Scope and Purpose of this Policy
MyKitCheck® (“we”) is committed to protecting the privacy and personal information of all users of our websites, mobile applications, features or other services (together, the “Services”).
Our Services, from time to time, contain links to and from websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and are not covered under this policy.
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), we are the “data controller” or “data processor” of personal information you provide us with. Whether we are “data controller” or “data processor” is dependent on how you interact with our Services. For example, where we provide the Services under contract with an organisation (i.e. your employer) that organisation is the data controller and we are the data processor for information running over the Services. More information on this can be found in guidance from the ICO.
We use your information in accordance with all applicable laws concerning the protection of personal information.
This policy explains:
- What information we may collect about you
- How we may use that information
- The legal basis of collecting and using this information
- In what situations we may disclose your details to third parties
- Our use of internet cookies
- How we keep your personal information secure and how long we maintain it
- Your rights regarding your personal information
What information we collect about you
We may collect and process the following data about you:
Information you provide to us:
- Submitted information such as information that you provide by filling in forms on our Services. This includes information provided at the time of registering to use our mobile applications, subscribing to any of the Services, all content and other material that you post in your use of the Services. You must never use any Service to collect or store any information (including notes, comments, images or any other content) from which any patient or other individual may be identified, and you must never input information like this onto our Services
- Submitted information such as information provided by your organisation (i.e. your employer)
- Records of any correspondence with you
- Records of your responses in case you complete any surveys sent by us
Information created when you use our Services:
- Information about the device you are using to access the Services
- Details of your use of the Services including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access
- Log information of when you use the Services, including but not limited to internet protocol (IP) addresses, internet service provider (ISP), clickstream data, browser type and language, viewed and exit pages, location and date or time stamps
- Unique application numbers: when you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.
How we may use that information
We use the information we collect:
- To provide you with access to and improve the Services, creating a better experience for our users in future versions of the Services. This includes anonymously tracking and reporting users’ activity inside the Services for analytics purposes.
- To communicate with you about new features, services, studies, surveys, news, updates and to give you notice of service disruptions.
- To enhance the safety and security of our users and services – using device, location, profile, usage and other information to detect any unusual patterns and prevent any security breaches.
The legal basis of collecting and using this information
There are four main bases under which we may collect and use your data:
When your organisation enters into a contractual relationship with us, we need to process and store some personal data in order to perform on the contract. For example, we need your name, email or telephone number to contact you were it necessary concerning our Services, such as to resolve issues you may have. If you have been involved in contractual/financial processes for Distinctive Medical via your organisation, we could contact you when the contract renewal date is nearing or in the case of problems with your payment.
In certain situations, we collect and process your personal info for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way.
We may be required to collect, process, disclose and retain some personal information due to legal requirements.
With your explicit consent
For any situations where the three bases above are not appropriate, we will instead ask for your explicit consent before collecting, processing and retaining your personal information in that specific situation. You can contact us to withdraw this consent at any point.
Disclosing your details to third parties
We share information with our service providers. This includes for example cloud storage providers, accountants and other professional services providers.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies)
We do not sell or share your personal information with third parties for marketing purposes.
Certain Services may include features which allow you to share content you have posted with other users. It is your responsibility to ensure when using these features that you do not submit any personal data or content that you do not want to be seen, collected or used by other users.
Our use of internet cookies
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device with your consent.
How we keep your personal information secure and how long we maintain it
We have appropriate safeguards (both in terms of our procedures and the technology we use) in place to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
The data that we collect from you is stored in the European Economic Area. We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless that country has been approved by the European Commission or has signed up to the EU-US Privacy Shield framework.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the sections above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Your rights regarding your personal information
Under data protection law, you have a number of rights concerning the data we hold about you:
• The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights
• The right of access: You have the right to obtain access to the information we hold on you. This will enable you, for example, to check that we are using your information in accordance with data protection law.
• The right to rectification: You are entitled to have your information corrected if it is inaccurate or incomplete
• The right to be forgotten: This enables you to request the deletion or removal of certain of the information that we hold about you
• The right to restrict processing: You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further
• The right to data portability: You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. There are exceptions to this right.
• The right to object: You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority
• The right to withdraw consent: If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time
• The right to object to processing: You have the right to object to certain types of processing, including processing for direct marketing and profiling
This policy was last reviewed in August 2019