Logo

Solutions

Careers

Insights

About

FAQ

Logo

Solutions

Careers

Insights

About

FAQ

English

Qumata Group Ltd
Qumata OneClick App Privacy Policy

Last updated: 2024 01 17

Please read this privacy policy (the Privacy Policy) carefully. It sets out important information in relation to how we process your personal data when you use the OneClick App.

In broad terms, the term “personal data” means any information that relates to you and that can be used to identify you, directly or indirectly. This information includes your name, email address, phone number, location data and information about your health.

If you have any requests concerning your personal data or any queries with regard to our processing of your personal data, please contact us at dpo@qumata.com.

Contents

  • About us

  • Purpose of this Privacy Policy

  • Lawful basis for processing your personal data

  • How we use your personal data

  • What data we may collect from you

  • How we collect information from you

  • Security and international transfers

  • Transfers of your data

  • Retention of your data

  • Rights in relation to your personal information

  • Cookies

  • Marketing

  • Third party links

  • Amendments to this Privacy Policy

  • Closing your Qumata Profile

  • Questions in relation to this Privacy Policy

1. About us

We are Qumata Group Ltd, a company incorporated and registered in England and Wales with company number 10964467 and our registered office is at 5 New Street Square, EC4A 3TW London, United Kingdom (Qumata, we, us or our). We provide Internet and mobile app-based services.

2. Purpose of this Privacy Policy

2.1. This Privacy Policy contains important information about what personal data we may collect from you; how we will use, store and protect your personal data; with whom we may share your personal data; and your rights under relevant data protection laws.

2.2. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This Privacy Policy supplements the other notices and is not intended to override them.

3. Lawful basis for processing your personal data

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are set out below.

  • We will process your personal data where you have given us your consent to do so for one or more specified reasons. This is particularly important in relation to processing information about your health where we require your explicit consent.
  • We may also process your personal data where it is necessary for the purposes of our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights).
  • We may also process your personal data to satisfy any legal and/or regulatory obligations to which we are subject.
4. How we use your personal data

4.1. The Qumata OneClick App services cannot be provided without an individual providing us with their personal data. We therefore need your personal data to provide the services of the Qumata OneClick App.

4.2. The aim of the Qumata OneClick App is provide an aggregate wellness score (Wellness Score) to the corresponding client of Qumata from which the user is requesting a service. The Wellness Score is an analysis of a user’s personal data to calculate his/her risk to be diagnosed for a set of medical conditions (also referred to as “prevention opportunities” in the user interface). The aggregate Wellness Score is in the form of either a synthetic global score or a list of medical conditions with the corresponding score. This score is an analysis of the user’s risk against that of an average risk person, for both the synthetic global risk and risk per medical condition.

4.3. For each user (described below), Qumata collates and processes his/her personal data with the aim of providing the Qumata OneClick App services to the user and the corresponding client (described below).

Example

You (referred to as a “user” in this Privacy Policy) request a service from a Qumata client (client), e.g. an insurer calculating the price of an insurance policy during the underwriting process. In order to fulfil the service request, the client recommends that you provide a set of personal data directly to Qumata for the purposes of calculating a wellness score which is to be shared with the client. The client could include companies such as insurers, employers or hospitals.

4.4. We also use the aggregated anonymised and non-personal data for use in research activities, primarily to improve our wellness model. We store this anonymised data indefinitely. You will not be identifiable from this data.

4.5. Collated or calculated personal data (apart from the Wellness Score) contained in a user’s profile is never communicated to a client without being anonymised, de-identified or aggregated in statistical content, in ways that the client cannot personally identify individual user(s).

4.6. As a user of the Qumata OneClick App, you will receive notifications either by email, SMS, phone notifications or any other means as part of the usage of the Qumata OneClick App services. Notifications are used for non-commercial messages such as notifications to a user on the status of his/her data analysis and change(s) in the Privacy Policy http://qumata.com/oneclick-privacy-policy. We will inform you about the means through which you will receive notifications. As part of the access to your personal data, you will be able to change your settings regarding the notification means.

4.7 We may process your personal data to provide customer services to you, including to respond to your enquiries or to fulfil any of your requests for information.

4.8 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

5. What data we may collect on you

Details of the personal data that we may collect on you and process are set out below.

  • Information about your health, ethnicity origin. We require this information to provide the services of the Qumata OneClick App.
  • The consent that you grant to us to enable us to collect your data from different sources.
  • Information extracted from your smart devices including (but not limited to) gender, age, weight, pre-existing conditions, walking and running distance, cycling distance, heart rate (and related information), weight and BMI.
  • Activity information and bio-markers made available from your smart devices.
  • Information that you provide to us through your user profile which you create.
  • Email address and telephone numbers.
  • Your feedback and survey responses.
  • Information about how you use the Qumata OneClick App and our other products and services.
6. How we collect information on you

We collect your personal data in a number of ways.

  • Directly. This includes information such as your contact details, health details and all data which you directly provide to us when you fill in online forms or correspond with us in any way, for example when you:

    • create your account on the Qumata OneClick App;
    • submit a query;
    • request or consent to marketing materials being sent to you; or
    • provide us with feedback.

