- describes how we collect, use and otherwise handle Personal Information that you provide or make available to us, or that we collect from you, when you use our Websites,
- explains the circumstances in which we may transfer this to others; and
- explains about the rights that you have in relation to this Personal Information.
Our Privacy Notice must be read together with any other legal notices or terms and conditions provided or made available to you on other pages of our Websites or when you download one of our apps.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The websites at connectedcognition.org (our “Website”) are owned and operated by Connected Cognition Limited.
About Connected Cognition
References to “you” and “your” are to users of our Websites whose personal data we hold or process in accordance with the EU General Data Protection Regulation (the GDPR).
Personal information means any information about an individual from which that individual can be identified (either directly or indirectly).
Our full details are:
- Full name of legal entity: Connected Cognition Limited
- Name or title of DPO: Dr Anubhav Dhir
- Email address: email@example.com
- Postal address: Data Protection Officer, Kemp House 152-160 City Road London England EC1V 2NX
The personal information we collect, how we collect it, and why
Personal information means any information about an individual from which that individual can be identified. The following shows information we process about you, and the purpose for which we process that information. There may be more than one reason for which we collect such information and we have only listed the main reasons. If you would like further information, please contact us at firstname.lastname@example.org.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender, social media handles.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, device type, time zone setting and location, the web page from which you came, the regions from which you navigate the web page, and the web page(s) you access, access times, browser plug-in types and versions, operating system and platform, additional device information, (sensor data such as location and acceleration) and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Communications Data includes any correspondence or communication between you and us.
- Special Category Data includesdetails about your race or ethnicity, information about your health, and genetic and biometric data
We collect this information so that we can deliver a more personalised, tailored service, and so that we can continue to understand our customers and develop our Services over time.
We may also use any or all, of the above information to establish, exercise and defend our legal rights.
In respect of all the personal information we collect, our overarching purpose is to enable us to deliver the best data contribution to our customers. We want all of our customers’ information to be secure, but also visible to us so that we can provide them personalised customer service and a customised experience.
How do we use your personal Information?
- To provide you with the service
- To register and manage your account with us and to ensure your information is accurate and up-to-date
- To enable users to work together in a safe, secure environment
- To inform you of alterations, modification, updates and improvements in the service
- To review, investigate and address issues that may affect your use of our service
- To exercise our legitimate interests
- We will use your data to review and assess the quality of our service and make improvements
- We need to use your information to provide a responsive service to you and be able to support or respond to your contacts
- We will use your information for internal operations. These might include:
- to manage our business;
- to evaluate our performance and to help improve our future services and/or events
- to respond to your queries, and/or provide the services and/or information that you have requested
- to communicate with you
- to enable corporate transactions to take place
- for record keeping, statistical analysis, internal reporting and research purposes
- to ensure network and information security
- to notify you about changes to our services
- to investigate any complaint you make
- to provide evidence in any dispute or anticipated dispute between you and us
- to analyse how our Websites are being used
- to customise various aspects of our Websites to improve your experience
- to host, maintain and otherwise support the operation of our Websites
- for the detection and prevention of fraud and other criminal offences;
- for risk management purposes
- for fraud detection and resolution
- for business and disaster recovery (e.g. to create back-ups)
- for document retention/storage purposes
- for database management purposes
- to protect the rights, property, and/or safety of CMS, its personnel and others; and to ensure the quality of the services we provide to our users
- for audit and statistical analysis of the app/service
- for functional testing
- for data quality checks
- To respond to obligatory requirements
- We will disclose information if we are requested to do so as part of a reasonable regulatory requirement or in response to a legal request
Sharing your Data
We use your information to support you, for you to record your symptoms, learn more about your condition and as a result, improve your self-management. To do this, we may disclose your information and anonymised information for certain purposes and to third parties, as follows:
- Healthcare research institutions. We share data with people doing health research, for example people working in the NHS, Universities, Hospitals, Health Charities and other research institutions.
- Third Party Providers: We use certain companies, agents or contractors (“Third Party Providers”) to perform services on our behalf or to help deliver our services to you. We may contract with Third Party Providers, for example, software or business services for emails and company management, online payment processing, CRM and communications, personalising and enhancing our Services, providing customer service, managing finances or collecting debts, analysing interactions with our business, consumer surveys and other reasonable things which may become necessary in the course of running our business. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In addition, we may use your Personal Information for further specific purposes made clear at the point of collection on particular pages of our Websites or when you download one of our apps.
