This website is operated by SaySo Medical Ltd.
- the personal information we collect about you
- what we do with your information, and
- who your information might be shared with.
Who we are
SaySo Medical Ltd ('we' or 'us') are a 'data controller' for the purposes of the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 and any subsequent UK data protection legislation and we are responsible for, and control the processing of, your personal information. Our registered office address is C/O Roxburgh Milkins Limited, Merchants House North, Wapping Road, Bristol, United Kingdom, BS1 4RW.
We provide a web-based platform for healthcare professionals to access interactive content, pursuant to the terms and conditions of use at https://www.sayso.health (Platform).
If you are unsure how this policy applies to you, please contact us (see ‘How to contact us’ below) and we will be happy to help.
What information do we collect and process?
Personal information provided by you
During the course of accessing the Platform, contacting us, or otherwise dealing with us, you may provide us with a range of personal data which we will use in the course of our business. This personal information may include:
- Your name or another unique identifier;
- Your contact details (which may include your landline telephone number, mobile number, and/or email address);
- Your country of residence;
- Professional information (e.g. job title and/or type, professional qualifications, industry); and
- Other related information that you provide as part of your profile on the Platform.
Information we collect automatically
Our website and services may collect certain information about you automatically (such as your IP address, geographical location, browser type and version, operating system).
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as our Platform customers, which are referring you to use the Platform or on whose behalf you will access and use the Platform), which we will add to the information we already hold about you in order to help us operate our business effectively.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- transfer the personal data and give consent on his/her behalf to the processing of his/her personal data; and
- receive on his/her behalf any data protection notices.
Sensitive personal information
We do not request, hold or process any sensitive personal information. We do not permit the uploading or sharing of any sensitive personal information via the Platform.
How we use your data and our legal basis for processing your data
We may process your data for a variety of reasons, including because:
- we are legally obliged to e.g. to confirm your identity;
- the processing is necessary for the performance of the contract with you to provide access to the Platform; or
- it is in our legitimate business interests to do so.
In some instances, we will rely on your consent to process personal data and where we do this, it will be flagged to you at the time.
Our main processing activities for personal data, and the legal basis on which we perform those activities are:
Prospective users/marketing recipients:
We will process your personal data in order to contact you in relation to our Platform and keep a record of our communications.
Our legal basis for doing so will either be that we have received your consent, which you will have given when you provided the personal data to us or one of our Platform customers; or performance of a contract for your benefit, if you have been referred to us by one of our Platform customers. If you wish to object to direct marketing, you may do so by contacting us.
We will process your personal data in order to provide access to the Platform to you and to provide you with information and updates regarding the same. Our legal basis for doing so is that the processing is necessary for the performance of a contract. We will also keep a record of your data and use it for related purposes, including account management, customer support, and audit purposes, on the basis that we have a legitimate interest in doing so.
We may also contact you in relation to our products and services. Our legal basis for doing so will be the same as for prospective customers, as set out above.
Individuals about whom we receive information from our customers or suppliers:
We may receive information about individuals from our customers or suppliers, which we use in the course of our business. We use this information to provide information about the Platform and the opportunity to register to access the Platform. Our legal basis for doing so is either that you have consented to such use of your personal information or there is a legitimate interest in doing so.
Other processing activities
Monitoring and recording communications
We may monitor and record communications with you (such as emails) for the purpose of training, fraud prevention, and/or quality assurance. We may also retain copies of communications and details provided to us by you, for example support requests, account queries, complaints, for internal account management and auditing purposes. This is done on the basis of legitimate interests.
Storage of your information and who your information might be shared with
We store your personal data on cloud-based servers based in the European Economic Area (EEA).
You agree that we may disclose your information and use of the Platform with third parties which referred you to access the Platform, or on whose behalf you are accessing the Platform, on the basis that they have a legitimate interest in processing such information.
We may also disclose your personal data to:
- our agents and service providers, to the extent that they require access to the data in order to provide goods/services to us, in which case they will be bound by a contract requiring them to process personal data in accordance with the requirements prescribed by data protection law;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
- a third party purchaser if we sell our business, in which case, customer and user information will be a transferred asset.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you; and
- we store your personal data on secure servers.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
What can I do to keep my information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Transfers of your information out of the EEA
We do not routinely transfer personal data outside of the EEA but may need to do so in certain limited cases. We will only do this if appropriate safeguards are place in accordance with data protection legislation.
How long do we keep your personal information?
We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements. This duration will depend on whether you are a prospective user or user of the Platform, how long you continue to use the Platform, and our obligations to third parties.
What rights do you have?
You are responsible for ensuring that information you provide to us is accurate, complete and up-to-date. You can review and change your information by contacting us.
You have a number of rights in relation to your personal data, these include the right to:
- find out how we process your data;
- request that your personal data is corrected if you believe it is incorrect or inaccurate;
- obtain restriction on our, or object to, processing of your personal data;
- if we are relying on consent, you can withdraw your consent to our processing of your personal data (including any direct marketing);
- if we are relying on legitimate interests for direct marketing, you can object to receiving such direct marketing;
- obtain a copy of the personal data we process concerning you. We will take steps to verify your identity before responding to your request. Once we have verified your identity we will respond as soon as possible and in any event within one month.
- lodge a complaint with the UK supervisory body, the Information Commissioner’s Office (the ICO) here https://ico.org.uk/. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.
If you would like to exercise any of your rights or find out more, please contact us.
How to contact us
If you wish to contact us, please send an email to firstname.lastname@example.org or write to us at SaySo Medical, 25 Gerrard Street, London, W1D 6JL