This is the Privacy Policy for the website hosted at www.careology.health (the "Careology website") and https://pro.careology.health/ ("Careology Professional website") (together, the "Sites") and the Careology app (the "App"), (together our "Services"). Our Services are operated by or on behalf of Careology Health Limited. We are committed to protecting and respecting your privacy.
This policy (together with the terms of service) sets out:
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By engaging with our Services you acknowledge you have read and understood this privacy policy.
For the purposes of applicable data protection law, the data controller of personal data covered by this privacy policy is: Careology Health Limited of 1 - 2 Paris Garden, London, SE1 8ND under company number 10205660.
Our Data Protection Officer can be contacted at dpo@careology.health.
We will only collect the personal data that we need to be able to provide our Services to you and in accordance with this privacy policy (which may be updated from time to time). The type and nature of the information we collect about you will depend on the Services we are providing to you and how you are using our Services.
It is important that the personal data we hold about you is accurate and up to date. If your details change, including if you change your Caregiver(s), please update this information via your account or contact us to let us know at dpo@careology.health.
We may collect and use the following personal data about you (which we have grouped together as follows):
Identity Data includes first name, last name, username or similar identifier, marital status, title, data of birth, personal description and photograph, and gender. Where you are a HealthCare Provider or Caregiver, this may include first name, last name, username and information about your relationship with the patient and for Healthcare Providers it will also include job title, department and place of work.
Contact Data includes email address, home address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payment to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Sites and the App.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Location Data includes information about your real time location (outlined in detail below).
Usage Data includes information about how you use our products and Services, such as the full Uniform Resource Locators (URL), clickstream to, through and from the Sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Where you interact with our Services as a patient ("Patient") (either directly or through a Healthcare Provider or other authorized third party) we will also collect and use:
Health Data includes information about your health, including diagnosis, existing conditions and symptoms (as well as type, severity and side effects), treatment (and side effects), medications, medical appointments, responses to clinical or non-clinical questionnaires, and how you are feeling and associated thoughts. This may also include certain health metrics (where you choose to import this into the App) such as heartrate, oxygen saturation, blood pressure, temperature, weight and levels of activity.
Information you give us
This is information about you that you give us directly when you interact with us. This includes:
Identity and Contact Data where you register to create an account with us (either via Careology website, the App or Careology Professional website).
Where you give us information via the Sites, the App or by corresponding with us by phone, email or otherwise you may provide us with Identity, Contact, Profile, Financial and Transaction Data in the course of subscribing to our Services, searching for a product, placing an order (on the Careology website or via the App), participating in discussion boards or other social media functions on or via the Careology website or App, entering a survey, submitting a query, and when you report a problem with the Sites or App.
If you are a Patient, recording your Health Data in the App or the Careology website during the use of our Services (including where answering questionnaires about your health, treatment, symptoms and holistic needs and directly importing health metrics on aspects such as your heart rate, oxygen saturation, blood pressure, temperature, weight and levels of activity via wearable devices or third party databases). Please note that when using third party devices or websites, those third parties' privacy policies will also apply.
You will also be able to input notes about how you are feeling and your thoughts so that you can journal your symptoms and mood electronically and share these with others where you choose to do so.
If you are a Healthcare Provider, Identity and Contact Data when you use our Services including inputting information into the App or the Careology Professional Website and Financial and Transaction Data where you make payments to us.
If you are a Caregiver, Identity and Contact Data when you use our Services including inputting information into the App or the Careology website.
Information we collect automatically about you from your use of either Sites or App
We will automatically collect information from you each time you visit the Sites or use the App. This includes:
Technical Data
Usage Data
Location Data
In addition, if you accept an invitation that you have received from a Patient, Caregiver or a Healthcare Provider to download the App, we will be able to tell which third party has provided you with this invitation (this may be in the form of a code you receive, an SMS or email invitation, or other form of communication).
Location Data
We may collect information through the Sites or the App as to your real time location to provide location services where requested or agreed to by you in order to deliver content, advertising or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognizse your mobile browser or device when you return to the either of the Sites or the App.
Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
Information we receive from other sources
We may receive information about you from various third parties as set out below:
If you are a Patient:
From anyone that you give permission to enter information into the App or our Sites on your behalf (such as a Caregiver or a Healthcare Provider) ("Permitted Third Party/Parties"). If you allow your Permitted Third Parties permission to edit your information, then they will give us information about your symptoms, medication and treatment. You can change your Permitted Third Parties under your settings in your account and change the permissions (read, edit etc.) allocated to each Permitted Third Party. Please note that, in certain situations, we may receive information about you when our Services are used simply as a platform by certain hospital networks or other healthcare organizations that have a relationship with you. In these circumstances, those organizations will be the controller of your personal data and their relevant privacy policy will apply.
If you accept an invitation from a Healthcare Provider to use the App, we may receive your Health Data and information about your Healthcare Provider from the Healthcare Provider's records on you. These will be used to populate your information within the App automatically via an API with the Careology Professional site.
If you decide to allow any third-party wearable devices to connect with our Services, we will receive Health Data (such as your exercise, activity, heart rate, temperature, oxygen saturation, weight and blood pressure) from these devices via Bluetooth or other similar protocol.
