1. OUR APPROACH TO PRIVACY
1.1 HIYOS stands for Healthy In Your Own Skin, which refers to our emphasis on wellness and personalised care for you. Hiyos Limited is a company registered in England with its registered address at Firstcare Practice, The Blenheim Centre, Hounslow, England, TW3 1NL (“HIYOS“, “we“, “our” or “us“).
1.3 We operate a website, available at https://hiyos.org/, that allows you to access and stream webinars, access information only regarding the HIYOS / Firstcare GP practice (the “Practice“) and other health-related content (our “Website“).
1.4 This Policy applies to our Website and any other services we may provide via our Website, including providing you with access to our webinars and pre-recorded videos (the “Service”).
1.6 Please ensure that you have read this Policy and understand how we collect, store, use and disclose your personal information, before accessing or using the Service. If you have any questions about this Policy or how we use your personal information, please contact us using the details at the end of this Policy.
2. WHO IS RESPONSIBLE FOR THE USE OF YOUR PERSONAL INFORMATION
HIYOS is the controller of the personal information we hold about you in connection with your use of the Service. This means that we determine and are responsible for how that personal information is used.
3. PERSONAL INFORMATION WE COLLECT FROM YOU WHEN YOU USE THE SERVICE, OR COMMUNICATE WITH US
Personal information you submit to us
3.1 We collect personal information that you voluntarily submit directly to us when you access and use the Service, including information you provide when you register to attend webinars, submit information during live webinars, correspond with us by phone, e-mail or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, provide feedback, or use some other feature of the Service (such as our chatbot). We may also collect personal information from third parties.
3.2 In some circumstances, the provision of personal information will be mandatory (for example, where it essential in order to facilitate the supply the Service to you or respond to your queries). If you choose not to provide any mandatory personal information, we may not be able to respond to your queries or provide parts of the Service to you.
3.3 The table at Annex 1 sets out the categories of personal information we collect about you and how we use that information when you use the Service, as well as the legal basis which we rely on to process that personal information.
4. PERSONAL INFORMATION WE COLLECT AUTOMATICALLY
4.1 We also automatically collect the following personal information regarding how you access and use the Service, and information about the device you use to access the Service when you visit our Website, read our emails, or otherwise engage with us.
4.2 The table at Annex 2 sets out in detail the categories of personal information we collect about you and how we use that information when you use the Service, as well as the legal basis which we rely on to process the personal information. For more information on cookies and other tracking technologies that we use to collect such personal information, please see Section 10 below.
4.3 We will link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
4.4 We will anonymise and aggregate any of the personal information we collect (so that it does not identify or relate to you). We will use anonymised information for purposes that include testing our IT systems, research, data analysis and improving the Service. We will also share such anonymised and aggregated information with others.
Personal information we collect from third parties
4.5 We also collect personal information, from third parties such as YouTube and other video streaming hosting providers, which they collect automatically relating to how you access and use the Service. This information may include length of video streaming, page and video views and website navigation paths, as well as information about the timing, frequency and pattern of your video streaming. We will use this information to analyse and improve the Service.
5. HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION
5.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.
5.1 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
6. RECIPIENTS OF PERSONAL INFORMATION
6.1 We will share your personal information with the following categories of recipients to the extent required for the purposes set out in Annexes 1 and 2:
(a) Research bodies and educational institutions: in order to assist research bodies and education institutions that we partner with, we may share your personal information with those entities where we have your consent to do so.
(b) Service providers and advisors: in order to provide, administer and improve the Service we will share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, insurance services, mailing, email or calling services, web hosting, or providing analytic services.
(c) Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
(d) Law enforcement, regulators and other parties for legal reasons: we will share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our website terms of service, available here and/or (iii) exercise or protect the rights, property, or personal safety of HIYOS, its users or others.
7. MARKETING AND ADVERTISING
7.1 From time to time we may contact you with information about our Service, including sending you marketing messages and asking for your feedback on our Service.
7.2 Most marketing messages we send will be by email. For some marketing messages, we will use personal information we collect about you to help us determine the most relevant marketing information to share with you.
7.3 We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails. We make every effort to promptly process all unsubscribe requests.
7.4 If you opt out of receiving marketing messages, we will still need to send you service-related communications (e.g. account verification, changes/updates to features of the Service, technical and security notices).
8. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
8.1 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. You should also take care to keep your login details secure and beware of scammers. Note that we will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
8.2 International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the UK or European Economic Area (“EEA“), your personal information may therefore be processed outside of the UK or EEA. In the event of such a transfer, we ensure that:
(a) the personal information is transferred to countries recognised by the European Commission or the UK Secretary of State (as applicable) as offering an equivalent level of protection; or
(b) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission or UK’s Information Commissioner’s Office (as applicable).
8.4 If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Policy.
9. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
9.1 In accordance with applicable privacy law you have the following rights in respect of your personal information that we hold:
(a) Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal information;
(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we will share your personal information; and
(iv) a copy of the personal information we hold about you.
(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
(f) Right to withdraw consent. If you have provided consent for the processing of your personal information, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.
9.2 You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
9.3 If you wish to exercise one of these rights, please contact us using the following email address: manager.HIYOS@nhs.net.
9.4 You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK, information about how to contact your local data protection authority is available here.
10. COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR WEBSITE
11. LINKS TO THIRD PARTY SITES
The Service may, from time to time, contain links to and from third party websites, including websites provided by the NHS or the Practice, those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
12. OUR POLICY TOWARDS CHILDREN
The Website is not directed at persons under 16 and we do not knowingly collect personal information from children under 16. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information as quickly as possible.
13. CHANGES TO THIS POLICY
We may update this Policy from time to time and so you should review this page periodically. When we change this Policy in a material way, we will update the “last modified” date at the end of this Policy. Changes to this Policy are effective when they are posted on this page.
14. NOTICE TO YOU
15. CONTACTING US
15.1 Please contact manager.HIYOS@nhs.net if you have any questions, comments and requests regarding this Policy.
15.2 This Policy was last modified on 21 October 2022.