Privacy Policy

---

1. Introduction

As a responsible healthcare provider, PocketEye Ltd (trading as PocketEye), value the trust you place in us when you share your personal data. We are committed to protecting the privacy of everyone who uses our sites and services and anyone who supports our work through our supplier and customer network.

This Privacy Notice contains our obligations and promises to you about the different types of personal data we might collect about you when you browse this site and contact us. It explains how we will store, handle, and protect that data.

2. Who we are (identity of the data controller)

We are an English company with registered company number: 14089501. We are the data controller responsible for your personal information and we are registered at the UK Information Commissioner’s Office.

The following laws will apply to the protection of your personal data when use this website:

1. If you are a resident of the United Kingdom, the UK GDPR as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;

2. If you reside in any other country, the applicable data protection laws, and regulations in your country of residence.

3. Please note that the PocketEye service is only offered to residents in England at this time due to regulatory requirements. If you are outside England, you should not use the PocketEye service although you may still visit this website.

3. What personal data do we collect and when?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together, as follows:

1. Identity Data includes name, gender, date of birth, address, telephone number, email address, optional NHS number.

2. Contact Data includes email address and telephone numbers.

3. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our apps.

4. Special Categories of Data includes sensitive medical details such as symptoms, conditions, biometrics, family history, medication, and any other health data you provide to us by using our app.

5. Usage Data includes information about how you use our website, products and services.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature in the app. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we collect personal data in order for the information to be forwarded via the PocketEye app and you fail to provide that data when requested, we may not be able to share the information with the NHS provider. 

We collect the information in the following circumstances:

• Direct interaction, such as when you register on our website or app.
• When you have given a third-party permission to share with us the information      they hold about you (for example, if you are directed to the PocketEye app      from another service that you subscribe to).
• When you allow social media sites to provide your data to us.
• When you contact us by telephone or email.
• When completing any of our surveys or leaving us a review.
• When completing any forms for transactional, employment or other purposes.
• When you enter a contract with us.
• When you visit our website our servers record data about your internet browser,      I.P. computer address (which is the unique numerical address given to every computer connected to the internet), the time and duration of your visit and which pages you looked at.
• We also collect information about how our website is used and track which      pages users visit when they follow links in PocketEye emails.

Third parties or publicly available sources.

We may receive personal data about you from various third parties and public sources as set out below

• Technical Data from the following parties:

• analytics providers such as Google based outside the EU;
• advertising networks;
• search information providers based inside or outside the EU.

• Contact, Financial and Transaction Data from providers of technical, payment and      delivery services based inside or outside the EU
• Identity, Contact, Profile, Usage, Marketing and Communications Data from data      brokers or aggregators based inside or outside the EU
• Identity and Contact Data from publicly available sources such as LinkedIn,      Companies House and the Electoral Register based inside the EU.
• Like many other websites, the PocketEye website uses ‘cookies’ which are small files stored on your computer that allow websites to recognise you when you visit the next time. They store data about your browsing history but do not identify you as an individual. We use this information to monitor and improve our website, services and activities which helps us to deliver a better more personalised service.
• You can switch off cookies in your browser preferences but doing so may result      in a loss of functionality when using our website.
• The PocketEye website may include links to other sites, not owned or managed by us. We cannot be held responsible for the privacy of information collected by websites not owned and managed by PocketEye Ltd. When you leave our website, we encourage you to read the privacy notice of every website you visit.

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

We process your personal data, which may include but not limited to, your name, address, phone number, image for identification purposes, email address, General Practitioner (GP), GP address, Date of Birth, NHS number, prescribed medications, supplied medications and other details about your medical history that you choose to provide and share with us.

We process this information for the following purposes;

• To provide you with products and services including healthcare services.
• Internal record keeping.
• To improve our products and services.
• For the purpose of employee training and to improve our quality of service, we      may obtain some personal information from monitoring or recording calls.
• In the event of a business sale or merger, personal data will be transferred      to the new business owner in line with regulatory requirements.
• Keeping you informed about new products, special offers or other information which we think you may find interesting. If you no longer wish to receive such      emails, you can ask us to stop at any time.
• Market research, we may, from time to time, contact you for market research      purpose.

