Sun4Health Privacy Policy

We are siHealth Ltd.

We are a digital healthcare company based in Harwell Campus, Oxfordshire, United Kingdom (www.sihealth.co.uk). Our address is Building R104, Rutherford Appleton Laboratory, Harwell Campus, Didcot, Oxfordshire, United Kingdom and our company registration number is 9176652. We are registered with the UK Information Commissioner’s Office (ICO) with number ZA834797.

siHealth is a company of the Flyby Group (the ”group”), a corporate group controlled by Flyby S.r.l. (www.flyby.it – Livorno, Italy). The group operates worldwide, providing digital systems and services for supporting human decision-making in different sectors, such as Space, Energy, Security and Health & Wellness.

siHealth has a direct subsidiary inside the group, siHealth Photonics S.r.l. (www.sihealthphotonics.it – Livorno, Italy). siHealth Photonics develops digital innovations for healthcare, with particular focus on the smart management of medical conditions through Image Processing and Artificial Intelligence techniques.

The Sun4Health solution is composed by:

the Sun4Health mobile app (the “App”), providing personalised indications on environmental exposure (e.g. to sunlight) to support the health & wellbeing of an End-User;
optionally, the Sun4Health Web-Portal (the “Web-Portal”) for professionals employed by an Institution (e.g. healthcare professionals, researchers, marketing specialists) that can be connected to the Sun4Health App for providing professional indications to the End-User (e.g. Institution’s patient, customer or volunteer involved in a study) based on their monitored environmental exposure, in case the End-User explicitly decides to do so.

The Sun4Health Solution is provided by siHealth who is the only responsible for the processing of your personal data (“Controller”) in accordance with the General Data Protection Regulation (“GDPR”) and any Data Protection laws applicable.

We do update this Policy from time to time, so please do review this Policy regularly. You can access this Privacy Policy at any time at www.sihealth.co.uk/privacy-policy-Sun4Health .

IF YOU ARE AN END-USER USING THE SUN4HEALTH APP

Our App is designed to enable you, the End-User, to monitor your environmental exposure for receiving personalised indications for your health & wellness (e.g. avoiding sunburn, getting vitamin D from sunlight). This may also include supporting possible healthcare treatments and participation into research/clinical studies or product campaigns. The service could also include the sharing of your data with an Institution (your connected “Institution”), e.g. healthcare provider or research institute, for providing additional support and guidance to you only if you explicitly decide to do so.

Before you can use our App:

You will need to self-register using your email address and personal contacts on the App or on a dedicated website, and you will then be provided with an anonymous User ID and password;
Alternatively to point 1 above, a professional of your connected Institution (e.g. healthcare professional or researcher) could create an account for you and then share your login details with you, which will include an anonymous User ID and a temporary password (to be then reset by you via the App);
You will be asked to provide different consents. You are under no obligation to provide any of these consents and you can withdraw any of them at any time. But as explained on the registration page, you need at least to provide your consent to your data being shared for the purpose of monitoring your environmental exposure (“exposure records” and “approximate geo-localisation”) and of monitoring/improving the Service (“service quality”) before you can use our App.

If you choose to provide your consent and use our App, then we hold the following information about you:

A record of your consent;
Your login details (your User ID and/or an encrypted version of your Password);
Your email address and personal contacts in case of self-registration to the Service;
Your approximate location and data collected by the sensors of your devices (e.g. GPS) and/or of possible wearable devices connected to the App. This is to ascertain your approximate exposure to environmental factors (e.g. sunlight) and will have a random radius added to enhance your privacy;
Alternatively to point 4 above, in case you provided the related optional consent (“precise geo-localisation”), your precise location and data collected by the sensors of your devices (e.g. GPS) and of possible wearable devices connected to the App. This is to ascertain your exposure to environmental factors (e.g. sunlight) with the highest possible accuracy;
Information you add to the App related to your personal features (e.g. skin type) and treatments;
Environment type (e.g. park, beach), clothes, indoor/outdoor position.

The lawful basis to process your personal data is your explicit consent, in accordance with Art. 6 Par. 1 of the GDPR.

The data processing of the personal data is carried out in compliance with the provisions of the GDPR and other relevant laws.

