Before submitting your personal information via our mobile application ("Tomo"), our website at www.hellotomo.co.uk or any other platforms that Hello Tomo owns or controls and makes available to you (collectively, the "Services"), please read this Policy carefully as it governs the collection, use, disclosure and retention of your personal information.
This Policy forms part of and is incorporated into our User Terms, which you can view here. Capitalised terms which are not defined in this Policy shall have the meaning given in our User Terms.
Any personal data provided to or gathered by the Services is controlled by Hello Tomo Limited, a limited liability company incorporated in the United Kingdom, Company Number 10313187, with a registered office at Unit 4, Peacock Yard, Iliffe Street, London, SE17 3LH, UK.
Hello Tomo is a data controller for the purposes of the Data Protection Act 1998 (the "Act") with registration reference ZA237299.
1. WHAT DOES THIS POLICY COVER?
This Policy covers Hello Tomo’s treatment of personal data that Hello Tomo gathers when you access the Services and the Content therein. This Policy does not apply to the practices of other websites or companies that Hello Tomo does not own or control, or to individuals that Hello Tomo does not employ or manage.
We receive and store the information you enter on the Services or give to us in any other way in accordance with this Policy. This includes information that can identify you ("personal data"). The information we gather (including your personal data) enables us to personalise, deliver and improve our Services. We retain personal information no longer than is legally permissible, and delete personal information when it is no longer necessary for the purposes set out in this Policy.
Tomo offers accounts for three categories of end user: individual members ("Individuals"); clinicians who use the app in a professional capacity in the course of treating their patients ("Clinicians"); and administrators who manage the accounts of one or more clinicians ("Administrators"). This Policy applies equally to all users, unless otherwise stated.
3. WHAT PERSONAL DATA DOES HELLO TOMO COLLECT?
We collect the following types of information from our users:
a. Personal data you provide to us
We receive and store any information you enter on the Services or provide to us in any other way. The types of personal data collected include your display name, your email address, IP address and browser information, and any other information necessary for us to provide the Services.
If you contact us, we may keep a record of that correspondence.
If you are using our Services as an Individual, you may also choose to give us information including your psychological profile, details of your physical disabilities, photographs and other details other activities you have undertaken (if you choose to share these), and your activity diary (which includes information such as whether you found our suggested activities enjoyable, and how difficult you found them).
You can choose not to provide us with certain information, but then you may not be able to take advantage of many of our features (see section 8 below for further information on the choices you have).
b. Personal data collected automatically
We receive and store certain types of information automatically whenever you interact with our Services or use a feature of our Content.
Our Services automatically collect usage information, such as the numbers and frequency of users of our Services. We only use this data in general and aggregate form, that is, as a statistical measure (e.g. aggregated anonymous information about app usage), and not in a manner that would identify you personally. This type of aggregate data enables us to figure out how often customers use parts of the Services or another feature of the Content so that we can make the Services appealing to as many customers as possible, and improve the Content.
As part of this use of information, we may provide aggregate information to third parties about how our customers, collectively, use our Content. We share this type of statistical data so that our partners also understand how often people use our Content. Again, Hello Tomo never discloses aggregate information to a third party in a manner that would identify you personally. Aggregated data will not be linked to any of your personal data without your express consent.
We often receive a confirmation when you open an email from Hello Tomo if your computer supports this type of program. Hello Tomo uses this confirmation to help us make emails more interesting and helpful for you.
4. WHAT WILL YOU DO WITH THE DATA I SHARE WITH YOU?
We use the information and personal data we collect from you to deliver the Services to you, and to:
• ensure that content from our Services is presented in the most effective manner for you and for your device, and improve our Services;
• communicate with you about the Services;
• carry out our obligations arising from any contracts entered into between you and us;
• allow you to participate in interactive features of our Services, when you choose to do so;
• administer your Tomo account and update our records;
• for research and development purposes;
• allow you to share Content with a Clinician, and with our other Individual members, where you choose to do so; and
• prevent or detect abuses of our Services; and enable third parties to carry out technical, logistical or other functions on our behalf.
We neither license nor sell your personal data to anyone. We share your personal data only as described in this Policy.
a. Your data: who can see what?
(i) Hello Tomo team
We will not have access to any Individual user's psychological profile or activity diary. These details are private to you unless you choose to share them with a Clinician. We will, however, be able to access and use:
• the contact details provided by each user at the point of registration; and
• aggregated, anonymous data which relates to our user base as a whole, such as our total number of users; average user engagement; and trends in user behavior. We may also share this information with the Administrator with control over your Clinician's account.
If you choose to use Tomo with a Clinician, the Clinician will to have access to your psychometric tests and activity diary, and some high level information about your level of engagement with Tomo (e.g. whether you are using Tomo "regularly" or "infrequently"). Other than this, your Clinician will only have access to information you decide to share with them: the default is that no additional information is shared, but you can choose to increase this, and you can share the full details of your Tomo activity log with your Clinician if you choose to do so.
