Date last revised: February 2022
CAMBRIDGE HEARTWEAR LIMITED (we/us/our) are committed to respecting your privacy and protecting your personal data. We recognise that your personal data is your property and that you have allowed us to use it for specific purposes set out in this policy or otherwise notified to you (from time to time).
1.1 Protecting your personal data is important to us. This policy explains what, how and why we collect, use, manage, transfer, store, and delete your data, and what rights you have in respect of it.
1.2 This policy applies to all personal data that we process though your use of our website at www.cambridgeheartwear.co.uk (Website) and the Heartsense DeviceĀ®, comprising the device itself and our software application that connects to it, and other interactions that you have with us at any time (i.e. customer service enquiries). It also applies to all personal data that we process about you when using our heart monitoring products.
1.3 Our products must not be used by anyone under 18. If you are under 18 you must not use our product or provide us with your personal data. If you are aware that our products are being used by anyone under 18, please contact us promptly on the details in section 1.7.
1.4 By using our Website and our products, you understand and accept how we will process your personal data. You are therefore advised to read it carefully.
1.5 Any changes that we make to this policy (from time to time) will be posted on this page and may not always be communicated to you. You are therefore advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or our products after the date of the relevant change.
1.6 For more information relating to your rights under this policy, please see section 9.
1.7 If you have any queries relating to this policy, please contact us at info@camheartwear.com in the first instance.
2.1 For the purposes of the Data Protection Act 2018, we are the data controller. We are registered in England & Wales (number 09370927) and our registered office is at Cambridge Innovation Centre Unit 320, Cambridge Science Park, Milton Road, Cambridge CB4 0WG.
2.2 We are registered with the Information Commissioner's Office (ICO) to process your personal data and our registration number is ZA515797.
2.3 Your personal data will be held and stored by us in our internal management information systems on servers located in the UK. All personal data we access is processed by staff based in the UK who are regulated by our own internal staff data protection policy.
3.1 You may be asked to provide your personal data anytime you are in contact with us. You are not required to provide personal data that we have requested, but, if you choose not to, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.
3.2 We use the data we collect:
3.2.1 to deliver basic components of our services, such as visualizing your ECG waveforms readings, helping you share data with your healthcare professional, or shipping your product to you;
3.2.2 to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us;
3.2.3 to make improvements to our services and products, and help us develop new products;
3.2.4 to customize our services for you, including personalized content, and basic functionalities like tracking which language you speak;
3.2.5 for analytics to understand how our services and Website is used and can be optimised;
3.2.6 to interact with you directly, i.e. we may send you a notification to let you know about upcoming changes or improvements to our services, or if you contact us, we'll keep a record of your request in order to help resolve any issues;
3.2.7 to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, loss prevention, and technical issues that could harm us, our users, or the public;
3.2.8 when you share your content with family and friends using our services and products, or invite others to interact with our services, we collect the information you provide about those people (such as names and contact details). We will use such information to fulfil your requests, and provide the relevant services; and
3.2.9 when you buy our products we collect only your name and the last 3 card digits. This includes sending you emails, invoices, receipts, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties process your orders and credit card payments.
4.1 Principally, you provide personal data to us when you buy our Products, use our services or register with our software applications and pair your devices to your account(s).
4.2 As stated in sub-section 3.2.9 above, when you buy our products, we collect payment details.
4.3 When you buy our products, in order to use the products effectively you should register with our software application(s). That registration process requires you to provide us with your personal data (such as names, contact details, date of birth, your gender, height, weight) to create your account. All data is provided by you as directed by the registration process.
4.4 Users routinely submit data to us when initialising and registering our device to the application and using other services. This information is personal data. To the extent that information we collect is health data, we ask for your explicit consent to process the data. We may require you to provide further consent when you pair your device(s) to your account, grant us access to your health or activity data from another service. You can withdraw your consent at any time, including changing your account settings, stopping use of a feature, removing our access to a third-party service, un-pairing your device, or deleting your data or your account, .
4.5 When you interact with our services, metadata is generated that provides additional context about the way you use our services. We log the number of times you access your application and the time of the day (etc). This type of information is only collected in anonymized or aggregated format and is not personally identifiable.
