This privacy statement explains how we, Optimising Care Ltd (“Optimal”, “us”, “we” or “our”) use your personal data to provide you with the Optimal mobile application (The “Optimal App”) and website (www.optimising.care).
We are committed to protecting and respecting your privacy. We ask that you read this Privacy Statement carefully as it contains important information about what personal data we collect from you and how we will use it. Any questions you may have regarding this Privacy Statement are welcomed and should be sent to email@example.com.
This Privacy Statement should be read in conjunction with our Terms & Conditions. We strongly encourage you to review this Privacy Statement and Terms & Conditions carefully and ensure that they contain nothing that you are not prepared to agree to, before you decide to accept the Terms & Conditions and use our Optimal App or our website (www.optimising.care).
Optimising Care Limited is a company registered in England and Wales with company registration number 11112857. Our registered office is at 44 Simpson Street, Studio N @ Digital House, Liverpool, Merseyside, England, L1 0AX
For the purpose of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018 (together “Data Protection Legislation”), we are the ‘data controller’ (i.e. the company which determines the purposes and means of the processing of your personal data).
Optimal has appointed a Data Protection Officer, who can be contacted at firstname.lastname@example.org.
How we process your data at Optimal
To register an account, you have to enter your email address and choose a password. Once you have registered, you will benefit from the following functionality:
Automatic backup to our secure servers. as well as the ability to restore and recover your account and it’s associated data on another device
When you use the Optimal app or when you go on our website, some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.
There are two main purposes for which we process personal data and the type of data that is processed to fulfil each purpose:
1. To provide our services and understand your needs
First and foremost it is vital for us to stress that we do not and will never sell any personal data about you to third parties. However you may still feel uncomfortable storing health information to a connected device. Therefore, you should consider the safety and privacy of your personal data before using the Optimal app generally, and utilising the export feature of the app specifically. You should refrain from sharing or exporting data unless you are certain that the receiving email address is authorised, credible, and secure.
When you use the Optimal app, or when you go on our website, Optimal collects, stores, and uses some personal and non-personal data. We mainly do this to provide you with our services, and our lawful basis for this processing is that it is necessary for the performance of a contract with you (i.e. our Terms and Conditions).
We may also occasionally send you informational and promotional messages as well as reminders to your smartphone via push notifications. We will only send you such messages with your prior consent.
We are very thoughtful and selective about what we communicate and how often. You always remain in full control of your communication preferences with Optimal. You can change the settings within the app at any time.
We also process your personal data in order to understand your needs and your use of our app and website, to analyze bugs and fix issues, and to bring you more useful features. To sum it up, we process this data to provide you the best and most reliable experience of our services. These processing activities are based on our legitimate interests in providing a reliable service to you, and improving it.
These are the types of data we collect for the above purposes:
This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.
Event and usage data
When you use the app or when you go to our website, our servers process anonymised data in order to understand your usage of our services, for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to allow us to better understand which features are the most relevant or useful to our users as whole, and to communicate with you about relevant and timely information and promotional content.
We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes.
All the data we collect at Optimal is necessary for us to deliver the services you use. The amount we collect has been minimised wherever possible to respect your privacy.
2. To deliver personalised insights
The data you track in Optimal about your child’s health and well being is considered sensitive personal data. Optimal does not store sensitive personal data without your explicit consent. It is only when you give us explicit consent by creating a Optimal account, and giving us your consent declaration, that we start storing all your child’s health and sensitive data on our secured servers.
You can withdraw your consent at any time by simply deleting your account in the app.
Here is the type of data we collect and store when you create an account:
Personal data used for account creation
We need some of your personal data (only your name and email address) in order to create your Optimal account.
Health and sensitive data
We store health data, such as your child’s breathing and heart rate and observations on their condition
The provision of this information is entirely voluntary, and it is up to you how much information to input.
Your consent for processing health and sensitive data
If you create an account with Optimal, your personal data, including sensitive data and data related to your health, is stored on your device and is also stored and processed on Optimal servers. This is done so we can offer you the option of backing up your data and to enable additional features (such as the ability to transfer, restore, and recover data between Apple and Android devices).
By creating an account with Optimal you explicitly consent that:
i. Optimal may store and process personal data you provide through the usage of the Optimal app and through the account creation process solely for the purpose of providing Optimal services to you and to improve Optimal’s service features. Such Optimal services may include sending you information and reminders through the Optimal app, e.g. via push notification or to the email address you provided to Optimal, where you have separately agreed to receive such messages.
ii. Such personal data you provide to Optimal through the account creation process for the purpose of providing Optimal’s service includes personal data you enter into the Optimal app, such as your account data (e.g. your email address), and your child’s health data. All of your child’s health data is encrypted on the server end and cannot be read by anyone but yourself.
We believe that data privacy is a basic human right. At Optimal we strive to ensure that your rights are respected.
Here are some key facts about your privacy that we would like you to know:
i. Our products and services have been designed to minimise the use of your personal data. We only collect and process your personal data for the purposes that have been previously outlined.
ii. Your data is highly secured on our servers. You can contact us at email@example.com if you have any questions about the security of our services.
iii. We do not retain your personal data in an identifiable format for longer than necessary to deliver our services.
iv. Optimal does not engage in any automated decision-making or profiling activities.
