Last updated September 2021.
The Agreement applies to any registered or a non-registered patient or other user of the Services (“User”), including a doctor, therapist, coach, or other healthcare specialist, professional or provider using the Services in connection with a healthcare-related practice or other organisation (“Service Provider”).
BY USING OR OTHERWISE ACCESSING THE SERVICES, AND/OR BY REGISTERING WITH US, YOU AGREE TO THIS AGREEMENT. IF YOU DO NOT AGREE, YOU CANNOT USE THE SERVICES.
- Any information that can readily be associated with a particular individual;
- UK/EU Users - Any information deemed to be personal data within the meaning as set out in the General Data Protection Regulation (2016/679), together with the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 (the “Data Protection Legislation”); and
- US Users - “Protected Health Information” (“PHI”) within the meaning as set out in Health Insurance Portability and Accountability Act (“HIPAA”) and subsequent laws and regulations.
We collect and maintain a range of data in order to provide Services to you and maintain safe and secure Services. Access to your Personal Information is limited to (a) Floe Interactive Limited employees and subcontractors who help with our business operations (such as to host our website platform, provide payment, billing or similar services, or perform anti-fraud functions), and (b) Service Providers with whom you elect to share information (such as a doctor).
2. Information We May Collect
Personal Information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you when you engage with us. Whenever we collect personal data about you, we must have a legal ground to do so.
Identity and contact information when you contact us or engage us for the provision of Services
- Email address
- Telephone number
- Medical history/PHI
We collect this information when you contact us or engage us for the provision of Services. This information allows you to receive Services and to contact you in respect of those Services.
Our lawful basis for this is to perform our contract with you – we require this information to be able to provide Services or with the customer service issue you have raised.
If you choose not to provide this information, we will be unable to provide you with Services.
Identity and contact information when you register as and provide Services as a Service Provider
- Email address
- Telephone number
- Job title
- Qualifications/credentials/ professional accreditation
- Membership to governing bodies
- Professional /employment history
We collect this information when you register to and provide Services to Users.
Our lawful basis for this is to perform our contract with you – we require this information so you can provide Services to Users.
If you choose not to provide this information, you will be unable to provide Services.
Information provided when you sign up to our promotional material (Marketing Data)
- Email address
- Telephone number
- Internet protocol (IP) address
- Your login data
- Browser type and version
- Time zone setting and location
- Browser plug-in types and versions
- Operating system and platform and other technology on the devices you use to access our Services.
This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Services provide.
This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Services provides.
Information That We Do Not Collect
We do not collect, store or record any audio or video data created between Users, Service Providers and anyone else using the Services for video and/or voice communication. The audio and video data is encrypted and not accessible to us or any third party.
US Users - HIPAA and Protected Health Information
To that end, before any PHI that you provide is shared with a Service Provider, you may be asked to affirmatively authorise Floe Interactive Limited to do so. By providing such authorisation, you are permitting Floe Interactive Limited to release your Personal Information, including PHI, to those specified Service Provider(s) pursuant to HIPAA. Your authorisation is entirely voluntary, but without authorisation, Floe Interactive Limited will not be able to share your information with selected Service Providers.
3. How we use your information
We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your Personal Information. Only a limited number of our internal staff are authorised to access, delete or modify your data. We will make reasonable efforts to ensure that your privacy interests are protected.
Our use of PHI is restricted as described above.
4. Sharing of information
We are not in the business of selling Personal Information about our users to third parties without your consent.
We may disclose your information in the following cases:
- If we want to sell our business, or our company, we can disclose it to the potential buyer;
- We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006;
- We may contract with third parties/subcontractors to supply our Services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing our services to you;
- We may share Personal Information (including PHI) with selected Service Provider(s) where we are authorised to do so;
- We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety or rights; or
- We can exchange information with others to protect against fraud or credit risks.
Parties with Whom You May Choose to Share Your Information
If you voluntarily share or submit any information to be shared with other parties or the public, or link it to any social media platforms or the public, that information may become available to those parties or the public.
Using and Sharing Anonymised Data
We may de-identify and anonymise Personal Information so it is no longer associated with any individual(s) in order to use it for other purposes, such as aggregating the data for statistical analysis.
5. Protection of your information
Although we implement reasonable administrative, physical and electronic security measures designed to protect your Personal Information from unauthorised access, we cannot ensure the security of any information you transmit to or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information. To the extent the law of your jurisdiction allows for notification of a breach via e-mail or conspicuous posting through the Services, you agree to accept notice in that form.
If you live in the EEA, you have certain rights in relation to your information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at firstname.lastname@example.org.
- Access. You have the right to request a copy of your information that we process. You may exercise this right in "Privacy Settings" section in your user account. If you require additional access, please email us at email@example.com.
- Correction. If you discover that we hold inaccurate information about you, you have a right to ask us to correct that information. You can correct account information by logging into your account. For other corrections, please email us at firstname.lastname@example.org.
- Erasure. You have the right to request that we delete your information. We may refuse this request if (a) the information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you’ve withdrawn consent. You can exercise this right in the “Privacy Settings” section of your user account or you can email us at email@example.com.
- Restriction. You have the right, in some cases, to restrict the processing of your information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us at firstname.lastname@example.org.
- Objection. You have the right to object to us using your information based on our lawful bases described above. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your account settings or, if you do not have an account, you can email us at email@example.com.
- Portability. You have the right in some cases to port your information from us to a new data processor. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right through the “Privacy Settings” section in your user account to download your data in XML format. Alternatively, you can email us at firstname.lastname@example.org.
- Withdraw consent. You can withdraw your consent to processing at any time by deactivating your account through the frankie.health website or by e-mailing email@example.com. Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your information based on your consent. We may process your information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
- Complain. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or the Data Protection Commission in Ireland (https://www.dataprotection.ie/) . We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
You may be able to modify certain features in your Account profile page. In addition, please note the following :
- If we offer any communications by text message, you may opt-out of receiving text messages by replying “STOP” to any text message received. In all promotional emails, you will be given the opportunity to opt-out of receiving such messages in the future by clicking on the link at the bottom of the email that says “unsubscribe.” It may take up to ten (10) business days for us to process your opt-out request.
- Even if you have unsubscribed from receiving promotional emails from us, we may send you other types of important email communications without offering you the opportunity to opt-out of receiving them, such as announcements about the Services and administrative notices (e.g., account verification, payment confirmations, technical and security notices).
6. Retention of data
Information we collect may be retained indefinitely, but we may elect to only retain such information to the extent necessary for business and legal purposes. If you cease being a User, we may retain your Personal Information in the event you wish to rejoin the Services, and for anti-fraud and other purposes.
7. Change of control
8. Amendment to this policy
9. Children’s privacy
We do not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow such persons to register for the Services. The Services and their content are not directed at children under the age of 16. In the event that we learn that we have collected Personal Information from a child under age 16 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us.
10. How we respond to do not track signals
11. Other websites and services
The Services may be embedded within, or contain links to, other websites or services that we do not own or operate. We are not responsible for the practices employed by such websites or services, including the information or content contained within them. Your use of any third-party website or service is subject to that third party’s own rules and policies, not ours.
You agree that we are not responsible for and do not have control over any third parties that you authorise to access your Personal Information (which authorisation may include PHI). If you are using a third-party website or service and you allow them to access your Personal Information you do so at your own risk.
12. International considerations
In certain cases, we transfer and store certain information outside the EEA, such as to the United States. In such cases, we use a legal mechanism known as “standard contractual clauses” to protect information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring personal information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the information transferred. To request a copy of the clauses, please email us at firstname.lastname@example.org.
13. How to contact us