Your privacy is important to us. This privacy statement explains what personal information ATMPS ("we", "us", "our" or “App”) collects from you through our products or services and how we use that information. ATMPS, or its affiliates, serve a number of groups of users in different ways. References to products in this statement include ATMPS services (“Services”), which are offered through our websites and app. This policy applies to any users globally and to anyone else who contacts or otherwise submits information to ATMPS, unless otherwise stated below.
1. Data Protection Principles
We comply data protection laws and principles, which means that your Personal Information will be:
Processed lawfully, fairly and in a transparent way;
Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary for those purposes;
Accurate and, where necessary, kept up to date;
Kept for no longer than is necessary for those purposes; and
ATMPS has appropriate technical and organisational measures to meet these requirements and will review and update where necessary.
2. Collection of Personal Information
ATMPS acts as the data controller for the information you provide or that is collected by ATMPS or its affiliates. ATMPS collects Personal Information to operate effectively as a business and to provide you, the user, with tailored services and products.
You have choices about the Personal Information we collect. When you are asked to provide Personal Information, you may decline. But if you choose not to provide Personal Information then you may not be able to use a Service or product.
2.1 - Collection of Personal Information
Information you give to us:
We will collect and process the Personal Information from you that you give to us by filling in forms on our website or App or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use the site or App, subscribe to our service, search for a product, participate in discussion boards or other social media functions on or via the site or App, enter a competition, promotion or survey, submit a query, and when you report a problem with the site or App. Personal Information is private and only shared with your prior consent.
The (“Personal Information”) you give us may include the types described below (the purpose of data collection is written next to each):
Your name - to create an account on our App
Email address - to create an account on our App
Phone number - to create an account on our App
Date of birth - to ensure you receive appropriate personalised support on our App.
Demographic information - to ensure you receive appropriate personalised support from our App.
Password - to create an account on our App. We are not able to access user passwords.
We may also collect sensitive personal information about your health. This is described in further detail below. The purpose of data collection is written next to each.
General health information:
Details of appointments – allowing a personalised experience. For example should you need to prepare for an appointment.
Healthcare provider name - to ensure that the healthcare provider can communicate with you and understand the nature of your appointment.
Healthcare provider contact details; to help you manage all aspects of your care via our App.
Details of your care:
Medication you’re taking; to help you manage your medication schedule, provide medication reminders and log medication you’ve taken.
Medical appointments; to help you manage your appointment schedule, provide appointment reminders and help you prepare for them.
Severity of symptoms and side effects; to help you track your progress through treatment and prepare for appointments.
Mood / How you’re feeling; to help you track your progress through treatment and prepare for appointments.
Activity levels; to help you track your progress through treatment and prepare for appointments.
Sleep; to help you track your progress through treatment and prepare for appointments.
Nutrition; to help you track your progress through treatment and prepare for appointments.
Hydration; to help you track your progress through treatment and prepare for appointments.
Notes; to help you track your progress through treatment and journal your overall experience electronically.
Health related metrics:
Heart rate (via wearable device integration or third party services); to help you track your progress through treatment as well as enabling us to deliver personalised recommendations to support you.
Blood pressure (via wearable device integration or third party services); to help you track your progress through treatment as well as enabling us to deliver personalised recommendations to support you.
Weight; to help you track your progress through treatment as well as enabling the us to deliver personalised recommendations to support you.
Temperature; to help you track your progress through treatment as well as enabling us to deliver personalised recommendations to support you.
Gender; Understanding gender allows healthcare professionals to better understand how different people are affected and help develop more effective treatments. It also allows us to deliver a more personalised user experience.
Ethnicity; Understanding ethnicity allows healthcare professionals and our partners to better understand how treatments affect different people and develop them to be more effective. It also allows us to deliver a more personalised user experience.
Any information about your health and ethnicity is classed as sensitive Personal Information and we ensure that additional safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive Personal Information is your consent. You can withdraw your consent at any time - for more information please email firstname.lastname@example.org.
Part of this information is necessary to complete your user registration and for you to use our App and Services (for more information on what we use your data for, see section 3. If you decline to provide this information during the registration process you will not be able to create an account on the App and use our Services.
Information we receive from other sources:
If you input an access code that you have received from a healthcare provider when you download our App, we will be able to tell which third party has provided you with this code.
We will receive information from anyone that you give permission to enter information into the App on your behalf ("Permitted Third Party/Parties"). If you allow your Permitted Third Parties permission to edit your information, then they may give us information about your symptoms, medications and treatments. You can change your Permitted Third Parties under your settings in your account and change the permissions allocated to each Permitted Third Party.
If you are a Permitted Third Party, we may receive information about you from the patient. This information is described in the table below.
Personal information concerning permitted third parties:
Your name - to create an account on our App and help set up app features that are relevant to their role (e.g. carer support)
Phone number - to create an account on our App and help set up app features that are relevant to their role (e.g. carer support)
Email address - to create an account on our App and help set up app features that are relevant to their role (e.g. carer support)
Relationship to patient - to help set up app features that are relevant to their role (e.g. carer support)
Job title - to help set up app features that are relevant to their role (e.g. carer support)
Location - to help set up app features that are relevant to their role (e.g. carer support)
If you decide to allow any third party wearable devices to connect with our Services, we will receive information about you such as your exercise, activity, heart rate, temperature, sleep, weight and blood pressure from these devices.
2.2 - Engagement data, Cookies and other data collection technologies
When you begin to use our App or services, we monitor engagement and feature usage on our platform by recording every interaction you have with products you are registered on. This includes, but is not limited to, page visits, content viewed and logs made on our platform.
We also infer your location based on your IP address during registration and for opt-ins. In addition to IP address, our platform automatically collects data about your device, including the model, platform, locale code and UUID (universally unique identifier) every time you visit the ATMPS website or our App. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the site or the App.
In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information collection is to diagnose service issues and to administer and track your usage of our platforms.
Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from the site, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
2.3 - Third party aggregate data
Our third parties may gather non-personal digital properties to enrich aggregate analytics, including Google Analytics. They are required to take appropriate security measures to protect Personal Information in line with our policies. We only allow service providers to process Personal Information for specified purposes and in accordance with our instructions.
3. How we use your Personal Information
3.1 - To operate effectively as a business and to perform essential business operations, including developing and providing products optimised for patients and clinicians.
We are motivated to provide products which offer outstanding resources for patients, including products and content tailored to a user’s specific need, stage of disease, medications, appointments, location, current condition and treatment (as detailed in section 2). We will show you and/or a Permitted Third Party this information.
To enhance our platform effectiveness, we endeavour to identify and recommend the most relevant features through personalised notifications, based on your profile, medications, symptom tracking, health condition(s) and recent activities. To ensure your experience with our products is seamless, we continuously re-examine and iteratively optimise user journeys on our platform.
We use your Personal Information to identify you and notify you about changes to our Service. We infer your location from your device IP address in order to geo-restrict certain content or products on our platform.
Product issues, identified by users and communicated through customer support, are effectively diagnosed and resolved using data collected from interactions on the platform. Decisions on product development and evaluations of product performance are based on aggregate analysis and business intelligence.
We may use your email address, phone number and/or details to present you with occasional marketing messages where you have opted in to receive these, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. We also use third parties (such as LinkedIn, Google, Facebook, YouTube) to serve advertisements that may be of interest to you on other websites.
We use third party analytics providers including Google and others, to collect information about the usage of our App and website to enable us to improve how they work and deliver you a better service.
The information allows us to see the overall patterns of usage on the apps, helps us record any difficulties you have with them, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimise ad performance.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Information in line with our policies. We only allow them to process your Personal Information for specified purposes and in accordance with our instructions.
In addition to the specific disclosures of Personal Information set out in this section, we may disclose your Personal Information where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Information where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We will disclose your Personal Information to third parties if ATMPS Limited or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets.
3.2 - To deliver communications of personal interest including product and content releases, motivational prompts and in response to product queries or support requests.
Communications sent by us come in the form of emails to the email address provided by you during the registration process and through notifications delivered to your device. We may send you communications relating to new and existing product and content releases and updates. We send such communications so that you are aware of changes we are making to the content or features of our products, or new releases, which could affect the usefulness of our core services to you.
Third party communications
We may ask you during registration whether you want to receive third party communications such as promotional material related to other services outside of our platform. You, of course, have the right to opt out of such email communication at any time by using the unsubscribe link, found at the bottom of every email, or by updating your account setting in the app. We will not send you communications unrelated to its core services, unless you specifically tell us you are interested in receiving them.
3.3 - Anonymised and aggregated information for commercial partners
The purpose of our products and services is to create a future for patients living with certain conditions to manage their care more effectively and have access to better life-saving drugs and treatments; we want to further our partners’ knowledge of such illnesses and enable them to deliver better clinical care.
