Website Policy

Our Website Policy

This page is designed to help you understand why and how we use your personal data through your use of our Rowena Health website at www.rowenahealth.co.uk. By personal data we mean information that relates to a living individual and which can identify or be identified with that individual.

We are Rowena Health Limited, a company with number 14277302 and registered office at Old Coach House, Alldens Lane, Godalming, Surrey, GU8 4AP.

Below, we have tried to provide you with as much information as we possibly can to explain how your personal data may be used. We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you.

If you have any questions about this document or how we handle your personal data, you may contact us by:

emailing us at [email protected]; or
writing to us at Rowena Health Ltd, Old Coach House, Alldens Lane, Godalming, Surrey, GU8 4AP

What personal data do we collect about you?

We will collect and process the following data about you:

Information we collect about you. Each time you visit our website we will automatically collect the following information:
- technical information, including the device, internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug- in types and versions, and operating system and platform; and
- information about your visit, including the full URL, clickstream to, through and from our website (including date and time), resources you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page. Please refer to the section below on ‘Cookies’ for further information.
Information you give us. This is information about you that you give us by filling in any forms on our website (this includes signing up to our newsletter or joining our waiting list) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you complete an enquiry form, when you report a problem with our website and when you sign up to receive marketing communications from us. The information you give us to either subscribe to our newsletter or join our waiting list may include your full name and e-mail address.

How and why we use your personal data?

Your personal data will be kept confidential and secure and will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy and applicable data protection laws.

Under data protection law, we can only use your personal data if we have a proper reason, e.g:

where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract; or
for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The table below explains how we use your personal data for and the basis on which we use your data:

When information is collected

What information we ask for

How and why we use your information including the basis on which we use your data

Information we collect about you: when you use our website

Data that indirectly identifies you such as your IP address, mobile device ID and location data. This data does not include anything that allows us to identify you by name or contact details.

We process this to retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended.

We rely on consent to use cookies to understand how our website is used to improve the user experience and as the lawful basis for collecting and using your personal information.

Information you give us: when you contact us by email or complete our online forms

Contact details for subscription: your name and email address

Contact details for our waiting list: your name, date of birth, mobile number and email address

Repeat prescription data we collect to process your request: name, date of birth, email, medication and dosage

We ask for this:

— to respond to your enquiries

— to provide you with information relating to our business.

We rely on consent to provide you with information relating to our business and as the lawful basis for collecting and using your personal information to enable us to provide you with such information.

We rely on legitimate interests as the lawful basis for collecting and using your personal information to respond to general enquiries which you may make to us.

Our legitimate interests relate to our commercial interests including the promotion and growth of our business.

We will keep this information for as long as necessary for the relevant processing purpose.

Who do we share personal data with?

Internally, we only grant access to personal data to those people that need access to that data to carry out their role.

Externally, we may share from time to time personal data with the following categories of recipients:

our service providers, for instance:
- the companies that manage our IT infrastructure;
- companies that provide us with cloud based IT systems; and
- our external advisors, for instance IT consultants, accountants and lawyers,
our regulators, law enforcement, intelligence services and other government authorities, where they require us to do so; and
potential buyers of or investors in our business where necessary in connection with a due diligence exercise.

Where we share personal data with external parties we will always ensure that the recipient is committed contractually to only use personal data in compliance with our instructions and data protection law.

How long will your personal data be kept?

We will not keep your personal data for longer than we need it for the purpose for which it is used. Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines:

for as long as we have a reasonable business need, such as managing our relationship with you and managing our business; and/or
in line with legal and regulatory requirements or guidance.

When it is no longer necessary to keep your personal data, we will delete or anonymise it.

Transfers of personal data outside of the United Kingdom

The UK has differing data protection laws than other countries, some of which may provide lower levels of protection of privacy. We generally store and process personal data inside the UK.

However, it is sometimes necessary for us to share your personal data to countries outside the UK for example where the third parties who assist us in providing the services (suppliers) are outside of the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.

Where suppliers share data outside of the UK, we require our suppliers to do so in compliance with UK data protection laws, typically requiring them to enter into standard contractual clauses approved by the United Kingdom as providing equivalent protection to what would be in place had the personal data remained in the UK.

We can provide more information on the countries outside of the UK to which we transfer your personal data on request.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy https://rowenahealth.co.uk/cookie-policy.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and follow ISO 27001 good practice principles, which means we strive to follow top industry standards for information security.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and how to exercise them

The law gives you certain rights in respect of the personal data that we hold about you. Below is a short overview of those rights (for more information about the rights you have in respect of your personal data please visit the Information Commissioner’s Office website: www.ico.org.uk).

Access

With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you.

Access to the personal data we hold on you is free of charge however, we may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.

Where you have given us your personal data (i.e. you have completed the medical questionnaire), you may have the right to receive your copy of this data in a common electronic format. If you wish, we can provide copies of this data to other people, if it is technically feasible to do so.

Correction

You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion.

Deletion

In some limited circumstances, you have the right to have personal data that we hold about you erased (“the right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (for example, in connection with a legal claim or because we are obliged to do so by law).

Objection

You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection.

Opting out of marketing

You have the right to require us to stop using your personal data to send you marketing information. If you want us to stop sending you marketing information, the quickest and most efficient way is to use the provided “unsubscribe” links in our communications (although you can contact us direct on the details below if you prefer).

Temporary Restriction

You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, For example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.

Withdrawing Consent

If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue.

Please be advised that in certain circumstances withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, the service or part of the service.

To exercise any of your rights you can:

emailing us at [email protected]; or
writing to us at Rowena Health Ltd, Old Coach House, Alldens Lane, Godalming, Surrey, GU8 4AP

Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.

We treat the protection of your personal data with the utmost importance but if you have cause to complain, we would always ask that you contact us first so we can attempt to resolve the matter for you. However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office. You can contact them on 0303 123 1113 or via their website https://www.ico.org.uk/make-a-complaint

Changes to this policy

We may change this privacy policy at any time. Where we make significant changes, for instance where we use your personal data for materially different purposes, we will email you to let you know.