Privacy Policy
Contents
HUMAN DIGITAL TWIN LIMITED PRIVACY NOTICE
- Introduction
- Data controller
- The information we collect and when
- How we use your information
- Who we might share your information with
- International transfers of information
- How we keep you updated on our services
- Your rights over your information
- How long we keep your information for
- Giving your reviews and sharing your thoughts
- Security
- What happens if our business changes hands?
- Changes to our privacy notice
- Other links
- How to contact us
1 Introduction
Sanome is the trading name for Human Digital Twin Ltd (referred to as “Sanome”, “We, “Our” or “Us), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of research study participants, clinical trial volunteers, our customers and their staff, our suppliers/partners and their staff, investors, patients, health care professionals, professional advisors, researchers, physicians, prospective employees and all other users or parties that otherwise interact with us or use our website.
We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
Throughout this document we refer to Data Protection Legislation, which means the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
We are further committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Medical Devices Regulation and related legislation, requirements and guidance, as applicable to Sanome and you.
2 Data controller
We may provide additional privacy notices or information to you at the time we collect your data. For example, we may provide additional privacy information to clinical trial participants to describe our privacy practices in connection with conducting clinical trials and we also provide additional privacy information to prospective job applicants when they apply for a job with us. Such notices will govern how we process the information you provide at that time.
Sanome is the controller for the personal information we process as identified in this privacy notice. In some circumstances, Sanome will process data on behalf of other organisations (e.g assisting a partner organisation with their own clinical research). In such circumstances, the other organisation will be the controller and so you should refer to their privacy notices for details of how your data is processed.
Occasionally, Sanome may be a joint controller with one of our partner organisations. Such processing may be communicated to you in a separate privacy notice.
We are registered with the UK’s supervisory authority, the Information Commissioner’s Office (the ICO) with registration number ZB272622.
We have appointed a Data Protection Officer (DPO) to help us monitor internal compliance, inform, and advise on data protection obligations, and act as a point of contact for you (data subjects) and the ICO.
For further details on how you can contact us and our DPO, please see our contact details below.
3 The information we collect and when
We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect depends on the nature of the relationship that we have with you. We may collect the following:
- Health and medical information (such as information about physical and mental health conditions, diagnoses or symptoms, treatments for medical conditions, family medical history, medications) in connection with clinical trials and conducting research.
- Biographical and demographic information (such as date of birth, ethnicity, gender).
- Photos, videos and audio recordings.
- Basic information about member of staff (either external or internal) who collected the data (such as name, role type, time at organisation)
- Personal and business contact information (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information).
- Physical, biophysical, or digital data, which may include:
- Cookies and IP addresses. For more information, please see 5 Cookies below..
- Professional credentials, educational and professional history, and institutional affiliations.
- Where you are one of our investors, your investor profile information, and interactions.
- We may, in further dealings with you, extend this personal information to include services used, and subscriptions, records of conversations and agreements and Physical samples provided by you when participating in a trial/research study and data obtained from studying these samples (i.e. biomarker data).
payment transactions.
• Other information that we may collect that is not specifically listed here but that we will use in accordance with this privacy notice or as otherwise disclosed at the time of collection.
In most instances, you are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we will often require elements of the information above in order to provide our services to you in an efficient and effective manner.
4 How we use your information
4.1 Data collection
In many instances we collect personal information directly from you, for example through online forms, questionnaires, phone conversations, emails, in person (at clinical sites, hospitals, conferences, workshops, seminars or events), our at home tests, medical devices, and so on.
In other instances, we receive data from hospitals and other care organisations which we have partnered with. Data sharing arrangements vary on a case-by-case basis but we always endeavour to reduce the number of personal identifiers we receive to the minimum necessary to carry out our work effectively.
In other instances, we may collect personal information from our website, public forums (e.g., social media), when you have or intend to attend an event to which we are affiliated, from contract research organisations, hospitals, healthcare professionals, partners and so on.
We may also receive your information if you are a participant of the UK Biobank in our capacity as an approved researcher. This means that we are recognised as a bona fide researcher and are recognised as undertaking health research that is in the public good. Further information can be found here: https://www.ukbiobank.ac.uk/enable-your- research/approved-research/validation-of-an-ai-powered-online-search-strategy- for-finding-optimal-biomarker-combinations
The data provided to use by UK Biobank has personal identifiers removed so that an individual participant cannot be identified by us.
4.2 Lawful basis
We only process, store or transfer your personal information when we have a lawful basis for doing so. The legal basis we rely on to process the information identified in this notice
are as follows:
- Legitimate Interest: processing is necessary for the purposes of our legitimate interests (i.e., our business interests), except where such interests are overridden by your interests or fundamental rights and freedoms.
- Consent: You have given consent to the processing of your personal data for one or more specific purposes.
- Contractual obligation: processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
- Legal obligation: processing is necessary for compliance with our legal obligations.
- Vital interests: processing is necessary in order to protect the vital interests of the data subject or of another natural person.
4.3 Processing activities
We may use your data to:
Processing activity
Lawful basis
4.4 Sensitive information
As well as the lawful bases identified above, when the data we are processing is considered ‘special category data’, such as your ethnicity, health or genetic information, we ensure that we have your explicit consent or are specifically authorized by the Confidentiality Advisory Group (CAG) or the processing is necessary for one of the following:
- Purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services .
- Public interest in the area of public health, such as protecting against serious cross- border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.
- Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
4.5 Pseudonymised information
Pseudonymisation is a security technique which replaces identifiers from a set of data, such as your name, with a pseudonym (i.e a code), so that the remaining information cannot be linked to you. In some instances, when Sanome receives your data, it will already be pseudonymised and so we will not be able to link it directly to you. In other instances, Sanome will pseudonymise your data ourselves to ensure only those with a need-to-know basis can identify you. We incorporate this technique to provide you with an additional layer of privacy and security but will still treat your pseudonymised data as personal data and manage it in line with Data Protection Legislation.
