PRIVACY POLICY

• Who we are and how to contact us.
• Your rights relating to your Personal Information.
• Marketing communications preferences.
• What Personal Information we collect.
• How we use your Personal Information and why.
• What happens when you do not provide necessary Personal Information?
• Personal Information from Third Party Sources.
• How we use cookies and other tracking or profiling technologies.
• Who we share your Personal Information with.
• How we keep your Personal Information secure.
• How long we store your Personal Information.
• Our policy on children.
• Third party links.

We will post any modifications or changes to this Privacy Policy on this page

Who we are and how to contact us

Our address is: 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH.
You may contact us by emailing privacy@iowna.com.

Your rights relating to your Personal Information

Under certain circumstances, by law you have the right to:

• Request access to your Personal Information that we hold about you, to check we are lawfully processing it.
• Request correction of the Personal Information that we hold about you if it is incomplete or inaccurate.
• Request deletion of your Personal Information where there is no good reason for us continuing to process it.
• Object to processing of your Personal Information where you do not agree with the legal basis for our processing it or if it is being processed for direct marketing purposes.
• Request the restriction of processing of your Personal Information such as to suspend the processing if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your Personal Information to you or a third party you have chosen. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to exercise your rights

If you want to exercise any of the rights described above, please contact us as described above.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights) This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

Where we are processing your personal information for a Healthcare Organisation – most of your records on the iOWNA Platform will fall into this category – we may need to contact the Healthcare Organisation and they may choose to handle your request directly or in conjunction with us – we will let you know if this is the case.

Typically, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights outlined above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may simply refuse to comply with your request in these circumstances. Any Healthcare Organisation involved with your request may also have similar policies.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Information, please email us at privacy@iowna.com.

We will reply to your complaint as soon as we can.

If you feel that your complaint has not been adequately resolved, please note that you have the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.

The laws on the handling of your personal data fall under the UK General Data Protections Regulations (“UK GDPR) which incorporates most of the EU Regulation 2016/679 concerning general data protection. (references in this Policy to “Articles” are to the EU regulations that will still apply in the UK).

Marketing Communication Preferences

You can ask us to stop sending you marketing messages at any time by following the “Unsubscribe” link in the marketing message or emailing us at privacy@iowna.com.

Where you opt out of receiving these marketing messages, this opt-out will not apply to service-related communications (and any processing of your Personal Information involved in sending such communications). As a non-exhaustive list of what these service-related communications may include, they might be emails or notifications: about your account; your use of the iOWNA Platform; the operation of the iOWNA Platform, concerning updates to this policy or any Terms & Conditions etc or management of your Personal Information; initiated by your Healthcare Provider or Healthcare Organisation in connection with your medical treatment or condition or any activities they propose to conduct with you.

If you use the iOWNA Platform, you may receive push notifications from us if you have opted in to receive them. You can choose to turn these off at any time through your relevant device.

What Personal Information we collect

All the Personal Information we collect, both from you and from third parties about you, including your Healthcare Provider and Healthcare Organisation is outlined below.

Before you read the information, it might be useful to explain what “Personal Information” is. Essentially, it means: information about an individual, from which that individual is either directly identified or can be identified.

It does not include ‘anonymous data’ (i.e., information where the identity of individual has been permanently removed) – such data is often used for legitimate research purposes and to understand use-age of the iOWNA Platform.

However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).

The details below set out for each category of information, the information that is collected:

Identity Data:

Your full name.

Contact Data

Your home address, email address and telephone numbers.

Marketing and Communications Data:

Your preferences concerning receiving marketing from us and your communication preferences, including information about your engagement with our marketing emails that is collected by the pixel tags described in the Cookies section below.

Behavioural Data:

Inferred or assumed information relating to your behaviour and that of your Healthcare Provider, based on your or their online activity.

Medical Information:

• (1) Data about the information your Healthcare Provider provides to you, from which can be inferred the medical condition that they are providing you support with.
• (2) Where you are participating in a patient survey managed through the iOWNA Platform concerning a medical condition or your experience with the condition or your experience of, or compliance with, a drug regime prescribed for you by your Healthcare Provider, the personal information that your Healthcare Provider or healthcare Organisation or you supply to prepare and send that survey and your survey responses.

Technical Data:

Internet protocol (IP) address, data about log-ins (e.g., the time when a log-in occurs), browser type and version, time zone setting and city-level location (inferred from your IP address), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.

How we use Special Categories of Personal Information – health information

As described above, we do process information about your health.

Organisation and your Healthcare Provider and they or we use the following legal bases as set out in the UK GDPR:

Explicit consent to process health-related information when you create an account on the iOWNA Platform to receive information and guidance selected for you by your Healthcare Provider , or for a person for whom you care, and/or for a child’s use where you are a parent or guardian (GDPR Article 6(1)(a) and 9(2)(a)).

Explicit consent to process health-related information provided to us by your Healthcare Organisation or Healthcare Provider when you agree to treatment or care by them where such processing by us is strictly to support their management or support of your medical condition (GDPR Article 6(1)(a), 9(2)(a) and 9(2)(c)).

Explicit consent to process health-related information provided to by you as a part of a survey that has been commissioned by your Healthcare where such processing by us is strictly to support their management or supervision of your medical condition (GDPR Article 6(1)(a), 9(2)(a) and 9(2)(c)).

Explicit consent when you share your personal information through us with your Healthcare Provider, including where you elect for your personal information and health-related information to be shared with your Healthcare provider’s electronic medical record systems, whether when using the iOWNA Platform generally or when participating in a patient survey. (GDPR Article 6(1)(a), 9(2)(a) and 9(2)(c))

Where necessary to conduct scientific research directly or with other researchers based on UK law or, where required by UK law, explicit consent when we pseudonymise and/or aggregate health-related data in the iOWNA Platform or otherwise collected through patient surveys (GDPR Articles 9(2)(a), 9(2)(c) or 9(2)(j)).

How we use other (non-medical) Personal Information and why

We will only use your Personal Information for the purposes for which we collected it as described in the previous section or as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Information for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so – the UK GDPR requires us to state this clearly to you.

What is our “legal basis” for processing other Personal Information?

Most commonly, we will rely on one of the following legal bases:

• Where we need to perform a contract we are about to enter into or have entered into with you or with your Healthcare Organisation or your Healthcare Provider (“Contractual Necessity”).
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Information for is set out below.
• Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).

We have set out below, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Information.

To provide the Services:

• This processing is necessary to perform the contract governing our provision of the iOWNA Platform and that which we have with your Healthcare Organisation or Healthcare Provider to provide other services, such as patient surveys. This includes:-
• Contractual Necessity
• Legitimate interests…
We have a legitimate interest in processing the Personal Information for the purposes of performing the agreement we made with you in providing the iOWNA Platform or associated services.

To provide the Services (cont’d):

• Passing your information to your Healthcare Organisation or Healthcare provider so that they can understand your use of the iOWNA Platform.
• Providing customer support
• Setting up and managing your account on the iOWNA Platform
• Providing any other iOWNA support or other services to you or your Healthcare Organisation or Healthcare Provider.
• Legitimate interests…
We have a legitimate interest in processing the Personal Information for the purposes of performing the agreement we made with you in providing the iOWNA Platform or associated services.

Saying sorry:

• If something goes wrong with your use of the iOWNA Platform we may want to share your information with your Healthcare Organisation or Healthcare provider so they can apologise and explain any action taken.
• Legitimate Interests…
We have a legitimate interest in trying to maintain a good relationship with you in the event that something goes wrong with your use of the iOWNA Platform

Insights:

• We record a small percentage of users’ sessions on the iOWNA Platform to identify issues with the user journeys to ensure the quality of service.
• Legitimate Interests…
It is in our legitimate interests that we are able to monitor certain user journeys to ensure that we can develop and improve the features and functionalities of the iOWNA Platform.
We use a third party such as Google Analytics to perform this processing purpose on our behalf.

