Vital Signs Solutions Limited, trading as PocDoc (collectively, ‘Vital Signs Solutions,’ ‘we,’ ‘our’ or ‘us’) is developing innovative products that enable users to monitor and manage their health (‘self-management’), and assist users in making positive lifestyle changes to control or help prevent diseases, including but not limited to cardiovascular disease and diabetes (collectively our ‘Services’).
Our core PocDoc product consists of a test (the ‘PocDoc Test’), which users may purchase from a number of sources, including but not limited to pharmacies, their workplace, other community settings and if available, this website. Users undertake a PocDoc Test with a sample of their blood, and then upload a picture of their test result to the ‘PocDoc App,’ together with their Personal Data, health and other information. This information may differ subject to which PocDoc Test you purchase but could include some or all of:
- Contact information;
- Date of birth;
- Geographic location;
- Vital statistics, e.g. height, weight;
- Symptoms associated with the PocDoc Test being used; and
- Elements of existing medical history and health as it relates to the PocDoc Test being conducted.
Your test result, Personal Data and information will be securely stored on our servers and will be processed by us. You may access your results via the PocDoc App or via your personal account, if available, at https://www.mypocdoc.co.uk. Your account with us is only accessible to you when logged in to your account using your email address and password. You may receive recommendations and support to enable you to make positive lifestyle changes.
Our technology application can also allow users to upload their results from Covid-19 antibody and or antigen tests. Users buy a Covid-19 antibody or antigen test device from one of the manufacturers that is collaborating with us (the ‘Covid Test’), which they then use to test a sample of their blood or saliva or other sample as dictated by the manufacturer. The user then uploads their test result to the ‘Covid App,’ together with an image of the test, their Personal Data and other information. Information collected under this app may be shared with the health service, and aggregated reports without your personal data will be shared with the testing manufacturer.
Any Personal Data you enter into either of our Apps, and your test results, is stored securely on our servers in the United Kingdom. You are able to access your test results either on your smartphone or from your secure account via our Website.
IMPORTANT INFORMATION AND WHO WE ARE
The data controller is Vital Signs Solutions Limited a company registered in England and Wales under number 09768347 with its registered office at Unit 25 Milton Road, Cambridge Science Park, Cambridge, England, CB4 0FW.
INFORMATION WE COLLECT AND HOW
Operation of Our Websites and Apps
When you use our Websites, Apps and Services, we may collect certain Personal Data, or personal information that can be used to identify you. A list of the information we collect from you is provided in the Introduction section of this policy on the first page.
Any data that does not enable you to be identified will not be considered Personal Data.
Vital Signs Solutions may collaborate with clinicians or other healthcare professionals and you may consent and or request your information to be shared with these groups who will analyse your results and could provide you with further information and support. This could include a consent and or request to share your information with your own personal clinician.
If you are using our Covid App, we may share your Personal Data with Public Health England (PHE). We will ask for your consent (via a tick box on your App) before sharing any of your Personal Data with PHE, third party clinicians, or other healthcare professionals, including your general practitioner.
We may also collect Personal Data automatically, or from third-party partners or services. The Personal Data we collect includes:
Basic Identifiers and Contact Information
We collect some information from you when you provide it to us directly, such as via an email or online form, through the support feature embedded in our Apps, or through another form of inquiry. This information may include your name, email, and phone number as well as other information.
When you download and use our Apps and access our Services, we automatically collect information on the type of device you use, operating system, resolution, application version, mobile device identifiers (such as your device ID, advertising ID), language, time zone and IP address.
We collect information automatically about your activity through the Apps, such as the date and time you use the Apps, features and Services you have used, your in-app purchases history, subscriptions, your interaction with advertisements, and data generated when you use our Apps.
Location and Other Information
We may collect, with your consent, other information such as precise geolocation (latitude and longitude) using information including GPS, Bluetooth or Wi-Fi connections.
Information we obtain from third parties
We may receive information about you from our third party service provider (principally Google Analytics), who collect this information through our Websites in accordance with their own privacy policies.
Health data and special category data
The information you provide when using our Apps and Website may include health-related information such as details of pre-existing conditions, medications, vital signs, dietary information, personal notes or any other information uploaded to the Apps. Such categories of data may be considered Special Categories of Personal Data for the purposes of the Applicable Data Protection Law unless they are adequately anonymised. By agreeing to the Terms and Conditions you give Vital Signs Solutions consent to process your Special Category Data.
Aggregated Anonymised Data
The information we collect from you may be combined with information provided by others, but only in an anonymised format, to produce aggregated anonymised data sets for research purposes. We refer to this combined data as ‘Aggregated Data.’ Aggregated Data is not considered to be Personal Data as it does not reveal your identity.
Aggregated Data may be used for the operation of our Apps and the Services we provide to you, and to provide general statistics regarding use of our Services. We may also use such anonymised Aggregated Data and provide it to third parties for medical research purposes.
