This privacy notice provides information so that you can better understand how Opto Health Limited (Opto Health) uses your personal data collected through our website, including when you contact us through our website at optohealth.co.uk, and when we engage with you about potential business opportunities.
If you are a job applicant looking for information about how we process your personal data, you can read our Opto Health Job Applicant Privacy Notice to learn more.
The controller of the personal data collected is Opto Health. Our registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
We have appointed a data protection officer (DPO) who is responsible for any questions you might have about our data protection programme, this notice, or if you would like to exercise your rights. You can always reach our DPO at dpo@optohealth.co.uk.
Here is a summary of the different types of personal data we collect about you and for what purposes we use it.
1.
Personal details, including your first name, last name, job title, and where you work.
2.
Contact information, including your email, phone number, or LinkedIn account profile.
3.
Technical data, including IP, browser type and version, time zone and location, browser plug-in information, operating system, and platforms.
4.
Usage data, including information about how you use our website.
| Purpose | Data type | Lawful basis |
|---|---|---|
| To register you as a potential business contact and connect | Personal details & contact information | Performance of a contract |
| To protect our business and the website (including system maintenance and support and security) | Technical & usage data | Legitimate interests: running the business, provision of admin and IT services, network security, prevent fraud |
| To use data analytics to improve the website and the business offering | Technical & usage data | Legitimate interests: to understand website visitor characteristics and develop our business and marketing strategy |
You can learn more about the different types of personal data we collect and these purposes in the table we’ve organized here for you. We will only use the data for the purpose for which we collected it unless the new use is compatible with the original purpose.
We collect personal data about you from different sources. These include:
1.
Directly from you. We collect personal data directly from you when you contact us to provide it. This can include when you use our Contact Us form, email us, reach out to us on LinkedIn, or meet us at an event.
2.
Publicly available sources. We collect personal data from publicly available sources like LinkedIn.
3.
Automatically through site interactions. Through your interactions with our website, we collect technical data automatically using cookies. There are some cookies you can make choices about and others that are strictly necessary. You can learn more about this means here in our Cookies Statement.
4.
From third parties. We also receive personal data about you from third parties. This includes from analytics providers, like Google. Again, you can learn more about this in our Cookies Statement.
We only use your personal data when it is lawful to use it. This includes:
1.
When we are planning to or have entered into a contract with you.
2.
When it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.
3.
When necessary to comply with a legal obligation.
We share your personal data with the other parties set out below. Whenever we do this, we require in our contacts that they hold it only on our behalf, and that they keep your personal data secure. This means that they are not allowed to use your personal data for their own purposes.
1.
Third party services providers whose services include processing data for us, for example our IT and system administrators and cloud-based providers.
2.
Professional advisers.
Some of the parties who process your personal data are located outside of the UK. When we transfer your personal data outside of the UK, we ensure that there is a similar degree of protection as the data would have under UK law. For example, certain countries have been found by the Information Commissioner’s Office (ICO), which is the regulator for data protection in the UK, to provide an adequate level of protection. In other cases, for other countries, we sign specific contracts to ensure this protection.
We have appropriate security measures in place to protect the security your data. To support this, we also have limits in place to ensure access to the data is only granted on a need-to-know basis. Anyone who does have a need-to-know is also subject to confidentiality obligations and required to process the data only on our instructions. We also have procedures in place to deal with any potential personal data breach, should this ever take place.
You can always contact our DPO to learn more about this.
We keep personal data for only as long as it is necessary to fulfill the purposes for which we collected the data. To decide how long to keep the data, we consider different factors, like the nature and sensitivity of the data, the amount, and the potential risk of harm of disclosure, the purposes for which we collected it in the first place, and any legal requirements.
Your rights can include the right to:
1.
Access. This enables you to receive a copy of your personal data.
2.
Request correction. This means any inaccurate or incomplete data can be corrected.
3.
Request erasure. This means you can ask us to delete data we have no reason to be holding, or where your right to object has been successfully exercised. There may be reasons why we cannot comply with the request, in which case we will notify you.
4.
Object to processing. This right applies where we have relied on a legitimate interest as the lawful basis or where we use your data for direct marketing purposes.
5.
Restriction of processing. This enables you to ask us to pause processing of your data to:
1.
Establish the data’s accuracy
2.
Where our use is unlawful but you do not request erasure
3.
Where you need us to hold your data for a legal claim
4.
Where you have objected to processing and we need to verify the legitimacy of the grounds
6.
Request transfer. This is for a transfer of your data in structured, commonly used, machine-readable format. This right applies where the data was provided based on consent or for contract performance.
7.
Withdraw consent. This applies where the data was provided based on your consent.
When you contact us to exercise your rights, we will need to verify your identity. This is important so that we can be sure we are not disclosing your data to anyone who is not you.
We will always do our best to reply to your request within one month, and only longer for this if it is an especially complex request.
We will always keep open lines of communication with you and keep you updated.
You have the right to make a complaint to the regulator at any time.
In the UK, this regulator is the Information Commissioner’s Office (ICO). You can contact them at https://ico.org.uk/make-a-complaint.
This privacy notice was last updated 15 August 2023. To obtain prior versions of the notice, contact our DPO at dpo@optohealth.co.uk.
Please enter your details below