  • Automatically. As you use the Qumata OneClick App, we may collect certain information relating to your browsing patterns and technical data about the equipment you are using to access the Qumata OneClick App.

  • Indirectly via our Client, sending us over a list of information.

7. Security and international transfers

7.1. In order to protect your personal data, we have appropriate organisational and technical security measures. These measures include us having engaged two information specialist partners to safeguard your personal data, as further described below.

7.2. All your personal data is stored on servers located in Ireland in a secured infrastructure setup and monitored on a cloud platform called AWS, with a software for privacy and personal data management provided by a specialised partner called Pryv (see Pryv.com). Pryv’s software is designed to ensure that user collated and calculated data are only accessible by the user and a restricted list of algorithms and operators of the service. Our partners are very strict in security and data management and are used by hospitals, clinics and insurers to handle personal data.

7.3. All transmissions of personal data are encrypted with state of the art solutions provided by our partners.

7.4. In case of a detected security flaw, a patch will be provided by the partners to secure a state of the art encryption and security infrastructure.

7.5. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

8. Transfer of your data
Transfers to members of our group

8.1. We may share your data with other members of our Group.

Transfers to third parties

8.2. In addition to our data scientists, a Qumata client (as referred to in section 4 above) and AWS (as referred to in section 7 above), there may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.

8.3. The third parties to which we may transfer your personal data include:

  • calling agents used by us for the purpose of providing customer support to you in relation to the services that we provide; and
  • third party software providers (e.g. e-mail providers) which we use to provide our services.

8.4. The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

  • you have expressly consented to your data being shared with specific third parties;
  • the third party needs to access the personal data for the purposes of us providing our services to you;
  • the third party has agreed to comply with our instructions, required data security standards, policies, and procedures and put adequate security measures in place;
  • the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
  • a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.

8.5. As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

  • only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or
  • where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.

For more information on the safeguards used when we transfer personal data to third parties, please contact us at dpo@qumata.com

Retention of your data

9.1. We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

9.2. For more details about our retention periods, please contact us at dpo@qumata.com.

9.3. We retain anonymised data. This may remain stored and used by us with no time limits. This data is no longer associable to any user and is therefore not personal data.

10. Rights in relation to your personal information

10.1. You have certain rights in relation to the personal data we process and hold about you. These include:

  • Right of access: you have the right to request access to personal data that we may process about you.
  • Right to rectification: you have the right to require us to correct any inaccuracies in your data.
  • Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.
  • Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data.
  • Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
  • Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
  • Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data (to the extent processing is based on consent and consent is the only permissible basis for processing).

10.2. If you are not able to complete the above via the Qumata App and Website, please write to usdpo@qumata.com specifying the right you wish to exercise.

10.3. Unless we are permitted to do so by applicable law, we will not charge a fee for you to exercise any of the rights listed above.

10.4. In case you have given your consent to let the Qumata OneClick App and Website access your personal data from a given third party source such as Garmin or Apple Health, you can always revoke your consent from those sources directly or ask us to revoke this consent manually by sending a request to dpo@qumata.com

11. Cookies

Our use of cookies and other similar technologies to process personal data is explained in our cookie policy, which you should please read.

12. Marketing

It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us.

Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at dpo@qumata.com. We will process your request to be opted-out of marketing within 30 days of receipt.

We will ensure that we obtain your consent before we share your personal data with any company outside of our Group for marketing purposes.

Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 4 above.

13. Third party links

The OneClick App and Website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

14. Amendments to this Privacy Policy

14.1. We reserve the right to vary this Privacy Policy from time to time. So you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.

14.2. We will notify you in case we make material changes to this Privacy Policy. If you do not agree with the amended Privacy Policy then you have the right to stop using the Qumata OneClick App, and should do so immediately.

15. Closing your Qumata Profile

Details about the services, related disclaimers and how to close your Qumata profile are available on the Qumata OneClick App Terms of Use http://qumata.com/oneclick-terms-and-conditions. And the data will be deleted also after a maximum of 90 days since the last processing.

16. Questions in relation to this Privacy Policy

16.1. You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner's Office in the UK (the ICO).

16.2 We have appointed a data protection officer (the DPO) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation to the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPO using the details set out below. Email address: dpo@qumata.com Post: Data Protection Officer, Qumata Group Ltd, 5 New Street Square, EC4A 3TW London, United Kingdom

16.3 We will respond to requests and questions addressed to dpo@qumata.com within 15 to 30 calendar days.

Logo
contact@qumata.com
TwitterLinkedIn
EXTENDING
SITEMAP
Solutions
Careers
Insights
Datakonect Privacy Policy
About
FAQ
SITEMAP
Solutions
Careers
Insights
About
OneClick Privacy Policy
Terms of Use
Privacy Policy
Cookies Policy
FAQ
Datakonect Privacy Policy
LOCATION
5 New Street Square, EC4A 3TW London,
United Kingdom
View Map
Unit 1603, 16th Floor, The L. Plaza, 367 - 375 Queen's Road Central, Sheung Wan, Hong Kong
View Map
OUE Downtown, #04-01, 6A Shenton Way, 068809 Singapore
View Map
Contact