We, Avegen Limited (“Company”, “we”, “us”, “our”) are the owners of the health management platform namely (HealthMachine™) consisting of a web application and mobile application collectively referred to as (“the Platform”) and operators of the websites www.healthmachine.io, (the “Website”). The Platform facilitates hospitals/clinicians to manage patient’s health records, schedule appointment, run reports and interact with the patients (“Services”).
“User(s)”, “you”, “your”, “Organisation”, “Hospitals” means and include organisations, hospitals, clinicians, visitor of the Website, permitted users and patients of such organisations, hospitals that have been authorised by the hospitals to avail the Services though the Platform.
“User Content” means and include patient reports, health information, photographs, uploaded by the permitted users or patient on the Platform.
“UK Data Protection Law” means the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing.
PERSONAL INFORMATION COLLECTED
Personal Information collected on the Website- To get in touch with us through the contact us page, chat box or to request a demo of our products on the demo page available on the Website, you are required to provide your Personal Information.
As per the provisions of the GDPR and the UK Data Protection Law we shall be considered the controllers of the Personal Information collected on the Website.
Personal Information collected to provide the Services- To avail the Services, User is required to complete the registration/subscription formalities, after completion of such formalities, Company shall create an account for the User (“User Account”). During the registration process, for using the Services and for availing the Services User will be required to share/upload certain Personal Information.
As per the provisions of the GDPR and the UK Data Protection Law we shall be considered the processors of the Personal Information shared by the Users to avail the Services.
Technical Data: We may also collect some technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Platform.
Wearables: When you access our Platform by using your wearable devices, we may collect your Personal Information during the authentication and login process. We may also collect data related to your physical activities including but not limited to number of steps completed, heart rate, number of floors climbed and such other information as captured by such wearable devices.
WE DO NOT DIRECTLY COLLECT ANY MEDICAL INFORMATION, HEALTH SENSITIVE DATA, SPECIAL CATEGORIES OF DATA. YOU MAY TO AVAIL THE SERVICES, VOLUNTARITY SHARE YOUR MEDICAL INFORMATION, HEALTH SENSITIVE DATA WITH THE ORGANISATIONS OR HOSPITALS.
We use tracking technologies, analytical tools and cookies to improve our Platform and your experience while using our Platform.
The Platform uses Google Analytics (formerly firebase analytics), a web analytics service provided by Google Inc. (“Google”). This is done by anonymously sending tracking events which enable the analysis of your use of the App. The information generated through these events about your use of this Platform are usually transferred to a server of Google in the US and stored there. In case of activation of IP anonymization on this App your IP address from Google will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address is transmitted to a Google server in the US and shortened there. You can refuse the use of tracking events by selecting the appropriate setting through the settings menu within the browser. You can also prevent the data generated by the cookie and related to your use of the Platform to Google and the processing of these data by Google, by selecting the following link (https : // Download tools.google.com/dlpage/gaoptout/) available browser plug-in and install it.
Types of Cookies used: We use the following types of Cookies
Strictly necessary cookies
improve the user experience on the Platform
understand the usage based on the geographical area
understand the usage based on the demographics
understand and get usage patterns of the users
The cookies will collect following information:
Clicks and scroll on the website;
Visitor’s operating system, browser information, CPU, GPU; and
Information of Service Provider.
Will disabling the cookies allow users to use the Platform?
We will not restrict the usage of the Platform if the cookies are disabled.
ACCURACY OF INFORMATION
One of the aims of the Platform is to enable the healthcare support programme (“Support Programme”) team to monitor the patients’ current state of health and treatment, which you can do by directly accessing the information they provide. None of this information will be visible to Company, or its associated companies, and may only be accessed by the technical service provider partner of the Website if there is a problem, with the prior written consent of the Users, and then only at your request. The technical service provider has committed to maintaining the strictest confidence in such circumstances. The information entered into the Platform is in confidence between you and your patients and / or the carers.
Avegen will, with the prior written consent of the patients and / or carers, only have access to data that does not contain any information that could identify a particular patient and for specific and limited purposes which may include providing the anonymised data to a third party who will report back on the usage of the Platform and the programme. Certain information collected on the Website may be anonymised and used to measure usage of the Website and to improve its content. Your patients’ data should be kept live on the Platform only for as long as is reasonably needed and in accordance with any applicable legal or ethical reporting or documentation retention requirements. Thereafter the data should be archived in accordance with the Support Programme’s retention policy. This is your responsibility not that of Company.
We may also use your Personal Information collected to create aggregate anonymized data. We shall ensure that such anonymized data will not be directly identifiable to you or to the Personal Information shared with us. We may use this anonymized data for any purpose including but not limited to conduct research, analytical purposes, and to improve our Services. By using the Services and/or visiting our Website, you provide us the right to use your Personal Information to create anonymized data and use it for our business purposes
USE OF PERSONAL INFORMATION
For the legitimate business purpose, we shall use the Personal Information in the following cases:
Personal Information provided by visitors of Website:
To provide visitors with the demo of our product offerings.
To respond to enquiries pertaining to our Services and product offerings.
To provide User information about any new offerings/and or our periodic newsletter.
Personal Information provided by Users for availing the Services:
To provide User with the Services and to assist the User in the event the User needs any additional support.
To assist User with technical difficulties that may arise in relation to User’s use and access of the Services.
