Little Journey Privacy Policy

Version: 9.0

Date: 27-October-2023

1)    General

2)    Children’s Privacy

3)    All App Users (for Parents)

a)    Information We Collect About Our App Users

b)    How We Use The Information Provided By Our App Users?

c)     How Long Do We Retain Data Collected Through The Application?

d)    Can I Opt Out Of The Data Processing In The App?

e)     Legal Basis for Processing Personal Data (EEA and UK only)

4)    Portal Users (Healthcare Professionals and Clinical Trial Administrators)

a)    Information We Collect About Portal Users

b)    How We Use Information Provided By Portal Users?

c)     How Long Do We Retain Data Provided By Portal Users?

d)    Can I Opt Out Of The Data Processing In The Portal?

e)     Legal Basis for Processing Personal Data (EEA and UK only)

5)    Visitors To Our Website

a)    Information We Collect About You

b)    How We Use Your Information?

c)     How Long Do We Retain Data Collected Through Our Website?

d)    Can I Opt Out Of The Data Processing Through The Website?

e)     Legal Basis for Processing Personal Data (EEA and UK only)

6)     Research Participants and Advocacy Group Members

a)    Information We Collect About You

b)    How We Use Your Information?

c)     How Long Do We Retain Data Collected Through Our Website?

d)    Can I Opt Out Of The Data Processing Through The Website?

e)     Legal Basis for Processing Personal Data (EEA and UK only)

7)    How We Share Your Data

8) Use of third parties for the collection of data

9)    International Transfers

10)    How We Store and Secure Your Information

11)  Third Party Links

12)  How to Access and Control Your Personal Data

13)  Data Protection Officer and GDPR Compliance

14)  Other Important Privacy Information

a)    We Never Sell Personal Data

b)    NHS National Data Opt Out System (NDOOS)

 

1) General

Little Journey Ltd are a UK registered company (Company Number 11519201).  

This Privacy Policy applies to all information and data collected by Little Journey Ltd when you interact with our website, app, portal or through other channels (for example through e-mailing our team). This Privacy Policy describes how and why we collect, store, process and share personal information or data. It also describes your choices and rights with respect to your Personal Data, including your rights of access and correction of your Personal Data.

 

If you choose to use the Little Journey website, portal or the Little Journey app then you agree to the collection and use of information as described in this policy. If you do not agree with this Privacy Policy, you should not use our website, portal or the Little Journey app.

 

In addition to the data collected and processed by Little Journey described in this policy, Customers (for example, healthcare institutions and clinical research organisations) may also customise our service to collect and manage Personal Data. Little Journey processes such data as a processor under the direction of our customers. Our customers, as data controllers, are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to collecting app user’s Personal Data using the Service. Please see the below sub-section "Information we Collect through the Little Journey App and Process on Behalf of Our Customers" for more information.

 

We keep our Privacy Policy under regular review and may update it from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and within the Little Journey app and you are advised to review this page periodically for any such changes. These changes are effective immediately after they are posted on this page. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. 

 

Little Journey will: 

  • Limit the collection of personal information to what is directly relevant and necessary to accomplish the purposes specified below.  
  • Only use your personal data when the law allows us to do so.
  • Retain the data only for as long as is necessary to fulfil those purposes. 

If you have any questions about this privacy policy, please contact DPO@littlejourney.health. 

 

 

 

2) Children’s Privacy

Sections of the Little Journey app are aimed at children aged between 3 and 12. However, the app is not intended for use by children directly but by parents/guardians for the benefit of their children, during supervised viewing. It is aimed at parents/guardians with content specific to children to facilitate conversation between parents and children. If you are under the age of 13 please make sure you have permission from your parent or guardian before you use the app. If you discover that your child has been using the app without permission, please contact us at DPO@littlejourney.health to have any relevant data deleted.  

 

3) All App Users (for Parents)

a) Information We Collect About Our App Users

Information Collected and Controlled by Little Journey

Identity Data 

Little Journey will collect identity data shared with us through the app such as age and unique registration codes. We deliberately do not ask for directly identifiable data such as name, address or e-mail to ensure that we safeguard app user privacy.

