Privacy Policy

Updated on 21th September 2021.


We understand that your privacy is important to you and that you care about how your Personal Data is used. We respect and value the privacy of all of our users and contacts and will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our values and your rights under the law.



Contents:


  1. A little bit about us
  2. What does this notice cover?
  3. What is Personal Data?
  4. What Are Your Rights?
  5. What Personal Data Do We Collect and how do we use it?
    1. When you communicate with us
    2. When using the OKKO Health App as a clinical trial participant
    3. When using the OKKO Health App as a volunteer in one of our co-design programmes
    4. When using the OKKO Health App as a patient
    5. When using the OKKO Health platform as a Healthcare Provider
    6. Information we receive from other sources about you (patient / volunteer / clinical trial participant):
    7. Additional data collection technologies
  6. Do You Share Our Personal Data?
  7. How Long Will You Keep Our Personal Data?
  8. How and Where Do You Store or Transfer Our Personal Data?
  9. How Can I Access Our Personal Data?
  10. How Do I Contact You?
  11. Changes to this Privacy Notice


  1. A little bit about us

    Okulo Limited (herein referred to by our trading name OKKO Health) is a company registered in England and Wales under the number 11251527 and whose registered office is at 6a Cornwallis Crescent, Bristol, BS8 4PL.


    Our Data Protection Officer is our Chief Technology Officer, Girish Kumar. You can contact Girish via email at [email protected].


  2. What does this notice cover?

    This privacy policy explains what Personal Data OKKO Health ("OKKO Health", "we", "us", "our", “App”, “Services”) collects from you through our products and how we use that information.


    This policy applies to all users of OKKO Health products or services or its affiliates anywhere in the world, and to anyone else who contacts or otherwise submits information to OKKO Health.


    We aim to be as clear and transparent as possible and so we hope that this Privacy Notice is easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.


    We are always looking to improve the information we provide to our users and contacts so if you have any feedback on this Privacy Notice, please let us know at [email protected].


    [For the purposes of this notice where we reference “Healthcare Provider” we mean to refer to the individual health professional licensed to provide health care diagnosis and treatment services.]


  3. What is Personal Data?

    Personal Data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.


    Personal Data is, in simpler terms, any information about you that enables you to be identified. Personal Data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.


    Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information.


  4. What Are Your Rights?

    Under the GDPR, you have the following rights, which we will always work to uphold:

    1. The right to be informed about our collection and use of your Personal Data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 10.
    2. The right to access the Personal Data we hold about you. Part 9 will tell you how to do this.
    3. The right to have your Personal Data rectified if any of your Personal Data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.
    4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your Personal Data that we have. Please contact us using the details in Part 10 to find out more.
    5. The right to restrict (i.e. prevent) the processing of your Personal Data.
    6. The right to object to us using your Personal Data for a particular purpose or purposes.
    7. The right to data portability. This means that, if you have provided Personal Data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that Personal Data to re-use with another service or business in many cases.
    8. Rights relating to automated decision-making and profiling.


    For more information about our use of your Personal Data or exercising your rights as outlined above, please contact us using the details provided in Part 10.


    Further information about your rights can also be obtained from the national authority for information rights in your country or your local Citizens Advice Bureau.


    If you have any cause for complaint about our use of your Personal Data, you have the right to lodge a complaint with the national authority.


    See Section 10 for further information and links to these authorities in the UK and Germany.


  5. What Personal Data Do We Collect and How Do We Use It?

    OKKO Health acts as the data controller for the information you provide or that is collected by OKKO Health or its affiliates. OKKO Health collects Personal Data to operate effectively as a business and to provide you with services and products.


    You have choices about the Personal Data we collect. When you are asked to provide Personal Data, you may decline. But if you choose not to provide Personal Data that is necessary in order for us to provide services to you, you may not be able to use that product.


    We provide further information below on the types of Personal Data we obtain and how we use them, throughout your use of our products and services.


