1 INTRODUCTION AND TERMS
1.1 Who we are
Icare247 is a wholly own subsidiary of KG&S, which is a Data Controller and registered with the Information Commissioners Office.
This privacy notice relates to Icare247 and one of it’s web sites Getmicare.
We may amend this privacy notice from time to time. If we do so, we will change the web site Privacy document which will be our definitive document in place at a particular time.
Icare247 acts as a data processor on behalf of a data controller KG&S.
For the attention of the Director, 15 Halls Farm Close Winchester, SO226RE
01962 606247 with your request and we will get back to you next working day
1.2 How the law protects you
The law says we must have one or more of these reasons for using your data:
- To fulfil a contract we have with you to provide our services
- Where it is our legal duty
- When it is in our legitimate interest
- When you consent to the use of the data
Icare247 & Getmicare will seek consent on registration for the use of data within the Icare247 platform.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
2. YOUR RIGHTS
2.1 Under the GDPR having verified your identity by email, or telephone, your rights are:
- 2.1.1 To be informed – we must make available this privacy notice with the emphasis on transparency over how we process your data. This is available on our web site in our terms and conditions.
- 2.1.2 Access – you are entitled to find out what details we may hold about you and why. This is available by contacting a Director, contact details section 1
- 2.1.3 Rectification– we are obliged to correct or update your details. Having received the request in writing see section 1
- 2.1.4 Erasure – this is also known as the right to be forgotten. We do this by removing your identity name, address, email and contact information from our data base.
- 2.1.5 Restrict processing – you have the right to ‘block’ or suppress the processing by us of your personal data. Currently this is only available by written request which will mean removing your identity from our data base
- 2.1.6 Data portability – you have the right to obtain and reuse your personal data that you have provided to us.
- 2.1.7 Object – you have the right to object to us processing your data in relation to direct marketing and or profiling. Permission for this is given on registration and can be changed in your on-line profile with Icare247.
- 2.1.8 Rights in relation to automated decision making and profiling – we use algorithms in processing data for you and reporting information to you. If your are unhappy with this we can no longer provide you with our service. In this case you need to write for your personal identity to be removed form our data base.
3. THE DATA WE COLLECT ABOUT YOU
3.1 We process personal data which may include your name, address, date of birth, family relationships and email address. We also have data on your activity on the tablet or web site as part of our service to you. It also may include your IP address and cookies (website)
3.2 We will collect personal data from you in relation to the provision of our services to you, including details relating to your activities on the micare tablets and getmicare web site of data relevant to the services we provide.
3.3 We may require documentary details from you, in order to comply with our obligations under identification, anti-terrorism legislation, or other legal requests from government authorities. Currently verifying details are not required for our company.
3.4 Our collection methods are:
- 3.4.1 via our website and related tools;
- 3.4.2 through engagement (or potential engagement) of our services;
- 3.4.3 by communications, including email, telephone, post or social media;
- 3.4.4 by networking of contacts, friends, relatives;
- 3.4.5 through engagement of service providers;
- 3.4.6 via third parties and/or publicly available resources where needed.
3.5 When using our digital services on our website, we gather data from you using cookies and other internet tracking software, such as Google Analytics. The purpose of this is to understand how you are using our services, and to provide you with better and enhanced information.
4. HOW YOUR DATA WILL BE USED
4.1 We use information held about you to:
- 4.1.1 provide services to you under a contract, as set out in a consent document between us;
- 4.1.2 ensure that content from our website is presented in the most effective manner for you and for your devices;
- 4.1.3 provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or by Legitimate Interests;
- 4.1.4 allow you to participate in interactive features of our service when you choose to do so, e.g. asking a question through our website, joining in our community on line services;
- 4.1.5 carry out necessary maintenance to our infrastructure;
- 4.1.6 notify you about changes to our services;
- 4.1.7 fulfil our legal obligations to government complying with requests from government. anti-terrorism financing and Criminal Finances Act legislation;
- 4.1.8 use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings; and
- 4.1.9 enable us to invoice you for our services and investigate/address any fee disputes that may have arisen.
