Beyond 100 Privacy Notice

Last updated: 26 April, 2021

This privacy notice explains the details around process of personal data under the GDPR and the UK’s Data Protection Act 2018. For the purposes of this document, when we say GDPR, we will also mean the UK DPA 2018.

Who We Are

We are Beyond 100 Limited, registered company number 12526822 and registered address at Devonshire House, One Mayfair Place, London, W1J8AJ.

Our Data Protection Officer (DPO)

UKGDPR Limited
20-22 Wenlock Road
London
N17GU
email: dpo@ukgdpr.org

Your Rights

The GDPR, and the UK Data Protection Act 2018 give you rights over your personal data. You should be aware of these rights, which are:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Note that the above rights may have certain limitations depending on the circumstances, such as if there was a legal issue outstanding. In the case that we are unable to comply with any one or your rights for a legitimate reason, we would explain that to you.

Why We Are Collecting Your Data

Beyond 100 is conducting a trial of their new health management platform. Your personal data will be collected from you and processed to assist in the development of the system. Beyond 100 will process personal data to evaluate a number of potential health indicators and use that information to provide an evaluation of some areas of your health and potentially make recommendations.

The Categories of Personal Data We Process

We may collect the following categories of personal data, including;

Communication and Support

When you communicate with us, we retain that information to ensure we can provide the right services, for training and for customer support purposes.

The Lawful Basis We Use to Process Personal Data

Under the GDPR we must have a lawful reason for processing personal data. Information about your health is considered a special category of data and requires additional controls to ensure you know what we’re doing with it, and to keep it secure.

Our lawful basis for processing personal data is based on the intended purpose for each category of data we collect, and we list those purposes in this document. There are obligations upon us to process your data in accordance with your rights – see above section ‘Your Rights’.

Sometimes we have collected data from you, and other times we will ask for your permission to collect data from other third parties.

Our Purpose when Collecting your Data, our Lawful Basis for the Processing and How Long we Retain Your Data

To Provide Service and Support
  1. We collect your name, contact details and  keep copies of complaints or concerns that you have have. Our Lawful basis for this is ‘Contractual Obligation’. Your data is held by us for 3 years after the end of your last activity with us, or within 1 month if you request it or actively leave our service.
  2. We collect emails and other standard communication between you and B100. Our lawful basis for this is ‘Legitimate Interest’. Your data is held by us for 1 year after you cease to actively use our service. If the communication involves a complaint, we will retain the data for 2 years after the last correspondence.
  3. We collect information about your medical condition, including dietary, lifestyle, health conditions, and medical records.  Our lawful basis for processing this data is ‘Consent’. Your data is held by us for 3 years after the end of your last activity with us, or within 1 month if you request it or actively leave our service.

To Keep You Informed of New Products and Services
  1. We will use your name and contact details to inform you of products and services where you have given us consent to do so. Our lawful basis is ‘Consent’. Your data is held by us for 1 year after you cease to actively use our service

For Research
  1. We may pseudonymous your health data, including medical records, dietary information and conditions, among others, so that it is not easily attributable back to you, and then use that data for research purposes. Our lawful basis for processing this data is ‘Consent’. Your data is held by us for 3 years after the end of your last activity with us, or within 1 month if you request it or actively leave our service.

Withdrawing Your Consent

You may withdraw your consent for us to process your data, where the lawful basis is consent. You can do this inside the application, or by writing to us at privacy@beyond100.com. Instructions on how to withdraw your consent are in all our email correspondence.

How We Collect and Store Personal Data

We collect information directly from you via a mobile phone app. We currently have apps for both IOS and Android. Our app only requires the permissions necessary to securely log you in, and for authentication purposes.

We adhere to both Apple’s and Google’s Application store’s development guidelines with regards to data privacy.

Your information is stored on Amazon’s AWS UK-based Cloud service for storing your data. All data sent to storage is encrypted to, or beyond best practice requirements.

Informing You About Our Services

We want to keep you up to date with existing service, offers, or new products and services from time to time. We may send you the information by email or text message, and if you no longer wish to receive this information, you can withdraw your consent at any time using the instructions that are sent at the bottom of every message.

Keeping Your Data Secure

We have implemented a secure system for collecting and storing your data based on best practices. That system is being regularly tested and improved. When we collect your data, it is sent to our servers encrypted. The database on which your personal data is stored is also encrypted, and we use a secure cloud infrastructure from AWS – an Amazon service based in the UK.

Parties We May Share Your Data With

We will share your personal data with a limited number of trusted third parties to help us process and analyse your Personal Data for us and assist us in providing you with accurate recommendations.

Your Rights

If you have a complaint about how your information is being managed, please contact our DPO whose contact details are at the top of this privacy notice. However, if you are not satisfied with the outcome, you can complain directly to the Information Commissioner. Their contact details are below.

Information Commissioner:
Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545745

https://ico.org.uk/

Changes to this Policy

We will inform you when we make any major changes to this policy and allow you the opportunity to review and accept them. You are under no obligation to accept any changes and can request that we stop processing your personal data at any time.

This Privacy Notice was last updated on 26 April, 2021.