Privacy Policy
All references in the Privacy Policy to “we”, “our” and “us” are to Smart Peak Flow which is the trading name for Smart Respiratory Products Ltd. The Privacy Policy applies to your use of this website (“the site”) and app. Please read the Privacy Policy carefully before using this site as they affect your rights and liabilities under the law. Your use of this site indicates your agreement to be bound by this Privacy Policy. If you do not agree with any part of the following Terms & Conditions you must not use the site. If you have any questions on the Privacy Policy, please email info@smartasthma.com.
Smart Respiratory Products Ltd. and our affiliates know how important privacy is to our customers and we strive to be clear about how we collect, use, disclose, transfer and store your personal information.
This Privacy Policy applies to any Smart Respiratory Products device, app, website, customer service platform or other online application that refers to or links to the Privacy Policy. This Privacy Policy applies regardless of whether you use a computer, mobile phone, tablet or other smart device to access our services.
We may make improvements or changes to the information, services, products and other materials on this site at any time without notice. We may also modify the Privacy Policy at any time and any modifications shall be effective immediately upon posting of the modified Privacy Policy on this site. If you do not wish to accept the new Privacy Policy you should not continue to use the site. Accordingly, your continued access or use of this site is deemed to be your acceptance of the modified Privacy Policy.
Our Obligations
Although we aim to offer you the best service possible we make no promises that the services on our site will meet your requirements. We cannot guarantee that the services will be fault-free. If a fault occurs at the site you should report it to info@smartasthma.com and we will attempt to correct the fault as soon as we reasonably can. Your access to the site may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. We will attempt to restore the service as soon as we reasonably can.
Your Obligations
You agree that you will only use the site and app in accordance with the Privacy Policy and shall ensure compliance with applicable laws and regulations. You must ensure that the personal details provided by you are correct and complete. You must inform us immediately of any changes to the personal details provided by you by emailing info@smartasthma.com so that we can communicate with you effectively. You are at a legal age in your country to be authorized using the app and provide personal information. If you become aware that your child has shared sensitive personal information without the necessary parental consent let us know at info@smartasthma.com so we can take the further steps. You represent, warrant and undertake that you will not cause or permit anything to be done that may infringe, damage or endanger any intellectual property rights belonging to us or any third party.
You agree that you will not use the site for any of the following purposes:
- disseminating any unlawful, harassing, libellous, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable material or otherwise breaching any laws;
- transmitting material that encourages conduct that constitutes a criminal offence or otherwise breaches any applicable laws, regulations or code of practice;
- interfering with any other person’s use or enjoyment of the site;
- making, transmitting or storing electronic copies of materials protected by copyright without the permission of the owner.
You will be responsible for our losses and costs resulting from your breach of these obligations. Without prejudice to any of our other rights (whether in law or otherwise) we reserve the right to deny you access to this site where we believe, in our absolute discretion, that you are in breach of the Privacy Policy.
You understand that you do not have an opportunity to opt out of each of the data processing activities whilst using the app. As we do not differentiate between them or the services within the app and we manage them together being a complete package. By accepting this privacy policy, you accept each data processing activity and services mentioned hereinafter.
Below you will find a summary of the key messages contained in our Privacy Policy.
You can also read our privacy policy summary highlighting the main information, here.
Information We Collect
We collect various types of information in connection with the services, including:
- Information you provide directly to us;
- Information we collect about your use of our services;
- Information we obtain from third party sources;
- Anonymised data about your use of the app.
this information may include, but is not limited to: Email, Age / DOB, Location Data, General Wellness Data, Cookies / Web Beacons etc. (used for tracking an individual’s online browsing behaviours/movements), Physical and/or Mental Health Dat., Gender, App cookies (data collected automatically, continuously via analytics services, i.e. app version, active status, device type, operation system etc.).
We may also seek your separate consent to collect information or separately notify you about how we collect your personal information in a manner that is not described in this Privacy Policy, as required for certain additional services.
Use and Sharing of Information
We use the information we collect:
- To provide the services you request;
- To understand the way you use the services so that we can improve your experience;
- To understand more about our customers so that we can offer the most relevant communications, services, and experiences;
- To provide customised content and advertising with your separate consent where required.
We may share your information with:
- Affiliates – the companies related to Smart Respiratory Products Ltd. by common ownership or control;
- Service providers – companies that provide services for or on behalf of Smart Respiratory Products Ltd;
- Law enforcement – when we are required to do so or to protect Smart Respiratory Products Ltd. and its users;
- Governmental health bodies – when we are required to do so to.
