Me & My Menopause logo

Concilio Services Limited – Website Privacy Policy V3

1.  Introduction

1.1 This Policy (together with our Terms of Use and any other documents referred to in them) sets out the basis on which we, Concilio Services Limited  with company number 09740896 and a registered address of 4 South Drive, Harrogate, England, HG2 8AU (trading as Concilio Health through the Me & My Menopause platform) will process any personal data we collect from you, or that you provide to us, in the course of using the Me & My Menopause platform (“Platform”).  

1.2 Concilio Health (“us” or “we” or “our”) respect the privacy rights of all our users and recognise the importance of protecting the information we collect about you. Our Privacy Policy is designed to help you understand how we collect, hold, use and disclose personally identifiable information about you. 

1.3 For the purpose of the UK Data Protection Act 2018 (“DPA’18”) Concilio Health is the data controller.

2.  Your Information

2.1 All personal data collected from the users of our Platform is processed under the UK General Data Protection Regulation (“UK GDPR”) and DPA’18 under the lawful basis of performance of a contract, in order to provide our products and services to our users. 

  

3.  Information that may be collected about you

3.1 The following personal data may be collected from you when you complete the contact form on our landing page or when a user downloads a copy of their personalised summary or when a user signs up for our newsletter:

  1. Full name;
  2. Email address; and
  3. Company name.

3.2 During the course of using our Platform other data may be collected from you, including:

  1. Your activity on the Platform
  2. Date and time stamps;
  3. Operating system; and
  4. Analytic data (anonymised) for statistical purposes.

       

4.  How your personal data may be used

4.1 We may use your data in the following ways: 

  1. To ensure that content from our Platform is presented in the most optimised and effective manner for you and for your computer.
  2. To diagnose or fix technology problems.
  3. To control unauthorised use or abuse of our Platform and our products and services, or otherwise detect, investigate or prevent activities that may violate our Platform policies or be illegal.
  4. To carry out obligations arising from any interaction entered into between you and Concilio Health.
  5. To allow you to participate in interactive features of this service, when you choose to do so.
  6. To notify you about changes to any service.
  7. To administer our Platform including data analysis, testing, traffic monitoring, research, statistical and survey purposes.
  8. To provide you with information, products or services that you request or that we feel may interest you, where you have consented to be contacted for such purposes.

4.2 If you do not wish to be contacted for marketing purposes, please tick any relevant box on which you submit your data or unsubscribe from any marketing communication using the unsubscribe function in the footer of the email. You can also unsubscribe from any marketing communication by sending an email office@meandmyhealth.co

5.  How your data may be disclosed

5.1 In order to provide services to you, we may transfer your personally identifiable information to third parties, including parents, affiliates, subsidiaries and service providers, some of which may process and/or store your personally identifiable information outside of the European Economic Area (“EEA”). However, in such an instance, all reasonable steps will be taken to ensure that your personal data is treated securely and in accordance with this Privacy Policy (where possible). Any data transfers that take place outside of the EEA will be covered by appropriate safeguards, for example Standard Contractual Clauses (“SCCs”), Binding Corporate Rules (“BCRs”) or Data Transfer Agreements (“DTAs”). 

5.2 Third parties to whom your personally identifiable information may be disclosed to include, but are not limited to:

  1. Postmark – https://postmarkapp.com/privacy-policy
  2. Mailerlite - https://www.mailerlite.com/legal/privacy-policy
  • In reference to our use of Postmark, listed above, we use Postmark to circulate emails containing your personalised summary and related resources. Therefore, in requesting that your personalised summary be sent to your email, you acknowledge that Postmark will be inadvertently collecting your special category data. Any such data will be processed in line with their privacy policy linked above.
  • Please note that if you click on, or follow, any links from our Platform to external websites, our Privacy Policy will no longer apply. Please check the privacy policies of any such external site before submitting any personal data, as we cannot accept any responsibility or liability in relation to them.

6.  Servers

6.1 All information you provide to us will be stored on our UK - based secure servers encrypted using Transport Layer Security (TLS) encryption.  

6.2 We take your privacy seriously and will take all reasonable steps to protect your personal data, but please beware that any data that you send to our Platform is sent at your own risk.  

