Quiddity Health Privacy Policy  

Introduction

Quiddity Health Ltd. is committed to protecting and respecting your privacy.


This Privacy Notice explains what personal information we collect, how we use it, the circumstances in which we may disclose it to others and how we keep it secure. 


Our policy only addresses the use and disclosure of information we collect and process. This Privacy Policy does not apply to the practices of companies or websites that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Notice. 


If you have any questions regarding this Privacy Notice and our approach to privacy, please contact us.

Who we are

Quiddity Health Ltd is a company registered in England under company number 12303803. Our registered office is Jactin House, 24 Hood Street, Ancoats, Manchester M4 6WX.


Quiddity Health Ltd. is registered as a data controller with the Information Commissioner’s Office (ICO) with registration no.ZB133549. As a data controller, Quiddity Health Ltd. determines what data is collected, how this data is going to be used and how this data is protected. 


When we work with clients we sometimes act with them jointly to determine what data is collected, how this data is going to be used and how data is protected. Where this is the case we will act as joint data controllers alongside our client and will ensure our shared responsibilities regarding the processing of personal data are agreed and these will be reflected in this Privacy Notice. 


In other circumstances we act on behalf of our clients as a data processor. Where this is the case our client will act as the data controller and will determine what data is collected, how this data is going to be used and how data is protected. This Privacy Notice will not apply where Quiddity Health act as a data processor and you should refer to our relevant clients’ Privacy Notices for details of how personal data is processed where they act as the data controller. 


If you have questions about how we process personal data, or if you would like to exercise your data subject rights please contact us.

Collection of Personal Data

We obtain information about you from a range of sources and for various purposes. The data we collect and the source of that data is set out below.


What type of information is collected from you?


Visitors to our website


If we want to collect personally identifiable information through our website, we will make this clear at the point personal information is collected and will explain what we intend to do with it.


Use of cookies


Like many other websites, the Quiddity Health website uses cookies. ‘Cookies’ are small pieces of information sent by a website to your device and stored to enable that website to recognise you when you visit in the future. They can also be used to collect statistical data about your browsing activity and patterns of behaviour but do not identify you as an individual. This helps us to understand how people who visit our website use it, enabling us to improve the layout and contents for visitors.
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 


A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

 

  • 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 
  • 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 
  • 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access.

 

 Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.


We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. 


It is possible to switch off cookies by setting your browser preferences and settings. Turning cookies off may result in a loss of functionality when using our website.


Communications


If you choose to contact us and share your personal information with us, we will use this to respond and communicate with you. We may also use this information to contact you with newsletters, marketing or promotional materials and other information about Quiddity Health. You will be able to opt-out of these types of communications at any point and details of how to do so will be included within all such communication. If you choose to opt-out of receiving these communications, we will still contact you in relation to any work we are doing with you.


What type of information is collected about you?

We collect information about you which is publicly available (for example published on websites, social media platforms or public records and registers), when you use our website, when you contact us about products and services (for example by email or telephone), or in the course of business with you or an organisation that you represent.  

We also obtain information about you from third parties who sell lists of personal data for marketing purposes.  

We will be acting as the Data Controller for this data.

    Lawful basis for the processing of personal data

    The section below describes the various forms of personal data we collect and the lawful basis for processing this data. When we process data on the basis of a legitimate interest, we apply the following test to determine whether it is appropriate:

     

    • Purpose – is the purpose of processing personal data legitimate?
    • Necessity – is the processing necessary to fulfil that purpose?
    • Balance – to the individual’s interests, rights or freedoms override the legitimate interest?

     

    1. Purpose of processing

     To provide you with information about services and products


    Data collected

     Name, job title, company name, email address, telephone number, business sector 


    Purpose for collection

     To provide appropriate information via email or telephone about services and products that you have requested. To provide further, related, information via email or telephone in relation to the identified area of interest. To provide appropriate information via email or telephone in relation to services and products offered by our clients.


    Lawful basis for processing

     Performance of a contract and Legitimate interests 


    Data sharing

     Internal and External clients


    Retention period

     Maximum 8 years from the date of last contact


    2. Purpose of processing

     Transactional information 


    Data collected

     Name, registered address, email address, telephone number, bank account details (for credit accounts) 


    Purpose for collection

     To enable invoicing for goods and services. For accounting and taxation purposes. Contract management and in support of any contractual claim which may arise.


