PRIVACY POLICY

 

INTRODUCTION

We, Avegen Limited (“Company”, “we”, “us”, “our”) are the owners of the health management platform namely (HealthMachine™) consisting of a web application and mobile application collectively referred to as (“the Platform”) and operators of the websites  www.healthmachine.io, (the “Website”). The Platform facilitates hospitals/clinicians to manage patient’s health records, schedule appointment, run reports and interact with the patients (“Services”). 

We respect data privacy rights and are committed to protecting personal information collected on the Platform. This privacy policy (“Privacy Policy”) sets forth how we collect, use and protect the personal information collected on the Platform. 

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CLICKING “I AGREE” OR BY CONTINUING TO USE THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT AVAIL THE SERVICES OR ACCESS THE PLATFORM.

 

IF YOU ARE USING THE SERVICES OR ACCESSING THE PLATFORM ON BEHALF OF A THIRD PARTY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO USE AND AVAIL SERVICES OR ACCESS THE PLATFORM AND TO BIND SUCH THIRD-PARTY TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND, IN SUCH AN EVENT YOUR USE OF THE SERVICES OR THE PLATFORM SHALL REFER TO USE BY SUCH THIRD PARTY. IF YOU DO NOT HAVE SUCH AN AUTHORITY (TO PROVIDE ANY PERSONAL INFORMATION OF A THIRD PARTY) OR DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, THEN YOU SHOULD REFRAIN FROM USING THE SERVICES.

 

This Privacy Policy is an electronic record in the form of an electronic contract being compliant and construed in accordance with the data protection laws of various jurisdiction such as The European Union (“EU”) general data protection laws (“the GDPR”), the UK Data Protection Law  and the  Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Information Technology Act 2000 (“Privacy Rules”) that require publishing of privacy policy for collection, use, storage and transfer of sensitive personal data or information. 

 

DEFINITION

“User(s)”, “you”, “your”, “Organisation”, “Hospitals” means and include organisations, hospitals, clinicians, visitor of the Website, permitted users and patients of such organisations, hospitals that have been authorised by the hospitals to avail the Services though the Platform. 

 

“User Content” means and include patient reports, health information, photographs, uploaded by the permitted users or patient on the Platform.

 

“UK Data Protection Law” means the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing.

 

 

PERSONAL INFORMATION COLLECTED

This Privacy Policy applies to Personal Information provided by the Users to avail the Services and by visitors of the Website. For purposes of this Privacy Policy, “Personal Information” means information that can be used to personally identify the User, including but not limited to User’s name, contact number, gender, NHS ID, e-mail address and physical address.

 

Personal Information collected on the Website- To get in touch with us through the contact us page, chat box or to request a demo of our products on the demo page available on the Website, you are required to provide your Personal Information. 

As per the provisions of the GDPR and the UK Data Protection Law we shall be considered the controllers of the Personal Information collected on the Website.

 

Personal Information collected to provide the Services- To avail the Services, User is required to complete the registration/subscription formalities, after completion of such formalities, Company shall create an account for the User (“User Account”). During the registration process, for using the Services and for availing the Services User will be required to share/upload certain Personal Information. 

As per the provisions of the GDPR and the UK Data Protection Law   we shall be considered the processors of the Personal Information shared by the Users to avail the Services.

 

Technical Data: We may also collect some technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Platform.

 

Wearables: When you access our Platform by using your wearable devices, we may collect your Personal Information during the authentication and login process. We may also collect data related to your physical activities including but not limited to number of steps completed, heart rate, number of floors climbed and such other information as captured by such wearable devices. 


 

WE DO NOT DIRECTLY COLLECT ANY MEDICAL INFORMATION, HEALTH SENSITIVE DATA, SPECIAL CATEGORIES OF DATA. YOU MAY TO AVAIL THE SERVICES, VOLUNTARITY SHARE YOUR MEDICAL INFORMATION, HEALTH SENSITIVE DATA WITH THE ORGANISATIONS OR HOSPITALS.

 

TRACKING TECHNOLOGIES

We use tracking technologies, analytical tools and cookies to improve our Platform and your experience while using our Platform. 

 

The Platform uses Google Analytics (formerly firebase analytics), a web analytics service provided by Google Inc. (“Google”). This is done by anonymously sending tracking events which enable the analysis of your use of the App. The information generated through these events about your use of this Platform are usually transferred to a server of Google in the US and stored there. In case of activation of IP anonymization on this App your IP address from Google will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address is transmitted to a Google server in the US and shortened there. You can refuse the use of tracking events by selecting the appropriate setting through the settings menu within the browser. You can also prevent the data generated by the cookie and related to your use of the Platform to Google and the processing of these data by Google, by selecting the following link (https : // Download tools.google.com/dlpage/gaoptout/) available browser plug-in and install it.

 

Cookies 

Cookies- We use cookies and similar tracking technologies to track user traffic patterns and hold certain registration information. Tracking technologies also used are beacons, tags and scripts to collect and track information and to improve and analyze our service. If you wish to not have the information these technologies collect, used for the purpose of serving you targeted ads the Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to disable cookies altogether etc. 

