Privacy Policy & Terms and condition
Terms and conditions about the sleep and health clinic….
Introduction
This is the privacy policy of Sleep and Health Clinic. We are legally required to provide you with certain information because we process your personal data. We understand the Clinic that processes a significant amount of your sensitive (special) personal data at what may be a stressful time and this privacy policy is here to show we care about your personal data, that you can trust us with it and that you have control over your personal data. If you have a questions and they are not answered by this Privacy Policy please contact DPO@sleepandhelath.org, we will try to answer your questions.
How we process personal data is regulated by UK law, and the UK Regulator is the Information Commissioner’s Office know at the ICO, https://ico.org.uk/. We have built a glossary of terms here (click) so you understand what all the terms mean, where possible we use the definition in the legislation. To understand how to secure your personal data we have written a section called You and your Personal Data, keeping it safe.
This privacy policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage, it is only for Sleep and Health Limited UK. It also describes the choices available to you regarding our use of your Personal Data and how you can access and update your personal data.
We use the term “Risk Factors” and so does the medical profession, the “Risk Factors” are a combination of your healthcare data used to monitor you pregnancy, and these important indicators collectively are known as your “Risk Factors”, if all your Risk Factors are within track, your pregnancy is viewed as /low risk’.
We have a Data Protection Officer and he can be contacted on DPO@sleepandhealth.org.
Purposes of processing personal data
Sleep and Health Limited UK (“we”, “us” or “our”) is the Data Controller, we determine the purposes and means of the processing of your personal data. You are called the user (“you” or “your”) or Data Subject. You will often see the term Data Subject used, it means the person whose personal data it is and describes.
Processing of your personal data and lawful basis
The app processes four types of personal data on your smart device and on our server located within the UK. Personal data, so we can identify, contact you, administer the app and provide security to your data, for example:
Personal details such as name, country of residence, etc.
Contact details such as mobile number, email address, address, etc
Personal healthcare data, to provide sleep services:
The lawful bases for processing and transferring your personal data with Sleep and Health Limited in the UK are governed by the 2018 UK Data Protection Act (since that is where our server is located) are:
- Personal Data and Personal Location Data – Consent (explicit)
- Personal Healthcare Data – Explicit Consent
- Personal Ethnic Data – Explicit Consent
Transfer Personal Data back and forth form our servers to you mobile device where ever it is located – Explicit Consent
Emergency Contact Details – Legitimate Interests of the Data Controller
We use consent as lawful basis for Personal Data so that if you withdraw consent your personal data will be erased unless there are additional factors for example an insurance claim, and because explicitly by registering on this app you are be revealing personal healthcare data.
Managing personal data
You can update core personal data within the app, and add to your history through the input screens. When you enter certain data it’s cross-checked against a range of acceptable values to avoid you missing keys personal data, or keying errors, the app will prompt you to confirm or rekey the data.
We do prevent changes to some personal data to preserve the history. If you wish to amend this personal data please email admin@sleepandhealth.org. There are legal restrictions and obligations on erasing personal data, for example when it is used in an insurance claim and we may not be legally able to erase your data. We endeavour to follow your requests, please contact DPO@caretekmedical.net if you have any questions.
Other people’s personal data
With the exception of your emergency contact details or , we will not accept any other person’s personal data.. We treat people’s personal data with respect and impose high professional standards with regards to confidentiality, please be careful when recording your diary entries not to include other people’s data that includes their names.
Recipients of your personal data
We do not transfer your personal data to any other third parties. We have Data Processors, processing the data on our written instructions and they are located in the UK.
Retention Policy
If you do not exercise your rights to erase the data we will retain and process your Personal Data to comply with our legal obligations, resolve disputes, and enforce our agreements and allow you to come back to us. We may use any aggregated data derived from or incorporating your Personal Data after you update, but not in a manner that would identify you personally. Once the retention period expires, Personal Data shall be deleted, but not this aggregated data. The right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
Data transfer and storage
Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. Our servers are located in the UK.
The rights and freedoms of users.
