Little Journey processes data collected during the use of the Solace app under our customers’ instructions. This privacy policy provides information on the nature of data processing activities performed by Little Journey in relation to the provision of these services. 

2. General 

Little Journey Ltd is a UK registered company (Company Number 11519201).   
This Privacy Policy applies to all information and data collected by Little Journey Ltd when you interact with the Solace app. This Privacy Policy describes how and why we collect, store, process, and share personal information or data. It also describes your choices and rights with respect to your personal data, including your rights of access and correction of your personal data.  

If you choose to use the Solace app, then you agree to the collection and use of information as described in this policy. If you do not agree with this Privacy Policy, you should not use the Solace app. 

We regularly review this Privacy Policy and may update it from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and within the Solace app, and you are advised to review this page periodically for any such changes. These changes are effective immediately after they are posted on this page. It is important that the personal data we have for you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.  

Little Journey will:  

• Limit the collection of personal information to what is directly relevant and necessary to accomplish the purposes specified below.   

• Only use your personal data when the law allows us to do so. 

• Retain the data only for as long as is necessary to fulfil these purposes.  
   

If you have any questions about this Privacy Policy, please contact DPO@littlejourney.health 

Sections of the Solace app are aimed at children between the ages of 3 to 7 and 8 to 12. However, the app is not intended for use by children directly, but by parents/guardians/caregivers for the benefit of their children during supervised viewing. It is aimed at parents/guardians/caregivers with content specific to children to facilitate conversation between them and their children. If you are under the age of 13, please make sure you have permission from your parent or guardian before you use the app. If you discover that your child has been using the app without permission, please contact us at DPO@littlejourney.health to have any relevant data erased.   

4. All App Users (for Caregivers)
 
a) Information We Collect About Solace App Users 

Information Collected and Controlled by Little Journey 

Identity Data  
Little Journey will collect identity data shared with us through the app, such as unique codes provided to you by the clinical trial site. We deliberately do not ask for directly identifiable data, such as your name, address, or e-mail, to ensure that we safeguard app user privacy. 

Profile Data  
When setting up the app on a device, it will be possible for us to determine information relevant to the user’s clinical condition as well as information relating to the research site and the general clinical trial pathway. We will also collect responses to surveys or questionnaires relating to the user’s experience while using the app. Responses to these surveys will be linked to the user profile. 

Device Data 
We collect the details of the device used to interact with our services, including the device brand name, such as Motorola or Apple; device category, such as mobile or tablet; device name/model, such as iPhone XS or SM-J500M; and operating systems version, such as MAC OS X 10.2.  

Usage Data  
We collect details of your use of any part of the Solace app, including, but not limited to, the resources that you access and application version.  

Improving Your Experience 
We need to know certain information about our users in order to deliver our service. We use profile and identity data shared with us through the app for this purpose. For example, we ask you to select the country and language options so that we can provide content in the app that you can understand.   We also collect unique codes provided to you by our customers so that they can link data collected through the app to other data they process as part of the clinical trial.  

Improving the Solace Application 
We collect data about how our products and services are used by monitoring and tracking usage data, which we combine with other data you provide. We use this data to develop and improve our products and services.  For example, we use usage data to assess trends and usage involving the product to help us determine what new features our users may be interested in and feedback from surveys to address areas of potential dissatisfaction. 

Automated Processing 
We do not use data provided to us for making decisions based solely on automated processing. 

Little Journey will retain data obtained through the app for a maximum of 6 years unless otherwise specified by the data controller. 

It is not possible to use the app without entering the identification data provided to you by the clinical trial site. This data is necessary to confirm your involvement in the trial and to have subsequent access to the app. If you use the service, you will be unable to opt out of any other data processing activities related to using the app. However, you may opt out of certain activities by exercising your rights as described below.  

As a data processor, our legal basis for collecting and using the personal data described above is aligned to the legal basis determined by the data controller. This is also the case for any conditions required for the processing of any special category data necessary to deliver the service.  

5. How We Share Your Data 

We employ other third parties and service providers to assist us in providing our service to you. Examples of sharing your data with a third party may include sharing with a service provider responsible for maintaining our operational infrastructure or analyzing data / performing statistical analysis for developing and improving the product and services. These service providers are prohibited from using your personal data except for purposes explicitly agreed upon, and they are required to maintain the confidentiality of your information. 

For app users based in the UK or the European Economic Area, there may be circumstances where we need to transfer your personal data outside the UK or the European Economic Area (EEA). Whenever your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards. This will include the use of a recognized legal adequacy mechanism, standard contractual clauses / an International Data Transfer Agreement (IDTA), any required additional technical measures (including pseudonymization), and taking steps to ensure that personal data is treated securely and in accordance with this privacy notice.  

We value your trust in providing us your personal information, and we strive to protect it. All information you provide us will be stored on secure servers, and we will use strict procedures and security features in order to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Such measures include:  

• Pseudonymization.  

• Encryption of your data in transit and at rest.  

• Storage on servers that are certified to industry-recognized information security standards.  

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. Should we discover a data security breach, we will use everything within our means to inform you (and our regulator) and take all steps required of us under English law.  

Little Journey services may contain links to and from the websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services. 

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data. In summary:   

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we have on you and to check that we are lawfully processing it. 

• Request correction of the personal data that we have on you. This enables you to have any incomplete or inaccurate data we have on you corrected, though we may need to verify the accuracy of the new data you provide to us. 

• Request erasure of your personal data. This enables you to ask us to erase or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to erase or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be explained to you, if applicable, at the time of your request.   

• Object to processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing for this reason, as you feel it impacts your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes.    

• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:   

• if you want us to establish the data’s accuracy;   

• where our use of the data is unlawful, but you do not want us to erase it;   

• where you need us to retain the data even if we no longer require it, as you need it to establish, exercise, or defend legal claims; or   

• you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.  

• Request the transfer of your personal data to you or to a third party. We will provide you – or a third party you have chosen – with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to carry out a contract with you.  

• Withdraw consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.   

You also have the right to ask us to cease processing your personal data for marketing purposes.   
You can exercise any of these rights at any time by contacting our support team at DPO@littlejourney.health. 
 
We will respond to any of the requests described above as soon as possible, and no more than 2 months after receipt.

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our Data Protection Officer: 
   
 
DPO@littlejourney.health 
 
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the supervisory authority for UK data protection issues.   

We have appointed IT Governance Europe Limited to act as our EU representative. If you are located within the EU and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please e-mail our Representative at eurep@itgovernance.eu. Please make sure to include our company name in any correspondence you send to our Representative.  

If you have any concerns about the way Little Journey processes your data or manages your data rights which can not be resolved through contacting dpo@littlejourney.health, then you can raise this with the data controller (https://www.azprivacy.astrazeneca.com). Or alternatively, you have the right to lodge a complaint with the designated data protection supervisory authority in which your country is based.