Privacy Policy
V1.4 | Last reviewed and updated: 30/07/2024
Who are AmaraHealth™?
AmaraHealth™ App is a new self-management, whole-body health and wellbeing mobile application available for the public to download on both iOS and android platforms and has been developed by Priority Digital Health Limited. Priority Digital Health Limited is a company incorporated and registered in England and Wales with company number: 10510683.
Priority Digital Health understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits AmaraHealth™ and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.
This Policy applies to Our use of any and all data collected by us in relation to your use of AmaraHealth™. Please read this Privacy Policy carefully and ensure that you understand it.
Your acceptance of Our Privacy Policy is deemed to occur upon your first use of AmaraHealth™. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Account”
means an account required to access and/or use certain areas and features of AmaraHealth™;
“AmaraHealth™”
means the AmaraHealth™ App and AmaraHealth™ web platform.
“Data Security Breach”
Means where sensitive, protected, or confidential personal information and personal data has potentially been accessed, stolen, or used without authorisation.
“ICO”
Means the Information Commissioner’s Office. The supervisory authority for data protection in the UK.
“Personal Data”
Means any information relating to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.The terms Personal Data and Personal Information are used interchangeably within this policy.
“We/Us/Our”
PRIORITY DIGITAL HEALTH LIMITED a company registered in England and Wales under number 10510683 whose registered office is at St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS (“the Data Controller”).
“You/Your”
Any user of AmaraHealth™ App and AmaraHealth™ web platform.
“UK GDPR”
(Retained EU Legislation) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) in conjunction with the Data Protection Act 2018.
“GDPR”
The General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The primary aim of the “GDPR” is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
“Data Protection Law”
All legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 (the“GDPR”), (“UK GDPR”) the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK.
Information About Us
Our Site, https://amarahealth.co.uk is owned and operated by Us.
What Does This Policy Cover?
This Privacy Policy applies only to your use of AmaraHealth™ App and Our Site. It does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your personal data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any personal data to them.
What Personal Data Do We Collect?
Some personal data will be collected automatically by the AmaraHealth™ App, other Apps (such as Apple Health, Google Health Connect) and from device information. Please see Our Site and Our Cookie Policy https://amarahealth.co.uk/cookies, for further details. Other personal data will only be collected if you voluntarily submit it, for example, when signing up for an Account. Depending upon your use of Our Site, We may collect some or all of the following personal data:
- name;
- date of birth;
- business/company/service name if relevant
- contact information such as email addresses, telephone numbers and device number;
- demographic information such as post code, preferences and interests;
- IP address (automatically collected);
- web browser type and version (automatically collected);
- operating system (automatically collected);
- usage data;
- a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected);
- data synced from Apple Health or Google Health Connect
Depending upon your use of the AmaraHealth™ App, We may collect some or all of the following personal data:
- Personal details;
- first name;
- last name;
- title;
- date of birth;
- gender;
- marital status;
- contact Information;
- email address;
- phone number;
- mobile phone number;
- home address;
- preferred method of contact;
- secondary contact;
- secondary contact phone number;
- demographic information;
- ethnicity;
- first language;
- country of original
- religion;
- employment details (such as work address, employment status and employment type);
- benefits status and benefits received;
- referrer information;
- referrer job role and organisation;
- referrer phone number;
- Medical Information
- nhs number;
- description (parent, carer or both)
- medical conditions;
- GP practice;
- support requirement;
- If you have anyone under 5 years old living with you;
- If you support or care for family/friends on a regular basis;
- If you have, or your spouse/partner, ever served in the Armed Forces;
- If you registered with a GP;
- breast feeding and pregnancy information;
- Sexuality;
- Whether you are deaf or blind;
- If you smoke;
- If you have had a health check in the past 5 years;
- If you have had support from substance abuse services in the past 6 months;
- mental health information;
- disability;
- health conditions and treatment;
- the nature of your long-term health condition;
- username and password (this helps secure and provide you with access to our Services)
- information relating to:
- wellbeing
- smoking
- height
- calories
- mood
- your exercise activity and time spent exercising
- water intake
- sleep duration and quality
- alcohol intake
All Content included on Our Site and the copyright and other intellectual property rights subsisting in that Content, unless specifically labelled otherwise, belongs to or has been licensed by Us. All Content is protected by applicable United Kingdom and international intellectual property laws and treaties.
