We are simplyweight Limited, a company incorporated in England and Wales (Company No. 7094224) with registered office: Kenburgh House, 28A Manor Row, Bradford, West Yorkshire BD1 4QU United Kingdom.
Simplyweight are currently registered under the Data Protection Act 1998. We are committed to protecting your privacy in line the GDPR (hereby known as the “Act”). For the purposes of the Act, Simplyweight is the “Data Controller”. The confidentiality of your information is of paramount concern to us. Simplyweight fully complies with data protection legislation and medical confidentiality guidelines.
For the purposes of this policy, ‘Personal Data” means any personal information (including ‘Sensitive Personal Data’ as defined in the Act) that is capable of identifying you. This information may include your name, address, telephone number, fax number or e-mail address.
WHAT INFORMATION WE COLLECT:
We collect 2 types of information from you: (1) personally identifiable information; and (2) non-personally identifiable information (for example aggregate information or any information that does not specifically identify you as an individual). We may use these types of information in different ways as detailed throughout this policy.
Personally Identifiable Information (“PII”)
If you choose to withhold requested information, you may not be able to visit all sections of our Website or benefit from all of our Services, such as subscribing to our online weight loss tools, or posting content to our community forum.
Non-Personally Identifiable Information (“NPII”)
When you register as a user on our Website and/or any of our Services, we also may collect information that by itself cannot be used to identify or contact you, such as demographic information (like age, profession or gender) and health information (like current weight, co morbid conditions etc.)
Non-Personally Identifiable Information may also include user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of our Website. NPII is used to help us understand who uses our Website and to improve and market our Website and Services.
WHY SIMPLYWEIGHT PROCESSES DATA
We will be processing your data under special category under Article 9(2)
(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
HOW WE COLLECT AND USE INFORMATION
Use of data
This Website is intended to enable information relevant to the work of simplyweight UK, to be freely available on the World Wide Web. Whilst simplyweight UK hopes you find this website interesting and informative, the contents are for general information only. The use of and access to pages of the simplyweight website is subject to the foregoing disclaimer, and terms and conditions set out below. By using or accessing this Website, you agree to be bound by these terms and conditions.
simplyweight shall not be liable for any loss or damage arising in connection with the content of the website. simplyweight does not guarantee that the website will be error-free, omission-free, uninterrupted or without delay.
Website Usage & Form Submission
Information submitted to simplyweight over this website is normally unprotected until it reaches us. Users are requested not to send confidential details by email unless specifically requested by us.
We will retain data about you which we obtain as a result of you visiting this website. We may use that information to provide you with details of products or services (whether provided by us or others) which we believe may interest you, unless you indicate at the relevant part of the website to the contrary.
When you send an email or complete an enquiry form, simplyweight will not share your email address or private information with anyone outside of the simplyweight, with the exception of doctors, dietitians or any other relevant health care professionals who provide the services about which you are enquiring or other suppliers (in particular those who support our IT systems) who are under strict confidentiality requirements.
Any time you visit the Website, we gather certain information about your use of our website (such as your IP addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks) to analyse trends, administer the site, track visitor movement in the aggregate, and gather broad demographic information for aggregate use. For example, we log your IP address for system administration purposes. IP addresses are logged to track a user’s session. This gives us an idea of which parts of our site users are visiting. We do not link any of the log files to any PII. This means that a user’s session will be tracked, but the user will be anonymous. We will only link your log files to your PII, if necessary, for internal troubleshooting and system performance purposes. We do not share your log files externally.
Cookies & Action Tags
In order for us to monitor and improve this website, we may gather certain information about you when you use it, including details of your domain name and IP address, operating system, browser, version, and the website that you visited prior to our site. We may do this by way of a “cookie”.
A cookie is an element of data that our website can send to your browser, which may then store it on your system.
Most web browsers automatically accept cookies. You do not have to accept cookies, and you should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie.
Any disablement of the cookies function may hinder some of the website functionality, for which we shall not be responsible.
Action tags, or gif tags, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of our Website, including advertisements, or e-mail sent on our behalf, may contain cookies that are associated with action tags that are located on our Website. Unlike cookies, action tags are not placed on your computer.
We may select and use different third parties from time to time to track website usage through action tags on our Website and on our advertisements on other websites.