We will use the information we collect for the following purposes:
- to register you;
- to provide a service you request;
- to provide customised content and provide personalised services based on your past activities on our services with your separate consent if required;
- for advertising, such as providing customised advertisements, sponsored content, and sending you promotional communications with your separate consent if required;
- for assessment and analysis of our market, customers, products, advertising campaigns and services to help us better understand, through statistical processes where necessary, more about our customers, in order to offer the most relevant communications, services and experiences to you.
- to ask you for your opinions on our products and services and to carry out customer surveys with your separate consent if required;
- to understand the way people use our services so that we can improve them and develop new products and services;
- to facilitate the provision of software updates;
- to conduct promotions, as permitted by law; and otherwise with your separate consent;
- to understand the impact on your health with clinical research.
We combine information from or about you, including across different services or devices, for purposes consistent with this Privacy Policy. We base our recommendations, customised content, and personalised features for your enhanced experience on the services on the information you provide to us directly, through using the services, browsing our website or through information provided to us from our trusted third parties to provide us with a better understanding of our customers. Where we use trusted third parties to enrich our database, we ensure that there is a legally enforceable agreement between us and the third party provider to ensure that any combined data has been lawfully obtained from you.
Depending on the reason for which we combine the data, and on the requirements of applicable law, specific controls for such combination will be made available to you, by visiting our webpage which provides you with the opportunity to exercise your individual rights under data protection law.
Information from third party sources
We may receive information about you from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you. We also may receive information about you from third party social networking services when you choose to connect with those services.
Other Information We Collect
We also may collect other information about you, your device, or your use of the services in ways that we describe to you at the point of collection or otherwise with your separate consent where required. You can choose not to provide us with certain types of information (e.g. to accept the use of cookies), but doing so may affect your ability to use some services and to provide you relevant information to help you make an informed decision.
Sharing your information
We may disclose your information internally within our business to the relevant teams such as, without limitation, the customer services team, the legal team, the finance team, the sales team, and where you have chosen to receive marketing messages, the marketing team. We may also disclose your information to the following entities, only to the extent that this will be necessary to perform the services. We do not use your data from the app for the purpose of marketing without your separate consent.
Your data will not be shared without first obtaining your consent for other reasons/ with other parties, except as has been set out in this privacy policy.
We take protection of your data seriously, and have put in place appropriate physical and technical measures to safeguard the information we collect in connection with the services. However, please note that although we take reasonable steps to protect your information, no website, internet transmission, computer system, or wireless connection is completely secure.
Deletion of personal information
If you request deletion of personal information, you acknowledge that you may not be able to access or use the services and that residual personal information may continue to reside in Smart Respiratory Products Ltd.’s records and archives for some time, in compliance with applicable law, but Smart Respiratory Products Ltd. will not use that information for commercial purposes. You understand that, despite your request for deletion, Smart Respiratory Products Ltd. reserves the right to keep your personal information, or a relevant part of it, in line with the below section on “Data Retention” and applicable laws. Smart Respiratory Products Ltd. may suspend, limit, or terminate your access to the website for violating the Smart Respiratory Products Ltd. Privacy Policy when necessary to protect the rights, property, or safety of Smart Respiratory Products Ltd., or any of our respective affiliates, business partners, employees, or customers.
Data Retention
We will not keep your personal data for longer than is necessary for the purpose it was collected. This means that data will be destroyed or erased from our systems when it is no longer required.
We take appropriate steps to ensure that we process and retain information about you based on the following logic:
- at least the duration for which the information is used to provide you with a service;
- as required under law, a contract, or with regard to our statutory obligations;
- only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.
We, as well as certain third parties that provide content, advertising, or other functionality on our services, use cookies, pixels, beacons, and other technologies in certain areas of our services, as explained in more detail below.
Where the app data is stored and how
The data is stored in a Google product, called Google Firebase services. Data transferred between the clients (both the Mobile application and the Console web application) and the Google Firebase services go through encrypted HTTPS channels. This ensures the integrity of the data during data transfer.
The data reliability is guaranteed by the authentication and client validator methods built in the Google Firebase services and client SDKs. The application gets a unique token at the time of the login from the Google services which can be used for network requests. On the server-side, the token is checked if it is valid for the user and if it is not expired. If the token expires, there is a built-in method that can ask for a renewed token without asking the user to log in again. The client SDK has also a two-way validation, so the clients (both the Mobile application and the Console web application) need to have the related Google Firebase service keys, and on the Google Firebase server-side, the client’s unique application keys need to be set up. This operation ensures that unauthorized intrusive requests will not get access to the resources.