    Under GDPR we will ensure that your Personal Data is processed lawfully, fairly, and transparently, without adversely affecting your rights.


    We will only process your Personal Data if at least one of the following basis applies:

    • you have given consent to the processing of your Personal Data for one or more specific purposes;
    • processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
    • processing is necessary for compliance with a legal obligation to which we are subject;
    • processing is necessary to protect the vital interests of you or of another natural person;
    • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
    • processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

    Depending on our relationship with you, we will collect and use your Personal Data in different ways:


    1. When you communicate with us

      We will collect and process the Personal Data from you that you give to us by filling in contact forms on our website or by corresponding with us by phone, email or otherwise.


      This includes information you provide when you raise a support ticket, request a demo of our products, submit a query and when you report a problem with our website, app or platform.


      Lawful basis for processing this data:


      Legitimate interests


      When initiating correspondence with us, our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims. We will only use the information for the purpose with which you contacted us.


    2. When using the OKKO Health App as a clinical trial participant

      At the start of the study, the study site will assign you with a study participant number / study reference number. Only this study reference number will be shared with us by your clinical trial site, to allow us to track and link your data within our system. OKKO Health will not receive your name, date of birth, email address or any other personal identifiers. OKKO Health will not hold, nor have access to the key which allows you to be identified from this reference number and so we will only know you by this number.


      This means that your Personal Data that is processed at OKKO Health is what is called pseudonymised (further information on what this means can be found on the ICO website here) to provide additional protection for your data. That said this data remains Personal Data and as such will still be processed, stored and managed within the same level of care and security as all other Personal Data processed at OKKO Health.


      As a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.


      • General health information (sensitive):
        • Details of diagnosis: to provide a tailored experience, for example by recommending articles relevant to your eye condition.
        • Treatment details: to provide a tailored experience, for example, by recommending articles relevant to your eye treatment and to understand your response to treatment.
        • Symptom details: to provide a tailored experience, to capture symptoms over time for you and your Healthcare Provider to review and keep a record of how your symptoms change over time.
        • Healthcare Provider details: to access the application you will be provided with an organisation code. The purpose of this code is to link you to your Healthcare Provider (Clinical trial site) and ensure that they are able to access your data.
      • App captured vision data (sensitive):
        • Data about how your vision functions including data about your visual acuity, sensitivity to low contrast and sensitivity to distortions: to fulfil the expected use of the OKKO Health medical device software designed to acquire and visualise objective quantifiable data related to visual function in an ambulatory or a clinic setting, used as an adjunct to decision making at the next clinician visit. This information will made be available to your linked Healthcare Provider (research / study site) via the OKKO Health Platform.
      • Other app captured data:
        • Details about your device:
          • App version: to ensure you are running the latest version of the app
          • Device model and physical status of the device (e.g. screen brightness): to ensure your phone has the minimum requirements to run our app to the appropriate standard and to ensure the quality and consistency of the results
          • Unique Device Identifier: to enable us to send push notifications to you to remind you when to play, to highlight updates to the app and the resources available to you.
        • Details about how you interact with the device and app:
          • Time of gameplay session: to allow us to understand how your vision varies at different times of the day.
          • Measurements on how far you are from the screen, using the front-facing sensor: to help give the most accurate vision results. We do not collect or store any images or any data that could identify your face.
          • Data points about the position and orientation of your head while playing the games, using the front-facing sensor: to determine how far you are from the screen only during active gameplay. We do not collect or store any images or any data that could identify your face.
          • Information about what and where you tap on the screen and when: to help us understand the limits of your vision and how accurately you respond.
          • We also use the front-facing camera as a mirror to help you to check you are covering the correct eye, we do not store an image of your face.

      Please note that the information you provide and that which is captured via the app in relation to your vision will be available to the Healthcare Provider (research / study site) through which you are using the application on the OKKO Platform.


      As part of the study you may be invited to participate in an online or paper based survey. As above, in such a survey the only personal identifier we will request is your study reference number; name, email address etc is not requested. Surveys may cover questions relating to your health and/or to your experience of using our app.