Aggregated Data creation:

• We may also create, use and share “Aggregated Data” (such as statistical data) for any purpose. Aggregated Data may be derived from your Personal Information, including information derived from a patient survey that you have completed but once in aggregated form it will not constitute Personal Information for the purposes of the UK GDPR as this data does not directly or indirectly reveal your identity. For example, (i) we may aggregate technical data and behavioural data to calculate the percentage of users accessing a specific iOWNA Platform feature or Content; or (ii) we may analyse across you and other patients the impact of your drug regime and the side-effects that it produces. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information that will be used in accordance with this Privacy Policy.
• Legitimate Interests…
We have a legitimate interest in creating Aggregated Data to use and share for our own business purposes.

Compliance, and safety:

• We may use your Personal Information as we believe necessary or appropriate to:
* Enforce the terms and conditions that govern the use of the iOWNA platform;
* Protect our rights, privacy, safety or property, and/or that of you or others;
*Protect, investigate and deter harmful, unauthorised, unethical or illegal activity.
• Compliance with Law – this will be the case where we have to carry out any of these processing activities in order to comply with a legal or regulatory obligation.
• Legitimate Interests…
It is in our legitimate interests to be able to take appropriate steps to ensure that our services are legally compliant, free of fraud and safe for you, us and our Boutiques to use.

Troubleshooting:

• To track technical issues that might be occurring on the iOWNA Platform or relating to our services.
• Legitimate Interests…
It is in our legitimate interests that we are able to monitor and ensure the proper operation of the iOWNA Platform and associated systems and services.

Security

• To keep the iOWNA Platform, together with associated services and systems, operational and secure
• Legitimate Interests…
We have a legitimate interest in ensuring the ongoing security and proper operation of the iOWNA Platform, together with associated IT services and networks. This may include ensuring that we are protected from automated spamming, crawling, scraping, denial-of-service attacks and similar operations.

Marketing:

• We use this information to prepare and send you marketing communications relating to services that we think you might be interested in.
• Legitimate Interests…
If you have subscribed to our mailing list, or have made (or shown an interest in making) a purchase from us, we have legitimate interests in:
* Sending you marketing communications; and
* Collecting and using information about your engagement with our marketing emails (e.g., whether you open and/or forward those emails) to make sure that the products and offers that we inform you of are relevant to you.

What happens when you do not provide necessary Personal Information?

Where you fail to provide Personal Information that we need to process based on Contractual Necessity or for the purposes of Compliance with Law, we may not be able to provide or continue to provide you with access to the iOWNA Platform or participation in any patient survey that your Healthcare Provider has requested, through our platform.

Personal Information from Third Party Sources

In addition to the Personal Information that we collect directly from you (as described in the section immediately above this one), we also collect certain of your Personal Information from third party sources. These sources are broken down below, none of which are publicly available.

Your Healthcare Organisation:

• Data identifying you as a patient for the purpose of inviting you to use the iOWNA Platform or other medical information disclosed to us for the purpose of patient survey

Your Healthcare Provider:

• Data identifying you as a patient for the purpose of inviting you to use the iOWNA Platform or other medical information disclosed to us for the purpose of patient surveys

Analytics Providers:

• Behavioural Data and Technical Data

Advertising technology providers:

• Behavioural Data and Technical Data, Marketing and Communications Data

How we use cookies

What are cookies?

We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on the iOWNA Platform.

Cookies we use

The iOWNA Platform uses the following types of cookies for the purposes set out below:

Essential Cookies:

• These cookies are essential to provide you with services available through the iOWNA Platform and to enable you to use some of its features. Without these cookies, the services that you or your Healthcare Provider have asked for cannot be provided, and we only use these cookies to provide you with those services

Functionality Cookies:

• These cookies allow the iOWNA Platform to remember choices you make when you use the iOWNA Platform. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences every time you visit the iOWNA Platform.

Analytics and Performance Cookies:

• These cookies are used to collect information about traffic to the iOWNA Platform and how users use the iOWNA Platform. The information gathered may include the number of visitors to the iOWNA Platform, the websites that referred them to the iOWNA Platform, the pages they visited on the iOWNA Platform, what time of day they visited the iOWNA Platform, whether they have visited the iOWNA Platform before, and other similar information.
We use this information to help operate the iOWNA Platform more efficiently, to gather broad demographic information, monitor the level of activity on the iOWNA Platform, the experience of user on the platform and improve the iOWNA Platform.

We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics by visiting its public website.

