Last updated: 26 April, 2021
This privacy notice explains the details around process of personal data under the GDPR and the UK’s Data Protection Act 2018. For the purposes of this document, when we say GDPR, we will also mean the UK DPA 2018.
We are Beyond 100 Limited, registered company number 12526822 and registered address at Devonshire House, One Mayfair Place, London, W1J8AJ.
20-22 Wenlock Road
The GDPR, and the UK Data Protection Act 2018 give you rights over your personal data. You should be aware of these rights, which are:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Note that the above rights may have certain limitations depending on the circumstances, such as if there was a legal issue outstanding. In the case that we are unable to comply with any one or your rights for a legitimate reason, we would explain that to you.
Beyond 100 is conducting a trial of their new health management platform. Your personal data will be collected from you and processed to assist in the development of the system. Beyond 100 will process personal data to evaluate a number of potential health indicators and use that information to provide an evaluation of some areas of your health and potentially make recommendations.
We may collect the following categories of personal data, including;
When you communicate with us, we retain that information to ensure we can provide the right services, for training and for customer support purposes.
Under the GDPR we must have a lawful reason for processing personal data. Information about your health is considered a special category of data and requires additional controls to ensure you know what we’re doing with it, and to keep it secure.
Our lawful basis for processing personal data is based on the intended purpose for each category of data we collect, and we list those purposes in this document. There are obligations upon us to process your data in accordance with your rights – see above section ‘Your Rights’.
Sometimes we have collected data from you, and other times we will ask for your permission to collect data from other third parties.
You may withdraw your consent for us to process your data, where the lawful basis is consent. You can do this inside the application, or by writing to us at firstname.lastname@example.org. Instructions on how to withdraw your consent are in all our email correspondence.
We collect information directly from you via a mobile phone app. We currently have apps for both IOS and Android. Our app only requires the permissions necessary to securely log you in, and for authentication purposes.
We adhere to both Apple’s and Google’s Application store’s development guidelines with regards to data privacy.
Your information is stored on Amazon’s AWS UK-based Cloud service for storing your data. All data sent to storage is encrypted to, or beyond best practice requirements.
We want to keep you up to date with existing service, offers, or new products and services from time to time. We may send you the information by email or text message, and if you no longer wish to receive this information, you can withdraw your consent at any time using the instructions that are sent at the bottom of every message.
We have implemented a secure system for collecting and storing your data based on best practices. That system is being regularly tested and improved. When we collect your data, it is sent to our servers encrypted. The database on which your personal data is stored is also encrypted, and we use a secure cloud infrastructure from AWS – an Amazon service based in the UK.
We will share your personal data with a limited number of trusted third parties to help us process and analyse your Personal Data for us and assist us in providing you with accurate recommendations.
If you have a complaint about how your information is being managed, please contact our DPO whose contact details are at the top of this privacy notice. However, if you are not satisfied with the outcome, you can complain directly to the Information Commissioner. Their contact details are below.
Tel: 01625 545745
We will inform you when we make any major changes to this policy and allow you the opportunity to review and accept them. You are under no obligation to accept any changes and can request that we stop processing your personal data at any time.
This Privacy Notice was last updated on 26 April, 2021.