First Real-Time Hormone Monitoring Device for IVF

Your personal information

​

This privacy policy explains how we collect and process your personal data.  Personal data, or personal information, means any information about an individual from which that person can be identified.  This includes information that you tell us, what we learn from you and the choices you make about the marketing you want us to send to you.  This policy explains how we do this, what your rights are and how the law protects you.

We do not knowingly collect data relating to children.

1. Who we are and how you can contact us

We are Impli Limited.  Our registered office is at

7th Floor Riverbank House Putney Bridge Approach, London, SW6 3BQ

You can contact us by email at data@impli.com or by calling us on [+44 (0)20 3290 7704].  If you need to you can write to us at our registered office. 

Please address all queries in relation to this policy and your data protection rights to our Data Protection Officer.[1]

When we refer to our website, we mean our website at [www.impli.org][2].

  2. Where we collect your personal information from

We may collect personal information about you in the following ways:

Data you give to us:

• Data you give to us when you register to use our services, create an account with us, download our app and purchase products from us

• Data when you use one of our Implantation Stations

• When you talk to us on the phone

• Data – including personal medical data – which you choose to upload to your account so that it can be accessed via our app and your implant

• When you use our website, mobile device apps, or web chat

• In emails or letters to us

• When you give us feedback, including reporting issues

Data we collect when you use our services:

• Payment and transaction data

• Profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, using cookies (please see our separate cookies policy) and other internet tracking software

Data from third parties we work with:

• Social networks (including but not limited to Facebook, Instagram, Twitter, LinkedIn and Youtube)

• Agents working on our behalf

• Third parties who provide implantation services to us and our customers

 

  3. Data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

Identity data – name, username, marital status, title, date of birth and gender

Contact data – billing address, delivery address, email address or telephone numbers

Financial data – data such as your payment card details and your bank details

Transaction data – details about payments to and from you and other details of products and services you have purchased from us

Technical data – internet protocol (IP) address, your login data, browser type and version, app version, device type and id, language, time zone setting and location, browser plug-in types and versions, operating system and platform version, and other technology on the devices you use to access our services, our app and/or website

Profile data – your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses

Usage data – information about how you use our website, products, apps and services

Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences

Third party data – when using our services you may provide us with another person’s personal data – e.g. details of your emergency contact or next of kin. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.

Special category data – when using our services you may provide us with data on racial or ethnic origin, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning your health (including but not limited to your blood type, your allergies, any pre-existing medical conditions, as well as copies of your health records, medical reports, and medical scans).   We do not, however, collect any data relating to your religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, nor any data concerning a natural person’s sex life or sexual orientation.

How we use your personal information

Your privacy is protected by law.

We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is.  We have set out in the table below: the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information. 

In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is.  A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.  If we are relying on our legitimate interests, we have set that out in the table below.[3]

What we use your personal information for

What personal information we collect

Our legal grounds for processing

Our legitimate interests (if applicable)

To register you as a new customer and enter into a contract with you

• Identity Data

• Contact Data

• Financial Data

• To perform a contract with you

 

To process and deliver your order

• Identity Data

• Contact Data

• Financial Data

• To perform a contract with you

 

To store data you wish to make available via our app and your implant

• Identity Data

• Contact Data

• Third Party Data

• Special Category Data

• To perform a contract with you

• With your explicit consent

 

To manage payments or collect and recover money owed to us

• Identity Data

• Contact Data

• Financial Data

• To perform a contract with you

• Our legitimate interests

Ensuring we can manage payments, fees and charges and to collect and recover money owed to us or by us to our suppliers

To manage our relationship with you, including notifying you about changes to our terms or privacy notices

• Identity data

• Contact data

• Profile data

• To perform a contract with you

• Our legitimate interests

To manage our relationship with you, our business and third parties who provide products or services for us, and to keep your records up-to-date and ensure that we run our business efficiently

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

• Identity data

• Contact data

• Profile data

• Usage data

• Technical data

• Marketing and communications data

• With your explicit consent (in respect of electronic marketing, including our newsletter).

• Our legitimate interests

Promoting our business, our products and our services, identifying ways to grow our business

To use data analytics to improve our website and apps, products / services, marketing, customer relationships and experiences

• Technical data

• Profile data

• Usage data

• Our legitimate interests

To define types of customers for our services, to keep our website and apps updated and relevant, to develop our business and to inform our marketing strategy

  4. Who we share your personal information with

We may share your personal information with any of the following organisations, for the purposes of providing the products and services which you have requested from us:

• suppliers who help deliver products or services on our behalf, including third parties providing device implantation services, as well as our IT service providers, including those suppliers who process personal data on our behalf (such as Hubspot and Microsoft Azure);

• courier / delivery companies which we use to send to you products that you have ordered;

• HM Revenue & Customs and other regulators or authorities;

• companies that we have a joint venture agreement with;

• the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order; or

• a third party who takes over any or all of Impli’s assets (in which case personal information we hold about our customers or visitors to the website may be one of the assets the third party takes over)

We require all organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law.  We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

Your ‘Public Medical ID’ information

The personal data that you have chosen to store in your ‘Public Medical ID’ within our app will be publicly available to anyone – such as an emergency medical practitioner – who scans your implant using our app.  

