Privacy Policy
Last updated: 6 September 2022
This page is designed to help you understand why and how we use your personal data. By personal data we mean information that relates to a living individual and which can identify or be identified with that individual.
We are Visible, a trading name of Visible Health Inc. a company registered at 251 Little Falls Drive, Wilmington, Delaware 19808 USA.
We may use your personal data to:
- enable you to access the Visible app and website (the “app”);
- provide you with information and support in connection with chronic illness;
- provide you with insights based on data from a wearable device;
- generate insights to inform product development;
- generate anonymized statistics to share with others for the purposes of research, providing you have explicitly opted in; and
- send you information about the app, our company and the development of the app.
The above is an overview of how your personal data may be processed and is by no means exhaustive – please see below for information on how specific types of personal data are collected, processed and shared.
Below, we have tried to provide you with as much information as we possibly can to explain how your personal data may be used. This means there is a lot of information on this page. To help with finding the information that is most relevant to you, we have split this information into different sections using subheadings.
You may contact us by email on info@makevisible.com.
How is your data processed to enable you to access the app?
What kinds of data do we collect?
We obtain the following personal data directly from you:
- your user name;
- your year of birth; and
- a valid email address.
We refer to this information as the “access data”.
How long is access data kept for?
We retain your access data for up to 7 years after the date on which your membership account is closed.
How do we use your access data?
We use your access data to log you in to the app and to verify that you are a real person. Our legal basis for processing this data is contractual necessity. Without this processing we wouldn’t be able to authorize you to access and use the app.
How is your data processed to provide wellness information and support?
What kinds of data do we collect?
When you first register for the app and at various points after that we will ask you questions about your illness, your symptoms and the types of exertion that affect you. Thereafter, you may complete check-ins where you enter data including information about symptoms, and record biometric data such as heart rate using the app. We refer to this personal data below as “wellness data”.
How long is your wellness data kept for?
We retain all your wellness data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized.
How do we use your wellness data?
We use your wellness data to help you track and understand your illness, for example by allowing you to identify trends and generate wellness reports.
Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app. We shall ensure that any such consent obtained is explicit consent.
Please note that without your consent to do this, we will be unable to offer you access to the app. This is because your wellness data is necessary for us to provide the support and information.
How is your data processed to provide you with insights based on data from a wearable device?
What kinds of data do we collect?
If you connect a wearable device to the Visible app, we collect:
- biometric data such as resting heart rate, heart rate variability, gyroscope and accelerometer data; and
- geolocation data such as precise and approximate location if you give Visible permission do so.
Taken together, we refer to this personal data below as “wearable data”.
How long is your wearable data kept for?
We retain all your wearable data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized.
How do we use your wearable data?
We use your wearable data to help you track and understand your illness, for example by allowing you to measure your heart rate over time and receive pacing notifications.
Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app. We shall ensure that any such consent obtained is explicit consent.
Please note that without your consent to do this, we will be unable to offer you access to certain features and functionalities which require access to your wearable data. You will still be able to use other features of the app which do not require access to your wearable data.
How is your data processed to generate insights to inform product development?
We also use your access data, wellness data and wearable data to generate insights that may then be used by us to inform product development. This means that we may use this data to better understand the needs of our users and make prioritization and design decisions based on these needs. Our legal basis for processing this data is consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app. As some of the data involved relates to your health, then we shall ensure that any such consent obtained is explicit consent.
How is your data processed to allow anonymized statistics to be shared with others for research purposes?
We also use your wellness data to generate anonymous statistics that may then be shared with third parties for research purposes. We will only share your data with third parties for research purposes if we have explicitly sought your consent to do so on a case-by-case basis. Where this is the case, your wellness data will be anonymized so that you won’t be identifiable from that data. Our legal basis for processing this data is consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below. As the data involved relates to your health, then we shall ensure that any such consent obtained is explicit consent.
How is your data processed to enable us to send you information about the app, our company and the development of the app?
We will use your access data (see the “How is your data processed to enable you to access the app” section above for more details as to what this data is) to contact you and provide you with information about our activities and developments and improvements to the app. We do so on the basis of our legitimate interests in keeping you up-to-date with changes in our business and products. In doing so, we will offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages.
Who do we share personal data with?
Internally, we only grant access to identifiable personal data to those people that need access to that data to carry out their role. Externally, we may share from time to time share personal data with the following categories of recipients:
- our service providers, for instance:
- companies that manage our IT infrastructure;
- companies that provide us with cloud based IT systems;
- companies that provide technical services to us, including companies that process and generate insights on biometric data; and
- our external advisors, for instance IT consultants, data scientists, accountants and lawyers,
and where we share personal data with service providers we will always ensure that the service provider is committed contractually to only use personal data in compliance with our instructions and data protection law;
- our regulators, law enforcement, intelligence services and other government authorities, where they require us to do so; and
- potential buyers of or investors in our business where necessary in connection with a due diligence exercise.
Transfers of personal data outside of the European Economic Area (EEA)
The EEA is a group of countries that share the same basic data protection law, and therefore the law assumes that where your personal data is transferred between these countries it enjoys a similar level of protection.
We generally store and process personal data inside the EEA.
However, in some circumstances the third parties who assist us in providing the services (suppliers), may transfer personal data outside the EEA.
Where suppliers do so, we require our suppliers to do so in compliance with UK data protection laws, typically requiring them to enter into standard contractual clauses approved by the European Union as providing equivalent protection to what would be in place had the personal data remained in the EEA.
We can provide more information on the non-EEA countries to which we transfer your personal data on request.
Your rights and how to exercise them
The law gives you certain rights in respect of the personal data that we hold about you. Below is a short overview of those rights (for more information about the rights you have in respect of your personal data please visit the Information Commissioner’s Office website: www.ico.org.uk).
Access
With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you.
Access to the personal data we hold on you is free of charge however, we may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.
Where you have given us your personal data (i.e. you have input it into the app), you may have the right to receive your copy of this data in a common electronic format. If you wish, we can provide copies of this data to other people, if it is technically feasible to do so.
Correction
You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion.
Deletion
In some limited circumstances, you have the right to have personal data that we hold about you erased (“the right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (for example, in connection with a legal claim or because we are obliged to do so by law).
Objection
You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection.
Opting out of marketing
You have the right to require us to stop using your personal data to send you marketing information. If you want us to stop sending you marketing information, the quickest and most efficient way is to use the provided “unsubscribe” links in our communications (although you can contact us directly if you prefer).
Temporary Restriction
You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, For example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights.
Geolocation Data
You may allow or disallow Visible to collect geolocation data by enabling or disabling location services on your device. If you decline to grant Visible access to this data, we will not be able to provide certain services, capabilities, or features to you.
Withdrawing Consent
If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue.
Please be advised that in certain circumstances withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, the service or part of the service.
To exercise any of your rights you can email us on info@makevisible.com. Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.
We treat the protection of your personal data with the utmost importance but if you have cause to complain, we would always ask that you contact us first so we can attempt to resolve the matter for you. However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office. You can contact them on 0303 123 1113 or via their website www.ico.org.uk/make-a-complaint
Changes to this policy
We may change this privacy policy at any time. Where we make significant changes, for instance where we use your personal data for materially different purposes, we will email you to let you know.