4.6 We collect information about the devices you use to access the services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect this other information often depends on the type of device used and its settings. This type of information is only collected in anonymized or aggregated format and is not personally identifiable.
4.7 As with most technology services and websites delivered over the Internet, our servers automatically collect information when you access or use our Website or services and record it in log files. This log data may include the IP address, the address of the web page visited before using the Website or services, browser type and settings, the date and time the services were used, information about your devices and, language preferences and cookie data.
4.8 We receive information from your device, and other third-parties that helps us approximate your location. Unless you provide consent specifically for a location-based service, this type of information is only collected in anonymized or aggregated format and is not personally identifiable. We may use an IP address received from your browser or device to determine your approximate location. We may also collect location information from devices in accordance with the consent process provided by your device.
4.9 At times we may make certain personal data available to strategic partners that work with us to provide products and services, or that help us market to customers. These companies are obligated to protect your information and may be located wherever we operate.
4.10 When you purchase your product, you authorize us to exchange the information you provide during the purchase process to ship the product to you. When your product is shipped, your data will be governed by us and our courier's privacy policies. Personal information will only be shared by us to provide or improve our products, services and promotional messages; it will not be shared with third parties for any other purpose.
4.11 Our Website and software applications use cookies and similar technologies in our Websites. Our cookie policy (available here) provides more information.
4.12 To improve our services, we receive data about organizations, Website visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries using Google analytics and optimisation functions only. This is to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: such as how well an online marketing or email campaign performed
5.1 Your health and wellness data will be shared with third party partners in health, technology and life-science sectors to enhance user experience and services in future, and you are required to provide this information on registration with the application. This exchange is made via our API system which connects to our healthcare professionals' back end systems.
5.2 We never share your data with advertising platforms, data brokers or information resellers.
5.3 Your data, whether originating from use of our products and services or from third party partners is not used for marketing and advertising purposes.
5.4 All third-party partners are subject to requirements preventing them from using and/or sharing your data for marketing and advertising purposes.
5.5 If you choose to share your data with a third party service, the information you provide to the third party services is governed by the third party's Terms and Conditions and Privacy Policy over which we have no control.
5.6 If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all other information may be shared or transferred, subject to standard confidentiality arrangements.
5.7 If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
6.1 We may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with us, you may not opt out of receiving these communications.
6.2 We might want to contact you with information about product announcements, software updates and special offers, and we may want to contact you with information about products and services from our business partners. This type of communication requires your consent, and you may opt out of such communications at any time by clicking the "unsubscribe" link found within our emails, reaching out to our Customer Support team, or by changing the settings in the applications.
7.1 Once collected, your personal data will be retained by us for as long as you use the product (including any warranty we provide) and your account. Where you close your account, we will retain your account details and information relating to your account usage for 30 days only, after which point it will be securely and irretrievably deleted.
7.2 ECG waveforms data that is obtained through your device and processed by us will be retained for as long as you use the device, and for up to 4 years after you stop using it. After this time, it will be securely and irretrievably deleted. Any data recorded from your device that has been shared with third parties will be retained on those third party's systems or databases and subject to their privacy policy (if any), over which we have no control.
7.3 We retain user data in accordance with your instructions, including any applicable terms in any service Terms and Conditions, Customer Agreement and Customer's use of Services functionality, and as required by applicable law. The deletion of User Data and other use of the Services by the User may result in the deletion and/or de-identification of certain associated other information.
7.4 We may retain other information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your other information after you have deactivated your account for the time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our rights under our agreements.
8.1 We take the security of your personal data very seriously. We protect your personal information during transit using encryption such as Transport Layer Security (TLS) or secure socket layer ("SSL") technology. When your personal data is stored by us, we protect our computer systems using a combination of administrative, physical and logical security safeguards.
8.2 Your personal data is always stored in encrypted form.
8.3 Given the nature of communications and information processing technology, we cannot guarantee that information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible and later report the action we took in response.
8.4 We make it easy for you to keep your personal data accurate, complete, and up to date. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
9.1 In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or other applicable laws) to ask us:
9.1.1 not to process your personal data for marketing purposes;
9.1.2 to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
9.1.3 to amend any inaccurate data we hold about you;
9.1.4 to delete any of your data (where you no longer think