If you are a Permitted Third Party:
If you are a Caregiver and you accept an invitation from a Patient to use the App then we may receive Identity and Contact Data.
If you are a Healthcare Provider we may receive Identity and Contact Data where a Patient inputs this information about you into the App or the Careology website. We may also receive this information from your company administrator when they onboard users or instruct a Careology account manager to set up accounts.
If you are Patient or a Permitted Third Party (or other user of our Sites or the App):
Other information (such as vital signs or medication information) from third parties we work closely with such as the platform providers whose devices or operating systems are compatible with the Sites or the App.
We may receive this information from various third parties, such as business partners, sub contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where you have given your consent.
Your Health Data is classed as special category or "sensitive" personal data and we ensure that additional safeguarding measures are in place to protect this information. As outlined in the table below, our lawful basis for processing this sensitive personal data is your explicit consent. You can withdraw your consent at any time - for more information please see "Your rights".
Please note that if you are a Patient and you do not consent to our processing of your sensitive personal data or you withdraw your consent, it will not be possible for us to provide our Services to you and you will not be able to fully engage with the Careology website or the App. We do not collect Health Data or other sensitive data about you if you are a Healthcare Provider or a Caregiver.
We may use information held about you in the following ways:
Patient
Where you are an App user, we will process your personal data to:
allow you to log your treatment and information about your symptoms including severity and frequency;
allow you to record appointments;
enable you to make notes about your treatment, symptoms and how you are feeling;
enable you to log your medication(s) and set reminders for you to take your medication(s);
and show you your health status.
Type of data:
Health
Identity
Contact
Profile
Lawful basis / Processing condition:
Consent / Explicit Consent
Legitimate interests
Performance of a contract with you
Where you are an App user and choose to select to share information with a Permitted Third Party, then we will process your personal data:
to show a Permitted Third Party your health status, information about your treatment, symptoms and medication (including severity of any symptoms and frequency of symptoms and medication that you record). This information can be used to enable any Permitted Third Parties to contact you about your treatment, symptoms and medication. Please never wait and always seek medical advice if you feel unwell or have any concerns;
to enable you to assign a severity level to your health status (e.g. red, amber, green) and share this with a Permitted Third Party if you have chosen to do so;
to let your Healthcare Provider know you are using the App (if you choose to do so and have provided us with information about them);
to enable you to communicate in the App with a Permitted Third Party; and
to share posts about how you are feeling with Permitted Third Parties, who can view these posts if you have selected this option under your permission settings.
Type of data:
Health
Identity
Contact
Profile
Lawful basis / Processing condition:
Consent / Explicit Consent
Legitimate interests
Performance of a contract with you
We may also use your personal data to optimizse the App experience by:
analyzsing your answers about your symptoms and suggesting non-clinical products from our commercial partners that we think might be helpful to you. We will not share your personal data with these commercial partners; and
de-identifying your information and then using this data for our own research purposes and to develop machine learning algorithms.
Type of data:
Health
Identity
Contact
Profile
Lawful basis / Processing condition:
Consent / Explicit Consent
Legitimate interests
Healthcare Provider
If you are a Permitted Third Party, we will use your personal data to enable App users to share their Health Data with you, so that you may understand their treatments, medication and symptoms in order to provide them with support.
Type of data:
Identity
Contact
Profile
Lawful basis / Processing condition:
Legitimate interests
Caregiver
If you are a Permitted Third Party, we will use your personal data to enable App users to share their Health Data with you, so that you may understand their treatments, medication and symptoms in order to provide them with support.
Type of data:
Identity
Contact
Profile
Lawful basis / Processing condition:
Legitimate interests
Any users
Identify you and enable you to use our Services.
Type of data:
Identity
Contact
Lawful basis / Processing condition:
Legitimate interests
Performance of a contact with you
Setting up and administering your account with us.
Type of data:
Identity
Contact
Lawful basis / Processing condition:
Legitimate interests
Performance of a contact with you
Verifying and carrying out financial transaction in relation to payment you make online of through the App.
Type of data:
Identity
Contact
Financial
Transaction
Lawful basis / Processing condition:
Legitimate interests
Performance of a contact with you
Notifying you about changes to our Services.
Type of data:
Identity
Contact
Lawful basis / Processing condition:
Legitimate interests
Performance of a contact with you
Notifying you about changes to our Services.
Type of data:
Identity
Contact
Profile
Health
Location
Marketing and Communications
Lawful basis / Processing condition:
Legitimate interests
Consent / Explicit Consent
To improve the App and Sites and ensuring content is presented in the most effective manner for you and for your computer or mobile device.
Type of data:
Identity
Contact
Profile
Technical
Usage
Location
Lawful basis / Processing condition:
Legitimate interests
Providing you with the information, products and services that you request from us.
Type of data:
Identity
Contact
Profile
Lawful basis / Processing condition:
Legitimate interests
For the effective running of the Sites and the App and:
to administer the Sites and the App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to keep the Sites and the App safe and secure and provide technical support;
for measuring or understanding the effectiveness of advertising we service to you and others, and to deliver relevant advertising to you;
to allow you to participate in interactive features of our service, when you choose to do so.
Type of data:
Identity
Contact
Profile
Technical
Usage
Location
Health
Marketing and Communications
Lawful basis / Processing condition:
Legitimate interests
Consent / Explicit Consent
We will only use your personal data for the purposes which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
If you have any queries or objections about any of the ways we use your personal data, please contact us at dpo@careology.health.
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email, SMS/iMessage or in-app about our products and services. We will also analyse the information that you or a Permitted Third Party give us about your symptoms to suggest our commercial partners' products in the App by showing you cards in the Careology app. These cards will link to the commercial partners' website if you click on the link that says "find out more", or other similar wording. You can object to further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to support@careology.health
The information gathered will be used solely for marketing in connection with Careology's business and our commercial partners' products and will not be shared with any other third parties.
We may share your information with
Any Permitted Third Party. You choose who is a Permitted Third Party and we only share your information with them if you choose to do so. You do this by either inviting a Permitted Third Party to view your account or accepting an invite from your Healthcare Provider or Permitted Third Party which will be received by SMS or Email. This invite contains a link that enables your data to be shared with the Permitted Third Party. You can turn this sharing off at any time by changing your access settings, using the switch in the ’My Network > ‘Organizsations’ section of the App’s side menu. If you do not want specific notes to be shared with a Permitted Third Party, please also select the "private" toggle.
If you are a Permitted Third Party, your personal data (such as name and telephone number) may be visible to the Patient's other Permitted Third Parties (e.g. their Healthcare Provider and Caregiver(s)), and will be included on any Careology PDF Summary Report (for example, if a Patient brings this report to an A&E department or a new care team).
Selected third parties (see below).
Our selected third parties may include
Organizations that process your personal data on our behalf and in accordance with our instructions and applicable data protection law. This includes in supporting the services we offer through the Sites and the App, in particular those providing website and data hosting services, customer service support services, providing fulfilment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time. These organizations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
Analytics and search engine providers that assist us in the improvement and optimisation of the Sites and subject to the cookie section of this policy (this will not identify you as an individual).
Payment processing providers who provide secure payment processing services.
We will disclose your personal information to third parties
In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
If Careology Health Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Careology Health Limited, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
The personal data that we collect from you is stored within the United Kingdom ("UK") and European Economic Area ("EEA") where you are a UK or EEA individual. Where we receive the personal data of individuals in Canada (in our capacity as a processor) we will store this information in Canada.
Where your information is transferred outside the UK or EEA, we will take all steps reasonably necessary to ensure that your personal data is subject to appropriate safeguards and that it is treated securely and in accordance with this privacy policy.
Protecting the safety of children when they use the Internet is important to us. The Sites and App is intended for use only by persons who are at least 18 years of age. By using our Services, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using our Services or sending us personal information.
If you are under the age of 13 your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.
If you suspect that a child under 18 is accessing the App and providing personal data without their parent or guardian's consent, please contact us at dpo@careology.health so that we can investigate and remove/delete the data where necessary.
We may process your payment details if you sign up to use the Careology premium or Professional service. Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are submitted to us over the internet. Payments made on the site or App are made through our payment gateway provider. You will be providing credit or debit card information directly to our payment gateway provider which operates a secure server to process payment details, encrypting your credit/debit card information and authorizing payment. Information which you supply to our payment gateway provider is not within our control and is subject to our payment gateway provider’s own privacy policy and terms and conditions.
All information you provide to us is stored on our secure servers and is encrypted between your device and any external host storage to keep it safe. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Sites or App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Sites or App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
The Sites may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We do not carry out any automated decision making using your personal data that would have a legal or similarly significant effect on you. We may use information about the symptoms you input into the App to suggest non-clinical content such as recipes, tips or articles that may relate to those particular symptoms.
You can keep your information updated within the App, including deleting out of date information.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. After you stop using our Services or cancel your registration with us, we will usually only retain your personal data for up to six years afterwards. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
App users
We retain personal data for the length of your subscription if you are an App User. We will archive your personal data one year from the date of your last login to the Sites or the App, but you will still be able to reactivate your account. If you do not reactivate your account within 5 years of it being archived, we will delete all of the personal information that we hold about you. We may also retain aggregate or de-identified information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from aggregate information retained or used for these purposes.
Healthcare Providers
We retain personal data about you if you are a Healthcare Provider for two years after our last contact with you. We may also retain aggregate or de-identified information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances:
to be provided with a copy of your personal data held by us;
to request the rectification or erasure of your personal data held by us;
to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
to object to the further processing of your personal data, including the right to object to marketing (as mentioned in 'Our promotional updates and communications' section; and
to request that your provided personal data be moved to a third party.
Your right to withdraw consent:
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at support@careology.health. You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section;
You can exercise the rights listed above at any time by contacting us at support@careology.health. We strive to respond to your requests within one month and will let you know if we are unable to meet this timeframe. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ).
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Any changes we make to our privacy policy in future will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail. This policy was last updated on 1st November 2023.
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:
GDPR
Careology Health Limited
1 - 2 Paris Garden
London
SE1 8ND