5. Legal basis for data processing

1. The lawful basis we rely upon for processing all this data varies depending upon the way it has been collected, and the purpose of the processing.

2. We will use personal data firstly to fulfil any contractual obligations that exist between us. Where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data, or we will not be able to deliver the goods and/or services you have requested. In such cases, the lawful basis of us processing the personal data is that it is necessary for the performance of a contract or necessary to collect prior to entering that contract.

3. We also process your data when it is necessary for a legal obligation, a task carried out in the public interest, necessary for the vital interests of you or another person, necessary for legal proceedings or for preserving yours or someone’s legal rights, necessary for medical purposes or for our own legitimate interests or the interests of a third party with whom we might disclose data to, except where there is unwarranted prejudice to yours or others legitimate interests.

4. Patient data is considered to be a special category of data under the UK and EU General Data Protection Regulation and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject “and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

5. We may also process patient data, when it is necessary, for the performance of a task carried out in the public interest or in the exercise of official authority…’in accordance with GDPR 6(1)(e).

6. For all individuals, users, and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing hello@thepocketeye.com  or by opting out from the link on the communication that is sent to you. It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.

7. We sometimes need to use your data to help us run our business. For example, to action any changes to your account that you request, or to personalise the services we provide – with the aim of improving your customer experience. We will only use your data in these instances, where doing so does not materially impact your rights, freedom, or interests. In this case, your data is processed under legitimate interest.

8. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

9. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. How do we store, process, and protect your personal data?

The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in the UK. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees (such as standard data protection clauses, or exceptional circumstances). A full list of our third-party sub-processors and details of their privacy policies can be found below.

When you visit our site, we use a third-party service, GoDaddy, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Sensitive information between your browser and our website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.

Where you communicate with us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information that you transmit as no data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.

Please contact our Data Protection Officer if you would like further details on the specific safeguards applied to the export of your personal data outside the UK/EEA.

Processors and sub-processors

Infrastructure processors

• Amazon Web Services, Inc https://aws.amazon.com/privacy/

Customer feedback, engagement, analytics and support

• Amazon Web Services, Inc – https://aws.amazon.com/privacy/ 

• MailChimp https://mailchimp.com/legal/privacy/

• Slack –https://slack.com/intl/en-gb/privacy-policy 

7. Children’s Data

We never knowingly collect personal data from children under 16. However, we encourage parents and legal guardians to monitor their children’s Internet usage and to help us to enforce this notice by instructing children never to provide personal data to us.

8. Sharing and storing of information

Sometimes we will share your personal data with trusted third parties. We will do this in the following circumstances:

• To process an order e.g., with third party payment service providers
• To handle complaints e.g., with our Customer Services call centre
• To detect any fraudulent activity, or assist law enforcement authorities

When we share information with third parties, we will ensure that:

• We only provide the data they need to perform their specific function
• They only use the data provided as intended
• They have the requisite measures in place to protect your data and delete it      once the function has been performed, or delete it when we cease working      with them

Some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we conduct due diligence to ensure that our partners are contractually bound to protect your data to the same degree that is required in the European Union.

9. How long we retain your personal data

We only keep your personal data for as long as is necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will either delete the data, or anonymise it. The use of anonymised data helps us to optimise our customer service.

If you ask us to delete your data, then we may not be able to provide you with all of the services offered from this website.

10. Your rights as a data subject

You have the following rights which you can ask us to comply with:

Your right to rectification – You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this by contacting our Customer Services Team who will give you step-by-step advice on how to do this. You can contact them by emailing: hello@thepocketeye.com

Your right to restrict processing – If we are processing your personal data on the basis of our legitimate interest, you have the right us to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Your right to object –You have the right at any time to stop us sending you marketing material. You can do this in the following ways:

• Click      the ‘unsubscribe’ link in any email communication that we send you. We      will then stop any further emails from reaching your inbox.
• Contact      our Customer Services Team by emailing: hello@thepocketeye.com
• Email      or write to: The Data Protection Officer
  registered office as before.

Please note that if you follow a link which clicks through to a third-party site, this notice will not apply and you will need to review that third party’s privacy terms and conditions.