User data collected by the app is stored in Google Firebase’s Cloud Firestore, hosted in London, United Kingdom (europe-west2). We have ensured that stored data cannot be linked to any user-identifiable information. This is achieved through the data storage architecture implemented by our service provider.
Upon authentication, users receive a unique identifier from Google Firebase authentication services, which undergoes one-way encryption resulting in a new unique identifier. Data collected from users is associated with this encrypted identifier. This process ensures that users can access their own data securely without needing to understand the encryption methods or identifiers used in the background.
In the event that unauthorized access to the database occurs, only encrypted data is accessible, preventing decryption of unique identifiers and safeguarding user privacy. This automated encryption process ensures data security throughout the app’s operations.
Data Security
We follow a detailed information security code regarding the safety of the data and the information that is under our control, with which compliance is mandatory for all our personnel, and which is both known and used by our staff.
We regularly coach and train our employees regarding data and information security requirements.
Risks associated to data storage are minimal since we store all the data anonymised with two-step encryption so they cannot be linked to users. We use the Google Firestore system to store our data. We conduct regular data backup and store the data in the original encrypted/anonymised format. This allows the database to be reloaded and made available to users again in the event of any database failure. However, Google has a fairly comprehensive in-house data security system and protocol, so the likelihood of such a scenario occurring is quite low.
It can be said that the overall risk associated with the use of our device and the associated data storage and cyber security is very low. We conducted a detailed cyber security risk analysis and identified all the possible risk types and named the implemented mitigation.
What procedure do we follow upon an incident?
Pursuant to applicable law, we report incidents to the supervisory authority within 72 hours of having gained knowledge thereof, and we also keep records of them. In cases regulated by applicable law, we also inform subjects of the incidents, where necessary. In cases where such is required by law, we also inform concerned data subjects thereof. Regarding other matters, we conduct ourselves pursuant to our global Incident Management Rules and the processes set out therein.
More information on reporting procedure of data breaches in the UK: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
What rights do you have regarding the processing of your data, and how can you exercise them?
- Right of access: you may inquire as to what data is managed, for what purposes, for how long, to whom do we forward them, and where the data originates from.
- Right of correction: should your data change or be recorded wrong, you may request that this be rectified or corrected.
- Right of deletion: in instances specified by law, you may request that we delete your stored personal data.
- Right of restriction: in instances specified by law, you may request that data management be restricted regarding your personal data.
- Right to objection: in case of data processing under the legal basis of legitimate interest you may object to your personal data being managed, in which case we do not manage your personal data any further.
- Right to data portability: you may request the porting of your personal data, in which case we hand over your stored data either to you, or directly to a data controller of you choosing, if such is technically safe and manageable.
We wish to note that data portability requests may only be issued regarding data managed per your consent, or regarding data that is managed automatically, and that we may only conclude data portability requests aimed towards other providers if such is possible from a technical and security viewpoint.
In cases of such requests, we conduct ourselves pursuant to applicable law, and will provide information on the rendered measures in one month.
- Right to revoke consent: in cases where the legal basic of data processing is consent based on GDPR Article 6 (1) c) or explicit consent based on GDPR Article 9 (1) a), you have the right to revoke such consent at any time, which does not affect the legality of data management conducted prior to the revocation.
- Right of complaint: should you have any complaints or grievances regarding our data management, you have the right to lodge a complaint by the supervisory authority:
Main supervisory authority:
Information Commissioner’s Office (United Kingdom)
Postal address: Wycliffe House, Water Lane, Wilmslaw, Cheshire, SK9 5AF
Telephone: 0303 123 111
E-mail: casework@ico.org.uk
Website: www.ico.org.uk
The Service provider is incorporated int he United Kingdom, its place of activity and center of activity is int he United Kingdom. Therefore its main supervisory authority is the UK data protection authority.
Other affected supervisory authority:
National Authority for Data Protection and Freedom of Information (Hungary)
Website: http://naih.hu
Postal address: 1530 Budapest, Pf.: 5.
E-mail: ugyfelszolgalat@naih.hu
Telephone: +36 (1) 391-1400
Moreover, you may file a suit against Service Provider before the Municipal Court of Budapest if your personal data has been infringed upon.
GDPR Compliance Statement
We are committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet the requirements of the EU General Data Protection Regulation (“GDPR”) that came into force on 25 May 2018 and the UK’s Data Protection Bill.
We are dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. We have a designated Data Protection Officer to ensure the realization of the described measures.