IF YOU ARE A PROFESSIONAL USING THE SUN4HEALTH WEB-PORTAL

If you are a professional using our web-portal to supervise the environmental exposure of your patients, customers or volunteers involved in a research study (i.e. your connected End-Users), then we will collect your registration information as well as the data about End-Users and End-Users’ environmental exposure, using it in accordance with the services contract in place between us and your Institution (e.g. healthcare provider or research institute).

The only other data we collect from visitors using the Web-Portal is via the cookies we use. We use the following cookies on our Web-Portal:

Cookie provider	Cookie name	Purpose of the Cookie	Duration
siHealth Ltd	user	This is to verify the signed-in user	Expires as soon as user signs out of the system or when user session expires

WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LAWS?

You have various other rights under applicable data protection laws, including the right to:

access your personal data (also known as a “subject access request”);
correct incomplete or inaccurate data we hold about you;
ask us to erase the personal data we hold about you;
ask us to restrict our handling of your personal data;
ask us to transfer your personal data to a third party;
object to how we are using your personal data; and
withdraw your consent to us handling your personal data.

You can exercise any of these rights by contacting us.

You also have the right to lodge a complaint with us or the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales. If you are based outside of England and Wales, you can find your relevant supervisory authority here. Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.

WHERE IS YOUR DATA STORED?

We securely store your personal data in Amazon Web Services (AWS) and Microsoft Azure cloud data centres within:

United Kingdom (UK)
European Union (EU)
United States (US)
Brazil
South Korea
South Africa
Australia

Whenever we transfer your personal information outside of the UK and the EU, we ensure it receives additional protection as required by law in accordance with the adequacy principle as stated in GDPR.

To keep this privacy policy short and easy to understand, we haven’t set out the specific circumstances when these protection measures are used. You can contact us at privacy@sihealth.co.uk for more detail on this.

HOW LONG DO WE KEEP YOUR DATA FOR?

If you withdraw your consent or delete your account with us, we will delete the personal data that we hold about you in the Service. If you haven’t used our Service for 12 months, then we will delete your account.

More generally, we will only retain your personal information for as long as we need it and for the purposes we initially collected it for, unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.

We also carefully anonymise your personal data so that it can no longer be associated with you, and we use this anonymised data for purposes including research and development, commercialisation, improving outcomes for patients and developing medical treatments.

In addition to this, we perform research & development activities for improving the siHealth’s services also by using some of your personal data in pseudonymised way, that are anyway deleted by 12 months since the deletion of your account or your withdrawal of the consent to do so.

CONTACT DETAILS OF THE DPO

According to Art. 37 of the General Data Protection Regulation (GDPR), siHealth has a Data Protection Officer (DPO) which is appointed for the entire corporate group siHealth belongs to (Flyby Group, Italy – www.flyby.it). Considering that the protection of personal data is of the outmost importance for siHealth, for any questions or to exercise any data subject’s right the following DPO’s e-mail address is available: dpo@sihealth.co.uk .

WHO DO WE SHARE YOUR DATA WITH?

· Flyby Group: data analytics and research & development activities aimed to help us and the companies in our group for the improvement and optimisation of our services

· Analytics and web development companies: to help us with the improvement and optimisation of our services. Our Service can include analytics like Google Firebase, which we only use to improve the quality and usability of our Service.

· Regulators/ Authorities/ Enforcement Agencies: if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

· Prospective buyers of our business: under our legitimate interest to ensure our business can be continued by the buyer.

· Third-party Institutions: if an End-User has expressively manifested the consent to connect (“Connect” function) with a third-party institution (e.g. clinic, hospital) or commercial partner (e.g. supplier of consumables) for providing functionalities in our product or for further developing it. We will only transfer the End-User’s data based on the manifest consent.

QUESTIONS, COMMENTS AND MORE DETAIL

Your feedback and suggestions on this notice are welcome. We’ve worked hard to create a notice that’s easy to read and clear. But if you feel that we have overlooked an important perspective or used language which you think we could improve, please let us know by email at privacy@sihealth.co.uk.

For EU-based customers and contacts who have any questions about siHealth’s services and products or about anything related to data protection (GDPR), please contact siHealth Photonics S.r.l., who are siHealth’s representative in the European Union:

Address: siHealth Photonics S.r.l., Via A. Lampredi 45, Livorno – 57121, Italy
Telephone : +39 0586 090733
E-mail: info@sihealthphotonics.it

Last updated on 15^th May 2024

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_DWBFHE47HQ	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_164629740_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	1 year 24 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
intro_animation	session	No description
li_gc	2 years	No description