Aiconic Health

Privacy Policy

This privacy policy explains how personal data is collected and used when you use our website/mobile apps. It also explains how we process any data that you supply to us on this website/mobile apps, for instance to request a quote or to use our online services.

Aiconic Health is the Data Controller for any personal data that you supply to us as part of the services you are contracted to receive from us. As our client, you are our data subject.

Policy Statement

We are committed to protecting your privacy. You can access our website/mobile apps without giving us any information about yourself. But sometimes we do need information to provide services that you request, and this statement of privacy explains data collection and use in those situations.

In general, you can visit our web site without telling us who you are and without revealing any information about yourself. However, there may be occasions when you choose to give us personal information, for example, when you choose to contact us or request information from us.  We will ask you when we need information that personally identifies you or allows us to contact you.

We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than that indicated below:

  • To send you confirmation of requests that you have made to us

  • To send you information when you request it

We intend to protect the quality and integrity of your personally identifiable information and we have implemented appropriate technical and organisational measures to do so. We ensure that your personal data will not be disclosed to State institutions and authorities except if required by law or other regulation.
Our website/mobile apps may contain links to other website/mobile appss of interest. However, once you have used these links to leave our site, you should be aware that we don’t have any control over the other website/mobile apps. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.

Our address is
45 Rugby Rd., Hinckley, LE10 0QA, UK
Telephone +44 (0) 203 9838 389
Email  contact@aiconichealth.com

Aiconic Health Consult has a Data Protection Officer who can be contacted at the address above.

What Personal Data We Collect

We will obtain personal data about you (such as your name, address, email address, telephone number) whenever you complete an online form.  For example, we will obtain your personal data when you register to use the Site, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services or as part of the provision of your existing contractual services.

We may monitor your use of this website/mobile apps through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data, weblogs and other communication data whether required for billing purposes or otherwise, the originating domain name of a user’s internet service provider, IP address, operating system, browser type. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on ‘Use of cookies’ below.

Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide goods and services.

What We Do With Your Personal Data

We will use your personal data for any one or more of the following purposes: to help us identify you and any accounts you hold with us; administration; research, statistical analysis and behavioral analysis; customer profiling and analyzing your purchasing preferences; marketing—see ‘Marketing and opting out’ below; fraud prevention and detection; to prevent and/or detect crime; billing and order fulfilment; credit scoring and credit checking—see ‘Credit checking’ below; customizing this Site and its content to your particular preferences; to notify you of any changes to this Site or to our goods and services which may affect you; improving our goods and services; to allow you to participate in interactive features of the Site; in the event we sell or buy any business or assets.

The following points sets out how we handle your personal data and our legal basis for doing so under GDPR and the Data Protection Act 2018.

  • Use the personal data that you provide on our web forms and questionnaires  :  Article 6(1)(b) – when you provide us with your personal data, for instance to obtain a quote for our services, this is a necessary step to take at the request of the data subject prior to entering into a contract

  • Provide goods and services to you  :  Article 6(1)(b) – this is necessary for the performance of a contract with you, our data subject

  • Provide our online services  :  Article 6(1)(b) – this is necessary for the performance of a contract with you, our data subject

  • Contact you regarding the services we provide  :  Article 6(1)(f) – we need to contact you for our legitimate interests so that we can gather more information for the provision of our services, or to deliver those services most effectively

  • Retain your data under our data retention policy after your contract has expired  :  Article 6(1)(f) – we need to retain your personal data for only as long as necessary under the law to protect our legitimate interests

  • Where you require us to make Reasonable Adjustments to enable you to attend a meeting or interview, we may require further information from you  : Article 9(2)(a) of GDPR (explicit consent).

If this includes information about your physical or mental health, such information (being sensitive personal data, Special Category data), will only be used by us, with your explicit consent, to assess your eligibility for Reasonable Adjustments. We will not share or disclose it to others.

You can withdraw your consent at anytime by contacting us. Please note that we may not be able to process your request for Reasonable Adjustments if you do this.

The following points sets out the categories of personal data that we obtain and why we need it:

  • Name, postal address, email address, website/mobile apps, identification number, location data, online identifier – these are classed as personal data  :  This data is provided by you on our web forms and questionnaires when you register to use the Site, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services or as part of the provision of your existing contractual services. This data may be provided if you apply for a job opportunity.

  • Special categories of personal data are racial or ethnic origin, political opinions, sex life, sexual orientation, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a natural person, or data concerning health  :  This data may be required by us to make Reasonable Adjustments to enable you to attend a meeting or interview, we may require further information from you.

We may collect, hold, use, and disclose the information collected to compile statistical data and to; maintain our database; develop/improve our website/mobile apps; respond to any email enquiries; notify you of any upcoming marketing, training or other events that you have opted in to; provide you with publications; manage quality control; manage systems administration; attend to compliance issues; provide you or your organisation with advice and determine suitability for employment.

