Although we aim to offer you the best service possible we make no promises that the services on our site will meet your requirements. We cannot guarantee that the services will be fault-free. If a fault occurs at the site you should report it to firstname.lastname@example.org and we will attempt to correct the fault as soon as we reasonably can. Your access to the site may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. We will attempt to restore the service as soon as we reasonably can.
You represent, warrant and undertake that you will not cause or permit anything to be done that may infringe, damage or endanger any intellectual property rights belonging to us or any third party.You agree that you will not use the site for any of the following purposes:
- disseminating any unlawful, harassing, libellous, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable material or otherwise breaching any laws;
- transmitting material that encourages conduct that constitutes a criminal offence or otherwise breaches any applicable laws, regulations or code of practice;
- interfering with any other person’s use or enjoyment of the site;
- making, transmitting or storing electronic copies of materials protected by copyright without the permission of the owner.
Information We Collect
We collect various types of information in connection with the services, including:
- Information you provide directly to us;
- Information we collect about your use of our services;
- Information we obtain from third party sources;
- Anonymised data about your use of the app.
this information may include, but is not limited to: Email, Age / DOB, Location Data, General Wellness Data, Cookies / Web Beacons etc. (used for tracking an individual’s online browsing behaviours/movements), Physical and/or Mental Health Dat., Gender, App cookies (data collected automatically, continuously via analytics services, i.e. app version, active status, device type, operation system etc.).
Use and Sharing of Information
We use the information we collect:
- To provide the services you request;
- To understand the way you use the services so that we can improve your experience;
- To understand more about our customers so that we can offer the most relevant communications, services, and experiences;
- To provide customised content and advertising with your separate consent where required.
We may share your information with:
- Affiliates – the companies related to Smart Respiratory Products Ltd. by common ownership or control;
- Service providers – companies that provide services for or on behalf of Smart Respiratory Products Ltd;
- Law enforcement – when we are required to do so or to protect Smart Respiratory Products Ltd. and its users;
- Governmental health bodies – when we are required to do so to.
We will use the information we collect for the following purposes:
- to register you;
- to provide a service you request;
- to provide customised content and provide personalised services based on your past activities on our services with your separate consent if required;
- for advertising, such as providing customised advertisements, sponsored content, and sending you promotional communications with your separate consent if required;
- for assessment and analysis of our market, customers, products, advertising campaigns and services to help us better understand, through statistical processes where necessary, more about our customers, in order to offer the most relevant communications, services and experiences to you.
- to ask you for your opinions on our products and services and to carry out customer surveys with your separate consent if required;
- to understand the way people use our services so that we can improve them and develop new products and services;
- to facilitate the provision of software updates;
- to conduct promotions, as permitted by law; and otherwise with your separate consent;
- to understand the impact on your health with clinical research.
Information from third party sources
We may receive information about you from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you. We also may receive information about you from third party social networking services when you choose to connect with those services.
Other Information We Collect
Sharing your information
We may disclose your information internally within our business to the relevant teams such as, without limitation, the customer services team, the legal team, the finance team, the sales team, and where you have chosen to receive marketing messages, the marketing team. We may also disclose your information to the following entities, only to the extent that this will be necessary to perform the services.
We do not use your data from the app for the purpose of marketing without your separate consent.
We take protection of your data seriously, and have put in place appropriate physical and technical measures to safeguard the information we collect in connection with the services. However, please note that although we take reasonable steps to protect your information, no website, internet transmission, computer system, or wireless connection is completely secure.
Deletion of personal information
We will not keep your personal data for longer than is necessary for the purpose it was collected. This means that data will be destroyed or erased from our systems when it is no longer required.We take appropriate steps to ensure that we process and retain information about you based on the following logic:
- at least the duration for which the information is used to provide you with a service;
- as required under law, a contract, or with regard to our statutory obligations;
- only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.