      Lawful basis for processing this data:


      Consent


      Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].


      Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.


    3. When using the OKKO Health App as a volunteer in one of our co-design programmes

      The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):

      • Your name: to create a OKKO Health account and to allow us to identify you
      • Email address: to create a OKKO Health account and to allow us to identify you
      • Month and Year of birth (MM-YYYY): to create a OKKO Health account, to allow us to identify you and to support our analysis of your results, alongside any diagnosis.
      • Password: to create an OKKO Health account. We are not able to access user passwords.
      • Your postal address: to allow us to send you an eye patch or other resources (if requested).

      If you are a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.

      • General health information (sensitive):
        • Details of diagnosis: to provide a tailored experience, for example by recommending articles relevant to your eye condition.
        • Treatment details: to provide a tailored experience, for example, by recommending articles relevant to your eye treatment and to understand your response to treatment.
        • Symptom details: to provide a tailored experience, to capture symptoms over time for you and your Healthcare Provider to review and keep a record of how your symptoms change over time.
        • Healthcare Provider details: to access the application you will be provided with an organisation code. The purpose of this code is to link you to your Healthcare Provider and ensure that they are able to access your data.
        • Medical and family history: to allow us to understand your medical history and clinical course so that we can review this alongside the data being gathered by the OKKO App.
      • App captured vision data (sensitive):
        • Data about how your vision functions including data about your visual acuity, sensitivity to low contrast and sensitivity to distortions: to fulfil the expected use of the OKKO Health medical device software designed to acquire and visualise objective quantifiable data related to visual function in an ambulatory or a clinic setting, used as an adjunct to decision making at the next clinician visit.
      • Other app captured data:
        • Details about your device:
          • App version: to ensure you are running the latest version of the app
          • Device model and physical status of the device (e.g. screen brightness): to ensure your phone has the minimum requirements to run our app to the appropriate standard and to ensure the quality and consistency of the results
          • Unique Device Identifier: to enable us to send push notifications to you to remind you when to play, to highlight updates to the app and the resources available to you.
        • Details about how you interact with the device and app:
          • Time of gameplay session: to allow us to understand how your vision varies at different times of the day.
          • Measurements on how far you are from the screen, using the front-facing sensor: to help give the most accurate vision results. We do not collect or store any images or any data that could identify your face.
          • Data points about the position and orientation of your head while playing the games, using the front-facing sensor: to determine how far you are from the screen only during active gameplay. We do not collect or store any images or any data that could identify your face.
          • Information about what and where you tap on the screen and when: to help us understand the limits of your vision and how accurately you respond.
          • We also use the front-facing camera as a mirror to help you to check you are covering the correct eye, we do not store an image of your face.

      As part of the co-design programme you may be invited to participate in an online survey. Surveys may cover questions relating to your health and to your experience of using our app. These surveys are created on an online cloud platform under a password protected account that only OKKO Health have access to.


      IMPORTANT NOTE:

      Please note that when using the app your account is not linked to a Healthcare Provider as use of the app in testing and co-design activities is purely for testing functionality and usability of the app and not to support clinical management of your condition.


      As a volunteer you may be requested to provide information on recent treatment, diagnosis and clinical course of disease and device details during screening to determine suitability to the testing / co-design programme. Where suitability is not confirmed you will be asked if you wish for us to keep your details on file for future testing or if you would like us to delete your data.


      In addition, during your time of the study we may receive information from you in relation to the clinical course of your eye health, treatment details and other health details to allow us to understand your current situation and how this impacts your interactions with the app.


      Lawful basis for processing this data:


      Consent


      Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].


      Consent is taken (by confirming your agreement to this Privacy Notice) at the time of sign up for screening for the co-design study or programme.


      Please note that some of this information is necessary to complete your user registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.


