Home Sleep Study Privacy Policy
This Privacy Notice explains the data collection and data use of the Home Sleep Study app (“HSS”) developed by Passion for Life Healthcare (UK) Limited (“PFLH”). Data may be collected either directly through HSS or through a web page linked by HSS.
Unless otherwise indicated PFLH is the Controller and the Processor of the data collected by HSS.
If you use HSS we will collect and store Personal Data; this means:
- Identity Data includes your username and where applicable any unique user ID we may assign you.
- Contact Data includes email address and any communication we have had with you (including emails, phone calls, voicemail, and conversations you may have had with our support team).
- Technical Data includes your IP address, browser type and version, time-zone setting and location, operating system and platform, and other information related to the devices you use to access the website.
- Physiological Data collected by sensors worn or initiated by you.
We also collect, store and share Aggregated Anonymous Data. This means data drawn from Personal Data from all HSS users, but it does not reveal your identity and it cannot be linked or traced back to you personally; for example demographic data, statistical data and sensor data. Aggregated Anonymous Data helps us to understand more about how people sleep and what the data supplied by you means. Aggregated Anonymous Data is a key tool for developing algorithms that help us interpret your data and advise and support you.
It is our intention to ensure that data minimisation principles are met. That means we only collect data that is necessary for the correct functioning of HSS and for the delivery of our associated services. It is therefore not possible to opt out of providing this data if you wish to use HSS. Your consent for us to process your Personal Data for the specific purposes set out in this policy is the lawful basis on which we undertake the processing of that data. Consent to these uses can (only) be withdrawn by deleting your account (see below). If the purpose of data collection should change, you will be informed and consent re-obtained.
How do we obtain your data?
When you download, install, complete registration with and use HSS. In our Terms of Service, we ask for your agreement to use your data in accordance with this Privacy Policy and you give your agreement by completing the registration process for this app. If you are not in agreement DO NOT CLICK “I AGREE” OR REGISTER AN ACCOUNT.
How do we use your Personal Data?
- To check the performance of HSS.
- To provide you with suggestions and information based on your data.
- To reply to your enquires or feedback.
- To document and investigate feedback on the use of our service including complaints.
- To conduct research into sleep, sleep breathing, snoring and the human body.
We will never share your Personal Data with third parties for marketing purposes.
Your data will never be shared without your consent.
In the unlikely event of a data confidentiality breach, we will notify you immediately and take every reasonable step to limit potentially damaging consequences of the breach.
Who is processing your data?
Personal Data will be stored and processed by PFLH.
Personal Data may also be stored and processed by Associate Partners.
Associate Partners means partners associated with PFLH who are using HSS under agreement with PFLH to provide you with specific information and advice based on your data. Associate Partners will always be identified and known to you, and PFLH will have a direct agreement with them to control how they use your Personal Data.
Anonymised Aggregate Data may also be processed and stored by Research Partners. Research Partners means partners working with PFLH to conduct research on sleep, sleep breathing, snoring and the human body.
Research Partners will only have access to data required to undertake research. If data is to be processed by our Research Partners, the data is only provided to them in a format that protects your anonymity.
For how long do we store and process data?
Data will be stored and processed by PFLH and its Research Partners for no longer than the time required by ISO 13485 2016 Medical Devices; “The organisation shall retain the records for a period of time at least equivalent to the lifetime of the Medical Device regulation as defined by the organisations, but not less than two years from the date of the product release by the organisation or as specified by the relevant regulatory authority”. When this period of time has expired your Personal Data will be permanently erased from all the databases in which is stored.
Where is data stored and processed?
Personal Data is processed by Google on a Firebase server located in Western Europe and the location of the default bucket for the Firebase storage is also located in EU. Anonymised data exported from Firebase for research purposes and identifiable data exported for customer service purposes will be stored inside the European Union. Data cannot be transferred to countries outside the European Economic Area without gaining written consent from PFLH. If any changes are required to the storage of your data and the location of the data centres where your data is stored, we will notify you accordingly.
At PFLH we take your Personal Data and its security very seriously. HSS is compliant with EU GDPR 2018 and other appropriate regulatory requirements. For processing and storage of your data we are using certified and secure cloud solutions from Google and Microsoft which use standardised protocols for encryption of data in transit and at rest.
Your data protection rights
As a data subject, depending upon the lawful basis we are relying on, you have a number of rights, in accordance with the UK GDPR. These rights relate to all Personal Data, as defined in this policy, but does not apply to Aggregated Anonymous Data, as similarly defined. The rights are:
| Your right | What does it mean? |
| Right to access | You have the right to access and receive a copy of your personal data. This is sometimes referred to as submitting a “data subject access request”. |
| Right to data portability | This right relates to moving or copying your personal data from one data controller to another. |
| Rights to rectify | You have the right to update, correct or complete your personal data. |
| Right to object | You have the right to object to or ask us to restrict the processing of your personal data, including for the purposes of direct marketing. |
| Right to be forgotten | Subject to certain exceptions, you are entitled to have your Personal Data erased, at any time. From time to time, we may be required to retain data for example to comply with a legal obligation, or exercise or defend legal claims. |
| Right to withdrawal of consent | You have the right to withdraw your consent at any time. |
Personal Data subject to data protection rights
Contacting us
Under GDPR you have the right to object to the processing of your Personal Data. You also have the right to request that you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We welcome your correspondence on this or any other questions regarding our privacy notice or the use of your information. Please also contact us to report any knowledge of a child accessing the app and providing personal data, without parental consent.
You can contact our Data Protection officer by email dataprivacy@passionforlife.com or by writing to:
PFLH Data Protection Officer
Passion for Life Healthcare (UK) Limited
HQ 5th Floor, Nicholas Street, Chester,
CH1 2NP
United Kingdom
You will need to provide information that will help us confirm your identity. Once we have all the information to respond to your request, we will provide the information to you as soon as possible and always within 1 month of receiving your request.
If for any reason and after you have raised with our Data Protection Officer any concerns regarding your data, you have the right to lodge a complaint with your Local Supervisory Authority.
Changes to this privacy notice
This notice will be updated from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements.