TPP (“We”) are committed to protecting and respecting your privacy.
This privacy notice (together with the terms and conditions for using our website) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to your use of the AirmidCares website and all related website features (collectively, the Website). Please note that some of our other products or services, such as Airmid and our company website have their own privacy policies that will apply in place of this policy). ‘Processing’ for the purposes of this notice covers a very broad range of activities, including using, transferring, storing and even deleting. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By using the website, our products and services and/or contacting us you are accepting and consenting to the practices described in this policy including the collection, use and transfer of the relevant data described below.
The following information is used by us in order to provide our services:
Information you give us:
Any information you provide to us via the Website, our services, a telephone call, email or any other messaging facility. This may include personal information such as name, address, contact details and the specific detail contained within your enquiry or feedback, which may contain further sensitive personal information where medical or demographic information (including racial or ethnic origin) is provided to us. It could also include information provided when creating a user account within the Website (including, usernames and password information)
Information we collect about you:
We may automatically collect the following information where the Website or our services are used:
• technical information, including browser type and version, time zone setting, anonymous GPS-based geographic location data, browser plug-in types and versions, operating system and platform.
Information we receive from other sources:
We may receive information about you if you use any of the other services we provide.
Uses made of the information
We use information held about you in the following ways (dependent on the particular enquiry raised with us):
Information you give to us. We may use this information:
• to improve our services and ensure that content from services is presented in the most effective manner for you;
• to monitor usage and collect usage statistics;
• to assist you in your use and understanding of our services;
• to respond to your comments and queries;
• to perform any contracts entered into between you and us;
• for security and safety purposes; and/or
• to inform you of changes/updates to our services.
• Information we collect about you. In addition to the above we will use this information:
• for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
• to improve our service to ensure that content is presented in the most effective manner for you;
• to allow you to participate in interactive features of our service, when you choose to do so; and/or
• as part of our efforts to keep the service safe and secure.
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Disclosure of your information
We may share your personal data with third parties who may process your personal information on our behalf, for example, to help us run the Website or the services available on it. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How we store your personal data and how we keep it secure
We restrict access to personal information to TPP employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
TPP may also use other organisations to process your personal information on our behalf to help us manage parts of the Website (see the ‘Disclosure of your information’ section above). It is our responsibility to ensure that any such third parties meet our security standards.
Unfortunately, if you are accessing the Website from a mobile device, the transmission of information via your device is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The Website is not designed or intended to be used by children under the age of 16. Only individuals aged 16 or over may register for an account to use the forums.
The use of any of our interactive services by a minor is subject to the consent of their parent or guardian. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online, as moderation is not fool proof. Minors who are using any interactive service should be made aware of the potential risks to them.
Our legal basis for processing data
We collect, use and share data that we have in the ways described above:
As necessary to fulfil our services which may include sharing your personal data with service providers in order to effectively deliver our services;
Consistent with your consent, which you may revoke at any time;
As necessary to comply with our legal obligations which may be expressed in written contractual agreements;
To protect your interests, or those of others;
• As necessary in the public interest; and
• As necessary for our (or others’) legitimate interests unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data. Legitimate interests may include;
• providing an innovative, personalised, safe and profitable service to our users and partners;
• carrying out and/or testing our services, processes and policies;
• following guidance of government and regulatory bodies;
• audit purposes to ensure (amongst other things) we are responding where necessary and providing an effective business model;
• market research and statistics.
How can you exercise your rights provided under the UK Data Protection Act 2018 and the GDPR?
Under the UK’s Data Protection Act 2018 and the General Data Protection Regulation, you have the right to access, rectify, port and delete your data.
You also have the right to object to and restrict certain processing of your data. This includes:
• the right to object to our processing of your data for direct marketing;
• the right to object to our processing of your data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party
• the right to have your data amended if it is inaccurate. You can find more information about your rights on the Information Commissioner’s Office website – please see https://ico.org.uk/for-the-public/
• Please be aware that information recorded by another party remains their responsibility (as they are the data controller) and so depending on your request we may need to direct you elsewhere.
Data Retention and Deletion
We retain personal information until it is no longer necessary for the provision of our services unless you request for its deletion (whichever comes first)
Personal information that has been deleted may persist in our backup systems, but will not be readily accessible. Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to 6 months. When TPP delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers.
