at any time about our processing of your personal information.
The ICO is the UK regulator for data protection and upholds information rights.Information Commissioner's Office