This policy is active as of 24 May 2018. Read about our GDPR policy here.
At Ally Labs Limited, we are committed to protecting and respecting your privacy and personal data. We respect and value the privacy of everyone who uses our products and services (“Our Products”) and will only collect and use personal data is the ways described here. Please read this Privacy Statement for Ally Labs’ Products and Services (“Privacy Statement”) carefully and ensure that you understand it.
In this Policy, the following terms have the following meanings:
- “We / Our / Us” means Ally Labs Limited, a UK limited company registered at Companies House in England under company number 09864498, whose registered address is 24 Holborn Viaduct, London, United Kingdom, EC1A 2BN;
- “Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Specifically, it means any personal data given to Us via Our Products. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”);
- “Our Products” means all digital services and physical goods created by Us that have restricted access, including all software, websites, mobile app and devices for use by those participating in social care;
- “You / Your” means an individual, data subject who has chosen to be registered to use Our Products.
- “Account” means an account that is required to use, access and/or control certain features of Our Products.
- “User” means You or any other individual who has registered for an Account.
- “Authorized User” means You or any other individual with an Account who you have given consent to interact with your Account and related personal data.
1. Information About Us
1.1. We own and operate all of Our Products.
1.2. The Ally Labs Data Protection Officer can be reached by emailing firstname.lastname@example.org.
1.3. As an England based company, our Data Protection Authority is the Information Commissioner’s Office (ICO). ICO can be contacted by phone locally at 0303-123-1113, internationally at +44-1625-545-700 or via email at email@example.com
2. Policy Coverage
3. Your Rights as a Data Subject
3.1. As a data subject you have the following rights under the GDPR:
3.1.1. A right to know what personal data We collect and process;
3.1.2. A right to know the reasons We process your personal data;
3.1.3. A right to know whether We will give your personal data to any other organizations;
3.1.4. A right of access to a copy of the your personal data we collect;
3.1.5. A right to object to our processing of your personal data;
3.1.6. A right to object to automated decision making based on your personal data;
3.1.7. A right to rectify inaccurate personal data we have about you;
3.1.8. A right to ask us to delete any of your personal data we hold;
3.2. If you have any concerns or complaints on how we process your data or simply want to execute the rights listed above, please contract firstname.lastname@example.org or use the detailed forms provided by your Account access or on Our Website here. This is outlined in greater details in Section 9.
3.3. For further information regarding your rights under the GDPR, please contact email@example.com or the Information Commissioner’s Office.
4. Data We Collect
4.1. The personal data we collect will vary based on how you use Our Product. We may collect any of the following data:
4.1.1. Full Name;
4.1.2. Contact information including email address, telephone numbers and home address;
4.1.3. Location information including timezone, IP address, geographic region (latitude and longitude);
4.1.4. Profile photos you or another Authorized User upload;
4.1.5. Relationships to social care organisations and other individuals;
4.1.6. Environmental sensor data including motion, temperature and audio signal data
4.1.7. Communication data including audio and text messages, and transcriptions of audio data.
4.1.8. Calendar details including schedules, locations and appointment details
4.1.9. Technical information about devices you interact with including serial number, software versions, sensor status, Wi-Fi connectivity and network details, browser type, browser version, operating system version and platform.
4.1.10. Technical information about a User’s visit to digital platforms, including IP address, cookies and similar technology (see Section 11 below), page access, date and time accessed, page interaction information (such as scrolling, clicks, and mouse-overs) and errors encountered.
4.1.11. Support and feedback submissions with support staff.
4.2. Minors: Only individuals aged 18 and older are permitted to act as Users and have Accounts. Our Products and services do not knowingly collect or store any personal information from anyone under the age of 18.
5. How We Use Your Data
5.1. Your data is only processed for the reasons in which it was initially collected. We only process your personal data under a lawful basis, either because it is a necessary requirement of a contract we hold with you, because we have your consent, because we have a legitimate interest or because we are compelled to by an authoritative legal body. We may process your data for the following reasons (please note, we require a minimum amount of personal information to initiate an Account with you):
5.1.1. Activating, providing and managing your Account;
5.1.2. Activating, providing and managing access to Our Products;
5.1.3. Fulfilling the services provided by Our Products;
5.1.4. Personalizing Our Products to provide better services for you;
5.1.5. Improving our services to provide a better version of Our Products;
5.1.6. Replying to support messages from you;
5.1.7. Sending you email and other communications you have requested (you may unsubscribe from any email communications at any time via the ‘unsubscribe’ button)
5.1.8. Analyzing how Our Products are being used so we can improve them and your user experience with them.
5.1.9. With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email telephone, text message or post with information, news and offers on Our Products. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
5.1.10. Third parties (including Google Analytics, Mixpanel) whose content appears in Our Products may use third party Cookies, as detailed in Section 11. Please refer to Section 11 for more information on controlling Cookies.
5.1.11 You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
5.1.12. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Once a User’s Account has been deleted, we will only retain and use your information where necessary for scientific and historic processing for improving Our Product’s function, to comply with our legal obligations, resolve disputes and enforce our agreements.
6. How and Where We Store Your Data
6.1. We only keep your personal data as long as We need to in order to use it as described above in Section 5, and/or for as long as We have your permission to keep it.
6.2. Our security policy is to store all of your data within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). However, some or all of your data may be stored outside of the EEA. If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
6.3. Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Products. This includes using TLS (Transport Layer Security) to establish connections between our servers and your browsers/devices and AES128/256 encryption on your stored data at rest.
7. Sharing Your Data
7.1. In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
7.2. We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, marketing, and core services offered by Our Product. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
7.3. We may compile statistics about the use of Our Products including data on usage patterns, user statistics, sales, research programmes and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
7.4. We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR, including but not limited to the EU-US Privacy Shield, EU Model Contract Clauses, Data Protection Agreements and/or Binding Corporate Rules.
8. If Our Business Changes Hands
8.1 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the same purposes for which it was originally collected by Us.
8.2 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
9. Controlling Your Data
9.1. In addition to your rights under the GDPR, set out in Section 3, when you submit personal data via Our Products, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account). Additionally, your Account contains access controls and forms to help restrict Our processing of your data as per the rights outlined in Section 3.
9.2. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
10. How Can You Access Your Data?
10.1 You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable based on a reasonable request and We will provide any and all information in response to your request free of charge. Please contact Us for more details at firstname.lastname@example.org, or using the contact details or GDPR forms provided in your Account or at Our Website here.
11.2. By using Our Products you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us.
12. Contacting Us