Privacy Policy – Kraydel

User Privacy Policy

Last updated: 29th May 2020

User Privacy Policy

Our privacy policy (the “Policy”) is here to help you understand what information Kraydel (“us”, “we”, or “our”) collects about users of the Service (the Device, Portal and Companion App) during the trial. This privacy policy explains how we store, protect and use that information, and our policies on how and when we may need to disclose that information, your rights and the choices you can make.

We will not use or share your personal data with anyone except as described in this Privacy Policy.

Unless otherwise defined in this Privacy Policy, terms used have the same meanings as in our User Terms & Conditions.

Who we are:

Kraydel is registered with Companies House as Kraydel Limited.

Our website address is www.kraydel.com

Our registered business address is at Charles House (3rd floor), 103-111 Donegall Street, Belfast, BT1 2FJ UK.

ICO registration: ZA216187

Types of data we collect and how we use it

Users of the Service – signing up to the Service

When signing up to the Service, we may ask you or your care provider to provide us with certain personal data.

For a Carer role (someone who uses the Web Portal or Mobile App), this can include picture, name, email address and phone number.

For a Device user role (someone who uses the Device in their home), this can include picture, name, address, phone number.

We use this information to provide the Service, to contact you when necessary and to see how different people are using the Service.

We provide some of this data to other users of the Service, but only those who are associated with you, as specified by you or your care provider. We do this in order to provide the Service. A Carer may be able to see information about an associated Device user including your name.

Users of the Service – using the Service

For both Carers and Device users, video and audio will be collected during a video call. This will happen if a user makes or accepts a video call.  Video images and audio will only be sent over an encrypted connection to the other person in the call; it will not be stored by Kraydel.  Kraydel may however retain technical and historical data about calls, for the purpose of service monitoring and evaluation.

Reminders are delivered via the Device and may contain personal data about a Device user, e.g. name. Reminders may also contain sensitive health information. To configure a reminder for an associated Device user, a Carer saves text and audio details in the Portal. Reminders are used to remind a Device user to do something, e.g. to take medicine or to get ready for a visitor.

If you use any associated devices or sensors (for example a digital blood pressure monitor), we may handle the Special Category Data produced by those devices – in strictest confidence – in order to generate alerts or otherwise transfer the data to your doctor, nurse or other persons involved in your care.

Users of the Service – giving us feedback

When users give us feedback about the Service, this may include personal data. We may collect your words, and photos and videos of you, during feedback sessions or through questionnaires. We will make you aware when we take photos or videos.

We will use the feedback we collect to improve the Service and how it is delivered to you.  Provided we are lawfully permitted to do so, we may use your words, photos or videos for promotional materials, which may be shown on our website or social media.

Contacts and Web submissions

We may collect personal data from individuals who contact us, via email, telephone or web submission. This will include message content, together with name and contact details, such as email address and/or telephone number. We anticipate that you may contact us using these methods to ask questions about the Service and for help with technical issues.

We may use this information for a few reasons: to answer any questions that you send us; to send you further email updates about Kraydel features and availability; to contact you if we need to obtain or provide additional information; to check our records are correct; and to check every now and again that you’re happy.

Third Parties

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

As mentioned above, we provide some of your personal data to other users of the Service, but only those who are associated with you, as specified by you or your care provider. We do this in order to provide the Service.

Data storage services are carried out by Amazon Web Services (UK cluster).

Data relating to trials and feedback from users are stored on Microsoft OneDrive.

Kraydel will only transfer your personal data outside of the UK and European Economic Area (EEA) where doing so is compliant with data protection legislation.  Other than in exceptional circumstances, such as a medical emergency situation, this means we will ensure that the means of transfer provides adequate safeguards in relation to your data.

Storing your data

We will only retain your personal data for as long as necessary (i) to fulfil the purposes we collected it for, (ii) for the purposes of satisfying any related legal, regulatory, compliance or NHS/local authority/coroner requirements, (iii) in order to handle questions or complaints, and (iv) to establish, bring or defend legal claims.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Data sharing

We will disclose your personal data (i) where required to do so by law or in accordance with an order of a court of competent jurisdiction; (ii) if we believe that such action is necessary to comply with the law or a reasonable requests of law enforcement or regulator authorities; (iii) to protect the security or integrity of our Service, or our broader legal interests; or (iv) in the broader public interest.