As a medical company, we take part, where approved by the relevant authorities, in assisting with studies and medical research. This is to help understand more about your condition and the improvement of future treatments available to you or other people with your condition. To do this we may contact you when these types of opportunities arise. We will ensure that you can consent or opt-out of this type of activity before any further information processing takes place.
Our legal basis for processing personal information
We only ever use your information in line with applicable data protection laws – in particular, the EU General Data Protection Regulation 2016/679 (“GDPR”). In short, this means we only use it where we have a legal basis to do so. With regard to special category data, we only use it where we have a lawful condition to so, in line with Article 6 and 9 (as applicable).
Under GDPR, these are the general legal bases for which we process your personal information. an
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of our contract – processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
- Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests (including where processing is required to comply with or enforce a legal obligation).
- Where we need to comply with a legal obligation.
- Consent – you have given us consent to process your personal information for a specific purpose that we have told you about. Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity (b) Contact||Performance of a contract with you|
|To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us||(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)|
|To enable you to partake in a survey, prize draw or competition.||(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications||(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity (b) Contact (c) Technical||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical (b) Usage ||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To collect your health information: For you to understand your health condition/s To contribute to wider health, public health and scientific research.||Special Category Data (Health, ethnicity).||Necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices (Article 9 (2) (i)). Necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes research purposes (Article 9 (2) (j)).|
You can change your marketing preferences we have for you at any time by editing your preferences on our Website or contacting us by email. If you choose not to receive this information we will be unable to keep you informed of new services and promotions that may interest you.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional Offers from Us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
As detailed above, we may send you communications such as those which relate to any service updates (e.g. service availability) or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.
How long do we store your personal information?
We keep your personal information for only as long as is reasonably necessary to provide you with our Services and for our legitimate and necessary business purposes. Such purposes might include maintaining the high standards of service which we strive to uphold, making decisions on how progress our offering, complying with applicable legal obligations, and resolving any disputes which arise during the course of our business.
- We are legally required to retain financial and transaction data for a minimum period of 7 years for tax, audit, accounting purposes and liability.
- If we have an unresolved issue with you, then we will retain your personal information until the issue is resolved.
Any Third Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any Third Party Providers, we will make sure that they securely delete or return your personal information to us.
We may retain personal information about you for statistical purposes. Where information is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that information.
Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods
- Records relating to a contract with us – 7 years from either the end of the contract or the date you last use our services or placed an order with us, being the length of time following a breach of contract in which a contract party is entitled to bring a legal claim.
- Marketing a contact records – 3 years from the date of your last interaction with us.
For a category of personal data not specifically defined in this notice, unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.
Security of your personal information
We are committed to securing and protecting your personal information, and we make sure to implement appropriate technical and organisational measures to help protect the security of your personal information. We and our Third Party Providers will implement policies to guard against unauthorised access and unnecessary retention of personal information in our systems.
Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You must be 18 years of age or older to use our Services.
We do not knowingly collect personal information from individuals under 18 years of age. If you are under that age limit, then please do not use Connected Cognition or provide any personal information to us.
If you are a parent or legal guardian of a child under the applicable age limit, and you become aware that your child has provided his/her personal information to us, please contact us at email@example.com. If we learn that we have collected personal information of a child under the age of 18, then we will take all reasonable steps to delete that information from our systems.
In any case, we will only process personal information in line with GDPR and our legal obligations.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your rights and choices
Under the GDPR, as a user of our Services, you are entitled to certain rights. There are circumstances in which your rights may not apply. You have the right to request that we:
- provide you with a copy of the information we hold about you;
- update any of your personal information if it is inaccurate or out of date;
- delete the personal information we hold about you – if we are providing services to you and you ask us to delete personal information we hold about you then we may be unable to continue providing those services to you;
- restrict the way in which we process your personal information;
- stop processing your data if you have valid objections to such processing; and
- transfer your personal information to a third party.
For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us at firstname.lastname@example.org.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
As explained in the section on Communications, you have the right to ask us to stop processing your personal information for such purposes. Please note that we reserve the right to charge a fee for responding to requests where we reasonably determine that they are manifestly unfounded or onerous or being made in bad faith.
If you have any questions or concerns about how we handle your personal information, please contact us by email to email@example.com.
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.