Last Updated: April 20th 2018
1. Purpose & Scope
2. ICO Data Protection Register
SmartMed Global Limited is registered on the Information Commissioner’s Office (ICO) Data Protection Register in the UK. The registration number is ZA274744.
Appdragon Limited is registered on the Information Commissioner’s Office (ICO) Data Protection Register in the UK. The registration number is ZA096996.
Work is underway to register the SmartIdeas Group on the Information Commisioner’s Office (ICO) Data Protection Register and also to change the registered office address to the current group’s office address.
We are committed to keeping your information safe and promise not to share it with anyone else without your express permission.
This document is a description of the way SmartIdeas holds and processes personal information.
3.1. Your Privacy
We are committed to ensuring that Customer and User information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We have achieved the highest standard with our certification to ISO27001:2017. This is an international standard and requires annual external audits to maintain the certification.
3.3 Reasons and Purposes for Processing Information
We process personal information to enable us to provide Services in which we design, test, demonstrate and provide/licence software (in particular mobile apps, web sites, web applications and mobile web site); promote our services; maintain our accounts and records and to manage our staff.
3.4. Type & Classes of Information Processed
We process information relevant to the above reasons and purposes. This may include:
- Personal details for supporting Customers and Customer Contact
- Goods and services
- Information necessary for the development, test and provision of software
- Health assessment data for use in managing conditions (SmartMed only)
- Mobile phone numbers and email addresses for recipients of bulk messaging
- Domain names and IP addresses
- User account details
- Information necessary for financial processes such as billing (including where appropriate credit card numbers, BACS details etc.)
- Software usage statistics for supporting users of the software and for billing customers.
3.5. Who the Information is Processed About
We process personal information about our clients, employees, suppliers and individuals, including end users, necessary for operation of our services.
3.6. Who We Share Information With
We never sell any personal information to any organization. We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the current data privacy legislation, the DPA and will become GDPR from the 25/05/2018. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required, we may share information with:
- Customers (their own users and data only)
- Suppliers, service providers and sub-contractors involved in providing the Services
- Professional advisers and consultants involved in providing the Services
- Credit reference agencies
- Debt collection and tracing agencies
- Central Government or the Police
3.7. Cookies and Links to Other Websites
A cookie is a small file, which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
3.7.2. Links to other web-sites.
Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.
3.8. Controlling Personal Data
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties, which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information, which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Data Protection, SmartIdeas, Kemp House, 152 City Road, London, EC1V 2NX. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
3.9. Process to request changes or deletions of personal details
If a user wishes to have their details amended or deleted from our SmartMessage service, an email to firstname.lastname@example.org be sent requesting their records are deleted or updated with the new details. Following us actioning the request we will respond to the user accordingly confirming the action taken.
If a user wishes to have their details amended or deleted from our SmartMed service, an email to email@example.com should be sent requesting their records are deleted or updated with the new details. This request should also state that they have told their clinician that they wish to have their request carried out. Following us actioning the request we will respond to the user accordingly confirming the action taken.
3.10. Transfers outside of the EEA
No Data is stored outside of the EEA. However it may sometimes be necessary to view personal data by persons outside of the EEA in order to support the services. In these cases the data is viewed on an ‘as needs’ basis and is fully auditable. We ensure that any organization we use have the appropriate controls and contracts in place with us (for example European Model Clauses, with regular audits carried out by us).