Types of Cookies used: We use the following types of Cookies 

  •  Strictly necessary cookies

  • Analytical/performance cookies.

  • Targeting cookies.
     

We use cookies to: 

  • improve the user experience on the Platform

  • understand the usage based on the geographical area

  • understand the usage based on the demographics

  • understand and get usage patterns of the users
     

The cookies will collect following information:

  • Clicks and scroll on the website;

  • Visitor’s operating system, browser information, CPU, GPU; and

  • Information of Service Provider.
     

Will disabling the cookies allow users to use the Platform? 

We will not restrict the usage of the Platform if the cookies are disabled.

 

ACCURACY OF INFORMATION

User undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personal Information shared with us whether of its own or any third party. In the event the User is sharing any Personal Information on behalf of a third person, the User represents and warrants that he has the necessary authority to share such Personal Information with the Company, obtained a written consent from such third party and the Company shall not be responsible for verifying the same. The User understands and acknowledges that such Personal Information shall be subject to the terms and conditions of this Privacy Policy. 

 

SUPPORT PROGRAMME 

One of the aims of the Platform is to enable the healthcare support programme (“Support Programme”) team to monitor the patients’ current state of health and treatment, which you can do by directly accessing the information they provide. None of this information will be visible to Company, or its associated companies, and may only be accessed by the technical service provider partner of the Website if there is a problem, with the prior written consent of the Users, and then only at your request. The technical service provider has committed to maintaining the strictest confidence in such circumstances. The information entered into the Platform is in confidence between you and your patients and / or the carers.

Avegen will, with the prior written consent of the patients and / or carers, only have access to data that does not contain any information that could identify a particular patient and for specific and limited purposes which may include providing the anonymised data to a third party who will report back on the usage of the Platform and the programme. Certain information collected on the Website may be anonymised and used to measure usage of the Website and to improve its content. Your patients’ data should be kept live on the Platform only for as long as is reasonably needed and in accordance with any applicable legal or ethical reporting or documentation retention requirements. Thereafter the data should be archived in accordance with the Support Programme’s retention policy. This is your responsibility not that of Company.

 

ANONYMIZED DATA

We may also use your Personal Information collected to create aggregate anonymized data. We shall ensure that such anonymized data will not be directly identifiable to you or to the Personal Information shared with us. We may use this anonymized data for any purpose including but not limited to conduct research, analytical purposes, and to improve our Services. By using the Services and/or visiting our Website, you provide us the right to use your Personal Information to create anonymized data and use it for our business purposes

 

USE OF PERSONAL INFORMATION

For the legitimate business purpose, we shall use the Personal Information in the following cases:

 

Personal Information provided by visitors of Website:

To provide visitors with the demo of our product offerings.

To respond to enquiries pertaining to our Services and product offerings.

To provide User information about any new offerings/and or our periodic newsletter.

 

Personal Information provided by Users for availing the Services:

To provide User with the Services and to assist the User in the event the User needs any additional support.

To assist User with technical difficulties that may arise in relation to User’s use and access of the Services.

To maintain and manage User Account;

To manage our relationship with User;

 

We use the information collected from your wearable device to provide services like-

Recording your activity including but not limited to the number of steps that you have completed, number of floors that you have climbed, heart rate etc.

Generating health reports based on your activity on a daily, weekly or monthly basis.

Calculating whether you have achieved your goals or commitments.

Legal Basis for Processing Personal Information:

We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information as per the provisions of the UK Data Protection Law and GDPR and only on the legal basis of consent, contract, or on the basis of our legitimate interests, provided that such interests are not overridden by your privacy rights and interests.

 

DISCLOSURES

We do not sell, rent, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. However, in course of providing Services to you or access to the Platform we may share your personal Information with certain parties. Accordingly, you expressly give your free consent to us to disclose or share your Personal Information in the following cases. 

 

Affiliates: We may provide Personal Information we collect to our affiliates. For example, we may disclose Personal Information to our affiliates in order to respond to User’s requests for information or the Services. 

 

Administrators: We may provide access to User’s Personal information to any of our authorized administrators for an internal business purpose, who shall be under confidentiality obligations towards the same.

 

Partners: We may provide access to your pseudonymized Personal information to the Commercial Partners, who shall be under confidentiality obligations towards the same.



 

Data Controller: Where applicable, we may provide access to your pseudonymized Personal information to the Data Controller, who shall be under confidentiality obligations towards the same.


 

Service Providers: We may share User’s Personal Information to the service providers, who are working with us in connection with the operation of the Services or the Platform, so long as such service providers are subject to confidentiality restrictions consistent with this Privacy Policy. 

 

Merger or Acquisition: We may transfer User’s Personal Information if we are acquired by or we acquire or merge with another company or transfer a part of our business, including the Platform, to a third party. Any third party or resultant entity that receives the User’s Personal Information pursuant to a merger, demerger, amalgamation, reconstruction, change in control or business transfer shall have the right to continue to use User’s Personal Information. In the event of such a sale or transfer, we may notify the Users.

 

Legal and Regulatory Authorities: We may in order to comply with our legal obligations/ court orders/ requests by Govt. authorities share Personal Information with legal and regulatory authorities. 

