As a responsible healthcare provider, PocketEye Ltd (trading as PocketEye), value the trust you place in us when you share your personal data. We are committed to protecting the privacy of everyone who uses our sites and services and anyone who supports our work through our supplier and customer network.
This Privacy Notice contains our obligations and promises to you about the different types of personal data we might collect about you when you browse this site and contact us. It explains how we will store, handle, and protect that data.
2. Who we are (identity of the data controller)
We are an English company with registered company number: 14089501. We are the data controller responsible for your personal information and we are registered at the UK Information Commissioner’s Office.
The following laws will apply to the protection of your personal data when use this website:
1. If you are a resident of the United Kingdom, the UK GDPR as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
2. If you reside in any other country, the applicable data protection laws, and regulations in your country of residence.
3. Please note that the PocketEye service is only offered to residents in England at this time due to regulatory requirements. If you are outside England, you should not use the PocketEye service although you may still visit this website.
3. What personal data do we collect and when?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together, as follows:
1. Identity Data includes name, gender, date of birth, address, telephone number, email address, optional NHS number.
2. Contact Data includes email address and telephone numbers.
3. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our apps.
4. Special Categories of Data includes sensitive medical details such as symptoms, conditions, biometrics, family history, medication, and any other health data you provide to us by using our app.
5. Usage Data includes information about how you use our website, products and services.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature in the app. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we collect personal data in order for the information to be forwarded via the PocketEye app and you fail to provide that data when requested, we may not be able to share the information with the NHS provider.
We collect the information in the following circumstances:
Third parties or publicly available sources.
We may receive personal data about you from various third parties and public sources as set out below
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We process your personal data, which may include but not limited to, your name, address, phone number, image for identification purposes, email address, General Practitioner (GP), GP address, Date of Birth, NHS number, prescribed medications, supplied medications and other details about your medical history that you choose to provide and share with us.
We process this information for the following purposes;
5. Legal basis for data processing
1. The lawful basis we rely upon for processing all this data varies depending upon the way it has been collected, and the purpose of the processing.
2. We will use personal data firstly to fulfil any contractual obligations that exist between us. Where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data, or we will not be able to deliver the goods and/or services you have requested. In such cases, the lawful basis of us processing the personal data is that it is necessary for the performance of a contract or necessary to collect prior to entering that contract.
3. We also process your data when it is necessary for a legal obligation, a task carried out in the public interest, necessary for the vital interests of you or another person, necessary for legal proceedings or for preserving yours or someone’s legal rights, necessary for medical purposes or for our own legitimate interests or the interests of a third party with whom we might disclose data to, except where there is unwarranted prejudice to yours or others legitimate interests.
4. Patient data is considered to be a special category of data under the UK and EU General Data Protection Regulation and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject “and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
5. We may also process patient data, when it is necessary, for the performance of a task carried out in the public interest or in the exercise of official authority…’in accordance with GDPR 6(1)(e).
6. For all individuals, users, and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing firstname.lastname@example.org or by opting out from the link on the communication that is sent to you. It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.
7. We sometimes need to use your data to help us run our business. For example, to action any changes to your account that you request, or to personalise the services we provide – with the aim of improving your customer experience. We will only use your data in these instances, where doing so does not materially impact your rights, freedom, or interests. In this case, your data is processed under legitimate interest.
8. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
9. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. How do we store, process, and protect your personal data?
The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in the UK. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees (such as standard data protection clauses, or exceptional circumstances). A full list of our third-party sub-processors and details of their privacy policies can be found below.
When you visit our site, we use a third-party service, GoDaddy, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Sensitive information between your browser and our website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
Where you communicate with us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information that you transmit as no data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.
Please contact our Data Protection Officer if you would like further details on the specific safeguards applied to the export of your personal data outside the UK/EEA.
Processors and sub-processors
• Amazon Web Services, Inc https://aws.amazon.com/privacy/
Customer feedback, engagement, analytics and support
• Amazon Web Services, Inc – https://aws.amazon.com/privacy/
• MailChimp https://mailchimp.com/legal/privacy/
7. Children’s Data
We never knowingly collect personal data from children under 16. However, we encourage parents and legal guardians to monitor their children’s Internet usage and to help us to enforce this notice by instructing children never to provide personal data to us.
8. Sharing and storing of information
Sometimes we will share your personal data with trusted third parties. We will do this in the following circumstances:
When we share information with third parties, we will ensure that:
Some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we conduct due diligence to ensure that our partners are contractually bound to protect your data to the same degree that is required in the European Union.
9. How long we retain your personal data
We only keep your personal data for as long as is necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will either delete the data, or anonymise it. The use of anonymised data helps us to optimise our customer service.
If you ask us to delete your data, then we may not be able to provide you with all of the services offered from this website.
10. Your rights as a data subject
You have the following rights which you can ask us to comply with:
Your right to rectification – You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this by contacting our Customer Services Team who will give you step-by-step advice on how to do this. You can contact them by emailing: email@example.com
Your right to restrict processing – If we are processing your personal data on the basis of our legitimate interest, you have the right us to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Your right to object –You have the right at any time to stop us sending you marketing material. You can do this in the following ways:
Please note that if you follow a link which clicks through to a third-party site, this notice will not apply and you will need to review that third party’s privacy terms and conditions.
