Privacy Policy

Re:Cognition Health

Privacy Notice

Last Updated: 29/03/2024

Introduction

Re:Cognition Health Limited and its affiliates, subsidiaries and related entities (“Re:Cognition Health”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).

The purpose of this privacy notice is to explain what personal data we collect about you when you interact with our website or use our Private Brain & Mind Services. When we do this, we are the controller of your personal data. However, when we conduct Clinical Trials, we are the processor.

Please read this privacy notice carefully as it provides important information about how we handle your personal data and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at compliance@recognitionhealth.com.

We are also the controller of your data when you apply for a job with us. For more information about how we process your personal data throughout the application process please read our job applicant privacy notice.

What is personal data?

‘Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.

‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

Personal data we collect

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and  the Data Protection Act 2018. The personal data we collect is listed below.

When you visit our website, interact with our forms – including clinical trial forms – subscribe to our newsletter, or contact us through our email addresses or phone, we may collect the following types of personal data from you or your medical practice (GP) or solicitor:

• name

• address

• e-mail address

• age

• date of birth

• personal description

• username

• phone number

• background or medical information

When you use our medical services, we may collect further information about your personal life, medical or genetic conditions, medical records, habits, medication and treatment history, emergency contact and next of kin details.

We may also receive your contact details information and feedback related to using our services from rating and feedback platforms.

Purposes for which we use personal data and the lawful basis

When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:

 

Purpose

Type of data

Lawful Basis for Processing

To respond to your enquiries about our products and services, and provide you with customer care and technical support

Name, phone number, email address, any information you choose to share through your enquiry

Necessary for our legitimate interests to respond to your queries

Performance of a contract with you

To collect your feedback and testimonial and publish it in our website

Name, history of services used, your opinions and feedback

Consent

To register you as a patient

Name, age, date of birth,  address, email address, phone, next of kin, emergency contact phone number, GP information

Performance of a contract with you

To provide you with health care services 

Health data (medical records, health and genetic conditions, family history, habits, records of medication taken)

Performance of a contract with you

To provide reports to the NHS

Health data (medical records, health and genetic conditions, family history, habits, records of medication taken), Name, age, date of birth, address, email address, phone, next of kin, emergency contact phone number

Legal obligation

To process your payments

Financial information (bank account, direct debit details, credit card details)

Performance of a contract with you

To send you marketing communications

Email address, marketing preferences

Consent

To perform analytics and gain marketing insights

Traffic data, information about how you heard from us, IP

Consent

 

Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

 

Cookies

We use cookies on our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website and understand how you interact with us.

For detailed information on these cookies, the way we use them, your rights and choices about cookies, and the purposes for which we use them, please see our cookie policy at https://recognitionhealth.com/cookies-policy/.

Sharing your data

We may share your data with our third-party providers and suppliers of services, such as CRM, IT service providers, auditors, consultants, cloud storage services, payment processing providers, and customer management systems.

We may also share personal data with government bodies, law enforcement agencies, healthcare authorities and public organisations, such as the NHS, to fulfil our legal and regulatory obligations and mandatory legal requests.

Such third-party providers or suppliers are acting on our behalf. They cannot use your personal data for any purpose other than that which has been prescribed by us. We only use those service providers and suppliers who undertake to protect your details with the same degree of care as we do, and we make sure to perform the appropriate due diligence and sign data protection agreements with them to make sure your rights will be respected, and your personal data will be taken care of.

When acting as a processor and performing clinical trials, we must collect and share your personal data with our sponsors (controllers) in order to comply with our service agreements and allow you to be part of a clinical trial and research as you wish. On these occasions, your data will be anonymised.

It is unlikely that we’ll ever share your personal data outside the UK, we may share this with our US based sponsors, however, we will fully anonymise your data. If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from an adequacy decision or on the basis of International Data Transfer Agreements approved by the Secretary of State, which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK.

We may also share your data internally, exclusively in a proportional and need-to-know basis, with our employees and contractors belonging to our group, in order to fulfil our service agreement and provide you with our services and support. 

We rarely share your personal data outside the UK. In certain specific instances that we do transfer your personal data outside the UK, for example to share the data with our US based sponsors, we will fully anonymise your data. If, however, it becomes necessary for the purposes of providing our services to you to keep your personal data identifiable, we will only share it with organisations in countries benefiting from an adequacy decision or on the basis of either an International Data Transfer Agreements or  an International Data Transfer Addendum to the Standard Contractual Clauses as approved by the Secretary of State, which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK.

We may also share your data internally, exclusively in a proportional and need-to-know basis, with our employees and contractors belonging to our group, in order to fulfil our service agreement and provide you with our services and support.

How long we keep your data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning. For instance, by law, we must keep basic information about our customers (including contact, identity, financial and transaction data) typically for 6 (six) years after they cease being customers for tax purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you want to know how long we retain a specific type of personal data we hold from you, you may request us to share a copy of our Data Retention Policy and Schedule by contacting us at compliance@re-cognitionhealth.com.

How we protect your data

We implement appropriate technical and organisational measures such as policies, procedures, encryption, anonymisation techniques and training to protect data that we process from unauthorised disclosure, use, alteration or destruction.

All of our employees and processors that have access to, and are associated with, the processing of your personal data, are obliged to respect the confidentiality of our users’ information.

We ensure that your information will not be disclosed to government institutions or authorities, unless required by law or when lawfully requested to by courts of law, regulatory bodies or law enforcement organisations.

If we use external suppliers to collect or process personal data on our behalf, we will check such companies first and ensure that we place contractual obligations on them, so they manage your personal data in line with our instructions and expectations and with data protections laws.

Your rights and options

You have the following rights in respect of your personal data:

  • You have the right of access to your personal data and can request copies of it and information about our processing of it. 
  • If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it. 
  • Where we are using your personal data with your consent, you can withdraw your consent at any time. 
  • Where we are using your personal data because it is in our legitimate interests to do so, you can object to us using it this way. 
  • Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
  • You can ask us to restrict the use of your personal data if:
    • It is not accurate.
    • It has been used unlawfully but you do not want us to delete it.
    • We do not need it any-more, but you want us to keep it for use in legal claims; or 
    • if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
  • In some circumstances you can compel us to erase your personal data and request a machine-readable copy of your personal data to transfer to another service provider.
  • You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at compliance@re-cognitionhealth.com.  

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/ or by telephone on 0303 123 1113.

Contact us

If you have any questions, or wish to exercise any of your rights, then you can contact:

62 – 64 New Cavendish St.
London W1G 8TA

0203 808 5439

Free phone: 0800 802 1030

Alternatively, you can email us at compliance@re-cognitionhealth.com

Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

Last modified 29/03/2024. You can find previous versions of this notice here https://recognitionhealth.com/privacy-policy/.