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of the iOWNA Platform. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit the iOWNA Platform.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit https://allaboutcookies.org/ and https://www.youronlinechoices.com/uk/

In particular, you can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioural advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.

You can prevent the use of Google Analytics relating to your use of the iOWNA Platform by downloading and installing the browser plugin available here.

Flash Technology

We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on the iOWNA Platform to collect and store information about your use of the iOWNA Platform. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel at this website. You can also control Flash LSOs by going to the Global Storage Settings Panel at this website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with the iOWNA Platform

Who we share your Personal Information with

The information below describes who we share your Personal Information with, what we share and why we share it.

We may share your Personal Information with other Controllers (i.e., people who can use the relevant data for their own purposes), as well as Processors (i.e., people who use the relevant data only on our behalf and under our instruction).

Your Healthcare Organisation (as independent Controller)

• To enable your Healthcare Organisation to know that you have registered; provide you with content from the iOWNA Platform; monitor your use of the iOWNA Platform; enable them to monitor your returns to patient surveys; and to review the information that you provided in patient surveys.

Your Healthcare Provider (as independent Controller)

• To enable your Healthcare Provider to know that you have registered; provide you with content from the iOWNA Platform; monitor your use of the iOWNA Platform; enable them to monitor your returns to patient surveys; and to review the information that you provided in patient surveys

Advertising technology providers (as independent Controllers)

• Advertising technology and analytics providers collect this Personal Information via this iOWNA Platform and via our marketing emails, so that they can make sure that you see the most relevant content based on how you interact with the iOWNA Platform, other pages on the internet, and our marketing emails.

Our other Service Providers (as our Processor)

• We engage certain other third parties to provide elements of the iOWNA Platform and associated services or to improve your experience on the iOWNA Platform. Here are a few examples of the types of things these third parties might be engaged to help us with:
* Providing customer support services.
* Helping us send out marketing messages.

Our Hosting Provider (as our Processor)

• We outsource the hosting of the iOWNA Platform. This means that all categories of Personal Information that we process will be held and stored on the servers of our hosted service provider, currently AWS (Amazon Web Services)

Partners in corporate transactions (as independent Controllers)

• We may disclose Personal Information to third parties to whom we may choose to sell, transfer, or merge all or any parts of our business or our assets. If we undergo a change like this to our business, then the new owners may use your Personal Information in the same way as set out in this Privacy Policy.

Data transfers

We do not currently share your Personal Information with certain external third parties who are based outside the European Economic Area (“Europe”).

How we keep your Personal Information secure

We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. The efficacy of these security measures is supported by the following certifications/accreditations:
• Cyber Essentials Scheme: certification IASME-CE-003740

We limit access to your Personal Information to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected Personal Information breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Information.

How long we store your Personal Information

In most cases the Personal Information that we hold will be subject to the data retention requirements of your Healthcare Organisation or Healthcare Provider as set out in agreements with them. Where Personal Information is collected by us directly and controlled by us the following will apply.

We are committed to only keeping your Personal Information for so long as we reasonably need to use it for the purposes set out above. This general rule applies unless a longer retention period is required by law (for example for regulatory purposes).

In respect of the Personal Information we process to provide you with the iOWNA Platform and associated services, we will only keep this Personal Information for so long as you have an open account on the iOWNA Platform. When you close your account, we will delete or irreversibly anonymise your Personal Information within thirty (90) days. However, we may keep this data longer if required under the policies and agreements with your Healthcare Organisation or Healthcare Provider and you should consult their public privacy policies if you are uncertain or contact us at privacy@iowna.com

As noted above:
• in respect of any Personal Information we process based on our, or a third party’s, legitimate interests, you have the right to object to processing of your Personal Information for this purpose at any time; and
• you also have a general right to request erasure of your Personal Information where there is no good reason for us continuing to process it.

If you want to exercise either of these rights, please contact us at privacy@iowna.com

Please note that this data retention framework does not apply to Aggregated Data, which we may store for longer periods of time.

Our policy on children

The iOWNA Platform is not intended for children below 16 and we do not knowingly collect data relating to such children.

Third party links

This iOWNA Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Information. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the iOWNA Platform, we encourage you to read the privacy policy of every site you visit.