Greater Moments Privacy Notice
Social Sense Ltd and Hitch Marketing Limited (“We”, “Us” or “Our”) provide this Greater Moments application (“platform” or “system”) to assist you, and those you care for, in managing their day-to-day lived experience of living with dementia, as well as interacting with services in the Greater Manchester region. The platform shows periodic reviews of the users’ self-rated wellbeing, as well as ratings issued to local service providers.
We are committed to protecting and respecting your privacy. We are registered with the UK Information Commissioner’s Office as a Data Controller (Reg No. ZA221401) and have in place a comprehensive Company data protection policy and code of practice.
2. Explaining the legal basis we rely on.
The General Data Protection Regulation sets out a number of different reasons for which an organisation may collect and process your data. These include:
Consent In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in condition with a particular service.
Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations. For example, A contract is an agreement between parties which is binding in law and therefore we will have to supply anonymised data to our commissioners who fund us to demonstrate the work we have delivered. What this means is that our commissioners will be able to view an aggregated collection of wellbeing and activity inputs recorded by Users, but that they will not be able to see who recorded what, or which individuals data is related to.
Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in criminal activity affecting the organisation to law enforcement.
Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, where processing enables us to enhance, modify, and improve the service we deliver to you, such as displaying local activities based upon the location you are in, rather than activities that take place outside of your region.
3. What sort of personal data we collect?
Information you give us:
- Your username, password and e-mail address when you register for a Greater Moments account. We don’t store passwords, but we do give the user to ability to reset.
- Profile information that you provide for your user profile (e.g., first and last name & picture, type of dementia you live with, and demographic information such as your ethnicity).
- User Content for example your wellbeing questionnaire responses and related information that you post to the Service. (What activities you have recently engaged with, or local services you have used, and how these impacted your sense of wellbeing).
- Communications between you and Us. For example, we may send you service-related emails (e.g., account verification, changes/updates to features of the Service, technical and security notices).
Information we get from your use of the System:
We may from time to time cross check user names with dementia support services to confirm accuracy of individuals enrolled with the service; for example, if you have an assigned care provider, they will be asked to authenticate that they are indeed assisting you.
We use third-party analytics tools to help us measure traffic and usage trends for the Service. These tools collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any individual User.
Cookies and similar technologies
When you use our Service, our servers automatically record certain log file information, including your browser type, referring / exit pages and URLs, number of clicks and how you interact with features within the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to our Users which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service. You are able to opt out from receiving this communication at any time.
When you use a mobile device like a tablet or phone to access our Service, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers.” Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by Us.
4. How we use your personal information
We may use information that we receive to:
- Help you efficiently access your information after you sign in.
- Remember information so you will not have to re-enter it during your visit or the next time you visit the Service. Personal information is stored in the event that the user forgets a password. The password is not stored in the database but you may have opted to store it within your internet browser for faster login.
- Provide personalised content and information to the user such as recording users day to day feelings
- Recording users wellbeing
- Record user journal updates
- Provide, improve, test, and monitor the effectiveness of our Service
- Develop and test new products and features
- Monitor metrics such as total number of visitors, traffic, and demographic patterns
- Diagnose or fix technology problems
5. Who do we share your personal information with?
Aggregate data may be shared with schools and authorities to show trends. No identifiable personal information will be shared.
We may share your information as outlined below:
- We may remove parts of data that can identify you and share anonymised data with other parties. We may also combine your information with other information in a way that it is no longer associated with you and share that aggregated information. This cannot be converted back into identifiable information.
What happens in the event of a change of control?
If we sell or otherwise transfer part or the whole of Social Sense Ltd or Hitch Marketing Limited, or our assets, to another organisation (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address, User Content and any other information collected through the Service may be among the items sold or transferred.
Responding to legal requests and preventing harm
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so.
6.How do we store your information?
All information and data you provide to us is stored on secure servers with trusted 3rd party suppliers, via Heart Internet for website submissions, and Amazon Web Services (‘AWS’) for application usage, within the European Economic Area (‘EEA’).
AWS, who are used for the storage of your application data, complies with EU General Data Protection Regulation (GDPR) (‘Directive 95/46/EC’), which sets out several data protection requirements, which apply when personal data is being processed. AWS are industry leaders in the provision of hosting services and take security very seriously – you can find out more about their security policies and processes in their Security Whitepaper: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf.
The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the System, and any transmission is at your own risk. Once we have received your personal data, we will use strict procedures to try to prevent unauthorized access in accordance with our Company data protection policy and code of practice, and responsibilities as a registered Data Controller in the UK.
7. What are your rights over your personal information?
Your account information and profile/privacy settings
Update your account at any time by logging in and changing your profile settings around the privacy of your info.
Unsubscribe from email communications from us by clicking on the “unsubscribe link” provided in such communications. As noted above, you may not opt out of Service-related communications
How long we keep your User Content
Following termination or deactivation of your account, We – and our affiliates – may retain information (including your profile information) and User Content for 7 years for backup, archival, and/or audit purposes. You have the right to request the following subject to an access request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- The right to request that all of your personal data is erased from our systems. If you wish to contact us regarding your personal information, please contact us via firstname.lastname@example.org Your right to withdraw consent
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. Where we rely on our legitimate interest
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
- We will then do this unless we believe we have a legitimate overriding reason to continue processing your personal data. Direct marketing
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. You will be free to adjust your privacy preferences at any time.
Checking your identity
- To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
- If we become aware of any breaches to your data we will aim to inform you without undue delay. We will also inform the ICO of any confidentiality breaches within 72hrs of becoming aware of any such occurrence.
8. How to contact us
9. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any request that you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns We are registered with the UK Information Commissioner’s Office as a Data Controller (Reg No. ZA221401) .