Privacy Policy
Updated on 18.02.2020

Privacy Policy

At Immunie we have privacy as a fundamental value and our system´s development was guided by the concept of privacy by design in our minds since it’s the beginning. It is very important that you read carefully this Privacy Policy before subscribing to our services. If you might have any question or have any doubt regarding this privacy policy, please feel free to drop us a message to privacy@immunie.net. Unless you might have read and agree with this privacy policy you should not use our services. We work hard to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), this policy should express it. This policy explains how we use your personal data and how we work with your data, so that you can make informed choices and be in control of your information. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our digital vaccination records services and products. It also governs the use of your data through our Progressive WebApp, or any of our websites, including the Immunie website and the Immunie at hand website (and any reference to our App in this policy shall also include a reference to our websites).

About Immunie

Immunie is a service delivered by KIPR Blockchain Ltd, a company registered in England. The registered office and principal place of business of our company is Kipr Blockchain Kemp House 152-160 City Road, London, England, EC1V 2NX, W6 8LU. The Immunie vaccinations records, App and e-ICV issuance are digital services provided by Immunie under a sub-contract arrangement via affiliated Health Care Businesses such as Hospitals, Maternities, Vaccination Clinics, Travel Vaccination Clinics and other licensed and authorized entities. When this policy talks about ‘Immunie’, ‘us’ or ‘we’, it means the Immunie services provided by KIPR Blockchain Ltd. We do not provide your data to other companies and the Immunie software architecture and design were developed to ensure that no personal data will be shared without your prior and express consent. Immunie is the controller of your personal data provided to, or collected by or for, or processed in connection with our services. Your relationship is with Immunie. If for example, you would like to access your data, Immunie is the entity to which you would make such a request.0

About the data we hold and how is it obtained

We use the following categories of personal data:

(I) Personal details

When you register with Immunie, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners. You are responsible for the accuracy of the information that you provide to us.

(II) Health and medical information

The main type of information we hold about you is vaccination records: the vaccines you have taken, the manufacturer of those vaccines, lot number, the clinic and healthcare professional which has applied it, its location and the time and date it has happened. This includes details of your consultations with doctors, and interactions with our digital services, including interactions with our chatbot, messages, and history of actions within the App, you might also provide a digital photo of your old paper vaccination card. Your interactions with our digital services may be shared with doctors only if you might grant access to them sharing the 6 digit code generated by your App. We get some of this information directly from you, when you register with us and when you use our services. If you use our Immunie and uploads a digital photo of your old paper vaccination card, we will receive your medical history from your previously received vaccinations. Any correspondence we receive from you is uploaded electronically to your Immunie back-office record. We retain recordings of our interactions with you. This can include your use of our chatbot service, video and audio recordings or audio-only recordings. This is in order to provide you a better service and support you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or our interactive live chat service on the App. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations or interactions with us (depending on the format) for a limited time through the App or from us. Please refer to the ‘Retention Periods’ section of this policy.

(III) Financial information

If you make any payments on the App, your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information.

(IV) Technical information and analytics.

When you use our App or visit our website, we may automatically collect the following information where this is permitted by your device or browser settings: technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and information about your visit (such as when you first used the App and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, App response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you in the App or otherwise) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services. Our Cookie Policy is available at: Immuniehealth.com/terms/cookies. You can prevent the setting of cookies by adjusting the settings on your browser or your mobile phone.

(V) Information obtained from third party services.

You may choose to connect your existing accounts with other providers (such as a social media provider), for example, when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address and name. Provided we are acting in accordance with data protection laws, we may also use information from other sources, such as specialist companies that supply information, online media channels, our commercial partners and public registers. This information can for example, help us to improve and measure the effectiveness of our services.

About the purpose of using your personal data

The purposes for which we use your personal data and the legal grounds on which we do so are as follows:

(I) Providing you a service.

We obtain and use your personal details and financial details in order to establish and deliver our contract with you and (if applicable) charge you correctly. We obtain and use some of your medical information because this is necessary for the purposes of the services we provide, including your vaccination history and places you have travelled. It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as the healthcare professional in charge of a new vaccination when you might have granted access to your card sharing the 6 digit vaccination code.

(II) Making vaccines better.

Where you have provided your explicit consent, we will use your feedback information about adverse reactions such as fever, headache or any kind of discomfort or unwellness after taking a vaccine (always having removed personal identifiers, such as your name, address and contact details) to improve products and services provided by the vaccine producers, with or without the processing by our artificial intelligence system, so that better healthcare can be delivered to you and other Immunie users. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our livechat. This does not involve making any decisions which would have a significant effect on you – it is only about improving our vaccine and immunization products and the services and software we provide, so that we can deliver a better experience to you and other Immunie users. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you. We may obtain and use data about your precise location where you give your consent (through providing us access to your location through your App or browser settings or your address), for example, to help direct you to the nearest travel vaccination clinic. We may also derive your approximate location from your IP address.

(III) Keeping you up to date.

We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. As part of providing you with high quality vaccination record services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example when a vaccine might be about to be due.

(IV) Other uses.

Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within the App or our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times. Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. Where necessary for safety, regulatory and/or compliance purposes, we may audit vaccination and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.

About sharing your personal data with others

We may share your personal data with members of our company and our partners (such as developers and data scientists, always working under strict non-disclosure agreement). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. Where you access our services through your health care provider or any of our commercial partners (including hospitals, maternities and vaccination clinics) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records.

Anonymised information

We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service. We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent.

Retention periods policies

We retain your medical records in accordance with national best practice guidance – in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation.

(I) Livechat conversations.

Retained as GP Records above. Available via App for a limited period (currently 6 months, subject to change), after which available upon request.

(II) Vaccination Card.

Retained 2 years post account closure.

How is your Data stored, kept secure and transfered

We do not store your personal health data on your mobile device. We store all your personal health data, including your primary care information, medication information and diagnostic information, on secure servers physically located within the EU area. Where you have chosen a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Immunie Blockchain does not store nor processes any personal or health information and works as a witness for integrity validation of the information you might decide to share with a third party such as a healthcare professional in the case of consultations or getting a vaccine or an authority in the case of the e-ICV. The Immunie Blockchain validates the transactions using double SHA-3 hashing with an intermediate layer of security (cryptographic pseudorandom number generator – CPRNG, Salt). Your data may be processed or stored via destinations outside of the UK and the European Economic Area (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA. For further information on the safeguards we take if we transfer data outside of the EEA, contact privacy@immunie.net.

About your rights regarding data protection

As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App. You also have specific rights under the GDPR and DPA to: wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App; understand and request a copy of information we hold about you. Subject to our retention periods, recordings of your appointments with us and other medical notes can be accessed via the App. For other information, you can make a request by email; ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time; ask us to restrict our processing of your personal data or object to our processing; and ask for your data to be provided on a portable basis. You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).

Contact us

For any questions or concerns, you can contact us by sending an email to privacy@immunie.net.