We established a system to ensure all data is handled properly according to the GDPR including but not limited to the following:
All personal data is stored anonymously and with two-step-encryption and with limitations regarding access. Furthermore, the safety of the stored data is guaranteed by Firebase services that we use and have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process. We only collect user-related information that is necessary to perform our essential operation which is approved by our users or customers. All stored personal data will be deleted if specifically requested by the user.
Our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained to all employees.
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
We are reviewing our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
Our designated Data Protection Officer is Thomas Antalffy, Seat: Imperial I-Hub Level 4, 84 Wood Lane, White City London, England, W12 0BZ, E:thomas@smartrespiratory(dot)com
If you need more information or help regarding data handling or collected data, please contact us at: info@smartasthma.com
Cookies
Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example:
Cookies can remember your sign-in credentials so you don’t have to enter those credentials each time you log on to a service.
Cookies help us and third parties understand which parts of our services are the most popular because they help us to see which pages and features visitors are accessing and how much time they are spending on the pages. By studying this kind of information, we are better able to adapt the services and provide you with a better experience.
Cookies help us and third parties understand which advertisements you have seen so that you don’t receive the same advertisement each time you access a service.
Cookies help us and third parties provide you with relevant content and advertising by collecting information about your use of our services and other websites and apps.
When you use a web browser to access the services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies.
Please note, however, that some services may be designed to work using cookies and that disabling cookies may affect your ability to use those services, or certain parts of them.
We use the following types of cookies on our website:
Essential Cookies which enable you to order products and receive services from our website.
Performance Cookies which enable us to analyse the performance and design of our website and detect errors. For example, this type of cookie allows us to recognise that you have visited our website before and shows which sections of our website are most popular by allowing us to see which pages visitors access most frequently and how much time visitors spend on each page. We use, without limitation, Google Analytics, Adobe, and similar analytics cookies to achieve this.
Advertising Cookies which enable us and our carefully selected partners to deliver advertisements to you, or contact you directly where you have separately consented to such communications, which match your interests by, for example, collecting information about services you have browsed.
Beacons and/or Pixels. We, along with certain third parties, also may use technologies called beacons or pixels that communicate information from your device to a server. Beacons and pixels can be embedded in online content, videos, and emails and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon and pixels, and the IP address of your device. We and certain third parties use beacons and pixels for a variety of purposes, including to analyse the use of our services and (in conjunction with cookies) to provide content and advertisements that are more relevant to you.
When you access and use our services (except for websites provided by third party service providers), you will be asked to provide your separate consent to the storage of cookies (which includes other local storage technologies, beacons, pixels and other information on your devices) by us. You will also be asked to provide your separate consent to the access of such cookies (which includes local storage technologies, beacons, pixels and information) by us and by the third parties mentioned above. Your experience of our website/services may be affected if you do not accept cookies, and further information will be provided to you at the time we ask you for this specific consent.
Our services make use of social network plugins (“Plugins”). When you use a service that contains plugins, information may be directly transferred from your device to the operator of the social network. We have no influence on the data gathered by the plugin. If you are logged into the social network, your use of our service can be referenced to your social network account. If you interact with the plugins, for example by clicking “Like”, “Follow”, or “Share”, or enter a comment, the information may automatically show in your social network profile. Even if you are not logged into your social network account, it may be possible that the plugins transmit your IP address to the social network operators. Please consider this when using our services.
For information about the social network operators of the plugins used in our services (“Operators”) please see below:
Operators of Plugins used in our Services
If you are a member of one or more of the following social networks and do not want the operator to connect the data concerning your use of our services with your member data already stored by the operator, please log out of the social network before using our services.
Data controller: Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, 2 Dublin, Ireland (“Facebook”). For further information you may visit Facebook’s Privacy Policy website at https://www.facebook.com/about/privacy/.
Google+
Data controller: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For further information you may visit Google’s Privacy Policy website at https://www.google.com/privacy.
Data controller: LinkedIn Ireland, Gardner House, Wilton Place, Wilton Plaza, Dublin 2, Ireland (“LinkedIn”). For further information you may visit LinkedIn’s Privacy Policy website at https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.
Data controller: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). For further information you may visit Twitter’s Privacy Policy website at https://twitter.com/privacy.
If you have any specific questions regarding the use of your data, please contact us at: info@smartasthma.com
Exclusion of Warranty
We try to make sure the information, services and materials contained on this site are as accurate as possible. However the site is provided ‘as is’ and we give no warranty or guarantees in respect of the accuracy, completeness, currency, reliability or of any kind regarding the site and/or any information, services or materials provided on the site.
