v.1.0 effective May 31st 2019
We know you value your privacy. And when you visit our website to learn more about us, you shouldn’t have to worry about whether we’re learning more than we need to about you, or using your personal data in ways that make you uncomfortable. We want to learn what brings you to our website, what products, services and information interest you, how you engage with our content, what worked – and what didn’t. But we also want to respect your privacy and your choices. So we only collect and use what’s necessary, and we make it easy for you to manage your preferences. Right now, we’re focused on the bigger picture, not the individual website visitor’s activity. So we only collect what we need to help us get a general understanding of how our visitors engage with our website. We don’t process a lot of personal data about our website visitors at this time, as you can see from our Your Data At-a-Glance table below. Note that our services are not intended for children and we do not knowingly collect data relating to children.
This Notice describes how and why we collect the personal data of our website visitors and describes your rights over that data. You should read it along with any other Notices we’ve provided in specific contexts, for example at a conference. You can find more information about our cookie use and how to manage your preferences here.
GAMA Healthcare Ltd. is part of the GAMA Corporation Ltd. (UK) group of companies. We are registered as a data controller (registration no. ZA308362) with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. This Notice is issued on behalf of our UK-based entities: GAMA Healthcare Ltd., Carell Ltd., and Aga Nanotech Ltd. (UK), and Fellows Research Centre Ltd. (UK), so when we refer to ‘GAMA’ we refer to this group of companies.
We have appointed a Privacy Manager who oversees our privacy program and can answer your questions related to this Notice or our data processing activities in general. Please feel free to address any questions or concerns to firstname.lastname@example.org or by phone at +44(0)20 7993 0030 You have the right to make a complaint at any time to us or the ICO (www.ico.org.uk). We encourage you to contact us first so we can try to quickly resolve any concerns.
As we continue to develop our site and begin to use different tools to measure engagement, we may find we need more personal data or prefer a more personalised approach. We’ll update our Notice, alert you to such changes, and explain how you can manage your preferences. This Notice was prepared on 31st May 2019. As our website evolves, we’ll revise our Notice to reflect any changes to the way we handle your personal data and alert you to this fact. For previous versions of our Website Privacy Notice, please contact email@example.com.
But whatever our objectives, we’re committed to protecting the privacy and security of that personal data, only processing what’s necessary, and ensuring we strike the right balance between our business objectives and your privacy. We want to ensure you understand your rights and our responsibilities. This means that whenever we process your personal data we do so:
- Lawfully: Only if we can justify it on one of the GDPR’s Lawful Bases (see table below).
- Fairly and transparently: we strike the right balance between our interests and yours and we tell you what we do with your personal data.
- For a specific purpose: we won’t use your personal data for another incompatible purpose unless the law permits or requires us to.
- Using the least amount reasonably necessary.
- Ensuring it is accurate, complete and up-to-date.
- For a limited time: Only for as long as reasonably necessary, and then we either destroy it or de-identify it so it can’t be linked back to you.
- Securely: managing our people and designing our processes and technology to ensure end-to-end confidentiality, integrity and availability.
- With your rights in mind: We make it easy for you to exercise your rights (see table below).
- Within the UK/EEA: we don’t transfer your personal data outside the EEA except as permitted under Data Protection Law. We use appropriate safeguards to ensure consistent protection by third parties who help us.
Our table below summarises what personal data we collect from website visitors, why and how we use it and who we share it with. If we need to use your personal data for an unrelated purpose, we will notify you, explaining the Lawful Basis. (See the Categories of Personal Data table below and the Lawful Basis table below).
|Why||What||From Whom||Lawful Basis||How Long||With Whom|
|To analyse website visitor behaviour on an aggregate basis||1. Cookies 2. IP address (shortened) 3. Browser||1. You (through interactions with the website) 2. Google Analytics||1. Consent to collect 2. Legitimate Interests to further process for analytics||See cookie declaration here||1. Carpe Diem (web developer) 2. Google Analytics (see Cookies section below)|
|To help you navigate & search||In future: search analytics. We have not switched on this functionality||Algolia. You (based on your interactions)||N/A||See cookie declaration here||N/A|
|Enable visitors to share webpages, blogs, news, photos, videos, and other content from our website with social networks and other destinations. Visitors can share, follow, view, recommend and interact with the our content, and (ii) collect information from those visitors as a result of their visit.||Via a browser plug-in or website plug-in.||1. You (when you choose to share) 2. Oracle (processor whose tool enables sharing)||Legitimate Interests||See cookie declaration here||AddThis Tools by Oracle. Oracle receives personal information when you interact with our website. We share this as part of our Terms of Service. You can opt out here or read Oracle’s AddThis Privacy Notice here.|
|To maintain website security & performance||1. IP address 2. Device ID 3. Location 4. Browser Data||You through your interaction with the website||Legitimate Interests||See cookie declaration here||1. Carpe Diem (web developer) 2. Google Analytics (see Cookies section below)|
We conduct Legitimate Interests Assessments (LIA’s) whenever we rely on Legitimate Interests and, where appropriate, Data Protection Impact Assessments (DPIAs). The data we collect and analyse from your visit is necessary for our legitimate interests (to keep our website updated and relevant and make it easier for you to navigate). We only collect what is necessary – aggregated, less easily identifiable data – and we limit sharing. Our internal teams and external providers are all aware that they are not to re-purpose the data in ways that would be inconsistent with the original use or look for ways to identify individuals.
