PRIVACY POLICY

ABOUT US

The Little Journey app has been created by Little Journey Ltd. (Company Number 11519201). 

This Privacy Policy is used to inform our users about how and why we collect, store, process and share personal information or data. If you choose to use the Little Journey applications, then you agree to the collection and use of information as described in this policy. The personal information that we collect is used for providing and improving the app. We will not use or share your information with anyone except as described in this Privacy Policy. 

CHILDREN’S PRIVACY 

Sections of the Little Journey app are aimed at children aged between 3 and 12. However, the app is not intended for use by children directly but by parents/guardians for the benefit of their children, during supervised viewing. It is aimed at parents/guardians with content specific to children to facilitate conversation between parents and children. If you are under the age of 13 please make sure you have permission from your parent or guardian before you use the app. If you discover that your child has been using the app without permission, please contact us at DPO@littlejourney.health to have any relevant data deleted. 

IMPORTANT INFORMATION AND WHO WE ARE   

Little Journey Ltd. (Company Number 11519201) is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this policy). 

If you have any questions about this privacy policy, please contact DPO@littlejourney.health.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for UK data protection issues.

We have appointed IT Governance Europe Limited to act as our EU representative. If you are located within the EU and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include our company name in any correspondence you send to our Representative.

 

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES  

We keep our Privacy Policy under regular review and may update it from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and within the Little Journey app and you are advised to review this page periodically for any such changes. These changes are effective immediately after they are posted on this page.  

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

Where consent is used as the basis for lawful processing of data, should the purpose of data collection change then the user will be informed and consent re-obtained.

THIRD PARTY LINKS                                                                                                                                 

The Little Journey application from time to time may contain links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services. 

THE DATA WE COLLECT ABOUT YOU   

We may collect, use, store and transfer different kinds of personal data about you as follows:

App Users (Patients and Children)

  1. Identity Data: Child’s age in years.  
  2. Profile Data: including the Date of procedure, language, hospital and hospital tour selected (this will include a non-specific description of the type of procedure/appointment) and Questionnaires/surveys related to your experience.
  3. Device Data: Device brand name e.g. Motorola, Apple. Device Category e.g. Mobile or tablet. Device name/model e.g. iPhone XS or SM-J500M. Operating systems version e.g. MAC OS X 10.2.
  4. Usage Data: includes details of your use of any part of our App, including but not limited to, the resources that you access and application version.
  5. Identification codes: Codes allocated to you by our customers to link you to a specific clinical pathway or trial protocol.

Following six-years after your procedure date (as inserted into the App by you) we convert all the above information into non-identifiable aggregate data that is used for statistical purposes to improve the App. This information, grouped with all other App users at your selected Hospital or part of the same trial, may be shared with this hospital for them to improve their services. It is not possible for the hospital, CRO or our team to identify you or your child from this information.

Portal Users (Healthcare Professionals and Clinical Trial Administrators)

  1. Identity Data: Email address.  
  2. Profile Data: including Questionnaires and surveys related to your experience.
  3. Device Data: Device brand name e.g. Motorola, Apple. Device Category e.g. Mobile or tablet. Device name/model e.g. iPhone XS or SM-J500M. Operating systems version e.g. MAC OS X 10.2.
  4. Usage Data: includes details of your use of any part of our App, including but not limited to, the resources that you access and application version.

We will retain your identity data until you request to have it deleted or you remove your portal account.

All Users

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Where we support either a clinical trial or healthcare institution collect customised data, we will act as a processor or sub-processor on behalf of the healthcare institution or trial Sponsor (as data controller) or their vendor under their direction, including the application of their lawful grounds for processing.

Visitors to our Website

  1. Identity data: Any identity data requested through the website such as name and E-mail address.
  2. Usage data: includes information relating to the use of our website obtained using tracking cookies or similar technologies.

HOW IS YOUR PERSONAL DATA COLLECTED?   

We will collect and process the following data about you: 

  • Information you give us. This is information (including Identity and Contact) you give us about you and your child for example, via the App or by corresponding with us (for example, by email or chat). It includes:
    • (a) App Users Data: We may collect and process the following data about you:
      • Your child’s age in years.  This information is used to tailor the content of the App to your child’s predicted level of understanding based on their age. We use this information to inform you through push notifications (which you can opt out of) when the optimum time to use the App is, which varies according to your child’s age.
      • Date of procedure(s). It is used to tailor the content of the App to your specific point in your hospital journey visit. For example, the day before the hospital visit we will provide you with information about what to bring to hospital. We also use this information to deliver questionnaires and surveys at the right time.
      • Your Hospital. Users are able to select the hospital where their child’s procedure is occurring. The content of the App will then be tailored to this hospital including but not limited to the rooms which you’ll visit on the day of the procedure (as provided by that hospital), that hospitals advice on fasting times before surgery and their contact information. This information is stored indefinitely as part of the non-identifiable aggregate data and linked with traffic data and questionnaire/survey results.

 

Whilst it is possible to use the app without entering the date of procedure, it is not possible to opt out of the collection of your hospital and child age data as it is essential for the app to work as intended.

