Privacy Policy

Last updated: 13th January 2024.

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Botmedica Ltd, Bartle House, 9 Oxford Court, Manchester, M2 3WQ; Company number: 15317962.
Country refers to: United Kingdom of Great Britain and Northern Ireland.
Device means any device that can access the Service such as a computer, a mobile phone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the chat assistant application provided by the Company.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
Client refers to any third-party employing the Company to provide the Service to You.
Usage Data refers to data collected automatically, either generated by the use of the Service or the Website.
Website refers to Our website, accessible from https://botmedica.com/.
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Personal details (first name, last name)
Contact details
Usage Data

Usage Data

Usage Data is collected automatically when using the Service or the Website. This might encompass details such as Your computer’s Internet Protocol address (IP address), the type and version of Your web browser, the specific pages and/or functions within our Service or Website that You access, the date and time of Your visit, the duration of Your interaction with those pages or functions, conversation histories, distinctive device identifiers, and additional diagnostic information.

We may also collect information that Your browser sends whenever You visit Our Service or Our Website or when You access the Service by or through a mobile device.

Use of Your Personal Data

We collect and process Your Personal Data based on the lawful basis outlined in Article 6(1) of the UK GDPR. Our lawful basis for processing includes, but is not limited to, the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, and the pursuit of legitimate interests.

We rely on legitimate interests as the lawful basis for certain data processing activities under Article 6(1)(f) of the UK GDPR. These interests may include, but are not limited to, ensuring the security of Our systems, analysing and improving Our services, conducting marketing activities, and providing a seamless user experience.

In further detail, the Company may use Personal Data for the following purposes:

To provide and maintain Our Service, including to monitor the usage of Our Service.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, regarding updates or informative communications related to the functionalities, products or contracted services, when necessary or reasonable for their implementation.
To provide You with news, special offers and general information about other goods, services and events offered by the Client or the Company, given that You have opted into these communications.
To manage Your requests: To attend and manage Your requests to the Client and to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about Our Service users is among the assets transferred.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of Our promotional campaigns and to evaluate and improve Our Service and marketing approaches for the Client.

We may share Your personal information with various categories of recipients under the following circumstances:

With the Client: If You consent to marketing communications and provide Your personal information, We may share this information with the Client to enable their marketing efforts.
With Service Providers: We may share Your personal information with third-party service providers, such as cloud-based providers and/or marketing firms, to assist in data storage, processing, monitoring and analytics. This helps Us to provide, monitor and analyse the use of the Service. These providers are selected based on their ability to meet data protection and security standards, and they are contractually bound to adhere to Our data protection requirements.
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case We will require those affiliates to honor this Privacy Policy. Affiliates include any parent company or other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Information Processing

Automated processing: Our Service may employ automated processing, including profiling, to personalise recommendations based on Your information. The suggestions are intended to assist and inform, without replacing human judgment. The logic involves processing Your information, which may include conversation histories and/or medical concerns, to identify patterns and correlations with Our datasets. This is a fully automated process, which helps in tailoring recommendations that are closely aligned with Your specific needs and circumstances, potentially in a healthcare context. These automated recommendations can guide and influence Your service evaluation and selection process. While these recommendations are based on sophisticated algorithms and a comprehensive analysis of Your provided information, they may not always be accurate and should be considered alongside professional advice. If You have concerns or seek clarification on these recommendations, please reach out to Us for further information, using the contact details at the end of the document.

We recognise the sensitivity of processing health data, a special category of personal data under data protection legislation. We obtain explicit and valid consent for the processing of this data. You have the right to withdraw Your consent for the processing of Your personal and/or health data at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw Your consent, please reach out to us using the contact details provided at the end of this document. Upon receiving Your request, we will cease processing Your data and take necessary steps in accordance with your wishes and applicable data protection laws.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your data to comply with applicable laws), resolve disputes, and enforce Our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

If there is not a specific retention period applicable, We determine the retention period based on the nature of the data, the purposes for which it is processed, and legal requirements. Once Your information is no longer necessary for the purposes it was collected, We will securely delete or anonymise it.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating centers and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ to those of Your jurisdiction.

Transfer of personal data outside the European Union (EU) or European Economic Area (EEA) may be made without Adequacy Decision. When such transfers occur, We ensure the adequate protection of Your data by implementing appropriate safeguards, such as standard contractual clauses or other mechanisms as required under Article 46, 47, or 49 of the UK GDPR. Copies of these safeguards and additional information regarding the transfer of Your data can be obtained by contacting Us using the information at the end of this document.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to such transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

You may contact Us to request access to, correct, update, amend or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when We have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

CCPA

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data. Note that We do not sell personal data.

If You make a request, We have one month to respond to You. If You would like to exercise any of Your CCPA rights, please contact us.

The Company is compliant with the UK GDPR and has contractual agreements in place with sub-processors of personal data.

We would like to make sure You are fully aware of all of Your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of Your personal data. We may charge You a small fee for this service.
The right to rectification – You have the right to request that We correct any information You believe is inaccurate. You also have the right to request that We complete the information You believe is incomplete.
The right to erasure – You have the right to request that We erase Your personal data, under certain conditions.
The right to restrict processing – You have the right to request that We restrict the processing of Your personal data, under certain conditions.
The right to object to processing – You have the right to object to Our processing of Your personal data, under certain conditions.
The right to data portability – You have the right to request that We transfer the data that We have collected to another organisation, or directly to You, under certain conditions.

If You make a request, We have one month to respond to You. If You would like to exercise any of these rights, please contact us.

Your consent to the processing of personal data is required to access and use Our Service. By using Our Service, You are providing consent to the processing of Your personal data as outlined in this Privacy Policy. You have the right to withdraw this consent at any time. Withdrawing consent will not affect the lawfulness of any processing done prior to the withdrawal. To withdraw consent or for any inquiries regarding Your personal data, please contact Us using the information at the end of this document. The process for withdrawal is as simple as granting consent.

Complaints: You have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO), if You believe We have not handled Your data correctly. Please contact Us first. If You are not satisfied, You may contact the ICO at 0303 123 1113.

Children’s Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

This Privacy Policy was drafted with the help of the Privacy Policy Generator, then subsequently reviewed and finalised by Our team. We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and providing a notice on Our Service, prior to the changes becoming effective. We will also update the “Last updated” date at the top of this Privacy Policy.

Contact Us

If You have any questions about this Privacy Policy, You can contact us by email at legal@botmedica.com.