If you have any concerns please contact our Data Protection Officer (DPO) and data protection team:
By post – TPP House, 129 Low Lane, Horsforth, Leeds, LS18 5PX
By email – email@example.com
Airmid Cares within Airmid
Airmid Cares has been developed to support health and care research. The Help the NHS shortcut within the Airmid app (the “App”) takes you to the list of ways you can contribute your information to support research. Each research study listed will include their own Privacy Notice and Consent Form as and when they appear, and you will be able to control which one(s) you join. For example: Several research organisations are looking into the effects of COVID-19. You may have received a specific invitation to join one of these research groups, or be responding to an advertising campaign run by the researchers. Either way, you can choose whether you support all, some or none of these projects.
Airmid Cares is one of a number of ways you can support health and social care research. It is a platform that allows data to be shared with TPP and various NHS organisations, health charities and/or other research institutions (as explained below) to enable research and innovation relating to health and social care.
You can choose which surveys to complete in Airmid Cares knowing that the information you provide will benefit health and care organisations and patient care.
We have developed various tools within the App, including questionnaires and data entry templates, to help researchers ask you for specific information about you and your health. By consenting to Airmid Cares you are allowing us to collect and process your personal data – entered into or captured by the App – for research purposes. Please see point 2 – How we use your data – below.
- Our legal basis for processing data
When you choose to share your data with Airmid Cares, you have explicitly consented to your data being used for research purposes. This is our legal basis for processing your data.
There are strict regulatory requirements placed on us when we process data about you and your health for research purposes. This means that if you do not consent (or withdraw your consent), we cannot allow you to use Airmid Cares functionality within the App. This is not meant unkindly, we are simply not able to provide you with the service(s) without your consent.
- How we use your data
We have developed Airmid Cares functionality within the App to provide societal benefit, including improvements to public health and well-being via research. This means we use the information you provide to conduct and support research and innovation relating to health and social care, including, for example, disease outbreaks, chronic conditions such as diabetes and heart disease, cancers and mental health conditions.
We process your data with the aim of improving the health and care services you and others receive in the following ways:
• Enabling the NHS and other health and care professionals to effectively treat and support individuals with specific conditions and illnesses;
• Understanding any links between an individual’s health and their recovery from specific conditions and illnesses;
• Assisting the NHS and other care professionals in assessing the spread of disease outbreaks;
• Improving understanding of symptoms;
• Gaining knowledge of the likelihood of becoming ill;
• Enabling earlier detection of illness and disease.
To be able to achieve any of the above, it will sometimes be necessary for us to provide data to various NHS organisations, health charities and/or other research institutions (collectively referred to in this Privacy Notice as “Airmid Cares Research Organisations”). This will include either aggregated data, for example, numbers of patients showing signs of a particular illness, or data with a pseudonymised link (see below for details). To be clear, your personal identity will be protected by us and will not be shared directly with the Airmid Cares Research Organisations. Where the Airmid Cares Research Organisations need to join up data from different sources, a link will be provided that is strongly pseudonymised.
What is pseudonymisation?
Pseudonymisation is a way of processing personal data that does not make the data anonymous but instead ensures that the data subject cannot be identified without the use of additional information, which is kept separately and is subject to technical and organisational measures to keep the data secure to protect the privacy of the data subject.
Why is pseudonymisation used for Airmid Cares?
The NHS and other care providers hold many different datasets (for example a list of patients who need eye screening for their diabetes, a list of patients who have attended hospital, a list of patients who are having cancer treatments). These datasets are used to support patient care and for administrative purposes such as payments to hospitals. Many researchers need to link these datasets together to make their research more effective. To do this they use pseudonymisation to link all of the information for the same person, but in a way that does not reveal the person’s identity. This can be done by taking a number of identifiers (things that can identify you – name, post code, date of birth, NHS number) and joining them together using a secret key to create a unique identifier that does not reveal your identity in any way. This technique is applied to all the datasets, using the same unique identifiers, and allows them to be joined together for research. This is strongly pseudonymised data linkage.
In legal terms, data that is pseudonymised is still classed as ‘personal data’, since the identifiers have not been removed, but disguised. This means that an even greater level of care has to be taken with the data to keep it secure, and researchers put in place extra security to allow for this.
Version 2.0, 7th December 2021