Your right of access – You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:
We will process your request and will either respond within 30 days or contact you to gather more information before we fulfil your request. In the event that we might refuse to fulfil your request (for example if it is unreasonable), we will give a full explanation as to why.
Please submit your requests through the following channels:
FAO: The Data Protection Officer,registered office as before.
Or send an email to: firstname.lastname@example.org
Your right to be informed – This Privacy Notice provides your right to be informed about the collection and use of our personal data.
Your right to erasure –You have the right to obtain from us the erasure of your personal data when the processing is based on your consent and such consent is withdrawn. To exercise your ‘right to be forgotten’, please contact us at email@example.com and we will comply with your request within 30 days from the date that we have identified you. Please note that your right to erasure does not apply to data related to any of your transactions as we have a legal obligation to keep the same.
Your right to data portability –You have the right to receive a copy of the personal data that we hold about you and/or have such personal data transmitted from us to another data controller if this is technically achievable.
11. Questions and Complaints
Should you wish to discuss a complaint, please contact firstname.lastname@example.org and we will be happy to assist you.
Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).
You would also have the right to opt-out of the sale of your personal information.
Finally, you have the right not to be discriminated against for exercising any of the rights described in Section.
12. Changes to this privacy notice
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email.
We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer.
Accessibility statement for PocketEye
This accessibility statement covers
This accessibility statement applies to the website and website application for PocketEye https://pocket-eye.com/
This website is run by PocketEye. We want as many people as possible to be able to use this website. For example, that means you should be able to:
· change colours, contrast levels and fonts
· zoom in up to 300% without the text spilling off the screen
· navigate most of the website using just a keyboard
· navigate most of the website using speech recognition software
· listen to most of the website using a screen reader (including the most recent versions of JAWS, NVDA and VoiceOver)
We’ve also made the website text as simple as possible to understand.
How accessible this website is
We know some parts of this website are not fully accessible:
· the text will not reflow in a single column when you change the size of the browser window
· you cannot modify the line height or spacing of text
· some of our online forms are difficult to navigate using just a keyboard
· you cannot skip to the main content when using a screen reader
Feedback and contact information
If you need information on this website in a different format like accessible PDF, large print, easy read, audio recording or braille:
· email email@example.com
· call +447506714937
We’ll consider your request and get back to you in 10 days.
Reporting accessibility problems with this website
We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact: firstname.lastname@example.org
The Equality and Human Rights Commission (EHRC) is responsible for enforcing the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (the ‘accessibility regulations’). If you’re not happy with how we respond to your complaint, contact the Equality Advisory and Support Service (EASS).
Contacting us by phone or visiting us in person
We provide a text relay service for people who are D/deaf, hearing impaired or have a speech impediment.
Find out how to contact us https://pocket-eye.com/contact-us
Technical information about this website’s accessibility
PocketEye is committed to making its website accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.
This website is compliant with the Web Content Accessibility Guidelines version 2.1 AA standard.
Navigation and accessing information
There’s no way to skip the repeated content in the page header (for example, a ‘skip to main content’ option).
It’s not always possible to change the device orientation from horizontal to vertical without making it more difficult to view the content.
It’s not possible for users to change text size without some of the content overlapping.
Interactive tools and transactions
Some of our interactive forms are difficult to navigate using a keyboard. For example, because some form controls are missing a ‘label’ tag.
Our forms are built and hosted through third party software and ‘skinned’ to look like our website.
We’ve assessed the cost of fixing the issues with navigation and accessing information, and with interactive tools and transactions. We believe that doing so now would be a disproportionate burden within the meaning of the accessibility regulations. We will make another assessment when the supplier contract is up for renewal, likely to be in 2024.
Adjustments for Specific Disabilities
For colour blindness (protanomaly, deuteranomaly, tritanomaly) we use a restricted palette that avoids red/green, blue/yellow, blue/green, and violet/red proximity.
For blindness, we ensure that all images and inputs have suitable metadata that screen-readers can use to indicate where a user is. We also use native inputs that have better support for screen-readers.
Textual information is never embedded within images. For the hearing impaired and deaf, we do not use sound as a primary communication modality currently. All information is conveyed as text or image.
Content that’s not within the scope of the accessibility regulations
We do not plan to add captions to live video streams because live video is exempt from meeting the accessibility regulations.
Preparation of this accessibility statement
This statement was prepared on the 23rd of August 2022. It was last reviewed on 16th of February 2023.
This website was last tested on 23/08/2022. The test was carried out by PocketEye.
How we test the Website
Our internal Quality Assurance team tested the Website for compliance with the Web Content Accessibility Guidelines v2.1 level A and level AA.
The tests were carried out using the SiteImprove Accessibility Testing Tool and the axe Accessibility Testing Tool. Both tools check for WCAG 2.1 success criteria.
The Website was also audited for accessibility compliance using the Lighthouse Tool and scored between 85/100 and 98/100, depending on screen selected.
We have not undertaken any testing specifically with speech recognition software.
We used this approach to deciding on a sample of pages to test. We try to include a range of pages from the website or mobile application such as:
· some of the most popular pages
· a range of template types
· at least one service end-to-end (where possible)