Privacy Notice Pneuma Healthcare

Effective date: May 2023

Introduction
Pneuma Healthcare (“we”, “us”, “our”, Pneuma Healthcare”) respects your right to the privacy and confidentiality of your personal information. This Notice sets out the obligations of Pneuma Healthcare regarding data protection and your rights when you interact with Pneuma Healthcare online, use our mobile applications or avail of our Services (the Services) or visit our websites, and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our Sites, vendors, suppliers and other users of our Services (together, “you”).

Information About Us
Pneuma Healthcare can be contacted at 8 Killymallaght Road, Cullion, Derry, Derry BT473UT GB

Pneuma Healthcare is the data controller for your data for the purposes of the Irish Data Protection Act 2018 and the General Data Protection Regulation (GDPR) or, as applicable in respect of UK customers, the UK Data Protection Act 2018. In some instances, for certain clients, we may act as a data processor when we deliver services to you on their behalf.

Personal Data We Collect and how we use it
When you interact with Pneuma Healthcare through the use of the Services or the Website, we may collect Personal Data and other information from you, as further described below. We may also periodically obtain both personal and non-personal information about you from customers, business partners, contractors and other third parties. Examples of information that we may receive are included below:

Your Choices
You can visit the Services without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Pneuma Healthcare Services. Certain information is required to provide individualised services to each user of our mobile application. If you choose not to provide any Personal Data, you will not be able to use our mobile services.

How Long Will You Keep My Personal Data?
We only keep your personal data for as long as is necessary in order to use it as described above for business or legal purposes. We will also retain your personal data as long as necessary to deal with your queries and for as long as you might legally bring claims against us. We will take all necessary steps to ensure that data privacy is maintained for the period of retention.

How is Your Data Secured?
All our servers are hosted in the European Economic Area (“the EEA”) . Depending on the other systems used, some of your data may be processed outside of the EEA (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If we do process data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EU under the GDPR.

Security
Data security is very important to Us, and we are committed to protecting the security of the personal data you share with us or we otherwise process about you. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk. We have attempted to protect Pneuma Healthcare's servers by locating them in areas with security procedures, use of firewalls and implementing other generally available security technologies. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of data, but no guarantee can be made that your information and data will be secure from intrusions and unauthorized release to third parties.

All commercial transactions that take place on Our Website are processed through our secure server in order to make every reasonable effort to insure that your personal information is protected. Any transactions that take place on other sites that have links from the Website are not necessarily handled in this fashion. Pneuma Healthcare disclaims any responsibility for transactions conducted on those sites and cannot vouch for the security of the information submitted in those transactions.

Pneuma Healthcare has implemented processes intended to protect user information and maintain security of data. Each account holder is assigned a unique user name and password, which is required to access their account. It is your responsibility to protect the security of this login information. Pneuma Healthcare takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to Pneuma Healthcare via the Internet.

International Data Transfers
We may transfer your personal data to countries that are not part of the EEA. These are known as “third countries” and may not have data protection laws that are as strong as those in the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within EEA under the GDPR as follows:
We will transfer to countries which have been approved as “adequate” by the European Commission.

We may use specific contracts with third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR.

Our Disclosure of Your Personal Data and Other Information:

Is my data shared with my organisation?
We will not share any of your sensitive data with your organisation. Your organisation may receive a company overview report containing only anonymised and aggregated data about the health and wellness of their employees as a whole. Your organisation may receive reports containing identifiable information that indicates that you have registered to use the service. We will never share sensitive information in an identifiable format with your organisation including;

Screening data collected by the Service
Metric data collected by the Service
Activity data tracked by the Service

Is my data shared with other Parties?
Pneuma Healthcare is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

Group Companies: We may share your personal information with other members of the Pneuma Healthcare Group for purposes outlined in this Notice. This may include Pneuma Healthcare Health.