(iii) Individual users
If you choose to share a photograph to validate an activity you have undertaken, that photograph will be visible with other Individuals members until they have validated it. You do not have a public profile on Tomo that is visible to the public. We have done what we can to protect your privacy when sharing photos (for example, we have disabled other Individuals' abilities to take screenshots of your photos), but we recommend that you exercise discretion when choosing what to share on Tomo, as we cannot control how your photographs are used.
You will be able to see your own usage history, and some analysis of your habits and behavioural trends. We do not routinely share the results of your psychometric tests with Individual users (although we expect that Clinicians may do so, at their discretion).
b. Sharing data with third parties
In addition section (a) above, we may share aggregated, anonymised information about our Services with third parties in order to promote and develop our Services. This information will not identify you in any way.
c. Communications about the Services
When you register an account with us, Hello Tomo may use your personal data to provide you with certain communications, such as service announcements and administrative messages. These communications are considered part of the Services and your Hello Tomo account and you cannot opt out of these emails. Please note that if you do not wish to receive any such communications, you should not register for an account or for our Services.
d. Business Transfers
In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that are transferred. Moreover, if Hello Tomo or substantially all of its assets were acquired (such as through a merger or acquisition), or in the unlikely event that Hello Tomo goes out of business or enters bankruptcy or is dissolved or otherwise reorganised, customer information would be one of the assets that is transferred to or acquired by a third party. You acknowledge that such transfers or similar transactions or proceedings may occur, and that any acquirer of Hello Tomo may continue to use your personal data as set forth in this Policy.
e. Protection of Hello Tomo and Others and a transfer in the ownership of Hello Tomo
We may release personal data when we believe in good faith that release is necessary to comply with the law, regulation or legal request; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Hello Tomo, our employees, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
We may share some or all of your Personal data with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
5. DATA STORAGE AND SECURITY?
Any and all information you provide to us is hosted and stored on a cloud server within the European Economic Area.
The personal data in the Hello Tomo account you have with us is protected by a password for your privacy and security. You need to ensure that there is no unauthorised access to your account and personal data by keeping your password confidential, limiting access to your mobile, tablet or computer, and browser by signing off after you have finished accessing your account. You are responsible for safeguarding the password that you use to access the Services and for any activities or actions under your password. Hello Tomo encourages you to use “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols) with your account. Hello Tomo cannot and will not be liable for any loss or damage arising from your failure to comply with the above requirements. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. You must not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Hello Tomo endeavors to protect personal data but Hello Tomo cannot guarantee the security of your data transmitted to our Services. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our platform; any transmission of data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will take care to maintain appropriate safeguards to ensure the security, integrity and privacy of the information you have provided us with. We encrypt your information to protect it from unauthorised use. In addition, we will take reasonable steps to ensure that third party business partners to whom we transfer any aggregated, non-personal data will provide sufficient protection of that personal data.
6. YOUR RIGHT TO ACCESS YOUR PERSONAL DATA
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
You may at any time request correction or deletion of your personal data, and object to any processing of your personal data by emailing us at firstname.lastname@example.org. We will respond to your access and/or correction request within four (4) weeks.
7. WHAT CHOICES DO I HAVE?
As set out above, you can always opt not to disclose information, even though it may be needed to take advantage of the Services or other features of the Content.
You are able to add or update certain information on pages on our app, although we often maintain a copy of the unrevised information in our records.
You may request deletion of your account by emailing us at email@example.com. Please note that we may retain your personal data as needed to comply with our legal and regulatory obligations, resolve disputes, investigate or prevent fraud and other inappropriate activity, or otherwise in accordance with this Policy.
8. DATA RETENTION
We will retain your personal data for as long as is necessary for our operations. Your personal data will be visible on our app for the duration of your membership, and we may have access to it for up to 12 months thereafter (in accordance with this Policy), after which point any information associated with your profile which remains within our reasonable control will be anonymised, pseudonymised or deleted.
We do not knowingly market or provide our Services to children. The Services are not designed for use by persons under 18 years old. Children under 18 are not allowed to register with or use the Services, or submit personal data through the Services. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected personal information from a child under 18, we will delete that information as soon as reasonably possible. If you believe that we might have any information from a person under age 18, please contact us at firstname.lastname@example.org.
10. CHANGES TO THIS POLICY
We may amend this Policy from time to time. Use of information we collect now is subject to the Policy in effect at the time such information is used. If we make changes in the way we use personal data, we will notify you by posting an announcement on our Services or sending you an email. If the changes are significant or the way that we use your personal data changes, we may provide a more prominent notice or get your consent as required by law.
11. QUESTIONS OR CONCERNS
If you have any queries or concerns regarding privacy on our Services or the Content, please send us a message here. We will make every effort to resolve your queries or concerns. If your queries or concerns that are not answered online, you may write to us at Hello Tomo Limited, Unit 4, Peacock Yard, Iliffe Street, London, SE17 3LH, UK.
Last updated: 06/06/2017