If you are not happy for your information to be used in the way described here, you should stop using the DigiBete App and remove it from your device. If you have any questions about the use of your data, please contact us at: firstname.lastname@example.org
This privacy notice tells you what personal information we collect and what we do with it. It applies to everyone who uses our App.
Personal information is any information that can be linked to you or another living person.
This notice is split into sections and includes information on the following points:
- Our details.
- The types of information we collect about you.
- The purposes for which we use that information.
- Who we may share your information with.
- How long we keep information about you for.
- Where the information about you is stored.
- The rights you have under data protection legislation.
- Contact details if you have any queries or concerns about what is said in this notice.
We have used links to help you get to the information you are interested in. In some places we have provided links to other websites, for example the Information Commissioner Officer’s website. We are not responsible for the accuracy of any other websites.
We also have a specific Children’s Code Policy which explains how we conform to the code and demonstrates that our services use children’s data fairly and in compliance with data protection law. The code is a set of 15 flexible standards that provides built-in protection to allow children to explore, learn and play online by ensuring that the best interests of the child are the primary consideration when designing and developing online services.
DigiBete is responsible for keeping the personal information we use safe and making decisions about how it can be used. We are registered in England and Wales under company number 10371773 and have our registered office at Platform, 3rd Floor Tech Hub, New Station Street, Leeds, England, LS1 4JB.
You can contact us at: email@example.com
DigiBete’s designated Data Protection Officer (DPO) is John Hughes and he can be contacted at:
The types of information we collect about you.
The information about you which we collect, use and store includes:
- Personal contact details such as name, date of birth and personal email addresses.
- Medical information which you decide to store in the “My T1D” section of the App.
We will always aim to ensure we keep accurate information about you. To assist with this, we ask that you notify us promptly of any changes to your personal details.
This information will be stored electronically on a computer system.
What do you use my information for?
We may use your information to:
- Inform any clinic which has provided you with access to the Platform (a “Clinic”) of some of the information you have uploaded on the Platform.
- Provide you with information from your Clinic such as tailored and educational information to assist in improving your care.
- Carry out internal audits to ensure our site and services provided are of the highest standards.
- Get feedback on our site and service and respond to any complaint from you.
- Respond to queries from any regulators.
- Comply with any legal requirements.
- Produce anonymous information that we can use to train and educate our staff.
- Produce anonymous information to assist with research and assist the way services are planned and delivered in the future.
- Notify you about changes to this privacy notice or our services.
Under data protection laws, each purpose for which we use your information must comply with one of the GDPR conditions for processing. You can find out more about the conditions for processing here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/.
Only necessary data is requested and all data minimisation principles are met.
Should the purpose of data collection change, the user will be informed and consent re-obtained (if consent was the lawful basis).
We are required by law to tell you the legal basis that we are using for processing and using your data. These are GDPR articles 6 (1) (b) and 9 (2) (a):
UK GDPR Article 6 (1) (b):
“processing is necessary for the performance of a contract to which the data subject is party…”.
UK GDPR Article 9 (2) (a):
“the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”.
Consent can be withdrawn at any time either by using the Contact Us functionality within the DigiBete App or by emailing us at firstname.lastname@example.org.
We will not have any access to nor process, transfer or provide any medical information you upload onto the Platform to any third party or any Clinic.
We may also use personal information about you for other reasons for example, we may use it to send you promotional or marketing information about us, promotions, events, anything relating to our company and business partners, or anything in which you show an interest. We may also send you email feedback forms or surveys to complete about us or any aspect of the service.
If you are not happy for your information to be used in the way described, and would like to withdraw your consent to process data, you should stop using the DigiBete App and contact us by emailing email@example.com or completing the enquiry form on our website at https://www.digibete.org/contact-us/. We will delete your data and revoke app access within 30 days of notice being given.
Do you share my personal information?
We only share your personal information with your Clinic, and we do not share your personal information with any other third parties without your consent.
No user data is intended to be shared or processed for any purpose that has not been made clear to the user.
Our third-party software developers may from time to time have access to the App for maintenance and development purposes and in so doing may access personal information.
We do not transfer data outside of the EU.
Sometimes we may be required to share information with regulators like the Care Quality Commission, the General Medical Council, NHS Digital, the Information Commissioner’s Office and the Health Service Ombudsman and in such circumstances, we will rely on Article 6(1)(c) of the GDPR: “processing is necessary for compliance with a legal obligation to which the controller is subject”.
We may share information with bodies with public health responsibilities such as local councils and Public Health England to control infectious diseases such as meningitis, tuberculosis (TB) or measles and manage public health incidents.
How long will you keep personal data about me for?
We will keep information for so long as required by law, regulation or guidance or as required by our insurers. We will not store information for longer than is necessary for the purpose for which it was collected.
Data will be deleted when no longer required. Where records are destroyed, we will contract a third-party specialist to undertake this process on our behalf ensuring they comply with all relevant regulations.
User data is protected in storage. The app utilises Keychain on iOS and Encrypted Shared Preferences on Android for secure storing of information.
All user data is encrypted between the device and any external host storage. All communication with our backend APIs is over HTTPS. In addition, Application Transport Security is enabled on iOS.
What rights do I have?
GDPR gives individuals rights about their personal data. Under the GDPR, you have a number of rights:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request rectificationof the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you rectified. You also have the right to ask us to complete information you think is incomplete.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Data portability only applies to personal information you have given to us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
- Withdraw your consent for your personal information to be used for marketing by contacting us and notifying us of your request to opt out.
Where we ask for your consent to process data, we will give you a clear choice in order to comply with the principle that any processing must be lawful, fair, and transparent.
Users can report any knowledge of a child accessing the app and providing personal data, without parental consent. If a child has been using the app, we will delete the data.
Users are not subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly effects on him or her.
DigiBete will respond to any requests from users to exercise their rights, which would ideally be within 30 days.
We use Google Firebase’s analytics and cloud messaging functionality to report on anonymised app usage and push notifications.
You can find out more about your rights under the GDPR through the Information Commissioner’s Office: https://ico.org.uk/
Information Commissioner’s Office
Telephone: 0303 123 1113
Email online form: https://ico.org.uk/global/contact-us/email/
If you do not think that we have complied with your data protection rights or legislation you can complain or appeal to the Information Commissioner’s Office.