Phone Calls and E-mails
We require an e-mail address from you when you register with us. For paid Services, you will receive an e-mail notification of your order, and another e-mail when your order has been completed (or that your credit card or other method of payment has been rejected for an order renewal). For renewal transactions you will also receive an e-mail confirming the same.
Once you begin to register for any of our Services, we may also send you newsletters and e-mails about special events, product offerings, promotions or special discounts. If you have started, but not completed, the registration process, we may also send you e-mail messages encouraging you to complete the process and become a subscriber.
Our e-mail messages may contain code that enables our database to track your usage of the e-mails, including whether the e-mail was opened and what links (if any) were clicked.
If you have provided us with your telephone number during or after registration or if we obtain your telephone number from a publicly available source after your registration, then we may also contact you by telephone or text message solely in connection with our Services. The legal basis of processing such e-mail and phone data is under Art.6(1)(b) GDPR.
If you would rather not receive emails about new products, promotions or other noteworthy news, or if you would rather we didn’t phone you, information is set out below about how you can Opt-Out.
If you have submitted your personal data, and later decide that you would like us to discontinue processing your personal data, you can choose to opt-out. To opt-out, please send an electronic mail headed “opt-out” to us at: email@example.com.
If you would rather not receive telephone calls or text messages from us, you may change or delete your number by make adjustments in the account maintenance section of the Website, or by asking to be removed from our contact list if you receive a call from us.
Please note that this opt-out option applies for users who are registered with a free account or are on our free mailing list. Exceptions apply for users who are paid members or clinic patients. Please see the section below on “Data retention” for full details.
The 100-Day Plan & Online Membership
When you register for or subscribe to any of our Services, we collect a wide variety of information which we use in order to better understand your needs. Our Services include the 100-Day Plan, online membership (free or paid), community forums, community messaging platform, weight loss resources and more. You must first complete certain steps to become either a member or a subscriber. During these steps, you may be required to provide us with information (including PII) such as name, postcode and email address, and, if you subscribe to one of our paid Services, credit card and billing information. The legal basis of processing such data is under Art.6(1)(b) GDPR.
From time to time we may conduct voluntary member surveys. We encourage our members to participate in such surveys because they provide us with important information regarding the improvement of our Services. You may also volunteer for certain surveys that we may offer to our users, and any additional rules regarding the conduct of such surveys will be disclosed to you prior to your participation. We do not link the survey responses to any PII, and all responses are anonymous. The legal basis of processing such data is under Art.6(1)(f) GDPR.
HEALTHCARE RECORDS & PERSONAL MEDICAL DATA
Medical Questionnaire & Records
More detailed information about you will be required if you subscribe to our paid Services including the 100-Day Online Plan, paid Online Membership, Consultations or any bespoke Weight Management Plan. This includes, but is not limited to, height, weight, sex, medications, ailments, eating pattern, psychological issues, surgeries and physical activity pattern. The legal basis of collection and processing of all medical data is under a special category Art.9 (2)(h) GDPR.
All this information is used to help us understand who uses our Website, to improve our Website and our Services, to contact users about requested Services and for administration of your account. It is optional for you to provide demographic information (such as profession and number of children), but providing this information is encouraged so we can work towards offering more tailored and personalised plans.
For patients who come for a clinical consultation, detailed and personal medical information will be collected by a doctor or healthcare professional. This data will be required for medical diagnosis, to help our team decide which is the most appropriate medical plan to offer you and to keep clean records of your health and progress over the course of your Plan, should you choose to join one.
Healthcare Industry Practice
In the healthcare sector, patient data is held under a duty of confidence. As a healthcare provider, we operate on the basis of implied consent when it comes to processing patient data for the purposes of direct care, without breaching confidentiality. This consent is not the same as the one needed for lawful processing of data under GDPR.
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
We will only disclose your personal data to carefully selected third parties and organisations for marketing purposes or to assist us in delivery a better quality of service. This includes using data in an aggregated way for research and study.
We may also disclose personal data if required to do so by law or in the good-faith and belief that such action is necessary to:
– conform to the edicts of the law or comply with legal process served on us;
– protect and defend our, or a third party’s rights or property;
– protect someone’s life, health or safety, such as when harm or violence against any person (including the user) is threatened.
