Effective from 17th September 2019

This privacy notice applies to your use of the Chronic Insights App available on the Google Play Store and Apple App Store. It outlines what data we collect, why, and how we store it.

If you have any questions about how we process your information, please don’t hesitate to get in touch by emailing our Data Protection Officer at:

james@chronicinsights.com

Who we are

Your relationship is with Chronic Insights Ltd. When this policy talks about "Chronic Insights", "us", "we" or "our", it means Chronic Insights Ltd.

When this policy talks about the “App”, it means the Chronic Insights mobile app.

We are a private limited company registered in England, UK, and our registered office address is TusPark, Maybrook House, 27 Grainger Street, Newcastle upon Tyne, United Kingdom, NE1 5JE. Our company registration number is 11543455.

The purpose of our data collection

Chronic Insights Ltd was founded by James Allen (CEO) who has ankylosing spondylitis, a painful and long-term health condition, to help other people live better with chronic illness. The mission of the company is to alleviate suffering, to help people with long term health conditions manage and live alongside their symptoms more easily, to raise awareness of the impact of long-term health conditions, and to help create a shared understanding of what it's like to experience a long term health condition.

One way that we do this is by collecting Anonymous Health Data you enter into the App, which we process, summarise and show back to you and all other users with the same condition (and their carers, friends and healthcare team) in order to gain insights about what others experience, what they find helps or aggravates their symptoms and other information which might be useful in managing your condition.

We also collect the Anonymous Health Data you enter to share with researchers, charities and organisations who are committed to improving the lives of people with long term health conditions, in line with our company mission to help alleviate suffering.

We believe in privacy as a basic human right, and are supporters of GDPR, so we are committed to collecting only strictly anonymous data. Absolutely no personally identifiable information is collected and stored with the Anonymous Health Data.

In addition to Anonymous Health Data, we also collect Telemetry, Crash and Feedback Data in order to maintain a high quality of service to you. Telemetry data is collected to develop a more useful and usable app. Crash Data is collected to help us identify quality issues with the app and software problems which need fixing. Feedback Data is collected via a user feedback feature within the App which allows users to optionally inform us of problems, suggest new features or make any other comments to help us improve the App.

Categories of data we collect

Anonymous Health Data

The App sends anonymous health data to our servers, so that people who suffer from the same health conditions can view, understand and gain insight into the severity of their symptoms, how they change over time, and how they manage their conditions.

Anonymous Health Data contains information such as the following, which you enter into the App:

- The names of your health conditions

- What symptoms you experience, and changes in severity over time

- Event occurrences that you enter into the App which you think might aggravate or ease your symptoms

- Where on your body you experience symptoms (if applicable)

- The names of medications you enter into the App, their dosage, and when you took them

Telemetry Data

Telemetry Data contains the following information which is collected as you use the App:

- When and how often you use features within the App

- How you use features within the App

Crash Data

Crash Data contains the following information which is collected if the app suffers a crash or error:

- What time the App crashes or develops an error, and technical details of the crash or error

Feedback Data

Feedback Data are optional user feedback messages which you can send us in order to make suggestions, report problems or make other comments about the App.

How we collect your data

A unique randomly generated anonymous identifier is generated on your device when you install the App. When any data we collect is sent to us (Anonymous Health Data, Telemetry, Crash or Feedback Data), the only identifier used is the randomly generated anonymous identifier. You data, together with the anonymous identifier, are cryptographically signed, encrypted and sent securely to our servers. Absolutely no personally identifiable information, such as your name or email address will be sent to us.

We will remove any health conditions, events or other information from any data sets which we publish or share which may accidentally identify a user (for example, extremely rare health conditions or medications).

How we use your data

Anonymous Health Data

Anonymous Health Data collected by us will be used in the following ways:

- to provide you and other users with insight into what other people with the same condition experience, and how they manage their conditions. We will do this by showing you processed Anonymous Health Data from other users within the App. This information is designed to help people who suffer from long-term health conditions, carers, friends, family and healthcare professionals better visualise and understand what other people with long term conditions do and experience;

- to provide information to charities, researchers and other organisations who are committed to alleviating suffering of people with long term health conditions, so that understanding and insight into long term health conditions can be provided and to help raise awareness about the impact of long-term health conditions;

- to monitor trends such as which health conditions and symptoms are most frequently reported by users, so that we can better raise awareness of the App and target our marketing towards people with specific health conditions, and design improvements to the App to cater for specific health conditions and symptoms;

- to provide you with relevant content targeted towards the health conditions and symptoms which you enter into the App, such as tips, motivational messages, blog articles, audio/visual content or 3rd party content;

- for our own marketing purposes in order to promote and advertise the App and it's capabilities;

Telemetry, Crash and Feedback Data

Telemetry, Crash and Feedback Data collected by us will be used in the following ways:

- to rectify usability problems with the App which make it hard to use;

- to design new features which will make the App more useful to you;

- to remove or redesign features which are not useful to you;

- to investigate, fix and patch software bugs and design flaws;

Sharing your data with others

Anonymous Health Data

We may share your Anonymous Health Data with 3rd parties such as charities, researchers and other organisations who are committed to alleviating suffering of people with long term health conditions. We do this in line with our mission to help alleviate suffering of people with long term health conditions and to raise awareness.