Service Providers: We will share your Personal Data, such as name and e-mail, with service providers who are working with us in connection with the provision of the Website and the operation of the Services. These service providers have access to your Personal Data only to perform services on our behalf and are obligated not to disclose it or use it for any other purposes.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, Personal Data may be part of the transferred assets.

Agents, Consultants and Related Third Parties: Pneuma Healthcare, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments.
When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function. This also includes the necessary information that provide us to process transaction with partners such as, but not limited to Fitbit & Specsavers.

Legal Requirements: Pneuma Healthcare may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Pneuma Healthcare, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Our service providers act on Pneuma Healthcare's behalf. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU data protection law.

Cookies "Cookies": are small text files that allow Web sites to store and retrieve information about you from your computer system. Pneuma Healthcare does serve cookies to track individual site usage for later aggregation. But we do not use cookies in order to retrieve any information from your computer other than information originally sent in a Website cookie, such as a user code. We have no control over whether and how our advertisers use cookies that originate from their website.

Communication from Pneuma Healthcare: From time to time, we may send you information with announcements and updates about the Website, the Services, and your account. You may elect to opt-out of ongoing e-mail communication from us, such as newsletters, subscriptions, account information, promotional materials, contest results, survey inquiries, etc. by using a simple "opt out" procedure. You need only reply to the communication with the word "unsubscribe" (without the quotation marks) in the body of your e-mail response and your name will be removed from that mailing list. However, if you opt-out of receiving our announcements and updates about your account, you may no longer have access to areas restricted to account members.

Children: The Website and Services are not intended for children under the age of 18 nor does Pneuma Healthcare knowingly collect personal information from children under 18. Pneuma Healthcare does not orient the Website or Services toward children or target them as an audience, nor does it screen them from using Pneuma Healthcare.

Links to Other Sites: The Website provide links and pointers to Web sites maintained by other organisations. Pneuma Healthcare provides these links as a convenience to users, but it does not operate, control, or endorse such sites. Pneuma Healthcare also disclaims any responsibility for the information on those sites and any products or services offered there and cannot vouch for the privacy policies of such sites. Pneuma Healthcare does not make any warranties or representations that any linked sites (or even the Website) will function without error or interruption, that defects will be corrected.

Data Subject Rights
As a data subject, you have the following rights under the GDPR and the UK Data Protection Act, which this Notice and Our use of personal data have been designed to uphold. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to any request you may make if we are relying on any such exemptions.

The right to be informed about Our collection and use of personal data;
The right of access to the personal data we hold about you
The right to rectification if any personal data We hold about you is inaccurate or incomplete
The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you
The right to restrict (i.e. prevent) the processing of your personal data;
The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
The right to object to Us using your personal data for particular purposes; and
Rights with respect to automated decision making and profiling.

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.

In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal permission to do so. Please note this will have effect on future processing of your personal data only, it does not make data processing before the withdrawal of consent unlawful.

To withdraw your consent, you may send an email to gdprPneuma Healthcarelife@Pneuma Healthcare. If you withdraw your consent, you may no longer be able to use our services.

How You Exercise Your Rights
We will take reasonable steps to update, correct, limit or delete Personal Data in our possession that you have previously submitted via the Services if requested via email to our Privacy team at gdprPneuma Healthcarelife@Pneuma Healthcare.

Filing a complaint
If you have any cause for complaint about our use of your personal data, please contact us using the details below and we will do our best to solve the problem for you.
DPO, Pneuma Healthcare, room MC213, Ulster University, Magee Campus, Northland Road, Derry, NI.

Please also feel free to contact us if you have any questions about Pneuma Healthcare’s Privacy Notice or the information practices of the Services.

Updates to the Privacy Notice
The Services and our business may change from time to time. As a result, at times it may be necessary for Pneuma Healthcare to make changes to this Privacy Notice. Pneuma Healthcare reserves the right to update or modify this Privacy Notice at any time and from time to time without prior notice. Please review this Notice periodically, and especially before you provide any Personal Data. This Privacy Notice was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Notice shall indicate your agreement with the terms of such revised Privacy Notice.