4.2 If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
4.3 We also embrace the use of social media and may wish to process any comments made public by you.
5. LEGITIMATE INTEREST & MARKETING
5.1 We may process your data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
5.2 If you are an existing customer or user, we will send you information about other products, events and services that we feel may be of interest to you. You have a right at any time to ask us to stop contacting you for marketing purposes by unticking your consent on our web site.
5.3 We will never sell your data to a third party for marketing purposes.
6. HOW WE WILL SHARE YOUR DATA
6.1 We will share your information within Icare247 for administration purposes, to develop ways to meet our clients’ needs and to carry out marketing activities. Your information will be retained within the Icare247 except where disclosure is required or permitted by law or when we use third party (data processors) to supply and support our services to you.
6.2 We may also pass your data to third party external organisations where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
6.3 We use third party service providers such as agents, subcontractors and other organisations to help us provide services to you. These would include:
- 6.3.1 cloud providers, Amazon, other data storage companies
- 6.3.2 email and secure Document exchange systems including Dropbox, Google docs, Microsoft;
- 6.3.3 Mail chimp, research agencies (Universities) and mailing houses;
- 6.3.4 Off-site storage and cleaning services.
6.4 All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
6.5 As part of the services offered to you, we may send your data outside of the European Economic Area (EEA) for research. Where this is the case, we will take steps to ensure that your data is protected in the same way as if it was being used in the EEA. For example, where third party suppliers of store data are in the US, we will ensure that their services fall within the Privacy Shield. https://www.privacyshield.gov
7. DATA RETENTION
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
- our normally policy is to automatically remove all data that is more than one years old unless required by the above or because we require it to maintain our business relationship with you.
8. DATA DELETION
Under GDPR you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case by case basis and must be submitted in writing to the contact details provided in this policy.
9. DATA CORRECTION
We will correct or update your data at the earliest opportunity provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.
10. DATA SECURITY
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place relevant software protection, where we have suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. DATA INSPECTION
11.1 We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you. Such requests will normally be in writing to the contact details provided in this policy. We need to check the identity of the requestor. If we do hold your personal data we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy).
11.2 The information we supply will:
- 11.2.1 confirm that your data is being processed;
- 11.2.2 verify the lawfulness and the purpose of the processing;
- 11.2.3 confirm the categories of personal data being processed;
- 11.2.4 confirm the type of recipient to whom the personal data have been or will be disclosed, and
- 11.2.5 let you have a copy of the data in an intelligible form.
11.3 Please note that you may need to provide identification in order to prove who you are to access your data.
11.4 If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
11.5 In the instance that we do not hold information about you we will also confirm this in writing at the earliest opportunity.
11.6 Micare tablet was designed on the user being able to share data to family and friends, a Micare user will be able to know which users have access to their data and have the right to remove that person from seeing, altering their settings or even having any access at all. Consequences of removing them will be that family, or friends with access will not be able to set, monitor information on the micare platform, if you remove icare247 back office your tablet will not be able to run it’s full function and have very limited functionality.
We keep our privacy notice under regular review and you should check back regularly to ensure you are aware of changes to it. We may display this notice to you from time to time to help ensure you are aware of its contents.
13. WITHDRAWAL OF CONSENT
3.1 You will have consented to our processing of your personal data, agreeing to our terms and conditions at the registration process, you have the right to withdraw that consent at any time. This is done by remove the tick in the consent box found in your personal detail page.
- 13.1.1 The withdrawal of consent does not affect the lawfulness of earlier processing.
- 13.1.2 If you withdraw your consent, we may not be able to continue to provide services to you or indeed for your product to continue to be used.
- 13.1.3 Even if you withdraw your consent, it may remain lawful for us to process your data if a legal basis from an official government body has been lodged with us.
You have the right to complain about the processing of your personal data. Please contact us using the details provided.
By email firstname.lastname@example.org
By Phone 01962 606247
By writing to Responsible Director, 15 Halls farm Close, Winchester, SO22 6RE United Kingdom. If you are still unsatisfied you have the right to complain to the Information Commissioners Office (https://ico.org.uk/concerns).