To the maximum extent permitted by law, in respect of all the information, services and materials contained on the site, we expressly disclaim all warranties and conditions, including implied warranties and conditions of merchantability, fitness for a particular purpose and non-infringement, and those arising by statute or otherwise in law or from a course of dealing or usage of trade.
We assume no responsibility and shall not be liable for any damage to, or viruses that may infect, your computer equipment or other property on account of your access to, use of, or browsing, in the site.
In no event shall we be liable for any direct, indirect, special, punitive, exemplary or consequential damages of whatsoever kind including, but not limited to, loss of profit, business losses such as lost data, lost profits or business interruption, whether or not in the contemplation of the parties, whether based on breach of contract, negligence or any other tort, product liability or otherwise, even if advised of the possibility of such damages, which arise out of or are in any way connected with:
- your access of the site;
- your use of the site;
- the content of the site;
- any failure or delay of the site including, but not limited to, the inability to use any component of the site;
- our provision of or failure to provide services;
- the performance or non- performance of the site;
- any information, software, products, services and related graphics displayed on the site;
- your access of other material on the internet via links from the site.
Nothing in these Privacy Policy shall exclude our liability for death or personal injury caused by our negligence or for fraudulent misrepresentation. Any dealings you have with third parties via the site are your responsibility. Should a dispute arise between yourself and any third party due to use of the site we will not be responsible for any loss or damage that may be suffered.
Affiliates / links to other Sites
As a convenience to patients the site may include links to other sites or material which are beyond our control and where this policy does not apply. We accept no responsibility for such sites and do not endorse their contents or any information, material, products or services accessible through the sites. If you decide to access other sites, you do so at your own risk.
Indemnification
You agree to indemnify, defend and hold us harmless from any liability, action, claim, loss and expense (including all legal costs) that are suffered or incurred by us and/or any affiliated or associated company or entity whether or not reasonable, or otherwise
foreseeable, or avoidable which arise directly or indirectly from any breach or alleged breach by you of any of the Privacy Policy.
Copyright & Trademark
The content of the site is protected by copyright, trade marks, database rights and other intellectual property rights. The site and each of its modules including, but not limited to, text, graphics, logos, button icons, images, audio clips and software, is the property of us. None of the data or content found on the site may be reproduced, republished, distributed, posted, sold, transferred, linked to other sites or modified without our expressed written permission. In addition, the trademarks, logos and service marks displayed on this site (“the Trade Marks”) are registered and nothing contained in this site should be construed as granting by implication, estoppel, or otherwise, any licence or right to use any of the trade marks without our permission. All other intellectual property rights (including any patent, copyright, database rights, registered design, trade mark, trade name, know-how or industrial or intellectual property right subsisting anywhere in the world and any applications to protect any of the above) and goodwill in and relating to the site (including all components developed and produced for the site including the up-dates, format, art direction, look and feel and content) (the “Intellectual Property Rights”) shall be owned by us. However, you may retrieve and display the content of the site on a computer screen or download, print or copy the contents of the site for your personal non-commercial use, provided you keep intact all copyright and proprietary notices.
Severability
The Privacy Policy shall be deemed severable. In the event that any provision is determined to be unenforceable or invalid, such provision shall nonetheless be enforced to the fullest extent permitted by applicable law and such determination shall not affect the validity and enforceability of any other remaining provisions.
Entire Agreement
The Privacy Policy constitutes the entire terms of your agreement with us relating to your use of the site and supersedes any prior understandings or agreements (whether oral or written) in respect of your use of the site. No other written or oral statement, including statements in any brochure or promotional literature published by us will be incorporated.
Governing Law
The Privacy Policy, your use of this site, and any downloaded material from it, shall be governed, construed and interpreted in accordance with the laws of England and Wales. You agree to submit to the non-exclusive jurisdiction of the English Courts.
Miscellaneous
You may not transfer any of your rights under the Privacy Policy to any other person. We may transfer our rights under the Privacy Policy to another business where we reasonably believe your rights will not be affected.
If you breach the Privacy Policy and we choose to ignore this, we will still be entitled to use our rights and remedies at a later date or in any other situation where you breach the Privacy Policy.
We shall not be responsible for any breach of the Privacy Policy caused by circumstances beyond our reasonable control.
This Site is owned and operated by Smart Respiratory Products Ltd, whose principal trading address is: Imperial I-Hub Level 4, 84 Wood Lane, White City London, England, W12 0BZ