You agree that we will not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings, including the sharing of the information you supply to any such third party providers, or as the result of the presence of such providers on the Website.
We may also disclose your personal data to third parties in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. In the case of any transfer of your PII you will be required to reconfirm your consent before any material changes can be made to the way it is stored and used.
For any of our paid Services, especially Consultations and Bespoke Weight Management Plans, we will be required to share your personal data or medical records with Primary Care (GP’s) and Secondary Care (Hospitals and Specialists). These will include Specialists under Simplyweight’s contract and in some cases, when deemed necessary by our medical team, external Specialists. This sharing is essential for the running of our Services and for your own health & safety. The legal basis for such transferring of data is under Art.49(1)(c) and in some cases Art.49(1)(f).
Our Community Messaging Platform
We are employing a GDPR compliant third-party to help us deliver an effective and reliable messaging platform Service. For the purposes of making this work, we only need to share your username (which can be PII as per your selection) and profile picture (which can be PII as per your selection). This information is used to identify users within our community and for us to receive chat analytics which will be used to improve our Services. This personally identifiable information is never distributed to anyone else.
All messaging communications use end-to-end encryption. At your request, we can request an export of your data from the third-party but even these messages will be encrypted for your protection. Should you choose to cancel your account with us, we will notify the third-party immediately and all your data on their server will be deleted.
TRANSFERRING YOUR DATA OUTSIDE THE UK
DATA SECURITY & VIRUSES
We always take appropriate measures to safeguard the personal data we hold from unauthorised access or improper use. We will exercise reasonable care in providing secure transmission of information between your computer and our servers, but given that no information transmitted over the Internet can be guaranteed 100% secure, we cannot ensure or warrant the security of any information transmitted to us over the Internet and hence accept no liability for any unintentional disclosure.
We operate a strict internal security policy with which our employees must comply as a condition of their employment with us.
Also, whilst we make all reasonable attempts to exclude viruses from the website, we cannot guarantee that the website will be virus free and accept no liability in the unlikely event that the website is not virus free.
Users are recommended to take appropriate safeguards before downloading information from this website.
Although the Website has been tested and should work correctly under normal circumstances, there are many factors both within and outside of the control of simplyweight, which may prevent the website from being available. No responsibility is accepted by simplyweight, for any losses howsoever caused that may arise from an inability to access or to access resources through its Website. If you find any errors within our website, including links that do not work, pages linked to the wrong document and out of date information, please email us firstname.lastname@example.org
REQUESTS TO ACCESS YOUR DATA
Any enquiries regarding this policy must be directed in writing for the attention of our data protection compliance officer.
Under the Act you have the right to request details of your personal data held or processed by us.
Please send such requests in writing to the address above, marked for the attention of the data protection compliance officer. Any request must be accompanied by the statutory administration fee of £10.00.
If you believe that any information held by us is incorrect, inaccurate or incomplete, you must write without delay to our data protection compliance officer, highlighting the corrective action to be taken. If any information is found to be incorrect, it shall be corrected promptly.
Requests for rectifying personal data does not extend to any medical records or opinions of any healthcare professionals working under our contract or otherwise. In certain cases where an initial diagnosis or opinion proves to be incorrect following further investigations, we will still keep the old records on file as, at the time of diagnosis, the records accurately reflect a doctor/healthcare professional’s opinion. Furthermore, holding a history of medical records can assist future healthcare professionals who treat the same patient.
DATA RETENTION & ERASURE
Upon termination or cancellation of a free Service, your personal data will be anonymised or deleted from our database but you will remain on our free mailing list unless you specifically request otherwise. At any time you can choose to unsubscribe from this mailing list by clicking on a link in the footer or e-mailing us.
Upon termination or cancellation of a paid Service (100-Day Plan, Consultations, paid Online Membership or a bespoke Plan), we will retain your personal data including all medical records and reports in the interests of your health and our own protection in the event of any legal claims:
- For 100-Day Plan and paid Online Memberships – 5 years since the date of termination
- For Consultations & Bespoke Weight Management Plans – 7 years since the date of termination
During this retention period no one you may still request to access your data in line with the “Administration” clause above, but we cannot take requests for deletion of medical records or PII that is associated with your medical records. As we operate under a special category of data Art.9 (2)(h) GDPR, the “right to be forgotten” or “right to erasure” does not apply here.