We use Google Analytics. The information generated by the Google Analytics cookie (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our websites and/or services compiling reports on activity and providing other services relating to activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf.
PROVIDING PERSONAL DATA TO THIRD PARTIES
You should be aware that when using our Website and Apps, you are providing your Personal Data to third party providers. Any charges for using our Apps and our tests are administered by the App store used to download our Apps, and the Shopify web-shop used to purchase our tests. We recommend that you refer to the privacy policies of the relevant App store and Shopify, to make sure you understand how your Personal Data, including your financial Personal Data, may be used when you purchase Apps and Tests.
CHILDREN UNDER FOURTEEN
We do not knowingly collect personally identifiable information or Personal Data from children under the age of fourteen. If you are under the age of sixteen, you must ask your parent or guardian for permission to use our Websites or Apps.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We may collect and use your personal information and Personal Data to operate our Websites and Apps.
The legal bases we rely upon to use your Personal Data may include the contract we have with you, your consent and our legitimate interests, or where we need to comply with a legal or regulatory obligation. Please contact us if you require further details concerning the specific legal ground(s) we are relying on to process your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We offer here non-exhaustive examples of the ways in which we use your Personal Data and the legal bases we may rely upon to do so:
- To provide and maintain our Services, including to register you as a new user, recognise you when you return to our Apps, and perform essential business operations, our legal basis for processing is performance of a contract with you which you entered into with us when you download our Services and accept our End User License Agreement.
- To administer our Apps and Services (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data), our legal basis for processing is legitimate interests for running our business, provision of administration and services.
- We may use your Personal Data if you apply for employment with us, processed under consent and then under contract if you become employed by us.
- We may also use your Personal Data to inform you of other products or services that we and/or our business partners provide. We may also contact you via surveys to conduct research about your opinion of our Websites, Apps, and Services.
PURPOSES FOR WHICH WE WILL SHARE YOUR PERSONAL DATA
We may share your Personal Data for certain purposes with our business parties or affiliates in accordance with Applicable Data Protection Law, as set out below.
Sharing with our service providers and partners
We may share your Personal Data with our third party business service providers who perform functions on our behalf. These may include:
IT service providers and system administrators;
Data hosts and providers of programming or technical support;
Professional advisers including lawyers, bankers, auditors;
Healthcare providers or researchers (generally they would be receiving anonymised Aggregated Data for medical research purposes which is not personal data, but if it is pseudo-anonymised it can return to being personal data); and
Third-party analytics partners to analyse website traffic and understand customer needs and trends or our third-party marketing service providers to help us to communicate with.
For corporate transactions
We may transfer your Personal Data if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.
When required by law
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce legal rights
We may also share Personal Data: (i) If disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
Cross-border data transfers
We will ask for your consent before transferring your Personal Data outside of the EEA.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Your account username is your email address. Your email address and password, and all of the data you upload and enter into our Websites and Apps is transmitted in encrypted form and is securely stored on Amazon Web Servers (AWS) servers in the United Kingdom. We do not disclose your account details, or email addresses to anyone except when legally required to do so. However, it is your responsibility to keep your password secure.
You must ensure that you chose a secure password when you open an account to use our Websites and Apps. It is your responsibility to follow the guidance provided when setting passwords follow the guidance provided.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your Personal Data, image of your test and the results from that test will be processed as soon as you upload them to the App. Your Personal Data will be retained for at least ten years.
Should you opt out of using our Apps and services you will be able to re-join and access your Personal Data within three months.
Your Personal Data will be reviewed regularly and at least once every year for relevance. Any Personal Data deemed no-longer relevant is deleted.
If we have taken steps to anonymise your personal data (so that it can no longer be associated with you) we may use this indefinitely for analytical, research and statistical purposes and to help us to improve our products and services.
Your right to withdraw consent at any time
Your right to access the Personal Data we hold about you
You have the right to make a request to access your Personal Data collected through our Websites and Apps (known as a “Data Subject Access Request” or “SAR”).
We aim to respond electronically to all SARs within one month. In circumstances where it may take us longer than one month to respond (for example if your request is particularly complex or if you have made a series of requests), we will notify you. We do not charge a fee for responding to a SAR. However, we may charge a reasonable fee if your SAR is manifestly unfounded or excessive.
Right of rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
Right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
Right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
Right to data portability – You have the right to ask that we transfer your Personal Data to another organisation, or to you, in certain circumstances.
OPT-OUT & UNSUBSCRIBE
We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. Users may opt-out of receiving any or all communications from us by contacting us or selecting the “Unsubscribe” option on their email.
Vital Signs Solutions Ltd.,
Unit 25 Milton Road, Cambridge Science Park, Cambridge, CB4 0FW, United Kingdom
We ask that you try to resolve any issues with us first, although you have a right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time about our processing of your personal information.
The ICO is the UK regulator for data protection and upholds information rights. Vital Signs Solutions is registered with the ICO with registration number ZA762054.
Information Commissioner’s Office
Telephone: 0303 123 1113
Fax: 01625 524510