In broad terms, the term “personal data” means any information that relates to you and that can be used to identify you, directly or indirectly. This information includes your name, email address, phone number, location data and information about your health.
If you have any requests concerning your personal data or any queries with regard to our processing of your personal data, please contact us at firstname.lastname@example.org.
Lawful basis for processing your personal data
How we use your personal data
What data we may collect from you
How we collect information from you
Security and international transfers
Transfers of your data
Retention of your data
Rights in relation to your personal information
Third party links
Closing your Qumata Profile
We are Qumata Group Ltd, a company incorporated and registered in England and Wales with company number 10964467 and our registered office is at 14 Dufferin street, EC1Y 8PD London, England (Qumata, we, us or our). We provide Internet and mobile app-based services.
Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are set out below.
4.1. The Qumata Score App and Website services cannot be provided without an individual providing us with their personal data. We therefore need your personal data to provide the services of the Qumata Score App and Website.
4.2. The aim of the Qumata Score App and Website is provide an aggregate wellness score (Wellness Score) to the corresponding client of Qumata from which the user is requesting a service. The Wellness Score is an analysis of a user’s personal data to calculate his/her risk to be diagnosed for a set of medical conditions (also referred to as “prevention opportunities” in the user interface). The aggregate Wellness Score is in the form of either a synthetic global score or a list of medical conditions with the corresponding score. This score is an analysis of the user’s risk against that of an average risk person, for both the synthetic global risk and risk per medical condition.
4.3. For each user (described below), Qumata collates and processes his/her personal data with the aim of providing the Qumata Score App and Website services to the user and the corresponding client (described below).
4.4. We also use the aggregated anonymised and non-personal data for use in research activities, primarily to improve our wellness model. We store this anonymised data indefinitely. You will not be identifiable from this data.
4.5. Collated or calculated personal data (apart from the Wellness Score) contained in a user’s profile is never communicated to a client without being anonymised, de-identified or aggregated in statistical content, in ways that the client cannot personally identify individual user(s).
4.7 We may process your personal data to provide customer services to you, including to respond to your enquiries or to fulfil any of your requests for information.
4.8 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Details of the personal data that we may collect on you and process are set out below.
We collect your personal data in a number of ways.
Directly. This includes information such as your contact details, health details and all data which you directly provide to us when you fill in online forms or correspond with us in any way, for example when you:
Automatically. As you use the Qumata Score App and Website, we may collect certain information relating to your browsing patterns and technical data about the equipment you are using to access the Qumata Score App and Website.
Indirectly via our Client, sending us over a list of information.
7.1. In order to protect your personal data, we have appropriate organisational and technical security measures. These measures include us having engaged two information specialist partners to safeguard your personal data, as further described below.
7.2. All your personal data is stored on servers located in Ireland in a secured infrastructure setup and monitored on a cloud platform called AWS, with a software for privacy and personal data management provided by a specialised partner called Pryv (see Pryv.com). Pryv’s software is designed to ensure that user collated and calculated data are only accessible by the user and a restricted list of algorithms and operators of the service. Our partners are very strict in security and data management and are used by hospitals, clinics and insurers to handle personal data.
7.3. All transmissions of personal data are encrypted with state of the art solutions provided by our partners.
7.4. In case of a detected security flaw, a patch will be provided by the partners to secure a state of the art encryption and security infrastructure.
7.5. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
8.1. We may share your data with other members of our Group.
8.2. In addition to our data scientists, a Qumata client (as referred to in section 4 above) and AWS (as referred to in section 7 above), there may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.
8.3. The third parties to which we may transfer your personal data include:
8.4. The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:
8.5. As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
For more information on the safeguards used when we transfer personal data to third parties, please contact us at email@example.com
9.1. Unless we are required to do so for a longer period by law, we will retain your personal data for a maximum of ninety days since the end of the processing. Thereafter, your personal data will be securely deleted automatically and cannot be restored.
9.2. For more details about our retention periods, please contact us at firstname.lastname@example.org.
9.3. We retain anonymised data. This may remain stored and used by us with no time limits. This data is no longer associable to any user and is therefore not personal data.
10.1. You have certain rights in relation to the personal data we process and hold about you. These include:
10.2. If you are not able to complete the above via the Qumata App and Website, please write to email@example.com specifying the right you wish to exercise.
10.3. Unless we are permitted to do so by applicable law, we will not charge a fee for you to exercise any of the rights listed above.
10.4. In case you have given your consent to let the Qumata Score App and Website access your personal data from a given third party source such as Garmin or Apple Health, you can always revoke your consent from those sources directly or ask us to revoke this consent manually by sending a request to firstname.lastname@example.org
It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us.
Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at email@example.com. We will process your request to be opted-out of marketing within 30 days of receipt.
We will ensure that we obtain your consent before we share your personal data with any company outside of our Group for marketing purposes.
Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 4 above.
The Score App and Website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.
16.1. You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner's Office in the UK (the ICO).
16.3 We will respond to requests and questions addressed to firstname.lastname@example.org within 15 to 30 calendar days.