Updated on 21th September 2021.
We understand that your privacy is important to you and that you care about how your Personal Data is used. We respect and value the privacy of all of our users and contacts and will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our values and your rights under the law.
Contents:
Okulo Limited (herein referred to by our trading name OKKO Health) is a company registered in England and Wales under the number 11251527 and whose registered office is at 6a Cornwallis Crescent, Bristol, BS8 4PL.
Our Data Protection Officer is our Chief Technology Officer, Girish Kumar. You can contact Girish via email at [email protected].
This privacy policy explains what Personal Data OKKO Health ("OKKO Health", "we", "us", "our", “App”, “Services”) collects from you through our products and how we use that information.
This policy applies to all users of OKKO Health products or services or its affiliates anywhere in the world, and to anyone else who contacts or otherwise submits information to OKKO Health.
We aim to be as clear and transparent as possible and so we hope that this Privacy Notice is easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.
We are always looking to improve the information we provide to our users and contacts so if you have any feedback on this Privacy Notice, please let us know at [email protected].
[For the purposes of this notice where we reference “Healthcare Provider” we mean to refer to the individual health professional licensed to provide health care diagnosis and treatment services.]
Personal Data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal Data is, in simpler terms, any information about you that enables you to be identified. Personal Data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information.
Under the GDPR, you have the following rights, which we will always work to uphold:
For more information about our use of your Personal Data or exercising your rights as outlined above, please contact us using the details provided in Part 10.
Further information about your rights can also be obtained from the national authority for information rights in your country or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your Personal Data, you have the right to lodge a complaint with the national authority.
See Section 10 for further information and links to these authorities in the UK and Germany.
OKKO Health acts as the data controller for the information you provide or that is collected by OKKO Health or its affiliates. OKKO Health collects Personal Data to operate effectively as a business and to provide you with services and products.
You have choices about the Personal Data we collect. When you are asked to provide Personal Data, you may decline. But if you choose not to provide Personal Data that is necessary in order for us to provide services to you, you may not be able to use that product.
We provide further information below on the types of Personal Data we obtain and how we use them, throughout your use of our products and services.
Under GDPR we will ensure that your Personal Data is processed lawfully, fairly, and transparently, without adversely affecting your rights.
We will only process your Personal Data if at least one of the following basis applies:
Depending on our relationship with you, we will collect and use your Personal Data in different ways:
We will collect and process the Personal Data from you that you give to us by filling in contact forms on our website or by corresponding with us by phone, email or otherwise.
This includes information you provide when you raise a support ticket, request a demo of our products, submit a query and when you report a problem with our website, app or platform.
Lawful basis for processing this data:
Legitimate interests
When initiating correspondence with us, our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims. We will only use the information for the purpose with which you contacted us.
At the start of the study, the study site will assign you with a study participant number / study reference number. Only this study reference number will be shared with us by your clinical trial site, to allow us to track and link your data within our system. OKKO Health will not receive your name, date of birth, email address or any other personal identifiers. OKKO Health will not hold, nor have access to the key which allows you to be identified from this reference number and so we will only know you by this number.
This means that your Personal Data that is processed at OKKO Health is what is called pseudonymised (further information on what this means can be found on the ICO website here) to provide additional protection for your data. That said this data remains Personal Data and as such will still be processed, stored and managed within the same level of care and security as all other Personal Data processed at OKKO Health.
As a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.
Please note that the information you provide and that which is captured via the app in relation to your vision will be available to the Healthcare Provider (research / study site) through which you are using the application on the OKKO Platform.
As part of the study you may be invited to participate in an online or paper based survey. As above, in such a survey the only personal identifier we will request is your study reference number; name, email address etc is not requested. Surveys may cover questions relating to your health and/or to your experience of using our app.
Lawful basis for processing this data:
Consent
Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].
Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.
The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):
If you are a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.
As part of the co-design programme you may be invited to participate in an online survey. Surveys may cover questions relating to your health and to your experience of using our app. These surveys are created on an online cloud platform under a password protected account that only OKKO Health have access to.
Please note that when using the app your account is not linked to a Healthcare Provider as use of the app in testing and co-design activities is purely for testing functionality and usability of the app and not to support clinical management of your condition.
As a volunteer you may be requested to provide information on recent treatment, diagnosis and clinical course of disease and device details during screening to determine suitability to the testing / co-design programme. Where suitability is not confirmed you will be asked if you wish for us to keep your details on file for future testing or if you would like us to delete your data.
In addition, during your time of the study we may receive information from you in relation to the clinical course of your eye health, treatment details and other health details to allow us to understand your current situation and how this impacts your interactions with the app.
Lawful basis for processing this data:
Consent
Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].
Consent is taken (by confirming your agreement to this Privacy Notice) at the time of sign up for screening for the co-design study or programme.
Please note that some of this information is necessary to complete your user registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.
The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):
If you are a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.