Even so… it’s optional. You can object to these activities by opting out at any time. Simply disable the statistics cookies on our Cookie Dashboard. Click unsubscribe or manage your marketing preferences by clicking the unsubscribe link in our emails. Or send us an email to firstname.lastname@example.org.
If we can’t process this personal data, or if it’s inaccurate, it may take us longer to determine how best to design our website to improve the user experience. If we aren’t able to get technical and usage data (e.g. click and view data, customer feedback, page visits) we won’t be able to use that data to optimise our services to meet website visitor demands.
Special Data requires higher levels of protection. We don’t process this type of data for our business, but if we did, we would ensure it receives a greater level of protection as required under DP Law.
We’ve implemented measures to prevent your personal data from accidental loss, unauthorised use, access, alteration or disclosure. We’ve implemented safeguards to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request by contacting email@example.com.
|Category of data||Details|
|IP address||Internet Protocol address|
|Browser Data||Browser types, browser plug-ins, and version|
|OS||Operating System and platform|
|Device ID||Device ID, MAC address (for Apple smartphones)|
|Location||Time zone setting and location|
|Time Zone||Time zone setting|
|Cookies & other technologies||We use a Cookie Dashboard on our website powered by CookieBot which details the cookies we use and allows website visitors to manage their preferences. Find out more in the Cookie section of this Notice and get details and find out how to manage your preferences for the different cookies we use here.|
|Web analytics||Standard internet log information and visitor behaviour patterns obtained using Google Analytics (see how cookie declaration here). We get aggregated statistics of 1. pages visited 2. time on page 3. interactions / clicks and related information 4. traffic and exits.|
|Lawful basis||What this means|
|Consent||You have given us permission, which you can withdraw at any time. We need your Explicit Consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so, or for any Automated Decision Making (‘ADM’) that has significant legal or other effects. We currently don’t process Special Data or conduct ADM.|
|Legitimate interests||To help fulfil a legitimate business objective (see the ‘Why’ column of the Your Data At-a-Glance chart, below) after confirming we’ve only used what’s reasonably necessary and proportionate to meet that objective and struck the right balance between our interests and yours (Legitimate Interests Assessment (LIA)).|
|Contractual necessity||To enter into or fulfil our contract, including to generate a quote.|
|Legal obligation||To comply with the law (e.g. tax reporting, Data Protection Law).|
|Vital interests||In rare instances where one of the others don’t apply but we need your Personal Data to protect your vital interests or those of another person. Highly unlikely.|
As you can see from our Cookie Dashboard, GAMA doesn’t place a lot of cookies on your device. Right now we’re focused on getting statistical information to help us understand how website visitors use the website. We only use Google Analytics for this purpose, and we have taken steps to minimise the identifiable data we collect and restrict the amount shared with Google Analytics in readily-identifiable form. While we can’t guarantee anonymity, we believe these measures greatly reduce the risk of your individual website activity being tracked by us or Google.