Where the app data is stored and how
The data is stored in a Google product, called Google Firebase services. Data transferred between the clients (both the Mobile application and the Console web application) and the Google Firebase services go through encrypted HTTPS channels. This ensures the integrity of the data during data transfer.
The data reliability is guaranteed by the authentication and client validator methods built in the Google Firebase services and client SDKs. The application gets a unique token at login time from the Google service which can be used for network requests. On the server-side, the token is checked if it is valid for the user and if it is not expired. If the token expires, there is a built-in method that can ask for a renewed token without asking the user to log in again. The client SDK has also a two-way validation, so the clients (both the Mobile application and the Console web application) need to have the related Google Firebase service keys, and on the Google Firebase server-side, the client’s unique application keys need to be set up. This operation ensures that unauthorized intrusive requests will not get access to the resources.
User data collected by the app is stored in the cloud in the Google Firebase’s Cloud Firestore, hosted in Central United States (Oklahoma—private GCP region) has also been ensured that stored data cannot be connected to real users. That is based on the data storage architecture implemented by the Service Provider. Users after authentication get a unique identifier from the Google Firebase authentication services, which is encrypted by a one-way encryption method which results in a new unique identifier. Data stored by users are connected to this encrypted identifier. Using this operation, everyone knows which data relates to them, as the application gets what needs to be encrypted and how. On the other side, if someone would get access to the database only random data would be displayed, that would not be possible to decrypt the unique identifiers to see which authentication user identifier is the belonging one. Users do not need to know these encryption methods and identifiers, as all of these works automatically in the background, after successful authentication.
We follow a detailed information security code regarding the safety of the data and the information that is under our control, with which compliance is mandatory for all our personnel, and which is both known and used by our staff.
We regularly coach and train our employees regarding data and information security requirements.
Risks associated to data storage are minimal since we store all the data anonymised with two-step encryption so they cannot be linked to users. We use the Google Firestore system to store our data. We conduct regular data backup and store the data in the original encrypted/anonymised format. This allows the database to be reloaded and made available to users again in the event of any database failure.
However, Google has a fairly comprehensive in-house data security system and
protocol, so the likelihood of such a scenario occurring is quite low.
It can be said that the overall risk associated with the use of our device and the
associated data storage and cyber security is very low. We conducted a detailed
cyber security risk analysis and identified all the possible risk types and named the implemented mitigation.
What procedure do we follow upon an incident?
Pursuant to applicable law, we report incidents to the supervisory authority within 72 hours of having gained knowledge thereof, and we also keep records of them. In cases regulated by applicable law, we also inform subjects of the incidents, where necessary. In cases where such is required by law, we also inform concerned data subjects thereof. Regarding other matters, we conduct ourselves pursuant to our global Incident Management Rules and the processes set out therein.
More information on reporting procedure of data breaches in the UK: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
What rights do you have regarding the processing of your data, and how can you exercise them?
- Right of access: you may inquire as to what data is managed, for what purposes, for how long, to whom do we forward them, and where the data originates from.
- Right of correction: should your data change or be recorded wrong, you may request that this be rectified or corrected.
- Right of deletion: in instances specified by law, you may request that we delete your stored personal data.
- Right of restriction: in instances specified by law, you may request that data management be restricted regarding your personal data.
- Right to objection: in case of data processing under the legal basis of legitimate interest you may object to your personal data being managed, in which case we do not manage your personal data any further.
- Right to data portability: you may request the porting of your personal data, in which case we hand over your stored data either to you, or directly to a data controller of you choosing, if such is technically safe and manageable.
We wish to note that data portability requests may only be issued regarding data managed per your consent, or regarding data that is managed automatically, and that we may only conclude data portability requests aimed towards other providers if such is possible from a technical and security viewpoint.
In cases of such requests, we conduct ourselves pursuant to applicable law, and will provide information on the rendered measures in one month.
