OKKO Health is committed to protecting the security of Personal Data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. All Personal Data collected by OKKO Health software products is encrypted to the highest possible degree both when it is stored in our databases and when it is being transmitted. Further details of how we manage and protect your personal data is captured in our Data Security and Data Protection policies.
We have Data Processing Agreements in place with all our third-party service providers which are required to take appropriate security measures to protect your Personal Data in line with our policies. We only allow them to process your Personal Data for specified purposes and in accordance with our instructions.
In the majority of cases, we will store your Personal Data within the UK and/or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that this storage of Personal Data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
- For data storage and processing purposes for the OKKO Health platform and app we utilise Amazon Web Services ("AWS"). Our AWS storage containers and databases are located in the UK.
Through our use of certain systems, we may also store or transfer some or all of your Personal Data to countries that are not part of the EEA or UK. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. In all such instances, we ensure safeguards are in place to protect your data including ensuring to enter into Data Processing Agreements with any company or individual processing data on our behalf either as a service or in the provision of a system or ensure such provisions are either written into Terms of Service or a Data Processing Addendum including Standard Contractual Sections where applicable.
Examples of such systems include:
- For data storage, processing and communication purposes we utilise Google Workspace and Google Cloud. Google maintains a number of geographically distributed data centres therefore OKKO Health has reviewed and agreed to EU Model Contract Sections for the Google workspace.
- For our web and app-based services, we use a Content Delivery Network called Cloudflare. All data recorded by our App passes through Cloudflare before it is processed by us. In some cases, this may mean the traffic takes routes which transiently pass outside of the EU. We do not use Cloudflare for long-term storage of any personal data regarding our customers or patients.
- For internal documentation and project management purposes, we use a number of cloud-based systems. Wherever possible, we ensure that any sensitive Personal Data stored or referred to in these systems is pseudonymised to provide an additional layer of protection.
- For analytics purposes to maintain oversight of our platform and app usage and functionality as detailed in earlier sections, we use a number of applications. Where possible, we store data for these applications within our own servers and limit Personal Data collected to only that which is necessary to perform this oversight.
- For managing our incoming and outgoing communications with users, customers, volunteers and any other parties contacting us via email or via our online contact and support forms, we use a cloud-based Customer Relationship Management system. Where possible, we limit access to areas containing Personal Data and only store that which is necessary to provide support to our users.
- For determining whether users accessing our website are automated scripts, or genuine humans, we use Google reCAPTCHA. For information on this, please consult their privacy policy at https://www.google.com/intl/en/policies/privacy/
- For push notifications, we use a Google service called Firebase. In order to send a push notification to a particular device, a unique device identifier is generated and stored within Firebase. In the case that you are using an Apple iOS/iPad OS device, the unique identifier is also shared with Apple’s Push Notification Service.