    4. When using the OKKO Health App as a patient

      The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):

      • Your name: to create a OKKO Health account and to allow us to identify you
      • Email address: to create a OKKO Health account and to allow us to identify you
      • Month and Year of birth (MM-YYYY): to create a OKKO Health account, to allow us to identify you and to support our analysis of your results, alongside any diagnosis.
      • Password: to create an OKKO Health account. We are not able to access user passwords.

      If you are a user of the OKKO Health mobile app, we will also collect sensitive Personal Data about your health. This is described in further detail below. The purpose of data collection is written next to each.


      • General health information (sensitive):
        • Details of diagnosis: to provide a tailored experience, for example by recommending articles relevant to your eye condition.
        • Treatment details: to provide a tailored experience, for example, by recommending articles relevant to your eye treatment and to understand your response to treatment.
        • Symptom details: to provide a tailored experience, to capture symptoms over time for you and your Healthcare Provider to review and keep a record of how your symptoms change over time.
        • Healthcare Provider details: to access the application you will be provided with an organisation code. The purpose of this code is to link you to your Healthcare Provider and ensure that they are able to access your data.
      • App captured vision data (sensitive):
        • Data about how your vision functions including data about your visual acuity, sensitivity to low contrast and sensitivity to distortions: to fulfil the expected use of the OKKO Health medical device software designed to acquire and visualise objective quantifiable data related to visual function in an ambulatory or a clinic setting, used as an adjunct to decision making at the next clinician visit. This information will made be available to your linked Healthcare Provider via the OKKO Health Platform.
      • Other app captured data:
        • Details about your device:
          • App version: to ensure you are running the latest version of the app
          • Device model and physical status of the device (e.g. screen brightness): to ensure your phone has the minimum requirements to run our app to the appropriate standard and to ensure the quality and consistency of the results
          • Unique Device Identifier: to enable us to send push notifications to you to remind you when to play, to highlight updates to the app and the resources available to you.
        • Details about how you interact with the device and app:
          • Time of gameplay session: to allow us to understand how your vision varies at different times of the day.
          • Measurements on how far you are from the screen, using the front-facing sensor: to help give the most accurate vision results. We do not collect or store any images or any data that could identify your face.
          • Data points about the position and orientation of your head while playing the games, using the front-facing sensor: to determine how far you are from the screen only during active gameplay. We do not collect or store any images or any data that could identify your face.
          • Information about what and where you tap on the screen and when: to help us understand the limits of your vision and how accurately you respond.
          • We also use the front-facing camera as a mirror to help you to check you are covering the correct eye, we do not store an image of your face.

      Please note that the information you provide and that which is captured via the app in relation to your vision will be available to the Healthcare Provider through which you are using the application on the OKKO Platform. [Please note this does not apply for those who are signed up to the app via OKKO as part of OKKO Health’s co-design programmes, see Section 5.3 - Important note].


      Lawful basis for processing this data:


      Consent


      Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].


      Consent is taken (by confirming your agreement to this Privacy Notice) at the time of registration within the app.


      Please note that some of this information is necessary to complete your user registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.


    5. When using the OKKO Health platform as a Healthcare Provider

      The Personal Data you give us may include the types described below (the purpose of data collection is written next to each):


      • Your name: To create an organisation account within the OKKO platform and to allow us to identify you and link you to your patients
      • Email address: To create an organisation account within the OKKO platform and to allow us to identify you and link you to your patients
      • Your employer details: To create an organisation account within the OKKO platform
      • Password: to create an OKKO Health account. We are not able to access user passwords.

      Lawful basis for processing this data:


      Legitimate interests


      Our lawful basis for processing your name, employment and contact details is our legitimate business interest to allow us to provide you with access to the platform and to allow you to offer the app to your patients.


      Part of this information is necessary to complete your organisation registration and for you to use our software and services. If you decline to provide this information during the registration process you will not be able to create an account on our software products and use our services.


    6. Information we receive from other sources about you (patient / volunteer / clinical trial participant):
      1. Patient using the app:

        If you input an organisation code that you have received from a Healthcare Provider when you download the OKKO Health mobile app, we will be able to tell which Healthcare Provider has provided you with this code.