We will not use or disclose your personal information for any other purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales. Aiconic Health does not sell your data to third parties.

If you no longer wish to receive information about our services, please send an email to our Aiconic Health Data Protection and Compliance Officer David Corr advising that you do not wish to receive further information.

Will We Disclose Your Data?

Personal data will only be disclosed on a confidential basis to external service providers so that they can provide services such as financial or administrative services in connection with the operation of our business; and to any person (where necessary) in connection with their services, such as law enforcement, regulatory authorities, partners or advisors within the UK.  

The handling of these operations is governed by a data processing contract between us and our external service provider, ensuring a commitment to the principals of the GDPR and the Data Protection Act 2018. We ensure external service providers are only authorised to use personal data for the limited purposes specified in our agreement with them.

Aiconic Health implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

Availability

Aiconic Health utilizes the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

No personal data is stored permanently outside Aiconic Health cloud platforms. The physical security is thereby maintained by Aiconic Health subcontractors, see clause 7. Microsoft’s datacenters comply with industry standards such as ISO 27001 for physical security and availability, e.g. by using security staff around the clock, two-factor access control using biometric and card readers, barriers, fencing, security cameras and other measures.

Integrity

To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

For data in transit, the Service uses industry-standard transport protocols between devices and Microsoft datacenters and within datacenters themselves.

Confidentiality

All personnel are subject to full confidentiality and any subcontractors and sub-processors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.
Whenever personal data is accessed by authorized personnel, the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access.

Any device being used to access personal data is login protected by Aiconic Health Azure Active Directory (AAD), Microsoft’s cloud based identity and access management service, and has Aiconic Health corporate antivirus solution installed. If any personal data are temporarily stored on a device, the storage unit on the device must also be strongly encrypted.

On premise devices storing personal data temporarily is at all times, except when not being actively used or relocated under uninterrupted supervision, locked in a safe. Personal data are never stored on mobile media like USB sticks and DVD’s.

Transparency

Aiconic Health will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. Aiconic Health will also provide the summaries of any independent audits of the Service.

Isolation

All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. Aiconic Health Security and Privacy Officer issues authorizations and maintains a log of granted authorizations. Authorized personnel are granted a minimum access on a need-to-have basis through our AAD.

 
How Long We Keep Your Personal Data

Personal data from our data subjects is retained in line with our data retention policy. Aiconic Health keeps most data for 7 years, which covers the 6 years by law in which we have to keep certain information for a minimum of 6 years plus the current year. Personal data that is no longer necessary to be kept under Aiconic Health data retention policy will be deleted. Under Aiconic Health data retention policy, there are certain exemptions in relation to financial data and health data. A copy of Aiconic Healths data retention policy can be made available upon request.

 
Your Rights

You have the following rights in relation to personal data held on you by Aiconic Health:

  • The right to be informed about how personal data is used – (this notice)

  • The right to access a copy of personal data that Aiconic Health holds about you

  • The right to rectification of any errors in personal data held by Aiconic Health

  • The right to erasure of any personal data

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision-making including profiling

If you wish to learn more about these rights and how they operate, please look at the ICO’s website/mobile apps https://ico.org.uk/for-the-public/

Aiconic Health does not operate any automated decision-making systems.

You have a right to request a copy of the personal data that we hold about you. If you would like a copy of some or all of your personal data, please email contact@aiconichealth.com or write to our Aiconic Health Data Protection and Compliance Officer at 45 Rugby Rd., Hinckley, LE10 0QA, UK. 

Proof of your identity will be required for security purposes.

If you are unhappy with the response that you receive from us when you exercise your GDPR rights or Data Protection Act 2018 rights, you have the right to lodge a complaint to the ICO. More guidance about raising a complaint with us is available on the ICO’s website/mobile apps https://ico.org.uk/for-the-public/raising-concerns/ and for raising a complaint with the ICO, more information is available on https://ico.org.uk/concerns/.

Personal Data Breach Notification

In the event that your data is compromised, we will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the Service and Aiconic Health action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.

Other Website/Mobile Apps

Our website/mobile apps may contain links to other sites. This privacy policy only applies to this website/mobile apps so when you link to other website/mobile appss you should read their own privacy policy.

Monitoring

Aiconic Health uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.

System performance and availability is monitored from both internal and external monitoring services.

How To Contact Us

Please review the website/mobile apps regularly as this statement may change from time to time.  If you have any questions about our privacy policy or information, we hold about you please contact:
Aiconic Health Data Protection and Compliance Officer
Telephone  +44 (0) 203 9838 389
Email contact@aiconichealth.com