    Lawful basis for processing

     Performance of a contract, Compliance with a legal obligation and Legitimate interests 


    Data sharing

     Internal and External - Professional advisors


    Retention period

     8 years from the performance of the contract for financial records Relevant statutes of limitation for legal claims 


    3. Purpose of processing

     Analytics


    Purpose for collection

     Statistical and analytical purposes, intended to improve the Site


    Lawful basis for processing

     Legitimate interests 


    Data sharing

     Internal and External - Service providers we may contract with for this purpose 


    Retention period

     Maximum 8 years from the date the information is collected 


    4. Purpose of processing

     Advertisements


    Purpose for collection

     To serve you advertisements when you use our Site


    Lawful basis for processing

     Legitimate interests 


    Data sharing

     Internal and External - Service providers we may contract with for this purpose 


    Retention period

     Maximum 8 years from the date the information is collected 


    5. Purpose of processing

     Security 


    Data collected

     Internet Protocol (IP) address, MAC address and UUID, geolocation data, browser type and version, operating system and platform, browsing data


    Purpose for collection

     Protection of our website and infrastructure from cyber-attack and to investigate and report any illegal activities 


    Lawful basis for processing

     Legitimate interests 


    Data sharing

     Internal and External - Service providers we may contract with for this purpose 


    Retention period

     Relevant statutes of limitation for legal claims 

       

    6. Purpose of processing

     Communications


    Data collected

     Name, email address, telephone number 


    Purpose for collection

     To communicate with you in relation to matters you have raised with us or following an interaction between us and to communicate with you in relation to products and services offered by our clients


    Lawful basis for processing

     Legitimate interests 


    Data sharing

     Internal and External - Professional advisors and clients


    Retention period

     Maximum 8 years from the date of last contact and relevant statutes of limitation for legal claims 

       

    7. Purpose of processing

     Data Subject Rights 


    Data collected

     Name, email address, telephone number, proof of ID


    Purpose for collection

     To enable data subjects to exercise their rights over personal data 


    Lawful basis for processing

     Compliance with a legal obligation 


    Data sharing

     Internal and External - Clients


    Retention period

     Maximum 8 years from the date of last contact and relevant statutes of limitation for legal claims 


    Recipients of Personal Data


    We work alongside other organisations which support us in the operation of our business and will share personal information with them where this is required and lawful. 

     

    Where we engage external service providers to process data on our behalf (data processors) we only use providers that can give sufficient guarantees they will implement appropriate technical and organisational measures to ensure their processing will meet legal requirements and protect data subjects’ rights. We also ensure that we hold a written contract with each of our data processors setting out obligations, responsibilities and liabilities.


    Where we jointly determine the purposes and means of any processing with another organisation we will act as ‘joint data controllers’ and will ensure we have entered into an arrangement to agree our respective responsibilities to ensure compliance with the law. We currently work alongside the following organisations as joint data controllers and will share personal data with them when providing our services:


    Aire Logic - www.airelogic.com/legal/commercial-privacy-policy

    Anya Health - www.anya.health/

    Better Care - www.better.care/privacy-policy/

    Brain Plus - www.brain-plus.com/privacy/

    Care Animations - www.careanimations.com/wp-content/uploads/2021/02/privacy-en.pdf

    COGNISS - www.cogniss.com/privacy-policy

    Dr Doctor - www.my.drdoctor.co.uk/privacy

    EQL - www.eql.ai/privacy

    Ethypharm - www.ethypharm.com/data-protection-policy/

    Fibricheck - www.fibricheck.com/privacybeleid/?lang=en

    GP Specialists - www.gpspecialists.co.uk/

    HeadSpace - www.headspace.com/privacy-policy

    Health Navigator Limited - www.hn-company.co.uk/privacy-policy/

    Hedia - www.hedia.com/terms-and-conditions/

    Holly Health - www.hollyhealth.io/policy

    Improvewell Limited - www.improvewell.com/transparency-notice/

    Infinity Health - www.infinity.health/privacy-policy

    Leva Clinic - www.levaclinic.com/privacy-policy

    Lifen - www.lifen.health/en/confidentiality?

    Limbic.ai - www.limbic.ai/pp/

    Maldaba - www.maldaba.co.uk/privacy-policy/

    Medwise - www.medwise.ai/privacy.html

    Monsenso - www.monsenso.com/privacy-policy/

    Neu Health - www.neu.health/privacy-policy

    Patient MPower - www.info.patientmpower.com/privacy-policy/

    PostOp - www.postop.ai/privacy

    QLOG - www.qlog.co/

    Radiobotics - www.radiobotics.com/about

    Silver Cloud - www.silvercloudhealth.com/uk/privacy

    Skinvision - www.skinvision.com/privacy

    SpeakSuite - www.speaksuite.com/privacy-policy

    Syndi - www.syndi.health/privacy

    Triumf Health - www.triumf.health/privacypolicy

    Tucuvi - www.tucuvi.com/legal-pages/privacy

    Ummanu Health - www.ummanu.health/tos/

    Vital Beats - www.vitalbeats.com/privacy-en

    Wellola - www.wellola.com/privacy-policy

    xWave Technologies Limited - www.xwave.ie/privacy-policy


    We may also disclose personal data if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: 

     

    • Comply with any applicable law, regulation, legal process or governmental request;
    • Enforce our policies (including our Agreement), including investigations of potential violations thereof; 
    • Investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; 
    • To establish or exercise our rights to defend against legal claims; 
    • Prevent harm to the rights, property or safety of us, our users, yourself or any third party; or 
    • For the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.