 

TRANSFER OF YOUR PERSONAL INFORMATION ACROSS BORDERS (FOR EU RESIDENTS)

Your Personal Data is stored on servers within the EU. There may be instances when the processing of your Personal Information will involve a transfer of Personal Information outside the European Economic Area (the “EEA”). Whenever we transfer your Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that any such international transfers are either necessary for the performance of the relevant software as a service agreement (relating to your use of the Support Programme) and the overseas recipient or are made subject to appropriate or suitable safeguards as required by your local data protection laws. If you have questions, please contact Support@healthmachine.io

 

DATA RETENTION

 We will retain User’s Personal Information as long as it is required to be retained for the purpose of provision of the Services. We may also retain and use User’s Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

 

SECURITY 

User’s Personal Information is stored on the AWS cloud servers located within the European Union. We have implemented technical and organisational measures to safeguard Personal Information against loss, destruction, access, modification or dissemination by unauthorised persons. Access to Personal Information is only permitted for a limited number of authorised persons. We have implemented encryption at rest for on-disk data, two factor authentication and pseudonymisation as privacy enhancing technologies. All network communication is encrypted with TLS 1.2 and have incorporated data protection By Design and By Default into our systems. Although we provide appropriate firewalls and protections, we cannot warrant the security of any Personal Information transmitted as these systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, technical issues is possible, and we assume no liability or responsibility for it. 

User is responsible for all the actions that take place under the User Account. If User chooses to share User Account details and password or any Personal Information with third parties, the User is solely responsible for the same. If User loses control of the User Account, User may lose substantial control over its Personal Information and may be subject to legally binding actions. It is User’s responsibility to keep User’s password confidential and secure.

 

CHILDREN’S AND MINOR’S PRIVACY

The Service is not directed to individuals under the age of 16, and we request that these individuals not provide personal information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained below under Contacting Us. Although the Website is not intended for use by minors, the Company respects the privacy of minors who may inadvertently use the internet or the Website.

 

ACCESSING AND MODIFYING PERSONAL INFORMATION

In case you or your patients need to add or delete the Personal Information request will be required to be raised with our tech support team at Support@healthmachine.io, you can make changes to your Personal Information by yourself. 

 

YOUR RIGHTS

You have the right to access your Personal Information in our possession, right to have us rectify or modify any such Personal Information, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of your Personal Information, right to request to port your Personal Information, withdraw consent at any time where we are relying on consent to process your Personal Information, If you withdraw your consent, we may not be able to provide certain products or services to you. We may need to request specific information from you to help us confirm your identity or also contact you for further information in relation to your request. 

 

You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

 

If you would like to exercise ANY of these rights, please contact Support@healthmachine.io. If you are a resident of the EU, you have the right to lodge a complaint with a data protection authority/supervisory authority of your region.

  

For UK residents - You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues

(https://ico.org.uk/make-a-complaint/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


 

LINKS TO OTHER WEBSITES

Our Website may contain links to other websites/applications of your interest. Please note that we do not have any control over such other websites/applications, and you will be accessing these websites/applications at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites/applications and those are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to such websites/applications. 

 

CHOICE AND OPT-OUT

We may send you communications including but not limited to (a) notices about your use of our Platform and Offerings, including those concerning violations of use, (b) updates, (c) promotional information regarding our Offerings, and (d) newsletters. You may opt out of receiving promotional emails and newsletters from us by following the unsubscribe instructions provided in those emails. Alternatively, you can opt out, at any time, by emailing Support@healthmachine.io with your specific request. 

 

LIMITATION OF LIABILITY

USER EXPRESSLY UNDERSTANDS AND AGREES THAT THE COMPANY SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, INFORMATION, DETAILS OR OTHER INTANGIBLE LOSSES (EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF THIS PRIVACY POLICY. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY HEREIN.

 

INDEMNIFICATION

User agrees to indemnify us, our subsidiaries, affiliates, officers, agents and employees (each, an “Indemnified Party”) and hold the Indemnified Party harmless from and against any claims and demand, including reasonable attorneys' fees, made by any third party due to or arising out of or relating to: (i) accuracy and correctness of Personal Information and User Content that User submits or shares through the Platform and (ii) User’s and its permitted user’s violation of this Privacy Policy and applicable laws,

 

GOVERNING LAWS AND DISPUTES

This Privacy Policy shall be construed and governed in accordance with the laws of the shall in all respects be governed by and construed and enforced in accordance with the laws of United Kingdom and the courts of United Kingdom shall have an exclusive jurisdiction to adjudicate any subject matter under this Privacy Policy.

 

CHANGES TO THIS POLICY

Please revisit this page periodically to stay aware of any changes to this Privacy Policy, which we may update from time to time. If we modify this Privacy Policy, we will make it available through the Platform and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change through our Platform.

This Privacy Policy was last modified on September 9th, 2021.

 

CONTACT US

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions or concerns or grievances regarding this Privacy Policy including any requests to exercise your legal rights, you can contact our DPO at
 

compliance@avegenhealth.com
 

Postal address:  Rivertech, Basing House, 46 High Street Rickmansworth, United Kingdom WD3 1HP