As a user of Optimal’s services and website, you may exercise your user rights to:
i. Request information on, or a copy of, your personal data processed by Optimal. Upon your request, this information will be provided to you electronically.
ii. Gain access to your personal data by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organisations (data portability).
iii. Correct your personal data and health data in the app settings and in the tracking categories available in the Optimal app.
iv. Withdraw your consent from data processing at any time by deleting your account (as explained in the support section of the app) and/or deleting the Optimal app from your smartphone, and/or unsubscribing from our newsletter by clicking the link at bottom of the email or by contacting firstname.lastname@example.org.
v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to email@example.com. Your data will be deleted within 30 days.
vi. Object to our processing of your personal data, or ask us to restrict your personal data pending a decision on whether we can lawfully continue to process it.
vii. File a complaint with the relevant supervising authority if you believe Optimal is processing your personal data under violation of applicable data protection regulations.
We apply security measures to protect against the misuse, loss, and/or alteration of personal data under our control. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it. Although we make good faith efforts to store the non-public information entered into the App in a secure operating environment that is not available to the public, we cannot guarantee complete security. We cannot and do not guarantee that our security measures will prevent third party “hackers” from illegally accessing our site or App and obtaining access to content or information thereon.
How Optimal stores your personal data
If you have an account with Optimal, your personal profile data (name and email address) is stored separately from your child’s health data and your service settings. This allows us to ensure the highest possible level of privacy for your health data. Your password is stored using one-way encryption (“hashing” plus “salting”) and it cannot be read by us.
Your data is transmitted between your device and Optimal’s servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.
Disclosure of your personal data
We will share some of your personal data with third parties outside Optimal only where it is strictly necessary to provide our services to you, where required by law or where we have another legitimate interest to do so. Personal data may be shared in the following circumstances:
Technical Service Providers: For example: technology service providers, payment providers, data storage providers, and marketing platforms (e.g. for sending marketing emails).
Third Party Apps: some of your personal data may be shared with such Apps. Please see the section below for further information.
When required to do so by law, regulation or court order; in response to a legitimate request for assistance by the police or other law enforcement agency;to seek legal advice from Optimal’s external lawyers or in connection with litigation with a third party; or in connection with the sale, purchase or merger of our business.
Optimal’s recommendations for protecting your personal data
We believe the biggest threat to the security and privacy of your personal data is if someone, probably someone you know, gains access to any of your devices. The data you enter into Optimal is private and it should stay that way. We have outlined some ways to keep your devices secure below.
Protect your device:
i. Activate either PIN, TouchID (iPhone 5S models onwards), or FaceID (iPhone X onwards) authentication for your device. This automatically encrypts your Optimal data and prevents any person from using your device without your permission.
ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).
For Android, download and set up Find My Device (formerly Android Device Manager) from the Google Play Store and, if needed, use the connected web interface to lock or wipe your phone remotely.
Data transfer outside the EU and to third-party apps
Any personal data collected from you may only be transferred to countries outside the European Union / the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected. This includes ensuring that all such transfers are subject to approved safeguards which meet the requirements of Data Protection Legislation (for example, through the use of EU Commission approved standard contractual clauses).
In the Optimal App we use Firebase (https://www.firebase.com/), a framework maintained by the Google subsidiary Firebase residing in San Francisco, CA, USA, through which we use to track and administer the following real-time functions:
- Tracking of basic user events for Firebase
- User Authentication
- Database Storage
- Tracking of app crashes and their reasons through Firebase Crashlytics
We use Firebase Crashlytics to track app crashes as they occur, and to prevent future ones. In case of an app crash, a report is created that contains the type and OS of the device, your last activities in the app, and your geolocation in pseudonymous form, and that is sent to Google. Information on the functionality of Crashlytics is available under https://firebase.google.com/products/crashlytics/
We use Firebase Authentication to allow you to sign up and log in – Most apps need to know the identity of a user. Knowing your identity allows us to securely save user data in the cloud and provide the same personalized experience across all of the your devices.
Your data is safely stored on the secure Firestore database, which automatically encrypts all data before it is stored, as can be read here. The location of our Firestore is EU-West3 (Frankfurt, Germany).
Amplitude analyzes this information to offer reports for Optimal on website usage and online usage of associated services. Amplitude may also transfer this information to third parties either when this is required by law or when third parties are contracted by Amplitude to process this data. Amplitude will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.
By using Optimal’s website, you consent to have non-personal data used and processed by Amplitude as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.
Amplitude is operated by Amplitude, Inc., 501 2nd Street, Suite 100 San Francisco, CA 94107, United States of America. Amplitude is accredited with the EU-US Privacy Shield Framework, ensuring that it provides the same level of security and privacy protection as in the UK and EU.
Communications, surveys and newsletter activities
Optimal uses your personal data, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications, in-app messages and emails to deliver health content and occasional promotional materials that may be of interest to you.
Such services are only provided to you if you have signed up for the newsletter or given your consent for these notifications. You consent to push notifications when you activate Optimal’s push notifications in your device settings. You also consent to Optimal contacting you via email if you have contacted Optimal for questions or support requests in connection with our services or the Optimal app. You can withdraw your consent at any time. You can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message, and you can disable notifications sent by Optimal in your device settings.
In order to provide these services, Optimal may forward information such as your email address to third-party providers in order to carry out such newsletter services, surveys or notifications. Our marketing emails will be sent out very selectively and thoughtfully, and might include details about offers on the Optimal Premium App service, as well as general updates on App developments (such as new features).
Optimal does not knowingly collect or use personal data directly from children under the age of 16. By registering to a Optimal account you are required to confirm that you are at least 16 years old.
If Optimal gains actual knowledge that the information has been collected directly from children under the age of thirteen in the United States in contradiction with the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, Optimal will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.
If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using Optimal without your permission or if you have any specific question about data privacy at Optimal, do not hesitate to get in touch with us at firstname.lastname@example.org.