This policy covers all services and apps provided or supported by H2 Cognitive Designs LTD. (H2CD), including, but not limited to:
- Cognitron
- Cognitron.Health (Cognitron Assess)
- Cognitron Android and iOS Apps
- Imaginator Android and iOS Apps
- CogAssess Android and iOS Apps
Issued: April 2022
Revised February 2024
Next Review: April 2024
Our contact details
H2 Cognitive Designs
Dr Peter Hellyer, peter.hellyer@h2cd.co.uk
User Privacy and Data Protection
At H2 Cognitive Designs LTD. (H2CD), we prioritize the privacy and security of our users' personal information. This section outlines our practices regarding the collection, use, sharing, and protection of your data.
- Location Services: Our apps request access to location services to enable Bluetooth Low Energy (BLE) communication. It's important to note that we do not collect or store any location data. This permission is solely for the purpose of facilitating BLE communication within the app.
- Data Collection and Usage: We collect various types of information, including email addresses, health and social care data, and cognitive performance data. This information is gathered directly from you for purposes such as participation in research studies or clinical assessments as requested by your clinician (further details are below)
- Data Security: We employ state-of-the-art security measures to protect your information, including encryption in transit and at rest. Our practices are designed to secure your data and comply with the highest standards of data protection.
The type of personal information we collect
We currently collect and process the following information:
- Email addresses
- Health and social care data
- Cognitive Performance Data
- Ethnicity
- Sex
- Gender
- Website user statistics
- Employee data
How do we get personal information, and why do we have it?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To undertake cognitive tests and surveys which form part of a research study
- You have provided this information after your clinician has requested that you complete a set of tasks
and/or assessments for use in your clinical care
We may also receive personal information indirectly, from the following sources in the following scenarios:
- From your clinician, who may have requested that you complete assessments using one of our products.
How we use your personal information
We use the information that you have given us in order to carry out scientific research and/or to provide
reference
data to your clinicians to assist in your clinical care.
No personally identifiable data (PID) held or otherwise processed by H2CD (including, but not limited to name,
email addresses, voice, or image data) will be transferred to any third party unless:
- We are required to do so by law
- We have a good reason to believe there is a risk of serious harm to you or others
- We are required to do so by a court or tribunal, and have a legal basis to do so.
- We have your explicit consent.
- We are acting as a data processor on behalf of a data controller, who has asked you to provide this data
under a lawful basis, and where we return any collected data to them. For instance, where a healthcare or
research organisation has asked you to complete assessments on Cognitron. In these instances, the name and
contact details of the data controller will be provided to you before you enter the data.
H2CD may use anonymised data for internal research and development but will never sell any data that could be
used to identify and/or contact you
to any third party.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this
information are:
- Your consent. You are able to remove your consent at any time. You can do this by
contacting helpdesk@h2cd.co.uk
- Contract
- Legal obligation
Please note that a vast majority of the data held is not personally identifiable by any means or any party. Data
provided or stored anonymously or with no identifying information cannot be removed at a later date.
How we store your personal information
Your information is securely stored and encrypted both at rest, and during transport (HTTPS) using modern
cryptographic methods and security practices which are compliant with the NHS Data protection toolkit and in
excess of the requirements of UK Cyber Essentials.
Access control measures including password protection and multifactor authentication also protect held data.
Unless otherwise specified, we keep email addresses, voice or image data for five years. We will
then dispose your information by deleting any personally identifiable information and deleting any link to any
identifiable information we may hold.
Your data protection rights
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is
inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain
circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your
personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal
information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you
gave us to another organisation, or to you, in certain circumstances.
- You are not required to pay any charge for exercising your rights. If you make a request, we have one month
to respond to you.
Please contact us at helpdesk@h2cd.co.uk if you wish to make a request.
The National Data Opt-Out
Where H2 Cognitive Designs is acting on behalf of an NHS Health and Social Care partner, users should be aware
of their rights under the national data opt-out.
The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data
for research or planning purposes, in line with the recommendations of the National Data Guardian in the review
of data security, consent and opt-outs.
Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by clicking on "Your
Health" in the NHS App, and selecting "Choose if data from your health records is shared for research and
planning".
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at helpdesk@h2cd.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website:
https://www.ico.org.uk