PRIVACY POLICY

Ethera Health Ltd ("Ethera" / "we" / "our" / "us") is committed to protecting and respecting your privacy. This policy, together with our Website Terms of Use and our App End User Licence Agreement, set out the basis on which we will collect your personal data, and how that data will be used.

This policy applies to personal data we collect when you:

a)         use our website https://ethera.health (the “Website”)

b)         use our mobile application software HALO-X (the “App”) or otherwise interact with us.

Please read this policy carefully to understand how we will treat your personal data. We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent, this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.

If you have any questions or require any further information regarding our use of your personal data please contact us at halox.dataprotection@ethera.health.

1. ABOUT US

Ethera Health Limited is a company registered in England and Wales under company number 14003133 whose registered office is at 125 Wood Street, London, United Kingdom, EC2V 7AW.
Ethera is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

2. WHO THIS POLICY APPLIES TO

The information we collect depends on the context of your interactions with us. In this Privacy Policy, we consider the following groups of people:

a)         Visitors to our Website (“Website Users”)

b)         Users of our App who have downloaded it for their own use from an online platform (“Public App Users”)

c)         Users who have been provided with our App as part of their participation in a clinical trial (“Trial App Users”).

You may fall into one or more of these groups, and these categories may change over time. The information we collect, and the way it is used, will depend on which of these groups you fall into.

3. WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT

We collect personal data so that we can operate effectively and provide you with the best possible service. We will only use your personal data where we have a valid lawful basis to do so.

Accessing our Website

We may collect the following information when you access our Website:

a)         Device and usage data including IP addresses and device identifiers.

b)         Device event information including crash logs, hardware settings, browser type and browser language.

c)         Location information.

d)         Cookies and similar technologies.

This data is automatically collected and stored in our server logs when you interact with our website. Collecting this data enables us to improve the user experience of our website, for example to provide you with tailored content. It also helps us to understand how our website is used, by analysing the traffic we receive, and to maintain and protect the security of our website and products.

The legal basis for collecting this information is our legitimate interest in improving our website and protecting our rights.

For further information on our use of cookies please see our Cookies Policy.

Using our App

We may collect the following information when you use our App or correspond with us:

a)         Your name, email address, date of birth and phone number: to create your account with us.

b)         Any feedback, questions or comments you send to use: to enable us to provide customer support, improve our services, and respond to your questions.

c)         Passwords and security information: to ensure the security of your account with us (we do not have access to your password).

d)         Device and usage data including device identifiers.

Collecting this data enables us to perform essential business operations, including providing our services, offering customer support, protecting the security of our app/website and to communicate with you regarding our services. Some of this information is needed to create your account, and if you do not wish to provide it, it will not be possible to create an account with us.

Our legal basis for collecting this information is to enable us to perform our contract with you, and our legitimate interest in providing our services and protecting our rights.

With your consent we may send you marketing communications. For further information please see https://ethera.health/help.

Medical information

The App is intended to support patients in monitoring their health. If you are an App User, you may input information about your health or medical condition into the App. Medical information is sensitive personal data and we take our responsibilities in handling it very seriously.

If you use our App as a patient, we may collect the following information:

a)         Details of your diagnosis and treatment: to ensure that you receive a personalised experience using our App.

b)         Details of your medication and medical appointments: to enable you to keep track of your medication and appointments and schedule reminders using the app.

c)         Details of your symptoms and side effects: to enable you to track your progress and prepare for appointments.

d)         Details of your day-to-day experiences, including mood, activity, sleep and nutrition: to enable you to track your progress and prepare for appointments.

e)         Health metrics including heart rate, blood pressure, weight and temperature: to enable you to track your progress and prepare for appointments.

f)          Gender: Understanding gender allows healthcare professionals and our partners to better understand how treatments affect different people and develop them to be more effective.

g)         Ethnicity: Understanding ethnicity allows healthcare professionals and our partners to better understand how treatments affect different people and develop them to be more effective.

Any information about your health and ethnicity is special category personal data and we ensure that additional safeguarding measures are in place to protect this information. Our legal basis for processing this special category personal data is your consent.
You can withdraw your consent at any time – for more information, please email halox.dataprotection@ethera.health.

If you are a Public App User, you will be assigned a unique user ID when you first begin to use the App. Your medical data will be stored on our systems under that user ID only. It will never be associated with your real name or any other information which could be used to identify you. Any identifying information will remain on your own device and will not be collected by us.

We will ask for your consent before we link any identifying information to your medical data, which may help to provide you with a more personalised experience with the App. 

If you are a Trial App User, your medical data will be linked to your clinical trial ID, and may be shared with our clinical trial partners, as part of the clinical trial and in pseudonymised form, to enable them to conduct the clinical trial in which you
have consented to participate.

We may also process medical and other information collected from App Users that is anonymised to improve the App and to add new functionality. We may also request that you consent to your personal data and medical information being used for research purposes to improve patient health outcomes through using technology such as this App.

4. CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. SHARING YOUR INFORMATION

5.1.      You acknowledge that we may share your personal data with your consent or as necessary with selected third party service providers and other companies within our group that support us in the performance of the activities set out in the table above. For example, when you make a purchase we will share payment information with banks and other entities that process payment
transactions.

5.2.      We may also share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law.

5.3.      We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

Why might you share my personal data with third parties?

We may share your personal data with third parties where required by law or it is necessary in order to provide you with our Services, or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and maintain the security or our computer systems.

 

Which third party service providers process my personal data?

The following third party service providers process personal data about you for the following purposes:

           
a)         Analytics and search engine providers – We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

           
b)         Providers of technical solutions – AWS hosts all data collected from the app, but no AWS employees have access to this data.

 

We may also utilise other third party providers that are not in this list from time to time under terms that maintain the same level of protection of your personal data.

6. STORING YOUR INFORMATION

6.1.      The personal data that we hold about you will only be processed and stored within the United Kingdom/EEA.

6.2.      We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations. Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as you continue to use our Website, Services or App.
If you do not use the Website, Services or App for 8 years then we will delete your information. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

7. CHILDREN’S INFORMATION

We do not knowingly collect information from children under the age of 18. Our Website, App and Services are intended for adult users. If you become aware that your child or any child under your care has provided us with information without your consent please contact us at halox.dataprotection@ethera.health.

8. KEEPING YOUR INFORMATION SECURE

8.1.      All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information. 

8.2.      The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

8.3.      You are responsible for keeping confidential any passwords that you have to access our Services or App. Please do not share your password(s) with anyone else. If you lose control of your password you may lose control over your personal data. If your password has been compromised for any reason please let us know immediately by contacting us at: halox.dataprotection@ethera.health.

To learn more about the security measures we put in place click here https://ethera.health/help.

All communications between the app and our backend services will be encrypted using SSL technology. We do not collect or store credit and debit card information for online transactions. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from https://ethera.health/help.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9. Your Rights

            9.1.      You have the right under data protection laws to access information held about you, subject to certain conditions, and to request that we delete or correct it.

9.2.      You can see, review and change most of your personal data by signing in to your account on our website. Alternatively if you would like to access, update or amend the information which we hold about you or would like us to stop using your personal data please contact  halox.dataprotection@ethera.health.

To learn more about the rights you may have in relation to your personal data click here https://ethera.health/help.

Your rights in connection with your personal data

By law you have the right to:

           
a)         Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. [This right is subject to a number of exemptions which allow information to be withheld in certain circumstances. For example, subject access rights are excluded where compliance would involve disclosing: information relating: to another individual; data which consists of information which is subject to
legal professional privilege; negotiations or confidential references.]

           
b)         Request correction or erasure of your personal data (unless we have the legal right to retain it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

           
c)         Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

           
d)         Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

           
e)         Request the transfer of your personal data to another party.

           
f)          Change your data processing preferences at any time. If you have changed your mind you can update your account settings by signing in to your account on the website or by contacting us by email at halox.dataprotection@ethera.health. In respect of marketing messages you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages or by clicking https://ethera.health/help or by contacting us at halox.dataprotection@ethera.health.

 

You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the website you may not be able to use the website as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

 

If you want to exercise any of the above rights, please email us at halox.dataprotection@ethera.health.

 

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.

 

Right to withdraw consent

In the limited circumstances where we are relying on your consent as the legal basis to process your personal data for a particular purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact halox.dataprotection@ethera.health.
Once we know that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

10. MARKETING

10.1.    We would like to send you information by email and/or SMS about products and services of ours and other companies in our group which may be of interest to you (including, for example, promotional materials and newsletters).  We will only do this if you consented when you registered. For your reference, we set out below the wording we use when seeking such consent for direct marketing.

From time to time we
would like to contact you with details of other products/offers/services we
provide. If you consent to us contacting you for this purpose please tick to
say how you would like us to contact you:

Post    Email    
Telephone    

Text message     Automated
call 

We would also like to
pass your details onto other company/companies who you will pass information
to, so that they can contact you by post with details of
offers/services/competitions that they provide. If you consent to us passing
on your details for that purpose please tick to confirm:

I agree 

You may unsubscribe at
any time. If you wish to unsubscribe you can do so by clicking the
unsubscribe link at the end of any marketing email you have received from us
or by clicking [here].

To learn more about how
we handle your personal data please read our https://ethera.health/privacy-policy.

10.2.    You have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of our group. If you no longer wish to be contacted for marketing purposes, you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages or by emailing us on halox.support@ethera.health.
You can also update your marketing preferences by logging into your account on our website.

11. OTHER WEBSITES

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

12. CHANGES TO THIS PRIVACY POLICY

We keep our privacy policy under regular review and will post any updates on this webpage. This privacy policy was last updated in August 2022.

13. HOW TO CONTACT US AND COMPLAINTS

13.1.    If you have any questions about this privacy policy or how we handle your personal data please contact us at halox.dataprotection@ethera.health.

13.2.    If for any reason you are not happy with the way that we have handled your personal data, please contact us at the contact details above. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.