4.6 Anonymous information
4.7 Automated processing
In addition, we may create anonymous, aggregated, or de-identified data from your personal information and other individuals whose personal information we collect. We do this by excluding information that makes the data personally identifiable to you and use that anonymous data for research purposes.
In some instances, we uses automated algorithms in order to help us achieve our processing activities. These algorithms will not be used to make automated decisions on users and outcomes will be verified by our team of data scientists.
5 Cookies
5.1 Information about our use of cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. You can set your cookie preference when you first visit our site based on your own preferences.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site may use different types of cookies. Some cookies may be placed by third party services that appear on our pages.
If we ask for your consent for cookies then this applies to the following domain:
www.sanome.com
5.2 Types of cookie
We classify cookies as either, necessary, functional, performance, analytics or advertisement based. Descriptions of what each of these cookie classifications mean and the cookies that we use which come under each of these headings is available through our cookie banner, prior to you providing your consent or adjusting your cookie settings.
Our cookie banner also providers information about the purposes for each cookie we use and the duration they are used for.
5.3 Updating your cookie settings
Please note, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
If you require further information, please contact us by using the contact details provided in our Privacy Notice.
When you visit our website for the first time, you will be presented with a cookie banner, which asks for your consent for the placement of non-necessary cookies or otherwise allows you to adjust your cookie settings.
You can change your cookie preferences at any time by visiting our home page and by clicking on the “Change your cookie consent” button in the bottom left-hand corner.
6 Who we might share your information with
We may share your personal data with trusted third-party organisations as follows:
- With business partners and corporate affiliates to support our services, as outlined in this notice.
- With third party companies or individuals (data processors) to perform services on our behalf. This would include biomarker companies, We only share your data with data processors that can provide sufficient guarantees that they will process your data securely and in accordance with Data Protection Legislation. Our data processors cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors which must process your personal to the same high standards.
- With partners with whom we jointly process your data. We may also share your personal information with health care professionals, researchers, academics, public health organisations, and publishers for purposes consistent with this privacy notice.
- With professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
- With government or law enforcement officials or private parties as required by law and disclose and use such information as we believe necessary or appropriate.
organisations; data storage and analytics companies; technology support and
contract research
services (email, web hosting, marketing, and advertising providers, etc.).
In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your data, such as if you participate in a trial/research. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your information and how it is shared. We will honour these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating.
7 International transfers of information
Whenever we transfer your personal information outside of the UK or the EEA to countries not deemed by the ICO/European Commission (as relevant) to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the Data Protection Legislation, such as the specific contracts approved by the ICO/European Commission (as relevant) providing adequate protection of personal information.
8 How we keep you updated on our services
As a business contact, we will send you relevant news about our services in a number of ways including by email, but only if we have a legitimate interest to do so. Marketing communications will be sent from our own domain.
Each email communication will have an option to object to the processing, if you wish to amend your marketing preferences, you can do so by following the link in the email and updating your preferences or by contacting us using the details below.
We make every effort to ensure that we only send such communications to those acting in a business capacity and do not send such materials to consumers via personal email addresses if it is clear they are not acting in such a capacity.
An exception to this will be where you have provided your consent to be contacted about future clinical trials or user research studies or have signed up to our newsletter. In such cases you can withdraw this consent by contacting us using the details provided in this notice.
9 Your rights over your information
We would ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.
9.1 The right to be informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through this and other privacy notices. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
9.2 Right to access your personal information
You have the right to access the personal information that we hold about you by making a request. This is referred to as a ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within one month from when your identity has been confirmed.
If you would like to exercise this right, please contact us as set out below.
9.3 Right to rectify your personal information
If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
9.4 Right to object or restrict our processing of your data
You have the right to object to us processing your personal information for particular purposes or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
9.5 Right to erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
9.6 Right to portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
This right is unlikely to apply to Sanome’s use of your data, but if you would like to discuss this right, please contact us as set out below.
9.7 Rights in relation to automated processing
An automated decision is one that is made by our systems rather than a person. Under Data Protection Legislation, you have the right to express your concerns and object to a decision taken by purely automated means. You also have a right to request that a person review that decision.
This right is unlikely to apply to Sanome’s use of your data, as our automated processing does not make decisions and includes human intervention (see 4.6 above) but if you would like to discuss this in further detail, please contact us as set out below.
9.8 For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.
You can make a complaint to the ICO or the Dutch DPA at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first (using the contact details below). Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
x10 How long we keep your information for
We will retain your personal information in order to provide you with a high-quality service, in accordance with Data Protection Legislation and for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means.
In some circumstances we may anonymise your personal information (so that it can no longer be associated with you).
11 Giving your reviews and sharing your thoughts
When using our websites, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.
12 Security
Data security is of great importance to Sanome and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies).
- Implementing access controls to our information technology.
- We use appropriate procedures and technical security measures (including strict encryption, pseudonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices, and stores.
13 What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy notice, be permitted to use that data only for the purposes for which it was originally collected by us.
14 Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this notice regularly to keep up to date.
15 Other links
Please be aware that the website may link to other websites that may be accessed by you. We are not responsible for the data policies, content or security of such sites. We do not have any control over any use of your data by third parties when you visit such sites or otherwise provide your data through these channels.
16 How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this notice, the way your personal information is processed, please contact us by one of the following means:
Email dpo@sanome.com
Phone +44 (0)7985 696803
Thank you for taking the time to read our privacy notice.
This notice was last updated on 21 June 2024