- Right to revoke consent: in cases where the legal basic of data processing is consent based on GDPR Article 6 (1) c) or explicit consent based on GDPR Article 9 (1) a), you have the right to revoke such consent at any time, which does not affect the legality of data management conducted prior to the revocation.
- Right of complaint: should you have any complaints or grievances regarding our data management, you have the right to lodge a complaint by the supervisory authority:
Main supervisory authority:
Information Commissioner’s Office (United Kingdom)
Postal address: Wycliffe House, Water Lane, Wilmslaw, Cheshire, SK9 5AF
Telephone: 0303 123 111
The Service provider is incorporated int he United Kingdom, its place of activity and center of activity is int he United Kingdom. Therefore its main supervisory authority is the UK data protection authority.
Other affected supervisory authority:
National Authority for Data Protection and Freedom of Information (Hungary)
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391-1400
Moreover, you may file a suit against Service Provider before the Municipal Court of Budapest if your personal data has been infringed upon.
GDPR Compliance Statement
We are committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet the requirements of the EU General Data Protection Regulation (“GDPR”) that came into force on 25 May 2018 and the UK’s Data Protection Bill.
We are dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. We have a designated Data Protection Officer to ensure the realization of the described measures.
We established a system to ensure all data is handled properly according to the GDPR including but not limited to the following:
All personal data is stored anonymously and with two-step-encryption and with limitations regarding access. Furthermore, the safety of the stored data is guaranteed by Firebase services that we use and have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process. We only collect user-related information that is necessary to perform our essential operation which is approved by our users or customers. All stored personal data will be deleted if specifically requested by the user.
Our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained to all employees.
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
We are reviewing our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
Our designated Data Protection Officer is Thomas Antalffy, Seat: Imperial I-Hub Level 4, 84 Wood Lane, White City London, England, W12 0BZ, E:thomas@smartrespiratory(dot)com
If you need more information or help regarding data handling or collected data, please contact us at: email@example.com
Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example:Cookies can remember your sign-in credentials so you don’t have to enter those credentials each time you log on to a service.
Cookies help us and third parties understand which parts of our services are the most popular because they help us to see which pages and features visitors are accessing and how much time they are spending on the pages. By studying this kind of information, we are better able to adapt the services and provide you with a better experience.Cookies help us and third parties understand which advertisements you have seen so that you don’t receive the same advertisement each time you access a service.
Cookies help us and third parties provide you with relevant content and advertising by collecting information about your use of our services and other websites and apps.
When you use a web browser to access the services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies.
Please note, however, that some services may be designed to work using cookies and that disabling cookies may affect your ability to use those services, or certain parts of them.
We use the following types of cookies on our website:
Essential Cookies which enable you to order products and receive services from our website.
Performance Cookies which enable us to analyse the performance and design of our website and detect errors. For example, this type of cookie allows us to recognise that you have visited our website before and shows which sections of our website are most popular by allowing us to see which pages visitors access most frequently and how much time visitors spend on each page. We use, without limitation, Google Analytics, Adobe, and similar analytics cookies to achieve this.
Advertising Cookies which enable us and our carefully selected partners to deliver advertisements to you, or contact you directly where you have separately consented to such communications, which match your interests by, for example, collecting information about services you have browsed.