Your right of access – You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:

• Full name (we will ask you to verify your identity)
• Full address
• Email address
• Phone number
• Specific details on what you require or are requesting

We will process your request and will either respond within 30 days or contact you to gather more information before we fulfil your request. In the event that we might refuse to fulfil your request (for example if it is unreasonable), we will give a full explanation as to why.

Please submit your requests through the following channels:

FAO: The Data Protection Officer,registered office as before.

Or send an email to: hello@thepocketeye.com

Your right to be informed – This Privacy Notice provides your right to be informed about the collection and use of our personal data.

Your right to erasure –You have the right to obtain from us the erasure of your personal data when the processing is based on your consent and such consent is withdrawn. To exercise your ‘right to be forgotten’, please contact us at hello@thepocketeye.com and we will comply with your request within 30 days from the date that we have identified you. Please note that your right to erasure does not apply to data related to any of your transactions as we have a legal obligation to keep the same.

Your right to data portability –You have the right to receive a copy of the personal data that we hold about you and/or have such personal data transmitted from us to another data controller if this is technically achievable.

11. Questions and Complaints

Should you wish to discuss a complaint, please contact hello@thepocketeye.com and we will be happy to assist you. 

Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).

You would also have the right to opt-out of the sale of your personal information.

Finally, you have the right not to be discriminated against for exercising any of the rights described in Section.

12. Changes to this privacy notice

We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email.

Accessibility statement for PocketEye

This accessibility statement applies to the website and website application for PocketEye https://pocket-eye.com/

This website is run by PocketEye. We want as many people as possible to be able to use this website. For example, that means you should be able to:

· change colours, contrast levels and fonts

· zoom in up to 300% without the text spilling off the screen

· navigate most of the website using just a keyboard

· navigate most of the website using speech recognition software

· listen to most of the website using a screen reader (including the most recent versions of JAWS, NVDA and VoiceOver)

We’ve also made the website text as simple as possible to understand.

How accessible this website is

We know some parts of this website are not fully accessible:

· the text will not reflow in a single column when you change the size of the browser window

· you cannot modify the line height or spacing of text

· some of our online forms are difficult to navigate using just a keyboard

· you cannot skip to the main content when using a screen reader

Feedback and contact information

If you need information on this website in a different format like accessible PDF, large print, easy read, audio recording or braille:

· email hello@thepocketeye.com

· call +447506714937

We’ll consider your request and get back to you in 10 days.

Reporting accessibility problems with this website

We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact: hello@thepocketeye.com 

Enforcement procedure

The Equality and Human Rights Commission (EHRC) is responsible for enforcing the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (the ‘accessibility regulations’). If you’re not happy with how we respond to your complaint, contact the Equality Advisory and Support Service (EASS).

Contacting us by phone or visiting us in person

We provide a text relay service for people who are D/deaf, hearing impaired or have a speech impediment.

Find out how to contact us https://pocket-eye.com/contact-us

Technical information about this website’s accessibility

PocketEye is committed to making its website accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.

Compliance status

This website is fully compliant with the Web Content Accessibility Guidelines version 2.1 AA standard.

Navigation and accessing information

There’s no way to skip the repeated content in the page header (for example, a ‘skip to main content’ option).

It’s not always possible to change the device orientation from horizontal to vertical without making it more difficult to view the content.

It’s not possible for users to change text size without some of the content overlapping.

Interactive tools and transactions

Some of our interactive forms are difficult to navigate using a keyboard. For example, because some form controls are missing a ‘label’ tag.

Our forms are built and hosted through third party software and ‘skinned’ to look like our website.

We’ve assessed the cost of fixing the issues with navigation and accessing information, and with interactive tools and transactions. We believe that doing so now would be a disproportionate burden within the meaning of the accessibility regulations. We will make another assessment when the supplier contract is up for renewal, likely to be in 2024.

Content that’s not within the scope of the accessibility regulations

Live video

We do not plan to add captions to live video streams because live video is exempt from meeting the accessibility regulations.

Preparation of this accessibility statement

This statement was prepared on the 23rdof August 2022. It was last reviewed on 23rd of August 2022.

This website was last tested on 23/08/2022. The test was carried out by PocketEye.

We used this approach to deciding on a sample of pages to test. We try to include a range of pages from the website or mobile application such as:

· some of the most popular pages

· a range of template types

· at least one service end-to-end (where possible)