 

    • (b) Portal Users Data
      • Your email address. We use this to identify your account and contact you as necessary. We keep this for as long as you have an account with us.

 

It is not possible to opt out of the collection of this data as it is essential to ensure that access to data stored within the portal is secure.

 

    • (c) All Users Data
      • Survey data requested by Little Journey: we may request that you complete surveys or questionnaires while you use the App/Portal, including but not limited to:
        • How satisfied you are with the care you received on the day of the procedure?
        • How satisfied you are with the information you have received through the app?

The results of these surveys/questionnaires will be linked with your child’s age, the type of appointment you attended and stored within our anonymised secure database. This non-identifiable information will be used to help guide us how to improve the Little Journey app for future children and their parents who are having a healthcare procedure by assessing if any changes to the App improve satisfaction levels.

We may also supply the results of the surveys/questionnaires anonymously to hospitals for them to improve their services.

      • Survey data requested by a healthcare provider: healthcare providers may use our platform to request app users to complete surveys and questionnaires relevant to their service.
        • When healthcare providers use our service for this purpose, they may collect data relating to your healthcare experience and outcomes. We do not control the content of surveys or the types of Personal Data that they may choose to collect or manage using our service. We store their information on our service providers' servers but process it as a processor under our customers’ instructions, this may include combining survey data with app usage data as per the requirements of the healthcare provider.
        • Our customers control and are responsible for correcting, deleting or updating the information they process using the Little Journey portal and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to Little Journey for processing purposes.

 

The completion of surveys in the app is not essential to ensure that the app performs as intended, therefore it is always possible to opt out of the provision of this data by not completing the survey or providing the data requested. 

 

    • (d) Data provided to us through our website

We use the information you provide through our website, like your email or physical address, to:

  • market and promote our products, services, and other offerings. This includes sending content to you which we think may be of interest by post, email, or other means. We use this information to promote the use of our services to you and share promotional and information content with you in accordance with your communication preferences.

 

  • Contact you in relation to issues raised and feedback provided in relation to our services.

You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or by contacting us through support@littlejourney.health.  Customers cannot opt out of receiving transactional emails relating to services provided by Little Journey. 

 

    • (e) Data provided to us through other means of communication

Additionally, if you contact us, we will keep a record of that correspondence. 

 

 

HOW WE USE YOUR PERSONAL DATA   

Little Journey will:

  • Limit the collection of personal information to what is directly relevant and necessary to accomplish the purposes specified below.
  • Only use your personal data when the law allows us to do so. Most commonly we will use your personal data (a) for our legitimate interests to enable us to give you the best service/product and the best and most secure experience, (b) where we need to comply with a contractual obligation; (c) where we need to comply with a legal or regulatory obligation; or (d) where we are consented by the data subject.
  • Retain the data only for as long as is necessary to fulfil those purposes.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

Purpose/activity

Type of data

Lawful basis for processing

To install the App and register you as a new App or Portal user

Identity

Profile

Device

(a)

To enable you to complete a survey

Profile

(a)

To administer and protect our business and this App including troubleshooting, data analysis and system testing

Usage

Device

(a)

To deliver content to you

Profile

(a)

 

To monitor trends so we can improve the App

Identity

Device

Profile

Usage

(a)

To assist sponsors or contract research organisations as part of a clinical trial

Identity

 

Profile

 

Usage

(b)

To assist healthcare providers with service improvement

Identity

 

Profile

 

Usage

(b)

Marketing communications

Identity

(a)

 

INTERNATIONAL TRANSFERS

There may be circumstances where we need to transfer your personal data outside the UK or the European Economic Area (EEA). Where your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards. This would include the use of a recognised legal adequacy mechanism or standard contractual clauses, any required additional technical measures (including pseudonymisation) and we will take steps to ensure that personal data is treated securely and in accordance with this privacy notice.

 

DATA SECURITY 

We value your trust in providing us your Personal Information and we strive to protect it. All information you provide to us is stored on our secure servers and we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way such as:

  •  
  • Encryption of your data in transit.
  • Storage in servers that are certified to industry recognised information security standards.

But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. Should we discover a data security breach, we will inform you (and our regulator) and take all steps required of us under English law.

DATA RETENTION

We will retain your personal data only for as long as we need it or have another justification, defined by law, to hold it. The maximum period for which we retain your personal information is six years after your date of procedure, following which your/your child’s data will be securely and permanently destroyed.

Prior to this, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

YOUR LEGAL RIGHTS

Under certain circumstances you have the following rights under data protection laws in relation to your personal data. In summary: 

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. 
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.  
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: 
  • if you want us to establish the data’s accuracy; 
  • where our use of the data is unlawful but you do not want us to erase it; 
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or 
  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

 

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

You also have the right to ask us not to continue to process your personal data for marketing purposes. 

You can exercise any of these rights at any time by contacting our support team at DPO@littlejourney.health 

NHS National Data Opt Out System (NDOOS):

 

Little Journey is compliant with the NHS National Data Opt Out system as we have no data disclosures which required opt outs to be applied.

 

CONTACT US 

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Data Protection Officer. 

Data Protection Officer 

Ian Knott

DPO@littlejourney.health