This is the key purpose of the Impli service: allowing third parties (such as emergency medical practitioners) to access the medical information you have chosen to share in your public medical profile of your Impli account in the event of an emergency. 

However, it is very important to remember that anyone – including people who have downloaded our app but have not registered with us – who scans your implant using our app will have access to your Public Medical ID information.  Furthermore, there is nothing to stop that person from taking a permanent copy of your information (e.g. by taking a screen shot, or simply writing it down), even if you subsequently modify the information on your account or delete your account.

  5. Failing to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the products or services you have requested). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

  6. Third party links

Our website may include links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

  7. Transferring your personal information outside the EEA

The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA we have to tell you. 

We do not transfer your data outside of the EEA.

  8. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

However, remember that anyone who scans your implant with our app – even someone who has not registered with us – will have access to your Public Medical ID information. 

​  9.How long do we keep your personal information [4]

We will keep your personal information for as long as you are our customer.

After you stop being a customer, because you have stopped regularly using our services [or have deleted your app / account with us], we may keep your personal information for periods that are calculated by us in respect of the following reasons:

• to respond to any questions or complaints from you, including any time limits for making legal claims

• to maintain our records, for example to show that we have met the obligations we have to you and to the law

• to comply with laws applicable to us

Data which is stored on your implant [5] [6]

[Personal data that you have stored on your implant will remain on it even after you have ceased to be our customer and stopped using our app.  This data will therefore remain available to any third party – such as an emergency medical practitioner – who scans your implant.   The expected lifespan of our implants is approximately 30 years.]

  10. Marketing

We may use your personal information to send you marketing by post, by phone, through social media, by email and by text. 

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. 

You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you.

We will not share your personal data with any third party for its marketing purposes.

Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing [our products or services] or any other transaction between you and us.

  11. Your rights

You have certain rights which are set out in the law relating to your personal information.  The most important rights are set out below.

Getting a copy of the information we hold

You can ask us for a copy of the personal information which we hold about you, by writing to us at contact@impli.org.   This is known as a data subject access request.

You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive.  In such circumstances we can charge a reasonable fee or refuse to comply with your request.

We will try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month and in that case we will notify you and keep you updated.

Telling us if information we hold is incorrect

You have the right to question any information we hold about you that you think is wrong or incomplete.  Please contact us at contact@impli.com if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.

Telling us if you want us to stop using your personal information

You have the right to:

• object to our use of your personal information (known as the right to object); or

• ask us to delete the personal information (known as the right to erasure); or

• request the restriction of processing; or

• ask us to stop using it if there is no need for us to use it (known as the right to be forgotten).

There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Withdrawing consent

You can withdraw your consent to us using your personal information at any time.  Please contact us at contact@impli.com if you want to withdraw your consent.  If you withdraw your consent, we may not be able to provide you with certain products or services, including storing your personal data on your implant.

Request a transfer of data

You may ask us to transfer your personal information to a third party.  This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  12. Making a complaint

Please let us know if you are unhappy with how we have used your personal information by contacting us at contact@impli.com.

You also have a right to complain to the UK Information Commissioner’s Office.  You can find their contact details at www.ico.org.uk.  We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

 

 

[1] Given the involvement of large quantities of special category data inherent in the service, Impli is likely to need to formally appoint a Data Protection Officer.  The DPO should be selected based on their professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil specific obligations as set out in Article 39 GDPR.

[2] Any other websites to which explicit reference should be made?

[3] Where legitimate interests are being relied upon, Impli needs to have undertaken a legitimate interest test and have a record of this; this should correspond with the results of your data audit.

[4] Personal data should not be retained for longer than is necessary given the purpose for which it was originally collected.  Some data will need to be retained for longer in some cases than in others and how long you retain different categories of personal data should be based on your specific business needs. A judgement must be made, based on individual business needs, about (i) the current and future value of the information; (ii) the costs, risks and liabilities associated with retaining the information; and (iii) the ease or difficulty of making sure it remains accurate and up to date. 

[5] What happens when an implant is removed – is the customer advised to destroy it?  Can they delete the date first?

[6] Do you have access to data stored on an implant even after the customer has ceased using your app (and/or closed their account)?