Beacons and/or Pixels. We, along with certain third parties, also may use technologies called beacons or pixels that communicate information from your device to a server. Beacons and pixels can be embedded in online content, videos, and emails and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon and pixels, and the IP address of your device. We and certain third parties use beacons and pixels for a variety of purposes, including to analyse the use of our services and (in conjunction with cookies) to provide content and advertisements that are more relevant to you.When you access and use our services (except for websites provided by third party service providers), you will be asked to provide your separate consent to the storage of cookies (which includes other local storage technologies, beacons, pixels and other information on your devices) by us. You will also be asked to provide your separate consent to the access of such cookies (which includes local storage technologies, beacons, pixels and information) by us and by the third parties mentioned above. Your experience of our website/services may be affected if you do not accept cookies, and further information will be provided to you at the time we ask you for this specific consent.Our services make use of social network plugins (“Plugins”). When you use a service that contains plugins, information may be directly transferred from your device to the operator of the social network. We have no influence on the data gathered by the plugin. If you are logged into the social network, your use of our service can be referenced to your social network account. If you interact with the plugins, for example by clicking “Like”, “Follow”, or “Share”, or enter a comment, the information may automatically show in your social network profile. Even if you are not logged into your social network account, it may be possible that the plugins transmit your IP address to the social network operators. Please consider this when using our services.For information about the social network operators of the plugins used in our services (“Operators”) please see below:
Operators of Plugins used in our Services
If you are a member of one or more of the following social networks and do not want the operator to connect the data concerning your use of our services with your member data already stored by the operator, please log out of the social network before using our services.
If you have any specific questions regarding the use of your data, please contact us at: firstname.lastname@example.org
You can revisit your Cookie settings anytime here: Cookie Settings
Exclusion of Warranty
We try to make sure the information, services and materials contained on this site are as accurate as possible. However the site is provided ‘as is’ and we give no warranty or guarantees in respect of the accuracy, completeness, currency, reliability or of any kind regarding the site and/or any information, services or materials provided on the site.To the maximum extent permitted by law, in respect of all the information, services and materials contained on the site, we expressly disclaim all warranties and conditions, including implied warranties and conditions of merchantability, fitness for a particular purpose and non-infringement, and those arising by statute or otherwise in law or from a course of dealing or usage of trade.We assume no responsibility and shall not be liable for any damage to, or viruses that may infect, your computer equipment or other property on account of your access to, use of, or browsing, in the site.In no event shall we be liable for any direct, indirect, special, punitive, exemplary or consequential damages of whatsoever kind including, but not limited to, loss of profit, business losses such as lost data, lost profits or business interruption, whether or not in the contemplation of the parties, whether based on breach of contract, negligence or any other tort, product liability or otherwise, even if advised of the possibility of such damages, which arise out of or are in any way connected with:
- your access of the site;
- your use of the site;
- the content of the site;
- any failure or delay of the site including, but not limited to, the inability to use any component of the site;
- our provision of or failure to provide services;
- the performance or non- performance of the site;
- any information, software, products, services and related graphics displayed on the site;
- your access of other material on the internet via links from the site.
Affiliates / links to other Sites
As a convenience to patients the site may include links to other sites or material which are beyond our control and where this policy does not apply. We accept no responsibility for such sites and do not endorse their contents or any information, material, products or services accessible through the sites. If you decide to access other sites, you do so at your own risk.
Copyright & Trademark
The content of the site is protected by copyright, trade marks, database rights and other intellectual property rights. The site and each of its modules including, but not limited to, text, graphics, logos, button icons, images, audio clips and software, is the property of us. None of the data or content found on the site may be reproduced, republished, distributed, posted, sold, transferred, linked to other sites or modified without our expressed written permission. In addition, the trademarks, logos and service marks displayed on this site (“the Trade Marks”) are registered and nothing contained in this site should be construed as granting by implication, estoppel, or otherwise, any licence or right to use any of the trade marks without our permission. All other intellectual property rights (including any patent, copyright, database rights, registered design, trade mark, trade name, know-how or industrial or intellectual property right subsisting anywhere in the world and any applications to protect any of the above) and goodwill in and relating to the site (including all components developed and produced for the site including the up-dates, format, art direction, look and feel and content) (the “Intellectual Property Rights”) shall be owned by us. However, you may retrieve and display the content of the site on a computer screen or download, print or copy the contents of the site for your personal non-commercial use, provided you keep intact all copyright and proprietary notices.
This Site is owned and operated by Smart Respiratory Products Ltd, whose principal trading address is: Imperial I-Hub Level 4, 84 Wood Lane, White City London, England, W12 0BZ