You have a set of rights and freedoms in 2018 UK Data Protection Act these are. You have a right to complain about our data processing to the local country Supervisory Authority and they are the ICO and can be found here:https://ico.org.uk/
Privacy of children
We do not knowingly collect any Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Data through our Mobile Application or Service without their permission.
If you have reason to believe that a child under the age of 13 has provided Personal Data to us through our Mobile Application or Service, please contact us (DPO@sleepandhealth/org). You must also be at least 16 years of age to consent to the processing of your Personal Data in your country (in some countries we may allow your parent or guardian to do so on your behalf).
Newsletters (not during this release)
In compliance with the legislation, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender and unsubscribe. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.
We offer electronic newsletters to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section. We will maintain the data sent via e-mail in accordance with applicable laws and regulations.
Information security
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Data in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed, especially free Wi-Fi. Therefore, while we strive to protect your Personal Data, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Mobile Application cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
Personal Data Breach
In the event we become aware that the security has been compromised or users Personal Data has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a personal data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do notify you, we will send you an email.
Legal disclosure
We will disclose any data we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and Personal Data will be among the assets transferred.
Changes and amendments to this privacy policy
We may update this Privacy Policy from time to time in our discretion and will notify you of any material changes to the way in which we treat Personal Data. When changes are made, we will post a notification in our Mobile Application. We may also provide notice to you in other ways in our discretion, such as through contact information you have provided. Any updated version of this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. Your continued use of the Mobile Application or Services after the effective date of the revised Privacy Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your explicit consent, add a new purpose or use your Personal Data in a manner materially different than what was stated at the time your Personal Data was collected.
Acceptance of this policy
You acknowledge that you have read this Policy and agree to all its terms and conditions. By using its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access our Services.
Contacting us
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to DPO@sleepandhealth.org.
Glossary of Terms
Definitions (Where possible the definitions are taken from the legislation)
Data Controller
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Sleep and Health Clinic Limited UK (“Caretek Medical Limited UK”, “we”, “us” or “our”) is the Data Controller.
Data Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Subject
‘Data subject’; an identifiable natural person is one who can be identified, directly or indirectly. It has to be a living person.
Personal Data
‘Personal Data’ Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Healthcare Data or Data concerning health
‘Data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Personal Ethnic Data
‘Personal data’ revealing racial or ethnic origin.
Location Data or Geolocation Data
‘Geolocation data’ means data taken from a user’s device which indicates the geographical location of that device, including GPS data or data about connection with local wifi equipment.
Personal Data Breach
‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
Biometric Data
‘Biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
Genetic Data
‘Genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
Healthcare professional
‘ Health professional’ means a doctor of medicine, a nurse responsible for general care, a dental practitioner, a midwife or a pharmacist within the meaning of Directive 2005/36/EC, or another professional exercising activities in the healthcare sector which are restricted to a regulated profession as defined in Article 3(1)(a) of Directive 2005/36/EC, or a person considered to be a health professional according to the legislation of the Member State of treatment.
You and your Personal Data, keeping it safe
Thank you for reading this section, we care about keeping your personal data safe and secure. In this section we would like to explain some of “facts of life” about personal data that should help you when accessing and using your personal data. We are going to try and answer some important questions for you.
To start with, what is personal data?
Personal data is any information or combination of information that can be used to identify you, and that is defined in law. It also includes not just information held now, but any information that might be held in the future and the combinations of information that can be used to identify you.
Whose data is it?
Your personal data belongs to you and you “lend” it out for processing so other people or organisations can provide products or services to you. The length of time you lend it out can be for the time whilst they provide you the product or service, other lengths of time can be defined in law, or what’s reasonable and in a very few small cases it can be until you die, for example for with the NHS or Taxman.
Why is it so important?
Your personal data has a value, a monetary value now, but a potential value in the future, if misused. For example your personal data can be used to steal your identity, and set up a bank account, or even get illegal immigrants into this country on your passport data, it can be worth many thousands of pounds. The top three ways it can be used against you are, 1) discrimination, 2) identity theft or fraud, and 3) financial loss. There are other ways your personal data can be used against you, but it all results in harm against you personally.
