We are siHealth Ltd.
We are a digital healthcare company based in Harwell Campus, Oxfordshire, United Kingdom (www.sihealth.co.uk). Our address is Building R104, Rutherford Appleton Laboratory, Harwell Campus, Didcot, Oxfordshire, United Kingdom and our company registration number is 9176652. We are registered with the UK Information Commissioner’s Office (ICO) with number ZA834797.
siHealth is a company of the Flyby Group (the ”group”), a corporate group controlled by Flyby S.r.l. (www.flyby.it – Livorno, Italy). The group operates worldwide, providing digital systems and services for supporting human decision-making in different sectors, such as Space, Energy, Security and Health & Wellness.
siHealth has a direct subsidiary inside the group, siHealth Photonics S.r.l. (www.sihealthphotonics.it – Livorno, Italy). siHealth Photonics develops digital innovations for healthcare, with particular focus on the smart management of medical conditions through Image Processing and Artificial Intelligence techniques.
The siHealth’s ExpoDose Solution (“ExpoDose” or the “Solution” or the “Service”) is composed by:
The ExpoDose Solution is provided by siHealth who is the only responsible for the processing of your personal data (“Controller”) in accordance with the General Data Protection Regulation (“GDPR”) and any Data Protection laws applicable.
We do update this Policy from time to time, so please do review this Policy regularly. You can access this Privacy Policy at any time at www.sihealth.co.uk/privacy-policy-expodose .
IF YOU ARE AN END-USER USING THE EXPODOSE APP
Our App is designed to enable you, the End-User (e.g. patient, customer or volunteer involved in a clinical/research study), either to:
always in a way that respects your privacy.
Before you can use our App:
If you choose to provide your consent and use our App, then we hold the following information about you:
The lawful basis to process your personal data is your explicit consent, in accordance with Art. 6 Par. 1 of the GDPR. We do not know your name, address or other contact details. In case you explicitly expressed consent to share your data with an Institution, your associated Institution (e.g. your healthcare provider or research institute) has their own independent records enabling them to link your User ID to your contact details, but we cannot make this link. Possibly, the Institutions could also use your pseudonymised data or aggregated data for scientific publications and research studies.
The data processing of the personal data is carried out in compliance with the provisions of the GDPR and other relevant laws.
IF YOU ARE A PROFESSIONAL USING THE EXPODOSE WEB-PORTAL
If you are a professional using our web-portal to supervise the environmental exposure of your patients, customers or volunteers involved in a research study (i.e. your associated/connected “End-Users”), then we will collect your registration information as well as the data about End-Users and End-Users’ environmental exposure, using it in accordance with the services contract in place between us and your Institution (e.g. healthcare provider or research institute).
The only other data we collect from visitors using the Web-Portal is via the cookies we use. We use the following cookies on our Web-Portal:
| Cookie Provider | Cookie Name | Purpose of the Cookie | Duration |
| _gat | To track how you use our ExpoDose web-portal | 2 years |
WHAT ARE MY RIGHTS UNDER DATA PROTECTION LAWS?
You have various other rights under applicable data protection laws, including the right to:
You can exercise any of these rights by contacting us.
You also have the right to lodge a complaint with us or the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales. If you are based outside of England and Wales, you can find your relevant supervisory authority here. Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.
WHERE IS MY DATA STORED?
We securely store your personal data in Amazon Web Services (AWS) and Microsoft Azure cloud data centres within:
Whenever we transfer your personal information outside of the UK and the EU, we ensure it receives additional protection as required by law in accordance with the adequacy principle as stated in GDPR.
To keep this privacy policy short and easy to understand, we haven’t set out the specific circumstances when these protection measures are used. You can contact us at privacy@sihealth.co.uk for more detail on this.
HOW LONG DO WE KEEP YOUR DATA FOR?
If you withdraw your consent or delete your account with us, we will delete the personal data that we hold about you in the Service. If you haven’t used our Service for 12 months, then we will delete your account.
More generally, we will only retain your personal information for as long as we need it and for the purposes we initially collected it for, unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.
We also carefully anonymise your personal data so that it can no longer be associated with you, and we use this anonymised data for purposes including research and development, commercialisation, improving outcomes for patients and developing medical treatments.
In addition to this, we perform research & development activities for improving the siHealth’s services also by using some of your personal data in pseudonymised way, that are anyway deleted by 12 months since the deletion of your account or your withdrawal of the consent to do so.
CONTACT DETAILS OF THE DPO
According to Art. 37 of the General Data Protection Regulation (GDPR), siHealth has a Data Protection Officer (DPO) which is appointed for the entire corporate group siHealth belongs to (Flyby Group, Italy – www.flyby.it). Considering that the protection of personal data is of the outmost importance for siHealth, for any questions or to exercise any data subject’s right the following DPO’s e-mail address is available: dpo@sihealth.co.uk .
WHO DO WE SHARE YOUR DATA WITH?
· Flyby Group: data analytics and research & development activities aimed to help us and the companies in our group for the improvement and optimisation of our services
· Analytics and web development companies: to help us with the improvement and optimisation of our services. Our service can include analytics like Google Firebase, which we only use to improve the quality and usability of our service.
· Regulators/ Authorities/ Enforcement Agencies: if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
· Prospective buyers of our business: under our legitimate interest to ensure our business can be continued by the buyer.
· Third-party Institutions: if an End-User has expressively manifested the consent to share their personal data with a third-party Institution (e.g. clinic, hospital, commercial entity) for sharing their tracked environmental exposure (e.g. to sunlight) and/or for providing functionalities in our product or for further developing it. We will only transfer the End-User’s data based on the manifest consent.
QUESTIONS, COMMENTS AND MORE DETAIL
Your feedback and suggestions on this notice are welcome. We’ve worked hard to create a notice that’s easy to read and clear. But if you feel that we have overlooked an important perspective or used language which you think we could improve, please let us know by email at privacy@sihealth.co.uk.
For EU-based customers and contacts who have any questions about siHealth’s services and products or about anything related to data protection (GDPR), please contact siHealth Photonics S.r.l., who are siHealth’s representative in the European Union:
Last updated on 15th November 2024