Legal Basis for Data Processing

Legal requirements

In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases. Therefore, it is important to note that withdrawing consent may affect the services we are able to offer you. We may need to continue to process data relating to your request to withdraw consent.

Users of the Service

In order to provide you with a service, we process your personal data on the basis of Article 6(1)(b) of the GDPR (entering into and performance of terms of service with you), or where that is not applicable, then on the basis of Article 6(1)(f) of the GDPR (necessity for our or a third party’s legitimate interests in providing you with a high quality service, operating our business, and exercising our rights and obligations under our terms of service with you).   GDPR Article 6(1)(f) also legitimises our use of personal data for the purpose of:

  • Demonstrating, improving and promoting Kraydel services;
  • Supporting the NHS and local authorities’ interests in improving care; and
  • The establishment, exercise or defence of legal claims.

Special category data

Under the GDPR, some personal data is considered to be special category data and for these we must identify a separate condition in addition to the lawful basis above. We process special category data on the basis of section 9(2)(a) of the GDPR, explicit consent, and section 9(2)(h), necessity for the purposes of preventive or occupational medicine (as reflected in Schedule 1, Part 1, paragraph 2 of the UK Data Protection Act 2018.

In exceptional cases, it may be necessary for us to process (e.g. share) data about an individual’s health or other Special Category Data in order to protect their vital interests, in situations where they were incapable of consenting.

Contact via email, phone, letter, web submission

For the purposes of communication with you, and addressing your questions and feedback, we process your data, such as your name, email and any additional personal information you send us, on the basis of Article 6(1)(f) of the GDPR, legitimate interests.  Any special category personal data (e.g., about your health), that we or you include in those communications, will be processed based on explicit consent.

Legal claims

In the event of a legal dispute where it is necessary for us to process special category data (e.g., about your health) for our own purposes or those of a related party, our GDPR Article 9 condition for processing that personal data will be GDPR Article 9(2)(f): necessity for the establishment, exercise or defence of legal claims.

Non-disclosure of Personal Data

We will not sell, share, or otherwise distribute personal data to third parties except as provided in this Privacy Policy.

If Kraydel is involved in a merger, acquisition or asset sale, your personal data may be transferred. Provided we have a straightforward means of contacting you, we will ordinarily provide notice before your personal data is transferred for such purposes and thereby becomes subject to a different privacy policy. In the event of such a transfer of information, your rights under the Data Protection Act 2018, GDPR, and other relevant privacy laws are not affected.

We can disclose your information if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.

We can exchange information with others to protect against fraud or credit risks.

Where Kraydel has entered into a contract with an organisation by which you are employed or cared for, Kraydel maintains the right to share details of users with that organisation.

This policy is not intended to place any limits on what we do with data that is aggregated and/or otherwise anonymised, so it is no longer associated with an identifiable individual.

 

 

Your Rights

This privacy policy does not impact upon your rights as a data subject under current data protection law.

You have the right to:

  • request access to, deletion of or correction of, your personal data;
  • request that certain of your personal data be transferred to another entity (data portability);
  • be informed of what data processing is taking place;
  • restrict processing;
  • object to processing of your personal data, in particular (but not limited to) any processing of your personal data based on GDPR Article 6(1)(f) (legitimate interests);
  • withdraw consent – if you have provided your consent to the processing of your personal data, you have the right to fully or partly withdraw your consent. When we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.

You also have the right to lodge a complaint with the ICO as our supervisory authority https://ico.org.uk/make-a-complaint/.

Other services or sites

We have no control over, and assume no responsibility for the content of, privacy policies or practices of any third party sites or services that you may access via our Service.

Children’s Privacy

Kraydel does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personal data from Children. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we will remove that information from our servers with immediate effect.

Contact Us

If you have any questions about this privacy policy, please contact us at dpo@kraydel.com.

This privacy policy is available in other formats upon request.