Version 1.3
Our Privacy Notice was last updated February 5th 2025.
| Document owner: Emma Dyson |
| Issue date: February 5, 2025 |
| Version | Date | Description | Approval(s) (Name, Job Title) |
|---|---|---|---|
| v1.3 | August 1, 2025 | Version 1.3 | Emma Dyson, CMO; Jamie Baker, CEO |
| v1.2 | February 5, 2025 | Version 1.2 | Emma Dyson, CMO; Jamie Baker, CEO |
| v1.1 | December 3, 2024 | Version 1.1 | Emma Dyson, CMO; Jamie Baker, CEO |
| v1.0 | October 17, 2024 | Version 1.0 | Emma Dyson, CMO |
The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Mana Medical Ltd ("the Company", "We", "Us" or "Our") is committed to protecting your privacy. This policy explains how we collect, use, store and share your personal data, and how we comply with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions, please contact us at support@manamedical.co.uk
While using Our Service, we may ask you to provide Us with certain personally identifiable information that we may collect, store, use and transfer, which we have grouped together below. Personally identifiable information may include, but is not limited to:
We will only use your data when we have a lawful basis, which includes, but is not limited to:
In addition to processing your Personal Data, we also collect, use and share aggregated data and anonymised data for research, analytics, product improvement and legitimate business interests. Aggregated Data could be derived from your Personal Data, but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat that combined data as Personal Data, which will be used in accordance with this Privacy Policy. Anonymous data is data that has been permanently modified so that no individual can be identified.
We process Aggregated Data under Article 6(1)(f) of UK GDPR (legitimate interests), and where applicable, under Article 9(2)(j) (research and statistical purposes in the public interest). We ensure that any research activities align with data protection principles and applicable ethical standards. For example, these might include, to understand health trends, such as how often individuals with certain medical conditions experience specific symptoms, improve our services by analysing usage trends and engagement patterns, developing research and insights to enhance health technology solutions and may be used to inform future research and improve our app algorithms, but it will never include identifiable information and cannot be traced back to you. Although this aggregated data may be based in part on Personal Data, it does not identify you personally. We may share this type of anonymous data with others, including service providers, our affiliates, agents and current and prospective business partners. If Aggregated Data is shared with third parties, we ensure that they adhere to UK GDPR and data protection best practices. If shared outside the UK/EEA, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions. We never share identifiable Personal Data without your explicit consent.
Before sharing Aggregated Data, we use data anonymisation techniques such as generalisation, suppression, and k-anonymity to ensure that individual identification is not possible. If pseudonymised data is used internally for research, we apply strict access controls to protect against unauthorised re-identification. We only aggregate and analyse the minimum necessary data to achieve our research and service improvement goals.
Since Aggregated Data is fully anonymised and does not contain identifiable information, it cannot be deleted or linked back to an individual. However, if you believe that any of your identifiable Personal Data has been improperly processed, you may contact us at support@manamedical.co.uk.
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. Application performance data including error reports and diagnostic data might be saved from Your device. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both Session and Persistent Cookies for the purposes set out below:
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
You can control and manage cookie preferences via Your browser settings.
The Company may use Personal Data for the following purposes, under Article 6(1)(f) of UK GDPR (legitimate interests), and where applicable, under Article 9(2)(j) (research and statistical purposes in the public interest). We ensure that any research activities align with data protection principles and applicable ethical standard:
We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose under Article 6(1)(f) of UK GDPR (legitimate interests). If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We never share identifiable Personal Data without your explicit consent.
Your information is securely stored. The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. If you request we delete this data, we will delete all identifiable data we hold about you. Once data is anonymised, it cannot be deleted because it will no longer be linked to you. Otherwise here is our retention schedule:
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Your consent to this Privacy Notice followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.
When transferring data internationally we ensure that there is an adequacy decision in place which confirms that there is an adequate level of protection for personal data. We also use data processors based in locations which are not yet subject to an adequacy decision, however where this is the case we ensure that appropriate safeguards are in place so that enforceable data subject rights and effective legal remedies for data subjects are available. This will usually be achieved through the careful selection of data processors which offer high levels of security for personal data and the use of Standard Contractual Clauses (SCCs) which place binding legal obligations on the recipient to ensure the protection of personal data.
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:... We use data processors who are third parties who provide elements of services for us, including cloud based storage providers. We have contracts in place with our data processors. This means that they cannot do anything with your personal information such as share it with other organisations unless we have instructed them to do it. They will hold your personal data/information securely and only retain it for the period we instruct.
We may use third-party Service providers to monitor and analyse the use of our Service. This is to collect standard internet log information and details of visitor behaviour patterns. We do this to understand things such as the number of visitors to the different areas of the Service. This information is only processed in a way which does not identify anyone. If we do want to collect personally identifiable information through our Service, we will make this clear at the point personal information is collected and will explain what we intend to do with it.
We may use Your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. These forms of contact will be managed by us or by our contracted service providers. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us at support@manamedical.co.uk.
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors). We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Notice.
We may process Personal Data under the following conditions:
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
For the special categories of data that we collect, the enhanced legal justification we rely on is:
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
You may exercise your rights of access, rectification, erasure and opposition by contacting Us. Please contact us at support@manamedical.co.uk if you wish to make a request.
Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
For the United Kingdom, this is the Information Commissioner's Office (ICO).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
At this time, we do not share any personal data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/
Our Service does not knowingly address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from Our servers.
support@manamedical.co.uk