4.0 HOW WE USE YOUR INFORMATION

Only employees and agents of Onko, which are obligated to maintain confidentiality, can access applicable data and only as reasonably necessary to perform their role. Other third parties do not have access to your personal data without your explicit consent.

Your personal data, as well as all data collected via the App or website (e.g. data about activity, symptoms, mood etc., including from connected external apps e.g. Fitbit, Apple HealthKit,) will only be used for rendering Services according to contractual obligations. When Onko is providing Services to, and on behalf, of the NHS or Private medical Insurers, personal data is exchanged between Onko and referring healthcare professionals (e.g. your GP practice) for the purposes of caregiving and safeguarding. We also record telephone calls as needed for optimal customer service and quality management purposes.

When Onko is providing Services to, and on behalf of the NHS or Private Medical Insurers, non-personally identifiable (or anonymised) data on Service users is shared with commissioning bodies and contractually relevant parties for the purposes of evaluating our Services and/or for research. Such data may be used by Onko and authorised affiliates (i.e. NHS) for research and publication purposes and can be analysed and used to improve our Service (optimisation, further development and research) during the duration of the contract and after the termination of the contractual relationship.

You have the right and ability to opt out of certain uses or sharing of your data etc., please see below section titled “Subject Access Requests, Changing & Deleting Your Personal Data”. The reason you cannot opt out of all data sharing with us is that we would be unable to provide you with our Service.

5.0 WHERE WE STORE YOUR INFORMATION

We use Amazon Web Services (“AWS”) (offered by Amazon Web Services, 60 Holborn Viaduct, London, EC1A 2FD) to host the data. Your data is processed on servers in the UK. Data is encrypted end to end.

For further information, please refer to Amazon’s privacy policy for AWS (https://aws.amazon.com/privacy/). The processing of your data in AWS is based on your consent, the performance of the contract, and/or legitimate interest (legal bases for processing under applicable data protection regulations).

The data we collect from you is stored within the European Economic Area (“EEA”).

6.0 HOW WE PROTECT YOUR INFORMATION

All information you provide to us is stored on our secure servers and is encrypted between your device and any external host storage to keep it safe (i.e. ‘encrypted in transit’ as well as ‘encrypted at rest’). We use the AES 256 encryption standard.

The Twilio video used for video consultations is based on the open standard WebRTC protocol. The security architecture is described here and the protocols used include TLS, DTLS and SRTP. All communication between a Programmable Video client and the Twilio cloud is encrypted. Media shared in Group Rooms is encrypted during transport to Twilio, is briefly decrypted in memory in Twilio’s cloud, and is immediately re-encrypted before being sent to other Participants. Decrypted media is not written to any persistent storage or sent across the network. For further information please consult https://www.twilio.com/docs/video/media-security

The website and App may contain links to external sites. We are not responsible for the privacy policies or the content of such sites. When you leave our website or our App, we encourage you to read the privacy policy of every other website you visit.

7.0 LEGAL BASES FOR PROCESSING YOUR DATA

Any information about your health is classed as sensitive personal data and we ensure that additional safeguarding measures are in place to protect this information. Our legal bases relied upon in processing of your personal data are: