Last updated: 29th May 2020
Who we are:
Kraydel is registered with Companies House as Kraydel Limited.
Our website address is www.kraydel.com
Our registered business address is at Charles House (3rd floor), 103-111 Donegall Street, Belfast, BT1 2FJ UK.
ICO registration: ZA216187
Types of data we collect and how we use it
Users of the Service – signing up to the Service
When signing up to the Service, we may ask you or your care provider to provide us with certain personal data.
For a Carer role (someone who uses the Web Portal or Mobile App), this can include picture, name, email address and phone number.
For a Device user role (someone who uses the Device in their home), this can include picture, name, address, phone number.
We use this information to provide the Service, to contact you when necessary and to see how different people are using the Service.
We provide some of this data to other users of the Service, but only those who are associated with you, as specified by you or your care provider. We do this in order to provide the Service. A Carer may be able to see information about an associated Device user including your name.
Users of the Service – using the Service
For both Carers and Device users, video and audio will be collected during a video call. This will happen if a user makes or accepts a video call. Video images and audio will only be sent over an encrypted connection to the other person in the call; it will not be stored by Kraydel. Kraydel may however retain technical and historical data about calls, for the purpose of service monitoring and evaluation.
Reminders are delivered via the Device and may contain personal data about a Device user, e.g. name. Reminders may also contain sensitive health information. To configure a reminder for an associated Device user, a Carer saves text and audio details in the Portal. Reminders are used to remind a Device user to do something, e.g. to take medicine or to get ready for a visitor.
If you use any associated devices or sensors (for example a digital blood pressure monitor), we may handle the Special Category Data produced by those devices – in strictest confidence – in order to generate alerts or otherwise transfer the data to your doctor, nurse or other persons involved in your care.
Users of the Service – giving us feedback
When users give us feedback about the Service, this may include personal data. We may collect your words, and photos and videos of you, during feedback sessions or through questionnaires. We will make you aware when we take photos or videos.
We will use the feedback we collect to improve the Service and how it is delivered to you. Provided we are lawfully permitted to do so, we may use your words, photos or videos for promotional materials, which may be shown on our website or social media.
Contacts and Web submissions
We may collect personal data from individuals who contact us, via email, telephone or web submission. This will include message content, together with name and contact details, such as email address and/or telephone number. We anticipate that you may contact us using these methods to ask questions about the Service and for help with technical issues.
We may use this information for a few reasons: to answer any questions that you send us; to send you further email updates about Kraydel features and availability; to contact you if we need to obtain or provide additional information; to check our records are correct; and to check every now and again that you’re happy.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
As mentioned above, we provide some of your personal data to other users of the Service, but only those who are associated with you, as specified by you or your care provider. We do this in order to provide the Service.
Data storage services are carried out by Amazon Web Services (UK cluster).
Data relating to trials and feedback from users are stored on Microsoft OneDrive.
Kraydel will only transfer your personal data outside of the UK and European Economic Area (EEA) where doing so is compliant with data protection legislation. Other than in exceptional circumstances, such as a medical emergency situation, this means we will ensure that the means of transfer provides adequate safeguards in relation to your data.
Storing your data
We will only retain your personal data for as long as necessary (i) to fulfil the purposes we collected it for, (ii) for the purposes of satisfying any related legal, regulatory, compliance or NHS/local authority/coroner requirements, (iii) in order to handle questions or complaints, and (iv) to establish, bring or defend legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will disclose your personal data (i) where required to do so by law or in accordance with an order of a court of competent jurisdiction; (ii) if we believe that such action is necessary to comply with the law or a reasonable requests of law enforcement or regulator authorities; (iii) to protect the security or integrity of our Service, or our broader legal interests; or (iv) in the broader public interest.
Legal Basis for Data Processing
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases. Therefore, it is important to note that withdrawing consent may affect the services we are able to offer you. We may need to continue to process data relating to your request to withdraw consent.
Users of the Service
In order to provide you with a service, we process your personal data on the basis of Article 6(1)(b) of the GDPR (entering into and performance of terms of service with you), or where that is not applicable, then on the basis of Article 6(1)(f) of the GDPR (necessity for our or a third party’s legitimate interests in providing you with a high quality service, operating our business, and exercising our rights and obligations under our terms of service with you). GDPR Article 6(1)(f) also legitimises our use of personal data for the purpose of:
- Demonstrating, improving and promoting Kraydel services;
- Supporting the NHS and local authorities’ interests in improving care; and
- The establishment, exercise or defence of legal claims.
Special category data
Under the GDPR, some personal data is considered to be special category data and for these we must identify a separate condition in addition to the lawful basis above. We process special category data on the basis of section 9(2)(a) of the GDPR, explicit consent, and section 9(2)(h), necessity for the purposes of preventive or occupational medicine (as reflected in Schedule 1, Part 1, paragraph 2 of the UK Data Protection Act 2018.
In exceptional cases, it may be necessary for us to process (e.g. share) data about an individual’s health or other Special Category Data in order to protect their vital interests, in situations where they were incapable of consenting.
Contact via email, phone, letter, web submission
For the purposes of communication with you, and addressing your questions and feedback, we process your data, such as your name, email and any additional personal information you send us, on the basis of Article 6(1)(f) of the GDPR, legitimate interests. Any special category personal data (e.g., about your health), that we or you include in those communications, will be processed based on explicit consent.
In the event of a legal dispute where it is necessary for us to process special category data (e.g., about your health) for our own purposes or those of a related party, our GDPR Article 9 condition for processing that personal data will be GDPR Article 9(2)(f): necessity for the establishment, exercise or defence of legal claims.
Non-disclosure of Personal Data
We can disclose your information if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
We can exchange information with others to protect against fraud or credit risks.
Where Kraydel has entered into a contract with an organisation by which you are employed or cared for, Kraydel maintains the right to share details of users with that organisation.
This policy is not intended to place any limits on what we do with data that is aggregated and/or otherwise anonymised, so it is no longer associated with an identifiable individual.
You have the right to:
- request access to, deletion of or correction of, your personal data;
- request that certain of your personal data be transferred to another entity (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- object to processing of your personal data, in particular (but not limited to) any processing of your personal data based on GDPR Article 6(1)(f) (legitimate interests);
- withdraw consent – if you have provided your consent to the processing of your personal data, you have the right to fully or partly withdraw your consent. When we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
You also have the right to lodge a complaint with the ICO as our supervisory authority https://ico.org.uk/make-a-complaint/.
Other services or sites
We have no control over, and assume no responsibility for the content of, privacy policies or practices of any third party sites or services that you may access via our Service.
Kraydel does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personal data from Children. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we will remove that information from our servers with immediate effect.