Apple Health and Google Health Connect Syncing
When You opt to sync the AmaraHealth™ App with Apple Health or Google Health Connect, up to 14 days of data will be synchronised from the date syncing is first enabled. You can choose to sync health data from the following categories:
- Height
- Weight
- Sleep
- Water
- Workouts
Subsequent synchronizations will only update with new information.
Legal Grounds For Using Your Personal Data
We rely on the following legal bases for processing your personal data:
- Where it is necessary for the purposes of Our legitimate interests, such as providing Our mobile software application services to you.
- Where it is necessary in order to perform our obligations under our contract with you.
How Do We Use Your Personal Data?
All personal data is stored securely in accordance with the principles of the Data Protection Act 2018 and UK GDPR. No personal data is intended to be shared or processed for any purpose that has not been made clear to you.
We use your personal data to provide the best possible products and services to you. This includes:
- Providing and managing your Account;
- Providing and managing your access to Our Site;
- Personalising and tailoring your experience on Our Site;
- Supplying Our products and services to you;
- Personalising and tailoring Our products and services for you;
- Responding to communications from you;
- Supplying you with email newsletters and alerts that you have subscribed to. You may unsubscribe or opt-out at any time by clicking the link at the bottom of the in the newsletter.
With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone, text message and post with information, news and offers on Our products and services. Informed consent for the purpose of marketing, will be obtained separately. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015. Should the purpose of data collection change, You will be informed and consent re-obtained (if consent was the lawful basis).
Data Processing activities which You cannot opt out of when a third party has purchased the subscription on your behalf (with your consent). If you wish to opt out you will have to cancel Your subscription. We obtain consent to share your data with a third party for the purposes of onward referral.
How and Where Do We Store Your Personal Data?
Links to other sites may be included on AmaraHealth™ App and Our Site. Unless expressly stated, these sites are not under Our control. We neither assume nor accept responsibility or liability for the content of third party sites. The inclusion of a link to another site on Our Site is for information only and does not imply any endorsement of the sites themselves or of those in control of them.
Your Personal data will only be stored in the UK in Amazon Web Services (AWS) within the Health and Social Care Network and within the European Economic Area (“the EEA”). The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein.
Data security is of great importance to Us, and to protect your personal data We have put in place suitable physical, electronic and managerial procedures (encrypted to AES256) to safeguard and secure data collected through Our Site. Our procedures ensure that all personal data is encrypted between the device and any external host storage.
Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
Data Protection Principles
In compliance with UK GDPR, We process Your Personal Data in accordance with the following data protection principles listed in Data Protection Legislation:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)
- securely protected following our appropriate security measures in place
Data Retention
We only keep your personal data for as long as We need to in order to use it as described above, and/or for as long as We have your permission to keep it. Information associated with your account will be kept until it is no longer necessary to provide the Services or until your account has been deleted. Additionally, you have the ability to delete some items of information and you can remove individual activities in the AmaraHealth™ App. Following your deletion of your account, it may take up to thirty working days to fully delete your personal information and system logs from our systems. We may retain your information to comply with relevant legislation and take other actions permitted by law. This information we retain will be handled in accordance with this Privacy Policy and for up to six years to identify any issues and resolve any legal proceedings. We may keep your personal information for a longer period: in the event of a complaint, if we reasonably believe there is a prospect of legal proceedings, if we are aware of pending or ongoing legal proceedings, or in some circumstances, if applicable law says we must.
In accordance with our Data Retention Policy, all information relating to your personal data that is no longer necessary will be securely destroyed manually. In some instances, some information relating to your personal data that is no longer necessary and relevant to provide our Services may be de-identified and or anonymised to provide insights which are commercially valuable to AmaraHealth™. For example, for health research purposes and data analysis to improve Services and help us understand the types of users and the information they are accessing in order for us to make improvements to the accessibility of the App. This information will not be identifiable.