6.3 The data that we collect from you may be transferred to, processed and/or stored at a destination outside of the EEA. By submitting your personal data, you agree to this. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

7.  Data Storage  

7.1 We hold personally identifiable information in a combination of hard copy and electronic files for the period necessary to support our Platform, comply with our legal obligations, resolve disputes, or otherwise fulfil the purposes outlined in this Privacy Policy. We use third-- party information system providers who may store or have access to your personal information. We may also retain backup information on our servers for some time to comply with applicable law or our internal security policies. We do not always remove or delete all of your information for a number of reasons, including due to technical and system constraints and contractual or legal requirements. 

7.2 We operate a data retention period of 30 days from the date of our last interaction with a user, linked to our use of the third party processor Postmark. 30 days after the date of our last interaction with a user all of the data provided by the user during all of their interactions with us will be reviewed and securely deleted/destroyed.

7.3 Given the nature of the Platform, users will be submitting special category personal data relating to their health via our Me & My Menopause Journey questionnaire. This special category data will be collected by us, however, this will be anonymised and not directly attributed to a user through our Platform. However, as mentioned above, our third-party processor Postmark, will inadvertently collect the special category for the purposes of sharing your personalised summary.  

7.4 No method of transmission over the internet, method of electronic storage or other security method is one hundred percent secure. Therefore, while we strive to use commercially acceptable means such as firewalls, password-protected databases with limited physical and electronic access, and encryption to protect your personally identifiable information against unauthorised use, disclosure or modification, we cannot guarantee its absolute security.

8.  Processing of personal data of those below the age of 13

8.1 Our Platform is not intended for use by anyone under the age of 13 nor do we knowingly collect or solicit personally identifiable information from anyone under the age of 13. If you are under the age of 13, you may not attempt to send any information about yourself to us, including your name or email address.

8.2 In the event that we confirm that we have collected personally identifiable information from someone under the age of 13 without verification of parental consent, we will delete/destroy that information promptly. If you are a parent or legal guardian of a child under the age of 13 and believe that we might have any information from or about such a child, please contact us at the email or mailing address provided at the end of this Privacy Policy. 

9.  Data subject rights 

9.1 Subject access request - You have the right under DPA’18 to access the information we hold about you. If you wish to exercise this right, please send your request to office@meandmyhealth.co.  

9.2 Right to rectification – You have the right under DPA’18 to request the amendment or updating of all the information that we hold about you. If you wish to exercise this right, please send your request to office@meandmyhealth.co.  

9.3 Right to erasure – You have the right under DPA’18 to have all of the information that we hold about you deleted in line with our statutory and legal responsibilities. If you wish to exercise this right, please send your request to office@meandmyhealth.co.  

9.4 Right to restriction of processing – In line with Article 18 (1) (a) to (d) of UK GDPR, you have the right under DPA’18 to obtain from the controller a restriction of processing. If you wish to exercise this right, please send your request to office@meandmyhealth.co.  

9.5 Right to data portability -You may have the right under DPA’18 to request a copy of all of the information we hold about you if the processing is based on consent or contract, and the processing is being carried out by automated means. If you wish to exercise this right, please send your request to office@meandmyhealth.co.  

10.  Enforcement

10.1 We cooperate with the appropriate regulatory authorities, including local data protection authorities (the UK Information Commissioner’s Office (“ICO”)), to resolve any complaints regarding the collection, processing and disclosure of personally identifiable information that cannot be resolved between Concilio Health and the individual. 

10.2 If you have a concern about your privacy or you would like to know more about how your personally identifiable information is collected or used, please contact us. We ask that when you contact us with a complaint, please include contact information and clearly describe your complaint. For any complaint regarding privacy please email us at office@meandmyhealth.co.

10.3 We will respond to your request or complaint within a reasonable time and will let you know the next steps in resolving your complaint.  If you are not satisfied with our response, you may also contact your local and federal data protection authorities to lodge a complaint.

10.4 Should you not be satisfied with the process, conduct or response to a request you may have made, you have the right to complain to the ICO (https://ico.org.uk/make-acomplaint/).

11.  Notices and provisions

11.1 We reserve the right to change our Privacy Policy at any time. These changes will take immediate effect unless you are notified otherwise. We recommend that you refer to this Privacy Policy on an ongoing basis so that you understand our current practice at the time of using our service. Unless stated otherwise in a separate agreement, this Privacy Policy applies to all information we hold about you. 

12.  Contact us

12.1 We regularly review our compliance with relevant data protection laws and this Privacy Policy. If you have any questions or want to get in contact with us regarding this Privacy Policy, please feel free to email us at office@meandmyhealth.co.