We can only achieve our purpose if we share anonymised and aggregated (non-personal) information about our users’ conditions with our strategic partners: oncologists, research institutions, pharmaceutical companies and other organisations in the healthcare sector. The information that we share with our strategic partners is fully anonymised and aggregated unless you are part of our Care Program (see section 3.4) or if you are part of a Clinical Trial or other projects with our partners. (see section 3.5). It cannot be used to identify you in any way.
We may also share with our commercial partners aggregated information that does not personally identify you, but which shows general trends, for example, the number of users of our service.
3.4 - To track and report your ATMPS data and insights with your doctor or care provider within a Care Program, with your prior knowledge and consent
By signing up our platform as a member of a Care Program, you agree to share your data and insights with your doctor or care provider; we will provide useful insights and notifications to improve your care whilst at home and in the care setting. The Care Program includes, but is not limited to, doctors, nurses, clinicians, academic institutions, and other care providers. Data and insights shared are limited to content on the platform that belongs to the Care Program. You have the right at any time to opt out of this sharing by sending a written request to email@example.com.
3.5 - To track and report your data and insights within a Clinical Trial Partnership, with your prior knowledge and consent
By signing up and agreeing to share your data and insights with Clinical Trial Partner (“CTP”), we will provide useful insights and notifications to improve your care both at home and in the care setting whilst you are part of a clinical trial or other projects with our partners. Clinical Trial Partners include, but are not limited to: academic institutions, clinical research organisations and pharmaceutical companies. Data and insights shared are limited to content on the platform that belongs to the specific Clinical Trial Partner. You have the right at any time to opt out of this sharing by sending a written request to firstname.lastname@example.org.
4. Your Rights
In this section, we have summarised the various rights that you have. Its only a summary and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights
The main rights under data protection law are:
1. the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability
the right to object; and
rights in relation to automated decision making and profiling.
You have the right to confirmation as to whether or not we hold or process your Personal Information and, where we do, access to the Personal Information, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Information concerned and the recipients of the Personal Information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Information, or do one of the following:
(a) We may ask you to verify your identity, or ask for more information about your request; or
(b) Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
You have the right to have any inaccurate Personal Information about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Information about you completed.
In some circumstances, you have the right to the erasure of your Personal Information without undue delay. Those circumstances include: the Personal Information are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the Personal Information being unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
You have the right to request that your Personal Information is no longer processed for example, due to the inaccuracy of the Personal Information or the reason for the Personal Information being processed.
If you have given additional consent for your Personal Information to be shared to a third party, including academic institutions, medical device companies and pharmaceutical companies, you have the right to withdraw this consent at any time. You have the right to request that your Personal Information be transferred to another party.
If you consider that our processing of your Personal Information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you opted in to third party marketing communications when you registered, you may opt-out at any time within the app, or by email to email@example.com.
Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
You may exercise any of your rights in relation to your Personal Information by written notice to us or by any of the methods specified in section. To contact us in relation to any of these requests, please use the email firstname.lastname@example.org
5. How long we keep your information
We will keep your Personal Information in our database for as long as you wish to remain on our database in order to receive the benefits of our Services. You can edit or update your Personal Information at any time. We may also contact you periodically to prompt you to update your Personal Information. This prompt will give you an opportunity to notify us if you want us to remove you from our database. If you do not respond to these prompts we will take this to mean that you want to continue using our products and solutions. If you do respond to these prompts and wish to remove your personal information we will remove your personal information from our database within one month.
Please note that if you have consented to a project of the type described in section 3 which has now concluded, we will only be able to delete the Personal Information stored in our databases. As described in section 3.3 data may be anonymised and aggregated shared with partners and therefore this cannot be removed. However this shared information is not Personal Information.
6. Information Security and International Transfers
ATMPS is committed to protecting the security of Personal Information by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes, Amazon Web Services ("AWS"), Google’s G Suite, Microsoft Azure and Google Cloud. Specifically, all our AWS storage containers and databases are located in London (UK) (with possible transit through US/EU storage containers). All Personal Information collected by our App is encrypted to the highest possible degree both when it is stored in our databases and when it is being transmitted. In many cases we use UK Cloud to ensure that there are no data sovereignty issues for UK based data.
If you would like further information about privacy at ATMPS, please contact us at email@example.com. Further information is available at the Information Commissioner’s Office website: www.ico.org.uk.