Do We Share Your Personal Data?
We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your personal data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such personal data with third parties such as prospective investors, affiliates, partners and advertisers. Personal data will only be shared and used within the bounds of the law.
In certain circumstances We may be legally required to share certain personal data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
What Happens If Our Business Changes Hands?
We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Personal data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the personal data for the purposes for which it was originally collected by Us.
In the event that any of your personal data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will, however, be given the choice to have your personal data deleted or withheld from the new owner or controller.
If you are a business user, We accept no liability for loss of profits, sales, business or revenue; loss of business opportunity, goodwill or reputation; loss of anticipated savings; business interruption; or for any indirect or consequential loss or damage.
How Can You Control Your Personal Data?
When you submit information via Our Site, you may be given options to restrict Our use of your personal data. In particular, We aim to give you strong controls on Our use of your personal data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.
You must not deliberately introduce viruses or other malware, or any other material which is malicious or technologically harmful either to or via Our Site.
Your Rights under UK GDPR
You have a number of rights under Data Protection law which you can exercise in certain circumstances. These include:
- The right to be informed
- The right of access
- You have the right under the UK GDPR to obtain confirmation as to whether or not their Personal Data is being Processed by Us and to access that Personal Data. To exercise this right, you must make a Data Subject Access Request (DSAR). This can be done by contacting in writing the Data Protection Officer at dpo@prioritydigitalhealth.com. In most cases We will need to ask for proof of identification before a request can be processed. We will inform you if you will need to verify your identity and the documents this requires. DSARs will be dealt with as quickly as possible and certainly within the stipulated one month from receipt of the request. For complex or numerous DSARs then We may extend the period by a further two months. If this is the case then you will be notified within one month of receipt of the request with an explanation as to why the extension is necessary.
- The right to rectification
- You have the right to have inaccurate personal data rectified, or completed if it is incomplete. Please note that it is Your responsibility to keep Your data accurate and up to date in the AmaraHealth™ App.
- The right to erasure
- You can ask us to delete the personal data we hold on you.
- The right to restrict processing
- You can ask Us to restrict the use of your information;
- The right to data portability
- You have the right to receive personal data You have provided to Us in a structured, commonly used and machine readable format. You also have the right to request that We transmit this data directly to another controller. Please note that Information is only within the scope of the right to data portability if it is personal data of the individual that You have provided to Us.
- The right to object to Us processing your personal data
- You can object to Us processing your personal data.
- Rights in relation to automated decision making and profiling.
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You
- The right to withdraw consent for the use of Your personal data.
Please contact us at dpo@prioritydigitalhealth.com if you would like to execute any of the above rights stated. We will aim to respond to your request ideally within one month.
Your Right to Withhold Information
You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
You may restrict your internet browser’s use of Cookies. For more information Our Cookie Policy http://www.amarahealth.co.uk/cookies
Child Access
Under EU GDPR, We do not have the legal right to process the data of a data subject sixteen years-old or younger. Therefore, please contact us at dpo@prioritydigitalhealth.com if you have any knowledge that a child is accessing the AmaraHealth™ App and is providing personal data without parental consent.
Data Security Breach Management
Priority Digital Health is committed to ensuring that all personal data we process, including that of colleagues and customers, is managed appropriately and in compliance with Data Protection legislation. In the event of a data security breach, We shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorised disclosure required by applicable laws and regulations.
Right To Complain
You have the right to complain to the Information Commissioner’s Office (ICO) if you think that We have:
- failed to respond to your request for information
- refused your request
- failed to send you all of the information you asked for
- failed to comply with the time limit for information
- breached data confidentiality
The ICO will expect you to have first raised your concerns with Us before submitting a complaint. To make your complaint, you can use the form on the ICO website. Data Protection Officer (DPO)
John Dibb is the responsible Data Protection Officer. We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at dpo@prioritydigitalhealth.com and we will respond.
Policy Review
This Policy will be amended from time to term and no less than annually. Any changes we make will be posted on Our respective websites and where appropriate, notified to Data Subjects.
Related Policies
- Data Protection Policy
- Information Security Policy