Profile Data 

When setting up the app on a device, the app will share with us information relevant to the user healthcare journey including the date of procedure(s), the hospital and the general clinical pathway. We may also request that you complete surveys or questionnaires while using the app relating to user experience. Responses to these surveys will be linked to the user profile.

Device Data

We collect the details of the device used to interact with our services including device brand name e.g. Motorola, Apple. Device category e.g. mobile or tablet. Device name/model e.g. iPhone XS or SM-J500M. Operating systems version e.g. MAC OS X 10.2. 

 Usage Data 

We collect details of your use of any part of our app, including but not limited to, the resources that you access and application version. 

Information we Collect through the Little Journey App and Process on Behalf of Our Customers

When healthcare providers or clinical research organisations (our customers) use our service for issuing bespoke surveys relevant to their service, they may collect data relating to your healthcare experience and outcomes. We do not control the content of surveys or the types of Personal Data that they may choose to collect or manage using our service. We process this data under our customers’ instructions, this may include combining survey data with app usage data as per their requirements.

Our customers control and are responsible for correcting, deleting or updating the information they control using the Little Journey portal and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to processing the Personal Data through the Little Journey platform. 

Other Information we Process on Behalf of Our Customers

Sometimes our customers will use the Little Journey platform to deliver bespoke services relevant to your or your child’s healthcare pathway or clinical trial. When our customers use our platform for processing information as part of bespoke services, then Little Journey processes this data under their instructions and retain the data in accordance with their requirements. 

In other circumstances, our customers may also provide us with other data on patient outcomes and experiences. To protect your privacy rights, this data is provided in a way that makes sure you cannot be directly identified when combined with data through the app.

b) How We Use The Information Provided By Our App Users?

Improving Your Health Care Experience

We need to know certain information about our users in order to deliver our service. We use profile and identity data shared with us through the app for this purpose. For example, patient age is used to make recommendations on the type of content to be displayed through the app based on your child’s predicted level of understanding and time and date of appointment is used to provide relevant prompts relating to your child’s hospital visits. Unique registration codes allocated to you by our customers allow us to link you to a specific clinical pathway or trial protocol to deliver specifically relevant content but ensures that your data remains appropriately secure as you will not be identifiable to anyone with access to that data.

Improving the Little Journey Application

We collect data about how our products and services are used by monitoring and tracking usage data which we combine with other data you provide. We use this data to develop and improve our products and services.  For example, we use usage data to assess trends and usage across the product to help us determine what new features our users may be interested in and feedback from surveys to implement address areas of potential dissatisfaction.

Improving healthcare services and clinical trial protocols

We may combine user data with other data held by our customers to identify potential ways in which their service could be improved and support the continued use of our technology in their environment.

For informing future app developments

Unless otherwise prohibited through contractual obligations, we retain your data for statistical purposes as part of our onward development. The data we retain is not directly identifiable data (pseudonymised).

Automated processing

We do not use data provided to us for making decisions based solely on automated processing

c) How Long Do We Retain Data Collected Through the App?

Unless otherwise specified by a contractual agreement with a data controller, Little Journey will retain data obtained through the app indefinitely as it will be used for statistical purposes as part of future product developments.

d) Can I Opt Out Of The Data Processing In the App?

Whilst it is possible to use the app without entering the date of procedure, it is not possible to opt out of the collection of your hospital and child age data as it is essential for the app to work as intended. It is possible to opt out of push notifications supplied through the application through the app settings.

e) Legal Basis for Processing Personal Data (EEA and UK only)

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will only process data in accordance with the lawful basis outlined below or in accordance with the legal basis determined by the data controller.

