Protecting your personal details on our website
Last updated: 29 Sep 2020
My Pain Limited ("we", “us”, “our”) are committed to protecting and respecting your privacy.
This privacy policy (“Privacy Policy”) and any other documents referred to herein, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://.mypain.app and https://mypain.uk (“Sites”) you are accepting and consenting to the practices described in this Privacy Policy.
DATA CONTROLLER
For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”), the Data Protection Act 2018 and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is My Pain Limited whose registered office is at 13 Thackeray Drive, Kent, DA11 8FS, UK.
LEGAL BASIS FOR PROCESSING
We collect and use the personal data described below in order to provide you with access to our Site and Services in a reliable and secure manner. We also collect and use personal data:
· For our legitimate business needs.
· To fulfil our contractual obligations to you.
· To comply with our legal obligations.
To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following information about you:
Information you give us. You may give us information when you fill in forms on our Site or correspond with us by phone, email or otherwise. This includes information you provide when you register to use our Site, App, subscribe to our services (“Services”) search for a service, participate in discussion boards, surveys, provide feedback, complete questionnaires or take part in social media functions on our Site, download content, or when you report a problem with our Site or Services. We may require you to provide the following information:
· Users who are patients: and your generic diagnosis name – where you choose to do so. We use this data to identify you for authentication and authorisation, account creation and linking to a clinician’s user account. If you use the Services we will collect information about your interaction with the Services which includes how you used knowledge gained by watching videos in the Services to make goals relevant for your pain management, information you provided in various tools in the Services (forms with questions) and guidance to overcome various problems that you face while managing your pain and what has worked for you after trying different strategies.
· Users who are clinicians: your email, first and last name (or pseudonym), password, telephone number, your speciality and workplace contact details, to enable a patient to search for the correct clinician in their vicinity and ask them for their professional input.
Information we collect about you. If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data. With regard to each of your visits to our Site we may automatically collect the following information using common information-gathering tools, such as cookies, web beacons, pixels, and similar technologies about your device, and your use of our Site and Services:
· Technical information: including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
· Information about your visit: including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
· Information from other online accounts: where you have given us permission to collect data from within your settings or the privacy policies of these other online services: This can be via social media or by choosing to send us your location data when accessing our Site from your smartphone, for example: some users prefer login and authentication via their social media accounts (Google or Facebook) and these external providers may set 3rd party cookies to track usage; or it can be from the integrations and connections that you choose to install when using the Services. For example: the videos embedded within the Services are running on Vimeo servers based in the US. General analytics data is collected about the usage, popularity, completion rate (all anonymised) to improve user interaction and acceptance. We also collect geographical location data (the country and town) from where our videos or Site are accessed.
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Site.
Information we collect from other sources: We also collect information about you from publicly available sources. We may combine this information with personal data provided by you. This helps us update, expand, and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. We also use this for the purposes of delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information.
The Personal Data we collect includes:
· Publicly available information about you; such as information published about you, for example by Companies House, including postal address, job title, email address, phone number, professional or employment-related information, education information and commercial information.
· Internet activities: internet data (or user behavioural data), IP addresses, internet activity information and inferences about your preferences and behaviour.
· Social media profiles: information published about you on social media profiles such as LinkedIn, Facebook, Twitter etc.
COOKIES
Third parties set cookies on our Site and in the Services to enable us to distinguish you from other users of our Site and Services. This helps us to provide you with a good experience when you browse our Site and also allows us to improve the Site and Services.
What are cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the Site. Cookies can be “persistent” or “session” cookies.
Persistent cookies and session cookies are used.
Persistent Cookies
A persistent cookie is stored on a user’s device in between browser sessions which allows the preferences or actions of a user across the Site (or in some cases across different websites) to be remembered. We use persistent cookies to save your login information for future logins to the Site.
Session Cookies
A session cookie allows the Site to link your actions during a browser session. We use session cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and then close your browser.
Which cookies we use and why
The information below explains the cookies set by third parties and why we use each of them which are restricted to strictly necessary cookies and functionality cookies.
Category 1: strictly necessary cookies
These cookies are essential in order to enable you to move around the Site and Services and use its features, such as accessing secure areas of the site or Services. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
Category 3: functionality cookies
These cookies allow the Site or Services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as a live chat session. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Cookie:
Google Analytics
Type:
Tracking cookies
Purpose:
These cookies are used to collect information about how visitors use our Site. We use the information to compile reports and to help us improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, where visitors have come to the Site from and the pages they visited. If you do not allow these cookies we will not be able to include your visit in our statistics. You can read the full Google Analytics privacy policy at: http://www.google.com/policies/privacy/.
Duration:
12 months – only used on mypain.uk website which is about company information. No analytics attached to mypain.app used by registered clients.
Cookie:
Geotargeting
Type:
Location cookies
Purpose:
These cookies are used by software which tries to work out what country you are in from information supplied by your browser when it requests a web page. This cookie is completely anonymous and is only used to help target content.
Duration:
12 months – only used on mypain.uk website which is about company information. No analytics attached to mypain.app used by registered clients.
Cookie:
Authentication
Type:
Purpose:
Google uses 3rd party cookies for authentication but these are not stored on our servers.
Duration:
12 months - only used on mypain.app website as one of the authentication options for first time login.
Cookie:
Authentication
Type:
Purpose:
Facebook uses 3rd party cookies for authentication but these are not stored on our servers.
Duration:
12 months - only used on mypain.app website as one of the authentication options for first time login.
You can set up your browser options, to stop your computer accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use the whole of the Site or all functionality of the Services.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
USES MADE OF THE INFORMATION
We use information held about you in the following ways.
Information you give to us. We will use this information:
· To carry out our obligations arising from any contracts entered into between you and us;
· To provide you with the information, products and services that you request from us;
· To notify you about changes to our Site and Services;
· To ensure that content from our Site and Services is presented in the most effective manner for you and for your computer.
· To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired, about unless you have opted not to receive such information;
· To permit selected third parties to contact you by electronic means only if you have consented to this by ticking the relevant consent box situated on the form on which we collected your data;
Information we collect about you. We will use this information:
· To administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
· To inform you about scheduled downtimes and new features;
· To improve our Site and Services to ensure that content is presented in the most effective manner for you and your computer;
· To allow you to participate in interactive features of our service, when you choose to do so;
· As part of our efforts to keep our Site and Services safe and secure;
· To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
· To make suggestions and recommendations to you and other users of our Site or Services about our goods or services that may interest you or them.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We will not sell or rent your personal data to anyone.
DISCLOSURE OF YOUR INFORMATION
Information we share with third parties. We may share your information with selected third parties including:
· Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
· Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you to provide services such as IT and system administration, email communications, hosting services, backup services, credit card processing, research, development, marketing and customer support, including: Google and AWS.
· Professional advisors acting as service providers to us in relation to the Site or Services - including lawyers, bankers, auditors, and insurers.
· We may share anonymous and aggregated usage data and reports in the normal course of operating our business; for example, we may share information with other Site or Services users, our customers or publicly to show trends or benchmark the general use of our Site and Services.
Information we disclose to third parties. We may disclose your personal data to third parties:
· In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
· If we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets.
· If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions, terms of use and/or any other legal agreements; or to protect our rights, property, safety, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WE STORE YOUR PERSONAL DATA
Our Services are global and your information (including personal data) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.
The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area ("EEA") or the UK. It may also be processed by staff operating outside the EEA or UK who work for us or for one of our suppliers or partners. Such staff or subcontractors may be engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA or the UK.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).
Our Site and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site or Services from outside the EEA or the UK. This means that where you chose to post your data on our Site or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA or the UK may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
PROTECTION OF YOUR INFORMATION
All information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or the Services. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
LINKS TO OTHER WEBSITES
Our Site and Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
YOUR RIGHTS
You have the right under Data Protection Law, free of charge, to request:
· Access to your personal data.
· Rectification or deletion of your personal data.
· A restriction on the processing of your personal data.
· Object to the processing of your personal data.
· A transfer of your personal data (data portability) in a structured, machine readable and commonly used format.
· Withdraw your consent to us processing your personal data, at any time.
You can make a request in relation to any of the above rights by contacting us as set out at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law.
MARKETING COMMUNICATIONS
We will send you marketing emails if you “opt in” to receive marketing emails when registering on our Site, or if you have enquired about, or purchased any of our goods or services.
Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
We send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.
DATA RETENTION
We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the Site or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the Site or Services for the purposes set out below.
After you have closed your account, we usually delete personal data within 1 month for clinicians and 2 weeks for patients, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfil your request to “unsubscribe” from further messages from us.
We will retain de-personalised information after your account has been closed.
Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Site or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.
COMPLAINTS
If you have any complaints about our use of your personal data please contact us as set out at the end of this Privacy Policy or contact : The Information Commissioner’s Office at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
· AGE OF USERS
This Site and the Services are not intended for and shall not be used by anyone under the age of 18.
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
This Privacy Policy was last updated on the 2nd of July 2020 and this version replaces any other Privacy Policy previously applicable from this date.
CONTACT
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to:
By post: Data Protection Department, My Pain Ltd, 13 Thackeray Drive, Northfleet DA11 8FS, England.
By email: contact@mypain.uk.