TAVI Heart Team App Privacy Policy

Last updated: 14 May 2021


Privacy Policy

TAVI Heart Team App has been built as a commercial application. This SERVICE is provided by William Redwood, Dr Christopher Allen, and other associated research fellows (collectively "the developers"), and is intended for use as-is. Hereafter, the developers may also be referred to as “We”, “Us”, "Our", "Me", "I".

This page is used to inform visitors regarding the policies with the collection, use, and disclosure of personal information for those who decide to use this service.

If you choose to use this service, then you agree to the collection and use of information in relation to this Privacy Policy. The personal information collected is used for providing and improving the service. Information will not be used or shared with anyone, except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in the Terms & Conditions.


Information Collection and Use

For a better experience while using the service, users may be required to provide certain personally identifiable information, including, but not limited to, their full name, email address, profession, institution, and country of work.

Certain third-party services are also used, and they may collect information used to identify users. Their respective Privacy Policies may be found here:

nAnonymised Research Data

The application may also collect anonymised patient records should a user not opt-out (or opt-in) through the in-app settings after this onboarding process (About tab -> User profile). This would be collected for the purposes outlined below.

These will have the Patient ID randomised, and any ECG scan images removed, to reduce the chance of any records being recognised.

The collected data would be used for the following purposes:

  • To correlate patient and device selection with real-world outcomes.
  • To enable the identification and testing of novel risk variables or scores, to help improve the evaluation of patients undergoing consideration for TAVI/valve intervention.

Any information which is collected during the course of this research will be kept strictly confidential. The information we analyse for the results will be anonymous. The information will be kept for up to twelve months after the research has been completed, before being destroyed. Any data will be kept securely, as outlined in the "Security" section of this policy below. These steps mitigate any potential risks to user who opt-in.

If you opt-in to anonymised patient record collection, but later opt-out, the developers are not automatically notified. No further records are collected by the developers, but any previously-collected records may not be deleted. Should a user desire that previously-collected records are deleted, please contact us using the details at the bottom of this page.

Likewise, should a user have any questions regarding this, please feel free to contact us using the details at the bottom of this page.

Usage/Log Data

The standard collected data may be used for the following purposes:

  • To provide and maintain the service, including to monitor usage of the service.

Retention of collected data

Data will be retained only for as long as is necessary for the purposes set out in this Privacy Policy. Personal data will be retained and used to the extent necessary to comply with legal obligations (such as if retention is required to comply with applicable laws), to resolve disputes, and to enforce our legal agreements and policies.

Usage/log data will also be retained for internal analysis purposes. This data is generally retained for a shorter period of time, except when this data is required to strengthen the security or improve the functionality of the service, or if there is a legal obligation to retain this data for longer time periods.

Security

All information is transmitted and stored using Firebase services, which have all, at the very least, successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process.

This data may then be processed at our respective operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to, and maintained on, computers located outside of your state, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. Your consent to this Privacy Policy, followed by your usage of the application and subsequent submission of any information, represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that user's data is treated securely and in accordance with this Privacy Policy, and that no transfer of user's data will take place to an organisation or a country unless there are adequate controls in place, including the security of user's data and other personal information.

Links to other sites

This service may contain links to other websites. If a user clicks on a third-party link, they will be directed to that site. These sites, unless specified otherwise, are not operated by William Redwood or their associates. It is therefore the user's responsibility to review the Privacy Policy of these websites, as we have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children's privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13 years of age. In the case that we discover that a child under 13 has provided us with personal information, this will be immediately deleted this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that this can be actioned accordingly.

Data subject rights

  1. The right to be informed; meaning anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
  2. The right of access; this is your right to see what data is held about you by a Data Controller.
  3. The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way.
  4. The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
  5. The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
  6. The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format.
  7. The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
  8. Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us as noted below.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. Thus, users are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact

If you have any questions regarding this Privacy Policy, please do not hesitate to contact us at: will@wredwood.com.