To maintain and manage User Account;
To manage our relationship with User;
We use the information collected from your wearable device to provide services like-
Recording your activity including but not limited to the number of steps that you have completed, number of floors that you have climbed, heart rate etc.
Generating health reports based on your activity on a daily, weekly or monthly basis.
Calculating whether you have achieved your goals or commitments.
Legal Basis for Processing Personal Information:
We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information as per the provisions of the UK Data Protection Law and GDPR and only on the legal basis of consent, contract, or on the basis of our legitimate interests, provided that such interests are not overridden by your privacy rights and interests.
We do not sell, rent, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. However, in course of providing Services to you or access to the Platform we may share your personal Information with certain parties. Accordingly, you expressly give your free consent to us to disclose or share your Personal Information in the following cases.
Affiliates: We may provide Personal Information we collect to our affiliates. For example, we may disclose Personal Information to our affiliates in order to respond to User’s requests for information or the Services.
Administrators: We may provide access to User’s Personal information to any of our authorized administrators for an internal business purpose, who shall be under confidentiality obligations towards the same.
Partners: We may provide access to your pseudonymized Personal information to the Commercial Partners, who shall be under confidentiality obligations towards the same.
Data Controller: Where applicable, we may provide access to your pseudonymized Personal information to the Data Controller, who shall be under confidentiality obligations towards the same.
Merger or Acquisition: We may transfer User’s Personal Information if we are acquired by or we acquire or merge with another company or transfer a part of our business, including the Platform, to a third party. Any third party or resultant entity that receives the User’s Personal Information pursuant to a merger, demerger, amalgamation, reconstruction, change in control or business transfer shall have the right to continue to use User’s Personal Information. In the event of such a sale or transfer, we may notify the Users.
Legal and Regulatory Authorities: We may in order to comply with our legal obligations/ court orders/ requests by Govt. authorities share Personal Information with legal and regulatory authorities.
TRANSFER OF YOUR PERSONAL INFORMATION ACROSS BORDERS (FOR EU RESIDENTS)
Your Personal Data is stored on servers within the EU. There may be instances when the processing of your Personal Information will involve a transfer of Personal Information outside the European Economic Area (the “EEA”). Whenever we transfer your Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that any such international transfers are either necessary for the performance of the relevant software as a service agreement (relating to your use of the Support Programme) and the overseas recipient or are made subject to appropriate or suitable safeguards as required by your local data protection laws. If you have questions, please contact Support@healthmachine.io.
We will retain User’s Personal Information as long as it is required to be retained for the purpose of provision of the Services. We may also retain and use User’s Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
User’s Personal Information is stored on the AWS cloud servers located within the European Union. We have implemented technical and organisational measures to safeguard Personal Information against loss, destruction, access, modification or dissemination by unauthorised persons. Access to Personal Information is only permitted for a limited number of authorised persons. We have implemented encryption at rest for on-disk data, two factor authentication and pseudonymisation as privacy enhancing technologies. All network communication is encrypted with TLS 1.2 and have incorporated data protection By Design and By Default into our systems. Although we provide appropriate firewalls and protections, we cannot warrant the security of any Personal Information transmitted as these systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, technical issues is possible, and we assume no liability or responsibility for it.
User is responsible for all the actions that take place under the User Account. If User chooses to share User Account details and password or any Personal Information with third parties, the User is solely responsible for the same. If User loses control of the User Account, User may lose substantial control over its Personal Information and may be subject to legally binding actions. It is User’s responsibility to keep User’s password confidential and secure.
CHILDREN’S AND MINOR’S PRIVACY
The Service is not directed to individuals under the age of 16, and we request that these individuals not provide personal information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained below under Contacting Us. Although the Website is not intended for use by minors, the Company respects the privacy of minors who may inadvertently use the internet or the Website.
ACCESSING AND MODIFYING PERSONAL INFORMATION
In case you or your patients need to add or delete the Personal Information request will be required to be raised with our tech support team at Support@healthmachine.io, you can make changes to your Personal Information by yourself.
You have the right to access your Personal Information in our possession, right to have us rectify or modify any such Personal Information, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of your Personal Information, right to request to port your Personal Information, withdraw consent at any time where we are relying on consent to process your Personal Information, If you withdraw your consent, we may not be able to provide certain products or services to you. We may need to request specific information from you to help us confirm your identity or also contact you for further information in relation to your request.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
If you would like to exercise ANY of these rights, please contact Support@healthmachine.io. If you are a resident of the EU, you have the right to lodge a complaint with a data protection authority/supervisory authority of your region.
For UK residents - You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues
(https://ico.org.uk/make-a-complaint/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
LINKS TO OTHER WEBSITES
CHOICE AND OPT-OUT
We may send you communications including but not limited to (a) notices about your use of our Platform and Offerings, including those concerning violations of use, (b) updates, (c) promotional information regarding our Offerings, and (d) newsletters. You may opt out of receiving promotional emails and newsletters from us by following the unsubscribe instructions provided in those emails. Alternatively, you can opt out, at any time, by emailing Support@healthmachine.io with your specific request.
LIMITATION OF LIABILITY
GOVERNING LAWS AND DISPUTES
CHANGES TO THIS POLICY
Postal address: Rivertech, Basing House, 46 High Street Rickmansworth, United Kingdom WD3 1HP