Please note that the information you provide and that which is captured via the app in relation to your vision will be available to the Healthcare Provider through which you are using the application on the OKKO Platform. [Please note this does not apply for those who are signed up to the app via OKKO as part of OKKO Health’s co-design programmes, see Section 5.3 - Important note].
Lawful basis for processing this data:
Consent
Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].
Consent is taken (by confirming your agreement to this Privacy Notice) at the time of registration within the app.
Please note that some of this information is necessary to complete your user registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.
The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):
Lawful basis for processing this data:
Legitimate interests
Our lawful basis for processing your name, employment and contact details is our legitimate business interest to allow us to provide you with access to the platform and to allow you to offer the app to your patients.
Part of this information is necessary to complete your organisation registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.
If you input an organisation code that you have received from a Healthcare Provider when you download the OKKO Health mobile app, we will be able to tell which Healthcare Provider has provided you with this code.
Lawful basis for processing this data:
Consent
Consent to share this data with your Healthcare Provider will be taken (by confirming your agreement to this Privacy Notice) during your registration within the app where you will enter this code will be captured.
Lawful basis for processing this data:
Consent
Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.
Lawful basis for processing this data:
Consent
Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.
Lawful basis for processing this data:
Consent
Upon receipt of this information we will only continue to process such information if you confirm that you consent to this processing. If you do not consent we shall delete this information from our systems
Lawful basis for processing this data:
Consent
Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].
Consent is taken at the time of sign up for screening for the co-design study or programme or consent may be taken as a standalone request. We will never contact your doctor without your consent.
For all users on the OKKO Health app, we monitor engagement and feature usage by recording every interaction this includes, but is not limited to, page visits, content viewed and logs made on our app.
To enhance your experience on our app, we identify and recommend the most relevant features based on your profile, treatment, symptom tracking, health condition(s) and recent activities.
We use third party analytics software, hosted within the OKKO server, to collect information about the usage of our app and platform to enable us to improve how they work and to deliver you a better service. The information allows us to see the overall patterns of usage on our software, and helps us record any difficulties you have with them.
We also infer your location based on your IP address on our website (okkohealth.com) to ensure that you are redirected to the correct site for your country.
Product issues, identified by users and communicated through customer support, are effectively diagnosed and resolved using data collected from interactions on the app and platform.
Lawful basis for processing this data:
Legitimate interests
We process this information upon our legitimate interests to run, grow and develop our businesses and services and to operate and improve our website, app and platform. Processing this information also contributes to our ability to comply with legal requirements for postmarket surveillance.
We will not share any of your Personal Data with any third parties for any purposes, subject to the following exceptions:
If any of your Personal Data is required by a third party or stored on third party software, we will take steps to ensure that your Personal Data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described in this Privacy Notice.
In addition to the specific disclosures of Personal Data set out in this section, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may want to share your data with other professionals we feel could help you, but we will always ask you first. We may identify charities or support groups that could be of interest to you, but we will never share your data with them without asking you first.
We will not keep your Personal Data for any longer than is necessary in light of the reason(s) for which it was first collected. Details of our retention periods for data will be included in our Data Retention Policy which can be provided upon request.
OKKO Health is committed to protecting the security of Personal Data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. All Personal Data collected by OKKO Health software products is encrypted to the highest possible degree both when it is stored in our databases and when it is being transmitted. Further details of how we manage and protect your personal data is captured in our Data Security and Data Protection policies.
We have Data Processing Agreements in place with all our third-party service providers which are required to take appropriate security measures to protect your Personal Data in line with our policies. We only allow them to process your Personal Data for specified purposes and in accordance with our instructions.
In the majority of cases we will store your Personal Data within the UK and/or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that this storage of Personal Data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
Through our use of certain systems, we may also store or transfer some or all of your Personal Data to countries that are not part of the EEA or UK. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. In all such instances we ensure safeguards are in place to protect your data including ensuring to enter into Data Processing Agreements with any company or individual processing data on our behalf either as a service or in the provision of a system or ensure such provisions are either written into Terms of Service or a Data Processing Addendum including Standard Contractual Sections where applicable.
Examples of such systems include:
If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 10.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Girish Kumar, Chief Technology Officer, is the Data Protection Officer at OKKO Health. To contact Girish about anything to do with your Personal Data and data protection, including to make a subject access request or to withdraw consent at any time, please contact us by email at [email protected] or by postal mail at Okulo Limited (trading as OKKO Health), 17-18 Berkeley Square, Bristol, BS8 1HB, United Kingdom.
OKKO Health welcomes all concerns, enquiries and requests about how we process Personal Data and aims to expedite each completely. If unsatisfied with responses, you have the right to submit a complaint to the following supervisory authorities that OKKO Health is registered with by using the links below.
United Kingdom: Information Commissioner’s Office (ICO)
OKKO Health is registered with the Information Commissioner’s Office under reference number ZA557755.
Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects Personal Data protection.