Updated on 18.02.2020
Immunie is a service delivered by KIPR Blockchain Ltd, a company registered in England. The registered office and principal place of business of our company is Kipr Blockchain Kemp House 152-160 City Road, London, England, EC1V 2NX, W6 8LU. The Immunie vaccinations records, App and e-ICV issuance are digital services provided by Immunie under a sub-contract arrangement via affiliated Health Care Businesses such as Hospitals, Maternities, Vaccination Clinics, Travel Vaccination Clinics and other licensed and authorized entities. When this policy talks about ‘Immunie’, ‘us’ or ‘we’, it means the Immunie services provided by KIPR Blockchain Ltd. We do not provide your data to other companies and the Immunie software architecture and design were developed to ensure that no personal data will be shared without your prior and express consent. Immunie is the controller of your personal data provided to, or collected by or for, or processed in connection with our services. Your relationship is with Immunie. If for example, you would like to access your data, Immunie is the entity to which you would make such a request.0
About the data we hold and how is it obtained
We use the following categories of personal data:
(I) Personal details
When you register with Immunie, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners. You are responsible for the accuracy of the information that you provide to us.
(II) Health and medical information
The main type of information we hold about you is vaccination records: the vaccines you have taken, the manufacturer of those vaccines, lot number, the clinic and healthcare professional which has applied it, its location and the time and date it has happened. This includes details of your consultations with doctors, and interactions with our digital services, including interactions with our chatbot, messages, and history of actions within the App, you might also provide a digital photo of your old paper vaccination card. Your interactions with our digital services may be shared with doctors only if you might grant access to them sharing the 6 digit code generated by your App. We get some of this information directly from you, when you register with us and when you use our services. If you use our Immunie and uploads a digital photo of your old paper vaccination card, we will receive your medical history from your previously received vaccinations. Any correspondence we receive from you is uploaded electronically to your Immunie back-office record. We retain recordings of our interactions with you. This can include your use of our chatbot service, video and audio recordings or audio-only recordings. This is in order to provide you a better service and support you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or our interactive live chat service on the App. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations or interactions with us (depending on the format) for a limited time through the App or from us. Please refer to the ‘Retention Periods’ section of this policy.
(III) Financial information
If you make any payments on the App, your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.
(IV) Technical information and analytics.
(V) Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name. Provided we are acting in accordance with data protection laws, we may also use information from other sources, such as specialist companies that supply information, online media channels, our commercial partners and public registers. This information can for example, help us to improve and measure the effectiveness of our services.
About the purpose of using your personal data
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
(I) Providing you a service.
We obtain and use your personal details and financial details in order to establish and deliver our contract with you and (if applicable) charge you correctly. We obtain and use some of your medical information because this is necessary for the purposes of the services we provide, including your vaccination history and places you have travelled. It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as the healthcare professional in charge of a new vaccination when you might have granted access to your card sharing the 6 digit vaccination code.
(II) Making vaccines better.
Where you have provided your explicit consent, we will use your feedback information about adverse reactions such as fever, headache or any kind of discomfort or unwellness after taking a vaccine (always having removed personal identifiers, such as your name, address and contact details) to improve products and services provided by the vaccine producers, with or without the processing by our artificial intelligence system, so that better healthcare can be delivered to you and other Immunie users. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our livechat. This does not involve making any decisions which would have a significant effect on you – it is only about improving our vaccine and immunization products and the services and software we provide, so that we can deliver a better experience to you and other Immunie users. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you. We may obtain and use data about your precise location where you give your consent (through providing us access to your location through your App or browser settings or your address), for example, to help direct you to the nearest travel vaccination clinic. We may also derive your approximate location from your IP address.
(III) Keeping you up to date.
We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. As part of providing you with high quality vaccination record services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example when a vaccine might be about to be due.
(IV) Other uses.
Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within the App or our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times. Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. Where necessary for safety, regulatory and/or compliance purposes, we may audit vaccination and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
About sharing your personal data with others
We may share your personal data with members of our company and our partners (such as developers and data scientists, always working under strict non-disclosure agreement). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. Where you access our services through your health care provider or any of our commercial partners (including hospitals, maternities and vaccination clinics) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records.
We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service. We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent.
Retention periods policies
We retain your medical records in accordance with national best practice guidance – in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation.
(I) Livechat conversations.
Retained as GP Records above. Available via App for a limited period (currently 6 months, subject to change), after which available upon request.
(II) Vaccination Card.
Retained 2 years post account closure.
How is your Data stored, kept secure and transfered
About your rights regarding data protection
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App. You also have specific rights under the GDPR and DPA to: wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App; understand and request a copy of information we hold about you. Subject to our retention periods, recordings of your appointments with us and other medical notes can be accessed via the App. For other information, you can make a request by email; ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time; ask us to restrict our processing of your personal data or object to our processing; and ask for your data to be provided on a portable basis. You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).
For any questions or concerns, you can contact us by sending an email to email@example.com.