This refers to credit or debit card numbers, personal financial account information, or similar personal identifiers, racial or ethnic origin, physical or mental health condition or information, or other employment, financial or health information.
Personal information we collect
We use mobile analytics software to allow us to better understand the functionality of the SimplyMe Mobile Application on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. When you use the SimplyMe Mobile Application we may also collect your city location, device model and version, device identifier (or “UDID”), OS version, and your SimplyMe credentials and Member Account information.
We send push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We may link information we store within the analytics software to Personal Information you submit within the Mobile Application. We do this to improve the product and content offering we provide and to improve our marketing, analytics and Mobile Application functionality.
In order for us to provide you with our services, we collect both anonymous and Personal Information about you. Personal Information constitutes data that can be used to identify or contact a single person. You are under no obligation to provide any Personal Information at any time.
The information added to your Member Account, either by your providing the information or when a Linked Service adds the information with your permission, is stored and managed on our Service Providers’ servers. This information is then used to provide you with analysis of your data and personalised insights and recommendations to facilitate greater understanding of your health. We provide the Member Account to our members for their own personal information needs, and to meet our related needs. For the purposes of your use of your Member Account, Personal Information includes, without being limited to, the following:
As a SimplyMe Member, you are able to connect one or more smart devices, third party data sources or activity trackers to your Member Account. These devices and data sources track, among other things, your steps activity, sleep patterns, heart rate, and other health or related data, as well as self-entered data, such as your height, weight, and age, and calculated or inferred data such as BMI. From this information, we are able to calculate an overall wellbeing / health score for provided data points and analyse your sleep, activity, heart rate and other health-related patterns to provide you with insights into trends and comparisons against benchmarks.
You may be able to link your Member account to Social Media Sites (“SMS”) accounts such as your Facebook account when using SimplyMe Services. By linking your SMS account with your SimplyMe account, you permit us to access your information on that SMS. The information we collect from your SMS account may depend on your privacy settings with that SMS, which may enable you to control the information we collect via the SMS account by adjusting your privacy settings on that SMS. You can also de-link your SMS account from SimplyMe at any time.
For the purposes of your use of your Member Account, Personal Information includes the following:
We receive certain information from you when you create a SimplyMe account. To create an account, you provide your email address and policyholder number to authenticate and register information about your name and date of birth. You may optionally choose to provide information about your height, weight, and gender, as well as upload a photo of yourself for your profile.
When you use the SimplyMe Mobile Application you can choose to share certain information related to your health, settings and preferences, and lifestyle, which comprise:
We do not share Personal Information with unaffiliated Third Parties for their own marketing purposes.
We also use Personal Information to help us improve, develop, and support our Mobile Application and to inform potential new SimplyMe product and service development and innovation, as well as for other internal purposes, such as research and data analysis.
We may use your personal information, including date of birth, to verify identity, assist with identification of users, and to meet legal requirements. For example, we may use date of birth to determine the age of SimplyMe Account Members.
We may also use your Personal Information to create Anonymous Data records by first de-identifying your Personal Information, which means removing any information that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analysing overall health and Mobile Application usage patterns and preferences to improve our product. Subject to applicable laws and regulations.
We may also combine Non-Personal Information (data which cannot be linked back to you) with Personal Information. In the event of combining this data, the combined information will be treated as Personal Information for as long as it remains combined.
SimplyMe’s Mobile Application, email messages, and Service Providers may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us improve our understanding of Member Account behaviour and tell us which parts of our Mobile Application people have visited and functionality that has been used and personalise and customise content, so that your settings are ‘remembered’ when you log in (for example, knowing your name enables SimplyMe to personalise content to you). To the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Information by local law, we treat these as Personal Information. As is true of most internet services, we also track some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, language settings, browser type Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
If you wish to find out more about cookies and find out how to disable them, you can visit www.aboutcookies.org.uk/.
In some of our email messages, we use pixel tags to inform us whether an email has been opened or not. We may use this information to optimise or reduce future messages sent to customers.
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorised access, use or disclosure and preserve the confidentiality, integrity and availability of your Personal Information. This includes the encryption of your Personal Information in transit via Transport Layer Security (TLS) and at rest, salting and hashing of all passwords, and a range of information security and data privacy policies and procedures within the organisation which all relevant staff and contractors must follow. To ensure your Personal Information is secure, we communicate our privacy and security guidelines to all employees and contractors and strictly enforce information security and privacy safeguards within the organisation.
We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When your personal data is stored by Simplyhealth, we use secure third-party computer systems with limited access housed in facilities using physical security measures. Personal Information and data uploaded to the SimplyMe Mobile Application is stored in a secure data centre in the Netherlands operated by our third-party cloud hosting provider, Microsoft Azure (“Azure”).
We may make certain Personal Information available to Third Parties to enable us to provide you with the SimplyMe Mobile Application or to provide ongoing support or for research purposes. Where we need to share your Personal Information with a Third Party, the information we disclose will be limited to the minimum amount necessary to ensure the quality and provision of the services provided. We do not sell or rent your Personal Information to Third Parties.
We may share Personal Information with designated Third Parties that provide services such as managing Member data, providing customer service, conducting product, research or satisfaction surveys, and sending email to you. These companies are required to protect your Personal Information.
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for us to disclose your Personal Information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganisation, merger, or sale we may transfer any and all personal information we collect to the relevant third party.
In some instances, we may disclose your Personal Information with agents or contractors that work on our behalf to assist us in providing and supporting the services offered. This may include analysing your data or helping us to communicate important information to you.
We does not take any decisions involving the use of algorithms or profiling that significantly affects you.
For any Personal Information we hold, we will provide you upon request with access to your Personal Information in a standard format for any purpose, except where identified by local laws. SimplyMe provides the ability for Members to access and correct data via the Mobile Application itself or via submitting a request to [email protected] the Mobile Application functionality is not available. You can also submit a deletion request to [email protected] to request the deletion of your data from our system, which will result in the permanent and irreversible de-identification of your Personal Information. We will try to respond to all requests within one month.
You have the right to be able to update or correct any Personal Information we hold. You can correct or update the information we hold by modifying it directly within the SimplyMe Mobile Application. If you are unable to directly correct or update the information in the Mobile Application, you may contact [email protected] to request us to update or correct the information for you. We will try to respond to all requests within one month.
In case of an actual or suspected personal data breach, we will fulfil our obligations to notify of data breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you as a user.
Simplyhealth has put in place appropriate procedures to deal with any personal data breach and will notify thesupervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, we will notify the supervisory authority and the affected individuals without undue delay and within 72 hours of becoming aware of the situation.
If you know or suspect that your personal data may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at [email protected] to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.
SimplyMe does not permit individuals under the age of 18 to create a Member Account or to use the SimplyMe Mobile Application.
In the event that we learn of collecting the Personal Information of anyone under the age of 18, SimplyMe will take steps to delete their information as soon as possible.
The Data Protection Officer
You have a right to make a complaint at any time to your local privacy supervisory authority. Simplyhealth’s main establishment is in the UK, where the local supervisory authority is the Information Commissioner’s Office (ICO). You can also contact the Information Commissioner’s Office using their online form: https://ico.org.uk/global/contact-us/email/
or by post at:
Information Commissioner’s Office
However we would appreciate the chance to address your concerns before you approach the ICO, so please contact us in the first instance.