Little Journey ziMyG Privacy Policy

1)    Introduction

Little Journey processes data collected during the use of the ziMyG app under our customers’ instructions. This privacy policy provides information the nature of data processing activities performed by Little Journey in relation to the provision of these services.

2)    General

Little Journey Ltd are a UK registered company (Company Number 11519201).  
This Privacy Policy applies to all information and data collected by Little Journey Ltd when you interact with the ziMyG app. This Privacy Policy describes how and why we collect, store, process and share personal information or data. It also describes your choices and rights with respect to your Personal Data, including your rights of access and correction of your Personal Data. 

If you choose to use the ziMyG app then you agree to the collection and use of information as described in this policy. If you do not agree with this Privacy Policy, you should not use the ziMyG app.

We keep this privacy policy under regular review and may update it from time to time. We will notify you of any changes by posting the new privacy policy on this page and within the ziMyG app and you are advised to review this page periodically for any such changes. These changes are effective immediately after they are posted on this page. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. 

Little Journey will: 
•    Limit the collection of personal information to what is directly relevant and necessary to accomplish the purposes specified below.  
•    Only use your personal data when the law allows us to do so.
•    Retain the data only for as long as is necessary to fulfil those purposes. 


If you have any questions about this privacy policy, please contact DPO@littlejourney.health. 

3)    Children’s Privacy

Sections of the ziMyG app are aimed at children aged between 8 and 17. However, the app is not intended for use by children directly but by parents/guardians/carers for the benefit of their children, during supervised viewing. It is aimed at parents/guardians/carers with content specific to children to facilitate conversation between them and their children. If you are under the age of 13, please make sure you have permission from your parent or guardian before you use the app. If you discover that your child has been using the app without permission, please contact us at DPO@littlejourney.health to have any relevant data deleted.

4)    All App Users (for Caregivers)


a)    Information We Collect About ziMyG App Users
Information Collected and Controlled by Little Journey
Identity Data 
Little Journey will collect identity data shared with us through the app such as unique codes provided to you by the clinical trial site. We deliberately do not ask for directly identifiable data such as name, address, or e-mail to ensure that we safeguard app user privacy.

Profile Data 
When setting up the app on a device, it will be possible for us to determine information relevant to the user’s clinical condition as well as information relating to the research site, and the general clinical trial pathway. We will also collect responses to surveys or questionnaires while using the app relating to the user experience. Responses to these surveys will be linked to the user profile.

Device Data
We collect the details of the device used to interact with our services including device brand name e.g. Motorola, Apple; device category e.g. mobile or tablet; device name/model e.g. iPhone XS or SM-J500M; and operating systems version e.g. MAC OS X 10.2. 

Usage Data 
We collect details of your use of any part of the ziMyG app, including but not limited to, the resources that you access and application version. 


b)    How We Use Information Provided By ziMyG App Users
Improving Your  Experience
We need to know certain information about our users in order to deliver our service. We use profile and identity data shared with us through the app for this purpose. For example, we ask you to select the country and language options so that we can provide content in the app that you can understand.   We also collect unique codes provided to you by our customers so that they can link data collected through the app to other data they process as part of the  clinical trial. 

Improving The ziMyG Application
We collect data about how our products and services are used by monitoring and tracking usage data which we combine with other data you provide. We use this data to develop and improve our products and services.  For example, we use usage data to assess trends and usage across the product to help us determine what new features our users may be interested in and feedback from surveys to address areas of potential dissatisfaction.
  
Automated Processing
We do not use data provided to us for making decisions based solely on automated processing.

c)    How Long We Retain Data Collected Through The ziMyG App
 Little Journey will retain data obtained through the app for a maximum of 6 years unless otherwise specified by the data controller.

d)    Can I Opt Out Of The Data Processing In The ziMyG App?
It is not possible to use the app without entering the identification data provided to you by the clinical trial site. This data is necessary to confirm that your involvement in the trial and subsequent access to the app. If you use the service you are unable to opt out of any other data processing activities related to using the App, however you may opt out of certain activities through exercising your rights as described below. 

e)    Legal Basis for Processing Personal Data (EEA and UK only)
As a data processor, our legal basis for collecting and using the personal data described above is aligned to the legal basis determined by the data controller. This is also the case for any conditions required for the processing of any special category data necessary to deliver the service. 

5)    How We Share Your Data

We employ other third parties and service providers to assist us in the provision of our service to you. Examples for sharing your data with a third party may include sharing with a service provider responsible for maintaining our operational infrastructure or analysing data/performing statistical analysis for developing and improving the product and services. These service providers are prohibited from using your Personal Data except for purposes explicitly agreed, and they are required to maintain the confidentiality of your information.

6)    International Transfers


For app users based in the UK or the European Economic Area, there may be circumstances where we need to transfer your personal data outside the UK or the European Economic Area (EEA). Where your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards. This would include the use of a recognised legal adequacy mechanism, standard contractual clauses/an International Data Transfer Agreement (IDTA), any required additional technical measures (including pseudonymisation) and we will take steps to ensure that personal data is treated securely and in accordance with this privacy notice. 


7)    How We Store and Secure Your Information


We value your trust in providing us your Personal Information and we strive to protect it. All information you provide to us is stored on secure servers and we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way such as: 
•    Pseudonymisation. 
•    Encryption of your data in transit and at rest. 
•    Storage in servers that are certified to industry recognised information security standards.  
But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. Should we discover a data security breach, we will use everything within our means to inform you (and our regulator) and take all steps required of us under English law.


8)    Third Party Links


Little Journey services may contain links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services 


9)    How to Access and Control Your Personal Data

Under certain circumstances you have the following rights under data protection laws in relation to your personal data. In summary:  

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.  
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.   
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:  
    • if you want us to establish the data’s accuracy;  
    •  where our use of the data is unlawful, but you do not want us to erase it;  
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or  
    • you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. 
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.  
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.  
You also have the right to ask us not to continue to process your personal data for marketing purposes.  
You can exercise any of these rights at any time by contacting our support team at DPO@littlejourney.health.

We will respond to any of the requests described above as soon as possible, and no more than 2 months after receipt.


10)    Data Protection Officer and GDPR Compliance


If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Data Protection Officer:
  
Ian Knott 
DPO@littlejourney.health 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for UK data protection issues.  

We have appointed IT Governance Europe Limited to act as our EU representative. If you are located within the EU and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include our company name in any correspondence you send to our Representative. 


11)    Other Important Privacy Information

a)    We Never Sell Personal Data
We will never sell your personal data to any third party.

b)    NHS National Data Opt Out System (NDOOS)
Little Journey is compliant with the NHS National Data Opt Out system as we have no data disclosures which required opt outs to be applied.