What information do we collect from you?
Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect and process the following data about you as follows:
- Information you give us. This is information about you that you give us should you choose to correspond with us by phone, email or otherwise. The information you give us may include your name, address, email address and phone number.
- Information we collect from your use of our app. With regard to each of your visits to our site we will automatically collect technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, whereabouts you connected to our service, your internet service provider (ISP), and what type of device you are using to access our service.
- Information we process on behalf of your employer. This is information relating to testing, test results and may include health data. Where we collect this information we do so on the instruction of various employers and as a Data processor. Your employer will typically be the Data Controller for this information. Please note that where we process data on behalf of a third party (such as your employer) your rights as set out in this policy are enforceable against that third party Data Controller (your employer) and not against us (since our processing is on the Data Controller’s instructions).
Why do we collect this information?
We process your personal information for the following reasons:
- Pursuant to a contract in order to allow you to access the app, on behalf of your employer so as to:
• Provide your employer or third parties (at the request of your employer) with details relevant to your employment and any test results that you might be required to take pursuant to your employment;
• maintain business and service continuity;
• send service communications so that you receive a full and functional service and so we can perform our obligations to you and to your employer; and
- On the basis of your consent:
• Where we rely on your consent for processing this will be brought to your attention when the information is collected from you;
- In our or a third party’s legitimate interests (typically in the legitimate interests of your employer) we will process data for the purpose of:
• provide you with a personalised service;
• ensuring the health of members of the public that your employer might deal with (including other members of staff and customers)
• keeping our site and systems safe and secure;
• defending against or exercise legal claims and investigate complaints; and
You have the right to object to processing carried out for our a third party’s legitimate interests. Please note that in respect of processing carried out by us for third parties your right is as against the Data Controller, rather than us.
See the What are your rights? section below for more information.
- To comply with legal requirements relating to:
• data protection;
• health and safety;
• assisting law enforcement; and
• any other legal obligations placed on us or a third party from time to time.
How long do we keep hold of your information?
- We will keep information about you for a maximum of 6 years or until otherwise determined by the data controller on whose behalf we process personal data.
Who might we share your information with?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal information with the person on whose behalf we are instructed to process personal data (typically your employer) as well as other third parties with whom we are asked to provide personal data by the appropriate data controller.
Additionally, we will disclose your personal information to a third party:
- If we are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
How is your data stored and kept secure?
At Smrtlinks Limited, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We may transfer your data outside the UK. We will only do so if adequate protection measures are in place in compliance with data protection legislation.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. More information is available by contacting us.
What are your rights?
Where processing of your personal data is based on consent, you can withdraw that consent at any time.
You have the following rights. You can exercise these rights at any time by contacting the applicable Data Controller (this is typically your employer). You have the right to ask the Data Controller:
- Not to use your personal data for marketing purposes;
- Not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- Not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
- For access to personal information held about you;
- For the information we hold about you to be rectified if it is inaccurate or incomplete;
- For data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
- For the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
- For data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
In the event that you are not satisfied with our (or the applicable Data Controller’s) processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.