Our Legitimate Interests

The following examples of legitimate interests of app users, customers and Little Journey have been identified:

For the app user:
  • Access to age-appropriate tailored content relevant to healthcare procedures
  • Improved healthcare experiences through reduced peri-procedural anxiety and improved procedural compliance
For the Customer:
  • Improved content delivery and patient experience
  • Opportunities for service improvement
For Little Journey:
  • Identification of product improvements through new and enhanced features
  • Ensuring service delivery in accordance with customer requirements

Consent

Some data collection activities require the explicit consent of the data subject and/or their legal guardians. Where this is the case, consent will either be obtained in the app itself or as part of an external process (e.g. consent obtained by a healthcare professional or a member of a clinical trial team as part of the provision of their services).

Where consent is obtained in the app, we make every effort to verify that the person providing the consent is the parent or guardian.

Special category data collection

Again, depending on the processing activity, Health data processed through our platform is initially processed for either 1) the delivery of health or social care purposes (article 9(2(h)) or 2) explicit consent (article 9(2(a)) and is retained for research and statistical purposes (article 9(2(j)). We often also obtain consent for the retention of such data.

4) Portal Users (Healthcare Professionals and Clinical Trial Administrators)

a) Information We Collect About Portal Users

Identity data 

We collect and store data necessary to identify and authenticate portal users when they access the portal. This includes their e-mail address and password.

Profile data

We collect data through questionnaires and surveys issued to portal users.

Device Data

We collect the details of the device used to interact with our portal e.g. Operating systems, version and browser.

Usage Data 

We collect details of your use of any part of our portal.

b) How We Use Information Provided By Portal Users?

To Communicate With You About Our Service

We use identity and authentication information provided by portal users to communicate with about any issues, features or enhancements that affect their use of our service.

To Secure and Protect our Portal Users

We use identity and authentication information provided by portal users to investigate and help prevent security incidents. We may also use this information to meet legal requirements. We use your information to verify user accounts and to detect and prevent product abuse.

To Secure and Protect our App Users

We use identity and authentication information provided by portal users to ensure that you only have access to the appropriate data collected by your site and in accordance with your allocated role

To Issue Marketing Communications

Where portal users have opted into marketing communications, we use your data to issue direct marketing communications.

c) How Long Do We Retain Data Provided By Portal Users?

Portal user data is retained for a maximum of 6 years after subscription completion or in accordance with specific contractual requirements.

d) Can I Opt Out Of The Data Processing In The Portal?

It is not possible to opt out of the collection of this data as it is essential to ensure that access to data stored within the portal is secure. You can opt out of receiving marketing communications by amending your preferences in the Little Journey Portal.

e) Legal Basis for Processing Personal Data (EEA and UK only)

The collection and storage of portal user data is necessary for the fulfilment of the contract we have in place with your employer.

We use consent as the legal basis for using your data to issue marketing communications.

5) Visitors To Our Website and other Little Journey online content

To make sure interested parties are kept up to date with Little Journey’s business and related services, we process personal data provided by person’s interacting with relevant content via electronic media (e.g. our website, social media posts or webinar content). Sometimes this data will be collected on our behalf by a third party and shared with us. 

a) Information We Collect About You

Identity data

We collect identity data requested through our website and other similar types of online content such as name and E-mail address.

 Usage data

Includes information relating to the use of our website and engagement with online content obtained using tracking cookies or similar technologies – see our cookie policy here.

b) How We Use Your Information?

 To Market and Promote the Little Journey Platform

We use the information you provide through our website, like your email or physical address, to: 

  1. market and promote our products, services, and other offerings. This includes sending content to you which we think may be of interest by post, email, or other means. We use this information to promote the use of our services to you and share promotional and information content with you in accordance with your communication preferences. 
  1. Contact you in relation to issues raised and feedback provided in relation to our services. 

c) How Long Do We Retain Data Collected Through Our Website?

Data is retained until you opt out of relevant communications via the opt out mechanism described below. -

d) Can I Opt Out Of The Data Processing Through The Website?

You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or by contacting us through DPO@littlejourney.health.  Customers cannot opt out of receiving transactional emails or essential service information relating to services provided by Little Journey.  

e) Legal Basis for Processing Personal Data (EEA and UK only)

We use consent as the legal basis for using your data to issue marketing communications.

