Last Updated: April 20th 2018

1. Purpose & Scope

The purpose of this document is to define the Privacy Policy for The SmartIdeas Group Limited (‘SmartIdeas’), which includes the subsidiaries SmartMed Global Limited, SmartMessage Limited and Appdragon Limited.

The Privacy Policy defined herein is the Group ‘master’ policy and where reference is made to SmartIdeas this includes any and all of the Group companies named above, unless explicitly stated otherwise.

2. ICO Data Protection Register

SmartMed Global Limited is registered on the Information Commissioner’s Office (ICO) Data Protection Register in the UK. The registration number is ZA274744.

Appdragon Limited is registered on the Information Commissioner’s Office (ICO) Data Protection Register in the UK. The registration number is ZA096996.

Work is underway to register the SmartIdeas Group on the Information Commisioner’s Office (ICO) Data Protection Register and also to change the registered office address to the current group’s office address.

3. SmartIdeas General Privacy Policy

We are committed to keeping your information safe and promise not to share it with anyone else without your express permission.

This document is a description of the way SmartIdeas holds and processes personal information.

If we are acting as a processor or sub processor (i.e. we do not have a contract with you directly) you will also need to check the privacy policy of the controller (the body that you have a contract with).

3.1. Your Privacy

This privacy policy sets out how SmartIdeas uses and protects any information that you give SmartIdeas when you use the products, services, applications or web sites (the “Services”) provided by SmartIdeas. SmartIdeas is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using the Services, you can be assured that it will only be used in accordance with this privacy statement. SmartIdeas may change this policy from time to time by updating this policy. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 1st April 2017 and will be reviewed at least annually.

3.2. Security

We are committed to ensuring that Customer and User information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We have achieved the highest standard with our certification to ISO27001:2017. This is an international standard and requires annual external audits to maintain the certification.

3.3 Reasons and Purposes for Processing Information

We process personal information to enable us to provide Services in which we design, test, demonstrate and provide/licence software (in particular mobile apps, web sites, web applications and mobile web site); promote our services; maintain our accounts and records and to manage our staff.

3.4. Type & Classes of Information Processed

We process information relevant to the above reasons and purposes. This may include:

3.5. Who the Information is Processed About

We process personal information about our clients, employees, suppliers and individuals, including end users, necessary for operation of our services.

3.6. Who We Share Information With

We never sell any personal information to any organization. We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the current data privacy legislation, the DPA and will become GDPR from the 25/05/2018. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required, we may share information with:

3.7. Cookies and Links to Other Websites

This section of our Privacy Policy applies only to customers using our web sites and mobile web sites.

3.7.1. How we use cookies.

A cookie is a small file, which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

3.7.2. Links to other web-sites.

Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.

3.8. Controlling Personal Data

You may choose to restrict the collection or use of your personal information in the following ways:

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties, which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information, which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Data Protection, SmartIdeas, Kemp House, 152 City Road, London, EC1V 2NX. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

3.9. Process to request changes or deletions of personal details
3.9.1 SmartMessage

If a user wishes to have their details amended or deleted from our SmartMessage service, an email to support@smartmessage.meshould be sent requesting their records are deleted or updated with the new details. Following us actioning the request we will respond to the user accordingly confirming the action taken.

3.9.2 SmartMed

If a user wishes to have their details amended or deleted from our SmartMed service, an email to should be sent requesting their records are deleted or updated with the new details. This request should also state that they have told their clinician that they wish to have their request carried out. Following us actioning the request we will respond to the user accordingly confirming the action taken.

3.10. Transfers outside of the EEA

No Data is stored outside of the EEA. However it may sometimes be necessary to view personal data by persons outside of the EEA in order to support the services. In these cases the data is viewed on an ‘as needs’ basis and is fully auditable. We ensure that any organization we use have the appropriate controls and contracts in place with us (for example European Model Clauses, with regular audits carried out by us).