     

    Please note that some data recipients may be located outside the UK. In such cases we will transfer your data only to such countries which provide an adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

    Security measures in place to protect your information

    We take steps to ensure that the personal data we hold is treated securely. Whilst we endeavour to use commercially acceptable means to protect the information we hold, we cannot guarantee its absolute security.

    Email

    We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government and industry best practice. If your email service does not support TLS, you should be aware that any emails sent or received may not be protected in transit.
    We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.

    Storage of personal data

    Quiddity Health Ltd. is based in the UK. We use a range of cloud-based service providers to process data on our behalf. Our main cloud providers used to store corporate and personal data are hosted within the EU. We operate a data retention policy in respect of all data held whether in hard copy or digital format.

    Advertisements

    We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser). 

    You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative ("NAI") and the Digital Advertising Alliance ("DAA"). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/.

    Marketing

    We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you.  

    Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists. 

    Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.

    Corporate transaction

    We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Notice.

    Minors

    We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us.

    Your rights

    Under Data Protection law you have rights as an individual (data subject) which you can exercise in relation to the information we hold about you.

    If you wish to exercise any of your rights, please contact us. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

    The right to be informed

    As a data controller, we must be transparent about our data processing activities and provide data subjects with information about the personal data we collect and how we use this. We achieve this through the use of this privacy policy and within relevant communications we may send to you.

    The right of access

    You may request a copy of the personal data we hold about you free of charge. Before responding to any request, we will need to verify your identity and, if relevant, the authority of any third-party requestor. We will then provide you with access to the personal data we hold about you within 28 days, as well as the following information:
    • The purposes of the processing
    • The categories of personal data concerned
    • The recipients to whom the personal data has been disclosed
    • The retention period or envisioned retention period for that personal data
    • When personal data has been collected from a third party, the source of the personal data
    If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

    If there are exceptional circumstances that mean we can refuse to provide the information, we will explain what these are. If requests are frivolous or vexatious, we may have grounds to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

    The right to rectification

    If we hold information about you which you believe may be incomplete or inaccurate, you can ask us to correct any mistakes or update your information by contacting us. You may also request that your information is not processed until it is updated or corrected (see ‘The right to restrict processing’ below).

    The right to erasure (the ‘right to be forgotten’)

    You may request that we delete the personal data we hold about you where there is no overriding legal basis or legitimate reason for us to continue processing your personal data. This includes personal data that may have been processed unlawfully. We will take all reasonable steps to ensure erasure.

    The right to restrict processing

    You may request that we stop processing your personal data for a particular purpose. Where this happens, we will continue to hold your personal data, but we will not process it any further for those purposes. You can request that we restrict the processing of your personal data where you:
    • Are contesting the accuracy of the personal data that we hold about you;
    • Believe the processing of your personal data is unlawful;
    • Believe we no longer need to process your personal data, but the personal data is required for part of a legal process;
    • Have exercised your right to object to the processing of your personal data and processing is restricted pending a decision in this respect.
    The right to data portability

    You may request that your personal data is transferred to another data controller or data processor in a commonly used and machine-readable format. This right is only available if you have provided your personal data to us, the original processing was on the basis of consent or for the performance of a contract, and if the processing is carried out by automated means.

    The right to object

    You have the right to object to our processing of your data where
    • Processing is based on our legitimate interests;
    • Processing is for the purpose of direct marketing;
    • Processing is for the purposes of scientific or historical research;
    • Processing involves automated decision-making and profiling.

    Links to other websites


    Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy policies or statements on the other websites you visit.


    If you visited our website using a link from another third-party website, we cannot be responsible for the privacy policies and the practices of the owners and operators of that website.


    We cannot be responsible for the privacy policies and practices of other websites even if they link to our website or if you access them using links from our website.


    Changes to this Privacy Notice


    We keep this Privacy Notice under regular review. This Privacy Notice was last updated in April 2022.


    Permitted Use

    

    You are not permitted to use this website, domain names, Uniform Resource Locators ("URLs"), databases, functions or its content, other than for private, non-commercial purposes. Use of any automated system or software, whether operated by a third party or otherwise, to extract any data from this website for commercial purposes ("screen scraping") is strictly prohibited.


    How to contact us


    For details of how to contact us, please see our contact page at www.quiddityhealth.com/contact


    How to make a complaint


    Quiddity HealthLtd. strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You can do this by contacting us.


     If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO). Please see the ICO’s website for more information:
    Share by: