Privacy Policy

Last updated: 25 September 2023

This Privacy Policy outlines how your information is collected, used, and disclosed when you use our Service, while also explaining your privacy rights and legal protections. We utilize your personal data to enhance and provide the Service, and by using it, you agree to our data collection and usage practices. We may ask for personally identifiable information such as email, name, and phone number. Additionally, we automatically collect usage data. We employ cookies and similar technologies to track activity and improve the Service. Your personal data may be shared with service providers, affiliates, and business partners for various purposes. We retain your data for as long as necessary and ensure its security. You can access, update, or delete your personal information, and this Privacy Policy may be subject to changes, which will be notified to you. If you have any questions, please contact us through the provided channels below.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.

• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

• Application refers to Neu PD, the software program provided by the Company.

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Neuhealth Digital Limited, 6th Floor, 2 Kingdom Street, Paddington, London W2 6BD.

• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

• Country refers to: United Kingdom

• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

• Personal Data is any information that relates to an identified or identifiable individual.

• Service refers to the Application or the Website or both.

• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

• Website refers to Neu Health, accessible from http://neu.health

• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Neu Health 

Neuhealth Digital Ltd is registered as a limited company in the United Kingdom (no.14492037) and our registered address is First Floor, 100 Victoria Embankment, London EC4Y 0DH (referred to as “Neuhealth”, “we”, “us” or “our” in this notice). 

We have appointed a Data Protection officer who is responsible for overseeing questions relating to this notice as well as our general data protection practices.  To contact, please use privacy@neu.health   

If you have any questions about this Privacy Policy, general data protection inquiries or any complaints. You can contact us: 

• Using the details above (including ‘data protection’ in the email subject line); or 

• By visiting the contact us page on our website, selecting ‘data protection’ as the subject, and submitting a form: Contact us  

Data Definitions 

An overview of key terms used to describe personal data and how it can be used.  

What is Personal Data? 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).   

What is Data Processing? 

In relation to personal data, processing, means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction). 

Further Information 

The Information Commissioner’s Office (ICO) is the UK Data Protection Regulator. For further detail on definitions relating to personal data, used throughout this policy, please visit the ICO website. 

Neu Health’s Interactions with Personal Data  

Neu Health may handle your personal information as a data controller or a data processor. This privacy notice tells you what to expect us to do with your personal information when you make contact with us, use our website or platform or register for and use our services through the Neu Platform application(s).  

In circumstances where we are the data controller, we determine what data is collected, how this data is going to be used and how this data is protected. We are registered as a data controller with the Information Commissioner's Office (ICO) with registration no.ZB541090.  

We also act on behalf of other organisations as a data processor under contract. Where this is the case we do not determine what personal data is collected or how it is going to be used. The organisation we work on behalf of will make these decisions as the data controller for your personal information and you should refer to their privacy notice for these details.  This will typically involve health care sector organisations who have contracted with us for services provided through our platform. 

Below we describe the different scenarios where we collect and/or handle personal information, along with controls in place to ensure this is done securely. For a detailed breakdown, please see the end of this policy.  

Website Visitor  

We use Squarespace analytics to collect this standard internet log information and details of visitor behaviour patterns. We do this to understand things such as the number of visitors to the different areas of the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Squarespace to make, any attempt to find out the identities of those visiting our website. Details of square space’s privacy policy can be found here: https://www.squarespace.com/privacy  

If we do want to collect personally identifiable information through our website, we will make this clear at the point personal information is collected and will explain what we intend to do with it. 

Use of cookies 

Like many other websites and services, we use cookies. ‘Cookies’ are small pieces of information sent by a website/service to your device and stored to enable that website to recognise you when you visit in the future. They can also be used to collect statistical data about your browsing activity and patterns of behaviour but do not identify you as an individual. This helps us to understand how people who visit our website use it, enabling us to improve the layout and contents for visitors. 

For more information about the cookies we use and your choices regarding cookies, please visit Squarespace cookie policy section. 

It is possible to switch off cookies by setting your browser preferences and settings. Turning cookies off may result in a loss of functionality when using our website. 

App User ‘Patient’  

Following prescription by a clinician, users will download the Neu Health application to their mobile phone and interact accordingly, as detailed in the application and/or accompanying guidance materials.  

Personal Data we collect: 

We collect the following types of personal data from you: 

• Contact Information: Name, NHS number, email address, and phone number. 

• Demographic Information: Date of birth, dominant hand.  

• Condition Information: Diagnosis 

This information will be collected via the Neu Health app registration process to confirm identity. This will be used for the clinician’s reference and ensure only legitimate users' access and use the application accordingly.  

Non-Personal Data we collect: 

Application activity information: Results from our smartphone assessments, medication information, and symptom information. 

This allows us to review activity and perform calculations to provide clinicians/the data controller with necessary performance information. Anonymised information will be used internally by Neu Health for service and technology evaluation and improvements.  

Clinical Dashboard User ‘Clinician’  

Clinicians/the data controller will have access to Neu Platform – providing a dashboard to review results collected via patients using the Neu Health app.  

Personal Data we collect: 

We collect the following types of personal data from the data controller: 

• Registration Information: Name, email address and place of work. 

This information will be collected via the Neu Platform registration process to confirm identity and ensure only legitimate users access and use the dashboard functionality accordingly.  

Non-Personal Data we collect: 

Application activity information: Dashboard interaction information.  

This allows Neu Health to review activity and perform fixes on behalf of clinicians/the data controller using necessary performance information. Anonymised information will be used internally by Neu Health for service and technology evaluation, improvements and longitudinal research purposes. 

Focus Group Members 

We conduct focus groups with users (patients and clinicians) to develop and evaluate our products. The exact nature of activities relevant to each focus group activity will be detailed per project and provided to participants via specific accompanying materials. 

The basis for personal information collection is consent. Consent forms will be provided to each individual prior to commencement of the project. Consent can be withdrawn at any time.  

Where applicable, information such as, but not limited to, video/audio recordings, transcripts, test performance information will be recorded and used internally by Neu Health for service and technology evaluation and improvements. 

Children’s Data  

We do not know knowingly collect personal information about children under 13 years old.  Our website, platform and app are not designed for use by children.   

General Communications 

Direct Marketing 

We may use your personal data provided to form a view on whether additional services we provide are of interest to you.  We will send you limited marketing communications from us unless you have specifically opted out from such marketing when you register for our platform and/or app.   

You are able to ask us to stop sending you marketing messages by contacting us at any time.  Where you opt out of receiving these marketing messages, this opt-out will not apply to personal data provided to us as a result of your use of service or our platform or app. 

We will not sell or otherwise share your personal data with any third parties for marketing purposes (except in respect of Clinical Trials, and only to the extent set out below). 

Clinical Trials 

We want to give you choices regarding personal data uses, particularly relating to potential clinical trials.  Where we have identified potential trials that may be relevant to you, we will contact you to provide initial information.  We will not share any personal data unless you provide us with explicit consent to do so (at which point we will share your details with the entity running the trial to contact you directly).   

Additional Handling Requirements 

Data Accuracy 

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your information changes during your relationship with us. 

Third Party Processing 

We use data processors who are third parties who provide elements of services for us, including cloud-based storage providers. We have contracts in place with our data processors. This means that they cannot do anything with your personal information such as share it with other organisations unless we have instructed them to do it. They will hold your personal data/information securely and only retain it for the period we instruct. When it is necessary for us to transfer your personal information outside of the UK this will only be done in accordance with the UK GDPR and the Data Protection Act 2018 (DPA 2018). 

International Transfers 

We use some data processors that are based outside of the UK.  Where this is the case, we ensure that there is an adequacy decision in place which confirms that there is an adequate level of protection for personal data. 

We may also use data processors based in locations which are not yet subject to an adequacy decision, however where this is the case, we ensure that appropriate safeguards are in place so that enforceable data subject rights and effective legal remedies for data subjects are available.  This will usually be achieved through the careful selection of data processors which offer high levels of security for personal data and the use of Standard Contractual Clauses (SCCs) which place binding legal obligations on the recipient to ensure the protection of personal data. 

If you have any questions about Data Processors we use or International Transfers, please contact us and we will be happy to provide you with additional information (including a list of any processors used and where data is shared). 

Data Sharing 

We may also share your personal data where we are required by law or under any legal order, or with any third parties that we might choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy. 

Data Security 

We have put in place reasonable and appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed.  We will limit access to your personal data to those individuals who have a business need to know.  Any individual who is permitted access to your personal data will also be subject to a duty of confidentiality. 

Your Data Protection Rights 

Under data protection law, you have rights we need to make you aware of.  The rights available to you depend on our reason for processing your information. 

Your right of access 

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here. 

Your right to rectification 

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here. 

Your right to erasure 

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.  

Your right to restriction of processing 

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here. 

Your right to object to processing 

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. You can read more about this right here.  

Your right to data portability 

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated. You can read more about this right here. 

Your rights in relation to automated decision making or profiling 

This applies where personal information provided is used to inform automated decision or profiling activities. You have the right not to be subject to a decision when: it is based on automated processing; and it produces an adverse legal effect or significantly affects you. You can read more about this right here.  

How to Make a Complaint 

We strive to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You can do this by contacting us here: Contact us  

If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO). Please see the ICO’s website for more information: 

www.ico.org.uk  

Accessibility Statement 

Our Accessibility statement can be found here. 

Contact Us

If you have any questions about this Privacy Policy or any complaints, You can contact us:

• By visiting the contact us page on our website, selecting ‘data protection’ as the subject, and submitting a form: Contact us