For the purposes of Data Protection Legislation (meaning: (i) unless and until it is no longer applicable in the UK, the Data Protection Act 1998; (ii) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iii) any successor legislation to the GDPR or the Data Protection Act 1998), Healthbit Limited is the data controller of your personal information.
Information that we may collect from you
We may collect and process the following personal information about you for or in relation to the Healthbit website (the “Website”) and our related mobile application (comprising software, data and media) (the “App“). References in these Terms and Conditions to the “Site” mean, together, the Website, the App and all related content, media and underlying software and technology, including any future updates to any of them:
- information that you provide by filling in forms on our Site. This includes information provided at the time of registration, including profile details obtained from other trusted identity providers that you select when registering or logging into our Site (such as Google, Facebook, Twitter, Windows Live, Yahoo and others);
- if you contact us, we may keep a record of that correspondence;
- information that you provide when interacting with the “Tracker” part of the Site, or other similar or related surveys;
- personal health information, posts or other data that you upload to the Site;
- prescription and adverse drug reaction information you might provide on the Site;
- information provided by you in order to use any of the various tools on the Site, e.g. the treatment reminder tool;
- information provided by you when you participate in any forum, discussion board or other social media function on the Site;
- information collected through third party health, fitness or other applications (including, but not limited to, from wearable devices) which you link to your account with us;
- details of your visits to the Site including, but not limited to, traffic data, location data, weblogs interaction data and other communication data, the resources that you access;
- information that you provide when you report a problem with the Site;
- preferences you have selected in order to personalise the Site for you;
- the IP address of the device you use to access the Site; and
- technical information including: for the Site, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and; for the App: the type of mobile device you use, your mobile operating system, the type of mobile browser you use and your time zone setting.
Use of personal information
To the extent that processing of your personal information is necessary in order for us to provide a service you have requested under a contract we have with you, we rely on that contract as the legal basis on which we process your personal information.
Otherwise, we rely on your consent as the legal basis on which we process your personal information. We will seek your consent when you register for the Site and we may seek further consents from you from time to time on the Site or by contacting you in other ways, including by email.
We process personal information about you in relation to our Site for the following purposes and in the following ways:
- providing you with our services and enabling you to use the Site and the features available on or through the Site;
- tailoring our services to your requirements and preferences;
- providing you with links to news material and other websites which are designed to be specific to your user profile;
- creating graphics and statements in an aggregated non-identifiable format, to provide users with graphical representations and statements about the data that you and other users have provided to the Site;
- aggregating and anonymising (i.e. removing all identifiers which could otherwise be used to identify you) certain information about you and your use of the Site (including, for example, health or drug related data, information, posts, adverse event records and other data you upload to the Site and your browsing and Site usage history) with that of other users and sharing this with carefully selected third parties. We may not limit such third parties’ use of such aggregated information except that we do require them to agree not to seek to make such data personally identifiable;
- recommending other users as friends that you may want to connect with based on their similarity to your user profile; and
- presenting you with details of clinical trials and other activities that you may want to participate in
- sending you administrative notices about your registration to, or membership of, our Site.
If we receive information about you from other sources (such as from any third party device or application you link to your account) we may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Withdrawal of consent
- “Community”, “Friends” and “Private”
- There are three categories of interactions that you can have on the Site: “Community”, “Friends” and “Private”. The category of each post you make will affect which other Users can see that post. This is further explained on the Site.
- Public User Content
- Some of your posts and other data that you input to the Site (“User Content”) will be deemed to be “Public User Content” and is generally accessible by all visitors to the Site and by us. This is content that:
- you post as a status update or tracker update and do not mark it as “Private” (this will be a “Community” or “Friends” interaction);
- you post as a comment against another User’s post (this will be a “Community” or “Friends” interaction); or
- you post in the open forums as a question or as part of a discussion (this will be a “Community” interaction).
Public User Content may, in addition to being processed for the purposes set out under the heading “Use of personal information” above, be processed for the purposes of posting such Public User Content on the Site and any other websites or newsletters of any description that we operate from time to time.
The Site provides you with the opportunity to opt out of receiving marketing information from us or to opt in to receiving marketing information. We will usually inform you (before collecting your information) if we intend to use your information for marketing purposes.
Where and how we store your personal information
Except as set out below, the information we collect from you is held on servers physically located within the UK or the European Economic Area (“EEA”).
We will use appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage of your personal information.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Disclosure of your personal information
- We will not sell your personal information in a personally identifiable format to third parties without your prior consent.
- We may share your personal information with selected third parties, including:
- any member of our group of companies, which includes our subsidiaries, our ultimate holding company and its subsidiaries;
- prospective and actual successors in title to our business;
- suppliers and external agencies we engage to process information on our behalf;
- third parties (including, but not limited to, professional indemnity insurers, brokers, auditors and other professional advisors);
- in a non-identifiable form only, to carefully selected third parties, which may include patient charities, healthcare bodies, pharmaceutical and other research organisations (“Research Partners”); and
- to the extent that disclosure is required by law or any regulatory authority.
- Personal information of minors
- Our Site is not directed to minors and we do not knowingly collect any personal information from children under 16 years of age through the Site. If you are the parent or guardian of a child under the age of 16 from whom you think we have collected personal information, please contact us. If we become aware that a child under 16 has provided us with personal information about themselves without our having received the consent of their parent or guardian, we will take reasonable steps to attempt to remove the information from our Site and terminate the child’s account.
- Cancellation of your registration
- If your registration is cancelled, by you or by us, this will result in the permanent deletion of your account from the Site. It will typically take up to one month to delete an account. Some information may remain in backup copies for a further 90 days. After deletion of your account, we may retain certain parts of your data so that it can be shared in aggregated, non-identifiable form with our Research Partners (as defined above). We may also retain Public User Content (for example, any posts you may have made in our forums or messages you may have shared with other users) and any messages that you may have sent to us through our Help section. We will not retain any other data about you for any other purpose after deletion of your account.
- The internet
- Given that the internet is a global environment, using the internet to collect and process personal information necessarily involves the transmission of information on an international basis. Therefore, by browsing the Site and communicating electronically with us, you acknowledge and agree to our processing of personal information in this way.
- The transmission of information via the internet is not completely secure. Although we do our best to protect personal information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or processing.
Access to information
Erasure or rectification of information
- for exercising the right of freedom of expression and information.
- for compliance with a legal obligation that requires processing of personal data by EU or member state law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- for reasons of public interest in the area of public health.
- for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in so far as the erasure of the information would be likely to render impossible or seriously impair the achievement of the objectives of the archiving purposes in the public interest, or the scientific and historical research purposes or the statistical purposes.
- for the establishment, exercise or defence of legal claims.
Right to complain
If you have any requests or queries concerning your personal information or any queries with regard to our practices, please send us an email or write to us at the following address: Healthbit, Kajaine House 57-67 High Street, Edgware, Middlesex HA8 7DD, United Kingdom, or contact us by using the contact us facility on our Site..
Last update: June 2018