This policy describes how we will look after your personal data if you speak to us for our research. It will also tell you about your privacy rights and how the law protects you, so please read it carefully.
We’re absolutely committed to ensuring the security of your personal data and protecting your privacy, and we want you to feel comfortable that you’ve been fully informed.
Who we are
Nye are a health technology company designing products that help citizens to stay healthy, and support health care professionals to provide compassionate healthcare services.
How to contact us
We’d be happy to receive any questions about this policy: please contact our Data Protection Officer, Blythe Wilkinson at:
Personal data - Personal data is information that relates to an identifiable individual, including a name, phone number or email address
Medical data - this is a special category of personal data that is more sensitive as it relates to health
Anonymised data - this is data from which information that enables an individual to be identified, has been removed
How is your personal data collected?
You may give us your personal data by responding to an invitation to participate in our research, and sharing your name and contact details.
During the course of an interview, you might share information with us. Transcription software will be used to avoid the need for your interviewer to take notes. Your interviewer may also ask whether they can make an audio recording of the interview. You can opt out of this at any time.
We may receive personal data (contact details) about you from a third party, such as your GP, where they have been the ones to invite you to participate, and you have agreed for them to share these details.
What information do we collect about you?
Identity data: Name, email address, telephone number
Details of our discussion: This will include your general reflections and answers, and may include reference to your medical history, if you feel that you want to share that. There is no requirement to share any specific health-related information.
Medical information is considered “special category data”, which is why we pay particular attention to security, and to providing you with clear information about your rights.
How do we use your personal data?
We will only ever use your data when:
we have your prior consent to use it and
where it is necessary for our legitimate interests in running user research, and your interests and fundamental rights do not override those interests
We will only ever use it :
To contact you to arrange an interview, and communicate with you afterwards (identity and contact data)
To contact you to ask you to provide feedback on your interview (identity and contact data)
To keep a record of our conversation, or of your feedback afterwards (interview transcription, audio recording, feedback). Keeping records in this way, allows us to learn more from your input, as we can then refer back to the interview, and share your insights within our team
To train Nye colleagues, and to draw conclusions from our research to inform product development
To contact you about our products or services, or other content that may be of interest to you, with your consent
We may include limited quotations from your interview when discussing our products in future, but this would only ever be in a completely anonymised/ non-identifiable way.
If we would like to use your personal data for any purpose we’ve not described here, we will contact you and request your consent
Our security measures align with industry best practice to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to only those employees or third parties who have a business need to know.
Storing of personal data
Identity and contact details: These will be stored in a secure, designated client management system, with 2 factor authentication access. Only employees who may have the need to contact you will be able to access this data.
Interview transcripts and recordings: These will be stored in a secure document management system. They will not contain your name or contact details. They will be referenced by a code ID, which will allow only authenticated employees to be able to link these records back to your identity
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, after which it will be destroyed or completely anonymised (so that it can no longer be associated with you). Normally this will be for 2 years, or until you ask us to delete your data, which you can do at any time.
Where we anonymise your data for further research or statistical purposes, we are able to retain the data without informing you.
Disclosure of your information
We will only share your data with third party service providers, where necessary to achieve the purposes above. This might include
Telecommunications, call recording and speech transcription services
Document management and administration services
We require any third party to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data in accordance with our instructions.
Where a cloud-based service provider has host servers located outside the EU, this may entail your data being processed outside the EU. If your data is transferred in this way, it is done so under contract, ensuring it is afforded the same degree of protection as under EU law.
Under data protection laws, you have the right to:
Ask for a copy of the information we hold about you (a 'data subject access request').
Request that we correct personal data that we hold about you.
Ask us to delete or remove personal data: the 'right to be forgotten'
Withdraw your consent to us holding your data at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
Lodge a complaint with the Information Commissioner's Office (ICO). If you do have a complaint, we would appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance if possible.
If you wish to exercise any of these rights, please contact us. We may need to confirm your identity to ensure that your personal data is only disclosed to you. You won’t have to pay a fee, but we may charge for, or decline your request, if the request is unfounded, repetitive or excessive.
This version was last updated on 9.10.20 by Blythe Wilkinson.
Historic versions of this policy can be obtained by contacting us:
Nye Health Ltd are incorporated and registered in England and Wales. Our company number is 11211158. Our registered office address is at Unit 3, Woodgrove Farm, Fulbrook Hill, Fulbrook, Oxfordshire, OX18 4BH.