What is your Lawful Basis for using these cookies and other technologies? The Lawful Basis we rely on for collecting each category of cookies is detailed in the chart below. As we mentioned in the At-a-Glance chart, we rely on Legitimate Interests to further process the date we gather through our website, including form statistical cookies:
|Cookie category||Lawful basis|
|Necessary||Legitimate Interests: to collect and use these cookies. To strike the right balance, a limited number of individuals have access to information collected using these cookies. They may not use the information for another purpose unless you have separately opted-in to that use. Legal Obligation: to remember your cookie preferences to comply with data protection law. Options? You cannot opt out of Necessary cookies in our Cookie Dashboard because this could impact the features needed for the website to function properly and compliantly. See ‘Can I turn any of this off? How?’ in the About Cookies section below to learn how to manage them in your browser settings.|
|Preferences||Consent: They aren’t strictly necessary, but without them, you would need to select your preference each time you move to another page or part of the website, which might interfere with your experience. We want you to be able to enjoy your visit by focusing more on our great content and less on re-configuring your settings, so we’ve included these cookies in our Recommended Settings. Options? If you clicked ‘OK’ to accept our Recommended Settings, these cookies will be set on your device. If you’re not okay with these, simply untick the box and the cookies won’t be set.|
|Statistics||Consent: They aren’t strictly necessary, but without this important feedback, we wouldn’t be able to ensure our website meets visitor’s needs and expectations and our business objectives. Options? If you clicked ‘OK’ on our Cookie Dashboard to accept our Recommended Cookies, you have opted into these cookies. If you’d like to opt-out, simply untick the box in the Cookie Dashboard. If you’re okay with us using this information but do not wish to share it with Google, you can download the Google Analytics Opt-Out Browser Add-On for use across all websites which use Google Analytics.|
|Marketing||Consent: They aren’t strictly necessary and not applicable now because we don’t currently use Marketing cookies. If we did, they would allow advertisers to serve up ads to you that are more personalised to your interests and to track your behaviour across websites. Options? We have not included these cookies in our Recommended Settings so you don’t need to do anything. Simply leave the box unticked.|
|Unclassified||We don’t collect these cookies. We have disabled them in our Cookie Dashboard Recommended Settings.|
Do you share this information with anyone? With whom and why? Only select members of our Creative and Marketing teams with web administrator rights can access and manage data collected using cookies and trackers. We share reports and raw anonymised cookie data with Carpe Diem – an external web design firm that assists us with web design – and external professionals who help us analyse the information. We impose conditions on them to prevent any re-purposing or reverse engineering. We generally don’t share identifiable cookie data or tracking data outside of our organisation, except to share with suppliers who assist us with the website or our marketing efforts. Even in such cases, they are interested in the aggregate picture, rather than the website journey of an individual, identifiable visitor. You can find the relevant vendors listed in the At-a-Glance table of our Website Privacy Notice above.
Note that we adhere to Google’s Measurement Protocol / SDK / User ID Feature Policy, which prohibits us from uploading any data that allows Google to personally identify an individual or data that permanently identifies a particular device (such as a unique device identifier). That said, this doesn’t guarantee that Google won’t be able to identify you using some of the information it receives from your visit on its own or in combination with other information Google has about you. See ‘Can I turn any of this off? How?’ below for ways to control cookies generally using your browser settings.
How long do you store them? All identifiable cookies will expire after the retention periods listed in the Cookie Dashboard have elapsed.
Can I turn any of this off? How? You can manage and disable cookies using our Cookie Dashboard by ticking or unticking the boxes that appear after you click 'Show Detail'. You can also manage and disable cookies from your browser. To opt out of being tracked by Google Analytics across all websites, you can install the Google Analytics opt-out browser add-on here. This will prevent analytics information gathered from your visit to our site being sent to Google, but we will still have access to that information unless the Statistics box is unticked in our Cookie Dashboard. For more detail on advertising cookies and how to manage them, visit youronlinechoices.eu. Visit the UK Information Commissioner’s Office website to learn more about the various ways you can control cookies.
|Cookie category||What will happen if I disable cookies?|
|Necessary||The website won’t function as well.|
|Preferences||Will no longer remember them and you’ll need to set them each time.|
|Statistics||Your information won’t be used for analytics purposes and we won’t have as rich a data set to inform our decisions|
|All||If you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our site. Note that disabling cookies will not disable web beacons and other trackers, but the functionality of the beacons will be restricted.|
What other rights do I have? You have the right to request access to your Personal Data, or ask us to correct it, erase it, restrict processing of some of all of it, or withdraw your consent to cookie use. Simply untick the relevant box in our Cookie Dashboard. You may also contact our Privacy Manager for more information. Find out more about your rights here.
What rights do I have over my Personal Data? You have various rights with respect to your Personal Data:
|Right||What this means|
|Access||Receive a copy of the personal data we hold about you and confirm we’re lawfully processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive.|
|Rectification||Ask us to update, complete or correct your personal data at any time if you detect an inaccuracy. In fact, we encourage you to do so.|
|Portability||Get any personal data you’ve given us in electronic form on the basis of Consent (or Contractual Necessity) in a common machine-readable format. We can also transfer it to a third party if you ask.|
|Erasure||Ask us to delete or remove personal data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to Objection. We are allowed to refuse in certain circumstances. Find out more, here.|
|Objection||Object to any processing we do based on Legitimate Interests. You also have the right to object where we are processing your personal data for direct marketing purposes|
|Automated processing||Not to be subject to automated decision-making without human intervention that has significant legal or other affects.|
|Restriction||Suspend the processing of some of your personal data, for example if you want us to establish its accuracy or the reason for processing it.|
|Withdrawal of consent||Withdraw consent at any time and we will stop processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent we also explain how you can easily withdraw it.|
We will need to confirm your identity to confirm your right to access the information or exercise any of your other rights. This is to prevent personal data being disclosed to anyone who has no right to receive it. You can find out more about your rights by visiting the Information Commissioner’s Office website.