Last updated: October 2020
We care about the protection and confidentiality of your personal data.
We do not sell, rent or give away your personal data or conversational history.
We understand that your privacy and your personal data is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our Website and uses our App. We will only collect and use your personal data in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
1. Definitions And Interpretation
In this Policy the following terms shall have the following meanings:
“Account” means an account required to access and/or use certain areas and features of our Website and App;
“App” The Aime app available for download on mobile devices.
“Cookie” computer or device by our Website when you visit certain parts of Website and/or when you use certain features of Website. Details of the cookies used on our Website are set out in section 15;
“Data Protection Laws” all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time.
“We/Us/Our” means Cyberlimbic Systems Ltd.
“Website” means this website, www.cyberlimbicsystems.com;
2. Information About Us
We are Cyberlimbic Systems Ltd. We are the data controller and responsible for your personal data. We are registered as an incorporated company in the United Kingdom. Our registered office is Further Meadow, Isington Road, Alton, Hampshire, GU34 4PP. We are registered as a limited company in England and Wales with company registration number (number 11975055)
Our Website, www.cyberlimbicsystems.com and our App is owned and operated by Cyberlimbic Systems Ltd.
3. Scope And Third Party Links
4. What Data Do We Collect?
The App is not intended for children and we do not knowingly collect personal data relating to children. You are required to confirm you are over the age of 18 when registering for an Account.
Depending upon your use of our Website and the App, we may collect some or all of the following data:
- Name, nickname, gender, age;
- Username, password;
- Contact information such as your email address;
- Demographic information such as post code and preferences and interests;
- Location data including GPS technology on your computer or mobile device. You can disable this at any time via the settings on your computer or mobile device;
- IP address, Cookies Preferences, traffic data and usage data (automatically collected);
- Web browser type and version (automatically collected);
- Operating system (automatically collected);
- A list of URLs starting with a referring site, your activity on our Website, and the site you exit to (automatically collected);
- Health information such as your height, weight, medical information, hours of sleep, exercise and information relating to your mental health, as manually inputted by you on the App (see section 9 on “Special Category Data”); and
- Information relating to your race or ethnicity as manually inputted by you on the App (see section 9 on “Special Category Data”).
5. How Do We Use Your Data?
All personal data is stored securely in accordance with the principles of the General Data Protection Regulation 2016 and in compliance with all Data Protection Laws. For more details on security see section 8, below.
We use your personal data to provide the best possible products and services to you. This includes:
- Providing and managing your Account;
- Providing and managing your access to our Website and App;
- Personalising and tailoring your experience on our Website and App;
- Supplying our products and services to you;
- Personalising and tailoring our products and services for you;
- Responding to communications from you;
- Keeping you up to date on the latest product announcements, software updates, or other information we think you would like to hear about from us where you have given consent for the appropriate type of communication.
- Supplying you with email alerts and newsletters that you have subscribed to (you may unsubscribe or opt-out at any time using the unsubscribe link at the bottom of these emails);
- Market research;
- Analysing your use of our Website and our App and gathering feedback to enable us to continually improve our Website, App and your user experience, including in relation to App beta testing;
- In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
With your consent and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Laws.
6. Purposes For Which We Will Use Your Data?
There are a number of lawful bases on which we rely to collect, share, use or otherwise process your data, including:
- Where you have provided you explicit consent to the processing. You can revoke consent at any time by contacting email@example.com .
- As is necessary to provide our services to you on the basis of any contract we have with you.
- Where necessary on the basis of our legitimate interests (provided this is not overridden by considerations regarding your rights and interests).
- Where necessary to comply with a legal or regulatory obligation, a court order, or to exercise and defend legal claims.
- To protect your vital interests, or those of others, such as in the case of emergencies.
- Where necessary in the public interest.
The below table includes some examples of our data processing activities and the lawful basis for doing so.
|Purpose/activity||Type of data||Lawful basis for processing|
|To install the App and register you as a new App user||Name, age, email address, information about your device (including IMEI number and MAC address)||Your consent|
|To provide you with the App’s services including health questionnaires and App chat function||Name, gender, date of birth, email address, medical information, including hours of sleep, exercise, diet, details of in App conversations weight, height, ethnicity, location data||Your consent including when you manually input this data yourself.
|To register you as a beta tester and to keep you regularly informed with updates as to the App’s launch and any updated features.|
Marketing, including keeping you up to date on the latest product announcements, software updates, or other information we think you would like to hear about
|Name, email address||Your consent
Necessary for our legitimate interests (for running our business and developing our App)
|To manage our relationship with you including:|
(b) Asking you to leave a review or take a survey
|Name, email address, telephone number Profile Data including your username and password, in-App purchase history, your interests, preferences, feedback and survey responses.||Your consent
Performance of a contract with you
Necessary for our legitimate interests (to keep records updated and to analyse how customers use our App).
Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
|To administer and protect our business and this App including troubleshooting, data analysis and system testing||Name, email address, telephone number, Information about your device (including IMEI number and MAC address).||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)|
|To process App and in-App purchases and delivery services including managing payments and collecting money owed to us|
To provide a service you have requested
|Name, email address, payment card details, Information about your device (including IMEI number and MAC address).||Your consent
Performance of a contract with you
Necessary for our legitimate interests (to recover debts due to us)
|To deliver content to you|
To monitor trends so we can improve the App
|Name, address, email address, Information about your device (including IMEI number and MAC address), information about your use of the App and Website including traffic data, Profile Data including your username and password, in-App purchase history, your interests, preferences, feedback and survey responses.||Your consent
Necessary for our legitimate interests (to develop our products/services and grow our business)
7. How And Where Do We Store Your Data?
We only keep your data for as long as we need to in order to use it as described above in section 6, and/or for as long as we have your permission to keep it.
Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the General Data Protection Regulation 2016. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage and the use of the EU-approved standard contractual clauses.
Specifically, App data is stored on Google’s servers in the USA, but our contract with Google incorporates the EU’s standard contractual clauses to ensure that your personal data is protected to Google and EU standards.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.
8. Do We Share Your Data?
We may share your personal data with third parties in the following circumstances:
- We may compile statistics about the use of our Website and App including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such anonymised data with third parties such as prospective investors, scientific research teams. Personal Data will be anonymised where possible and will only be shared and used in compliance with Data Protection Law.
- In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority such as HMRC. We do not require any further consent from you in order to share your data as this is processed on the basis of the fulfilment of our legal obligations.
- In certain circumstances we may be required to share data with our professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing, advertising and marketing. In some cases, the third parties may require access to some or all of your personal data for example in order to process a payment. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
- We may share your personal data with a third party if sharing the information is reasonably necessary to provide a service that you have requested.
9. Special Category Data
As part of your experience using the App and in order to enhance the App’s functionality, you may manually input and we may therefore collect special category data from you, which may include information about your ethnicity and medical information.
We will usually only obtain this information on the basis of your explicit consent which can be withdrawn at any time. In rare circumstances we will process your medical information in order to protect your vital interests or the vital interests of others where there is an emergency and a concern for your safety or the safety of others and we have been unable to obtain your consent.
Your personal data will not be used for marketing or survey purposes without your explicit consent, which can be withdrawn at any time.
11. How Can You Control Your Data?
When you submit information via our Website, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to stop receiving emails from us which you may do by unsubscribing using the links provided in our emails or by contacting us at firstname.lastname@example.org).
When you submit information via our App, you may be given options to restrict your use of your data. We require a nickname, and your age and email address from you in order for you to use the App and further information such as age and health information will be manually inputted by your in order to improve your user experience with the App.
12. Your Right to Restrict Access To You Personal Plan
You may access certain areas of our Website without providing any data at all. However, to use all features and functions available on our Website you may be required to submit or allow for the collection of certain data.
You may access our App by providing minimal data consisting of a nickname, and your age and email address. However, to use all features and functions available on the App you may be required to submit or allow for the collection of certain personal data processed with your explicit consent. Please note that only providing your name, age and email address will limit the App’s effectiveness and functionality.
13. Your Rights
Individuals who are habitually located in the European Union (and the UK) have the right to access, rectify, download or erase their information, as well as the right to restrict and object to certain processing of their information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. If you are habitually located in the EU, these rights apply to you. These rights are described below:
As a data subject, you have a number of rights.
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. Please note that in some circumstances we may need to continue processing your personal data on a legal basis other than consent, such as to fulfil our legal obligations or for our legitimate interest.
- Complain: Should you wish to raise a concern about our processing of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. In the UK this is the Information Commissioner’s Office: https://ico.org.uk.
14. Data Security
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website or when using the App you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. All data is encrypted with a one way encryption key and access to the App is controlled using two factor authentication.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
15. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We may retain basic data for legal purposes for 7 years after you cease to use the App. This is as required by law for tax or other regulatory purposes.
The table below sets out further details as to our specific retention policies for specific types of personal data:
|Circumstances in which personal data was provided||How long do we keep it?|
|When you visit our Website (including IP address, operating system, cookies)||12 months from the date you visited our Website, for audit purposes|
|When you register for an Account and using the App||Until you delete the App. Basic data may be retained for legal purposes for 7 years after you cease to use the App|
|When you register as a beta user and/or consent to receive marketing from us||Until your consent is withdrawn|
We use Google Analytics to anonymously track statistics about who uses our Website. This data allows us to count the number of visitors we get and which pages they visit. This helps us improve the way our Website works for visitors, for example, ensuring you find the information you’re looking for easily. The visitor information is sent to our Google analytics account via Google. You can change your cookie settings at any time, this page explains how to do this: www.aboutcookies.org.
To manage the collection of information through cookies or other equivalent technology you can use the settings on your browser or mobile device. We are committed to providing you choices to manage your privacy and sharing. Not accepting cookies may make certain features unavailable to you. We may also use your IP address to identify you, to administer our services and to assist in diagnosing problems with our servers.
17. Automated Decision Making
“Automated Decision Making” refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.
We may use automated decision making and profiling as part of the App’s services and offerings. This will only ever be done on the basis of your explicit consent which can be withdrawn at any time. In particular, we will use automated decision making and profiling in confirming the results of any questionnaires you complete on the App, and our recommendations. All such questionnaires are standard and created by clinical professionals.
If you are concerned about our use of automated decision making please do not take part in these questionnaires. You have certain rights in respect of automated decision making, where that decision has significant effects on you, including where it produces a legal effect on you – see section 13 which sets out your rights. Please contact us if you would like further information about automated decision making.
18. Contacting Us
It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you by contacting us as set out in section 18 above.