We do not collect any personally identifiable information from you. We only share data which is strictly anonymised and cannot be traced back to you in any way.

Backup Data

The App includes an optional feature to backup your data to a 3rd party GDPR-compliant Data Processor, Dropbox Inc, to ensure you can restore your data in the event of data loss (for example, if you lose or upgrade your device, or uninstall the app). This is referred to as your Backup Data.

We do not collect this Backup Data and have no access to it.

Dropbox Inc. are a cloud storage service headquartered in 185 Berry St. Ste. 400 San Francisco, CA, 94107 and is certified under the EU-US Privacy Shield and Swiss-US Privacy Shield. You can request our Data Protection Agreement with Dropbox by contacting our Data Protection Officer at:

james@chronicinsights.com

Use of the backup feature requires that you have a Dropbox account. The first time you use the backup feature within the App to backup your App data, you must login to your Dropbox account. An authentication token is stored securely within the App for subsequent use.

Your Backup Data is stored according to the terms and conditions you agreed to when you signed up for your Dropbox account. Your relationship with Dropbox is entirely separate to your relationship with Chronic Insights. Chronic Insights is in no way affiliated or partnered with Dropbox.

The App is only granted access to a specific subfolder, Apps/ChronicInsights, in your Dropbox account. The App uses this access to read and write your Backup Data for the purposes of backup and restore of your App data.

It is your responsibility to control access to your Dropbox account, and to take appropriate measures to protect access to it (for example, by using a strong password which you do not reveal to others). Anyone who you intentionally or accidentally provide access to the Apps/ChronicInsights folder in your Dropbox account will also have access to the data you have entered into the App.

Retention periods

Anonymous Health Data

We do not collect any personally identifiable information with your Anonymous Health Data. We only collect strictly anonymous data, which is used to provide ongoing value to other people with chronic health conditions by providing awareness, understanding and insight into what symptoms people with long-term health conditions experience, and what they do to help manage them. As this data is strictly anonymous, we do not have retention period policies for this data.

Telemetry, Crash and Feedback Data

Telemetry, Crash and Feedback Data are only retained for as long as necessary to fulfil the purposes for which we process this data for.

To determine the appropriate retention period for this data, we consider the amount, nature and sensitivity of any personal data, the potential for risk or harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of the retention periods for different aspects of your Telemetry, Crash and Feedback Data are available in our retention policy which you can request by contacting us.

You can ask us to delete your Telemetry, Crash and Feedback Data at any time by contacting us at:

james@chronicinsights.com

Data storage, security and international transfers

We have carefully designed the App and our servers to never store any data which can be personally linked back to you.

We follow best practice security measures to ensure that our App and servers are secure and maintained using the latest software updates, and to minimise the possibility that any personally identifiable data is accidentally transmitted, lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your Telemetry, Crash and Feedback Data to our employees, agents, contractors and 3rd parties who have a business need to know. They will only process your data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Children’s privacy protection

This App is not designed for, or intentionally targeted at, children and we do not knowingly collect data related to children.

Your rights

Anonymous Health Data

As Anonymous Health Data is strictly anonymised, and contains no personally identifiable information, rights to erasure under GDPR and the UK Data Protection Act 2018 do not apply. By agreeing to this Privacy Policy and EULA when installing the App, you agree that any anonymised information submitted to us cannot be deleted because we will be unable to identify which data records were collected from you.

Telemetry, Crash and Feedback Data

You have the right to withdraw your consent for our collection of Telemetry, Crash and Feedback Data at any time. Please contact our Data Protection Officer if you would like this data to be deleted.

You also have specific rights under the GDPR and Data Protection Act 2018 to:

- understand and request a copy of information we hold about you;

- ask us to rectify or erase personal information we hold about you, subject to our statutory requirements to store data for prescribed periods of time;

- ask us to restrict our processing of your personal data or object to our processing; and

- ask for your data to be provided on a portable basis.

You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).

Changes to this policy

We may update this policy from time to time and, if we make any material changes, we will notify ¬-you when we do so. By continuing to use our App after any changes are made and we have notified you of them, the way we use your data will be subject to the terms of the updated policy.

Contact us

For any questions or concerns, you can contact us by sending an email to:

james@chronicinsights.com