6)  Research Participants and Advocacy Group Members

a) Information We Collect About You

Identity data

We will collect data necessary to contact you so that we can arrange our user research and patient advocacy activities. This data includes your name and e-mail address.

We will collect other personal information relevant to your child such as their name and age.

We will also collect data you or your child discloses as part of the user research activities. Some of this data may be relevant to you or your child’s health condition.

b) How We Use Your Information?

We will use the data you provide to us as part of our user research and patient advocacy groups to inform future app development activities.

c) How Long Do We Retain Data Collected Through Our User Research Activities?

Where possible we will anonymise all data gathered through user research activities on collection. Where this is not possible we will ensure data is heavily pseudonymised (making it hard to identify the data subject) prior to archiving indefinitely for statistical/research purposes.

Records of consent will be retained for as long as data is held by Little Journey.

d) Can I Opt Out Of The Data Processing Through The Website?

You can opt out of data processing by contacting us through DPO@littlejourney.health.

e) Legal Basis for Processing Personal Data (EEA and UK only)

We use consent as the legal basis for collecting personal data as part of our patient advocacy groups and user research activities. You must actively provide consent to Little Journey (explicit consent). We use explicit consent as the condition for processing special category data as part of these activities.

7) How we share information we collect

We employ other third parties and service providers to assist us in the provision of our service to you. Examples for sharing your data with a third party may include sharing with a service providers responsible for maintaining our operational infrastructure or analysing data/performing statistical analysis for developing and improving the product and services. These service providers are prohibited from using your Personal Data except for purposes explicitly agreed, and they are required to maintain the confidentiality of your information. 

8) Use of third parties for the collection of data

On occasions, we may use third parties to collect personal data on our behalf with the intent of them sharing that data with us (e.g.,through the provision of online content for marketing or outreach to their existing network). When we enlist third parties, we will make sure that any data processing and sharing activities they undertake are done so in accordance with applicable legislation and any onward use of that data by Little Journey will comply with the requirements of this policy.

9) International Transfers

There may be circumstances where we need to transfer your personal data outside the UK or the European Economic Area (EEA). Where your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards. This would include the use of a recognised legal adequacy mechanism, or standard contractual clauses/an International Data Transfer Agreement (IDTA), any required additional technical measures (including pseudonymisation) and we will take steps to ensure that personal data is treated securely and in accordance with this privacy notice.  

10) How We Store and Secure Your Information

We value your trust in providing us your Personal Information and we strive to protect it. All information you provide to us is stored on our secure servers and we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way such as: 

  • Encryption of your data in transit. 
  • Storage in servers that are certified to industry recognised information security standards.  

But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. Should we discover a data security breach, we will use everything within our means to inform you (and our regulator) and take all steps required of us under English law. 

11) Third Party Links

 Little Journey services may contain links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.

12) How to Access and Control Your Personal Data

Under certain circumstances you have the following rights under data protection laws in relation to your personal data. In summary:  

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.  
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.   
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:  
    • if you want us to establish the data’s accuracy;  
    • where our use of the data is unlawful but you do not want us to erase it;  
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or  
    • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.  
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.  

You also have the right to ask us not to continue to process your personal data for marketing purposes.  

You can exercise any of these rights at any time by contacting our support team at DPO@littlejourney.health.

We will respond to any of the requests described above as soon as possible, and no more than 2 months after receipt.

13) Data Protection Officer and GDPR Compliance

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Data Protection Officer.

Ian Knott 

DPO@littlejourney.health 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for UK data protection issues.  

We have appointed IT Governance Europe Limited to act as our EU representative. If you are located within the EU and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include our company name in any correspondence you send to our Representative. 

14) Other Important Privacy Information

a) We Never Sell Personal Data

We will never sell your personal data to any third party.

b) NHS National Data Opt Out System (NDOOS)

Little Journey is compliant with the NHS National Data Opt Out system as we have no data disclosures which requires opt outs to be applied.