Privacy Notice for Service Users
CANARY CARE PRIVACY NOTICE FOR SERVICE USERS
Who are we?
Canary Care Global Ltd has developed this Privacy Notice to explain how we may collect, retain, and process the personal data of our service users i.e. persons who access the Canary Care service via our web/mobile applications and/or receive notifications sent by our service. If you have any queries, please contact our Data Protection Officer on +44 1865 408366 or via email to firstname.lastname@example.org.
What do we collect?
When you are registered as a Canary Care service user, we collect the following personal data:
- Email address
- Telephone number (optional)
This data may be provided to us directly by you, or by another existing Canary Care service user. To ensure that your personal data has been provided with your consent, we send a confirmation email to the given email address. This email contains a link which allows the recipient to set a password to access the Canary Care service. If the password is not set within 21 days, the personal data is automatically deleted. Setting a password confirms that you wish to be a registered Canary Care service user.
Why do we collect this information?
When you become a registered Canary Care service user, we have a ‘legitimate interest’ to use your personal data in order to provide our service to you and to keep you informed of service updates. This is our ‘legal basis’ for processing. Specifically, we will use your personal data only to:
- Deliver notifications.
- Notifications are messages sent in response to the triggering of Canary Care service rules.
- Rules may have been configured by you or by other service users who have access to the same service subject’s data as you.
- Notifications may be delivered by various mechanisms via your email address and/or phone number
- Using the Canary Care web app, you have complete control over the notification delivery mechanisms you wish to use and can choose to turn off notifications completely
- Deliver service update emails
- Service status announcements, new features and advice on how to use the service
- You can unsubscribe from service updates using the link provided in the email
- Contact you to provide proactive support (if we spot an issue specific to you)
Do we share personal data?
We share your data with
- Our customer and their authorised representatives
- 3rd party ‘sub-processors’ who provide services to us which enable us to deliver the overall Canary Care service to our customers and users e.g. our hosting and message delivery partners
Keeping your personal data
Your personal data is linked to a Canary Care customer account i.e. the person or organisation that has a contractual relationship with Canary Care for us to provide the service. We will retain your personal data for seven years following the end of said contractual relationship. You or our customer’s authorised representatives can delete, or instruct us to delete, your personal data at any time.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data.
Transfer of Data Abroad
We do not transfer personal data outside the EEA.
Automated Decision Making
We do not use any form of automated decision making in our business.
V1.0 – 01/09/18