Personal data can be classified into types of personal data, and the impact or the risk to on you if gets misused, here is a simple table to help you:
Types of personal data Examples of the Data Risk and explanation
Personal communication data Name, email address, mobile number Low risk – it is often in the public domain and needs to be combined with other personal data to become a threat, can cause distress Personal healthcare data Health status, covering physical or mental health, medical condition, or information on the provision of health care services Very high risk – can cause discrimination
Personal racial/ethnic data Racial, ethnic or family background. Very high risk – can cause discrimination, resulting in financial loss, reputational damage and distress Personal financial data Credit card number, bank account number, card security code. High risk – identity fraud, financial loss, reputational damage and distress
Personal identity data Passport, Driver’s License, Personal ID, Very High risk – identity theft or fraud, financial loss, reputational damage and distress As a result you should keep all personal data secure, but some personal data more secure than others, and be very careful giving digital copies to friends and posting it on social media. It may be easy to do, but please be careful, once it is out there it may be out there forever and could harm you for many years to come.
But what do you do in this world where everyone is asking for your personal data? Here are some ideas to protect you from a) discrimination, b) identity theft or fraud, c) financial loss and other types of harm. Always think in the digital world that you never will be able to get it back if you post it on social media. Don’t ever post copies of ID cards or Passports on social media, and if some company asks for this, ask why. Keep them more secure than your bank cards.
Don’t post copies of personal data on your health and any healthcare, or ethnicity on social media, unfortunately it will often be used to discriminate against you. Only give this data to people who can justify processing it. Do not use a shared computer access the app, for example in an internet café. Finally we would like to remind you that personal data with a healthcare professional should always been confidential and kept secret. Unfortunately some healthcare professionals in their day to day work deal with so much personal data they get complacent, and do not treat it securely as they should do.
It is your personal data and if you are ever uncomfortable with how they act with your personal data you should ask them about their privacy and security policies. If you are not happy raise it with them, the ICO has some very good advice here: https://ico.org.uk/your-data-matters/raising-concerns/.Good luck and if you have any questions about your personal data please do not hesitate to contact DPO@caretekmedical.net Keep your personal data safe, it’s valuable, if you don’t, how can you expect others to!
Cookie Policy
The Sleep and Health Clinic website uses cookies. The cookies are not necessary for the use of the website. You will be asked to consent to the use of cookie when you first visit the website.
USE OF COOKIES
A “cookie” is a string of information which assigns you a unique identifier that we store on your computer. Your browser then provides that unique identifier to use each time you submit a query to the Site. We use cookies on the Site to, among other things, keep track of services you have used, record registration information, record your user preferences, keep you logged into the Site, facilitate purchase procedures, and track the pages you visit. Cookies help us understand how the Site is being used and improve your user experience.
TYPES OF COOKIES
The following types of cookies may be used when you visit the Site:
Advertising Cookies
Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.
Analytics Cookies
Analytics cookies monitor how users reached the Site, and how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.
Our Cookies
Our cookies are “first-party cookies”, and can be either permanent or temporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Site.
Personalization Cookies
Personalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Site.
Security Cookies
Security cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties.
Site Management Cookies
Site management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser.
Third-Party Cookies
Third-party cookies may be place on your computer when you visit the Site by companies that run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.
CONTROL OF COOKIES
Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.
For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies, or visit the following links:
Apple Safari
Google Chrome
Microsoft Edge
Microsoft Internet Explorer
Mozilla Firefox
Opera
Android (Chrome)
Blackberry
Iphone or Ipad (Chrome)
Iphone or Ipad (Safari)
In addition, you may opt-out of some third-party cookies through the Network Advertising Initiative’s Opt-Out Tool.
OTHER TRACKING TECHNOLOGIES
In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Site to help customize the Site and improve your experience. A “web beacon” or “pixel tag” is tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages and viewed emails, and acquire other statistical data. They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined. However, you can limit their use by controlling the cookies that interact with them.