        Lawful basis for processing this data:


        Consent


        Consent to share this data with your Healthcare Provider will be taken (by confirming your agreement to this Privacy Notice) during your registration within the app where you will enter this code will be captured.


      2. Participant in clinical trial:
        1. If your Healthcare Provider is registering you within the app, e.g. during a clinical study, they will enter your personal information to complete your registration. In clinical trials this will be in the form of a patient/study reference number, which will be entered into the platform to allow you to be identified (albeit pseudonymously) and in order to create a username and password which they will provide to you.

          Lawful basis for processing this data:


          Consent


          Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.


        2. As part of the clinical study, your doctor may share with OKKO Health clinical measurements taken in the clinic, including vision chart measurements, ophthalmic images and clinical history. This allows us to compare the OKKO App data to clinical measures taken in clinical practice.

          Lawful basis for processing this data:


          Consent


          Consent is taken (by confirming your agreement to this Privacy Notice) at the time of informed consent for inclusion in the study at the research/study site.


      3. Volunteer / potential volunteer for testing and co-design activities:
        1. We may receive information from someone or an organisation that you give permission to share your information with OKKO Health on your behalf (such as a Caregiver, Charity or a Healthcare Provider). If you allow these third parties permission to share your information, then they may give us information about you and your symptoms, medications and treatments.

          Lawful basis for processing this data:


          Consent


          Upon receipt of this information we will only continue to process such information if you confirm that you consent to this processing. If you do not consent we shall delete this information from our systems


        2. With your express permission, we may request clinical measurements taken in the clinic from your doctor, including vision chart measurements, ophthalmic images and clinical history. This allows us to compare the OKKO App data to clinical measures taken in clinical practice.

          Lawful basis for processing this data:


          Consent


          Any information about your health is classed as sensitive Personal Data and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Data is your consent. You can withdraw your consent at any time - for more information please email [email protected].


          Consent is taken at the time of sign up for screening for the co-design study or programme or consent may be taken as a standalone request. We will never contact your doctor without your consent.


    7. Additional data collection technologies

      For all users on the OKKO Health app, we monitor engagement and feature usage by recording every interaction this includes, but is not limited to, page visits, content viewed and logs made on our app.


      To enhance your experience on our app, we identify and recommend the most relevant features based on your profile, treatment, symptom tracking, health condition(s) and recent activities.


      We use third party analytics software, hosted within the OKKO server, to collect information about the usage of our app and platform to enable us to improve how they work and to deliver you a better service. The information allows us to see the overall patterns of usage on our software, and helps us record any difficulties you have with them.


      We also infer your location based on your IP address on our website (okkohealth.com) to ensure that you are redirected to the correct site for your country.


      Product issues, identified by users and communicated through customer support, are effectively diagnosed and resolved using data collected from interactions on the app and platform.


      Lawful basis for processing this data:


      Legitimate interests


      We process this information upon our legitimate interests to run, grow and develop our businesses and services and to operate and improve our website, app and platform. Processing this information also contributes to our ability to comply with legal requirements for postmarket surveillance.


  6. Do You Share Our Personal Data?

    We will not share any of your Personal Data with any third parties for any purposes, subject to the following exceptions:


    1. As detailed above in Section 5, if you register within the app using an Organisation code for your Healthcare Provider or are registered by a Healthcare Provider via the platform, your patient identifiers, vision app results and other Personal Data, including Health data, will be shared with the linked Healthcare Provider via the OKKO Health platform. Your Healthcare Provider will also be able to see when you used the app, and we may notify them if you have not used the app for an extended period of time so that they check in with you.
    2. We may sometimes use third parties to improve our service to you and to support our business activities, e.g. provision of legal / financial support, those third parties may require access to some or all of your Personal Data that we hold.
    3. We may sometimes use third parties software or systems to support our business activities. Some or all of your Personal Data may be stored within these systems. See Section 8 for further details.

    If any of your Personal Data is required by a third party or stored on third party software, we will take steps to ensure that your Personal Data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described in this Privacy Notice.


    In addition to the specific disclosures of Personal Data set out in this section, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.


    We may want to share your data with other professionals we feel could help you, but we will always ask you first. We may identify charities or support groups that could be of interest to you, but we will never share your data with them without asking you first.


  7. How Long Will You Keep Our Personal Data?

    We will not keep your Personal Data for any longer than is necessary in light of the reason(s) for which it was first collected. Details of our retention periods for data will be included in our Data Retention Policy which can be provided upon request.

  8. How and Where Do You Store or Transfer Our Personal Data?

    OKKO Health is committed to protecting the security of Personal Data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. All Personal Data collected by OKKO Health software products is encrypted to the highest possible degree both when it is stored in our databases and when it is being transmitted. Further details of how we manage and protect your personal data is captured in our Data Security and Data Protection policies.


    We have Data Processing Agreements in place with all our third-party service providers which are required to take appropriate security measures to protect your Personal Data in line with our policies. We only allow them to process your Personal Data for specified purposes and in accordance with our instructions.


    In the majority of cases we will store your Personal Data within the UK and/or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that this storage of Personal Data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.


    • For data storage and processing purposes for the OKKO Health platform and app we utilise Amazon Web Services ("AWS") and Open Telekom Cloud. Our AWS storage containers and databases are located in the UK and our Open Telekom Cloud storage containers and databases are located in Germany. When you register within the app, you are asked to choose your location. If you select the UK, your data will be stored within our AWS UK based server; if you select Deutschland, your data will be stored within the Open Telekom Cloud server in Germany.

    Through our use of certain systems, we may also store or transfer some or all of your Personal Data to countries that are not part of the EEA or UK. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. In all such instances we ensure safeguards are in place to protect your data including ensuring to enter into Data Processing Agreements with any company or individual processing data on our behalf either as a service or in the provision of a system or ensure such provisions are either written into Terms of Service or a Data Processing Addendum including Standard Contractual Sections where applicable.


    Examples of such systems include:

    • For data storage, processing and communication purposes we utilise Google’s G Suite and Google Cloud. Google maintains a number of geographically distributed data centers therefore OKKO Health has reviewed and agreed to EU Model Contract Sections for the Google workspace.
    • For internal documentation and project management purposes we use a number of cloud based systems. Wherever possible we ensure that any sensitive Personal Data stored or referred to in these systems is pseudonymised to provide an additional layer of protection.
    • For analytics purposes to maintain oversight of our platform and app usage and functionality as detailed in earlier sections, we use a number of applications. Where possible we store data for these applications within our own servers and limit Personal Data collected to only that which is necessary to perform this oversight.
    • For managing our incoming and outgoing communications with users, customers, volunteers and any other parties contacting us via email or via our online contact and support forms, we use a cloud based Customer Relationship Management system. Where possible we limit access to areas containing Personal Data and only store that which is necessary to provide support to our users.
  9. How Can I Access Our Personal Data?

    If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.


    All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 10.


    There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.


    We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.


  10. How Do I Contact You?

    Girish Kumar, Chief Technology Officer, is the Data Protection Officer at OKKO Health. To contact Girish about anything to do with your Personal Data and data protection, including to make a subject access request or to withdraw consent at any time, please contact us by email at [email protected] or by postal mail at Okulo Limited (trading as OKKO Health), 17-18 Berkeley Square, Bristol, BS8 1HB, United Kingdom.


    OKKO Health welcomes all concerns, enquiries and requests about how we process Personal Data and aims to expedite each completely. If unsatisfied with responses, you have the right to submit a complaint to the following supervisory authorities that OKKO Health is registered with by using the links below.


    United Kingdom: Information Commissioner’s Office (ICO)
    OKKO Health is registered with the Information Commissioner’s Office under reference number ZA557755.


    Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)


  11. Changes to this Privacy Notice

    We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects Personal Data protection.