Privacy policy | LiveSmart

LiveSmart UK Ltd Privacy Policy

INTRODUCTION

LiveSmart UK Ltd (“LiveSmart” or “we” or “us”) is committed to protecting and respecting your privacy in line with current legislation. This privacy policy is relevant to anyone who is using the LiveSmart service. It tells you what personal data is collected and what we do with that personal data.

 

The LiveSmart service uses your Health data (a combination of Personal Data and Sensitive Personal Data) collected manually from you and from any personal health tracking devices or mobile applications that you have linked to your account, for example the Apple Health app on your iPhone, in order to fulfill the LiveSmart service you have purchased. A full description of the LiveSmart service can be found in the Terms of Service on our website.

 

Please note that any health tracking devices or health apps that you integrate with the LiveSmart service are subject to their own terms and privacy policy and LiveSmart is not in any way affiliated with third party health tracking devices or health apps. You are under no obligation to use any devices and/or download any apps in order to use the LiveSmart service.

 

 ABOUT LIVESMART

LiveSmart UK Ltd is a registered company in the United Kingdom (Company No. 09960434; Registered Office Address 58-64 City Road, London EC1Y 2AL)

LiveSmart UK Ltd is registered with the ICO under registration number ZA230127

 SECTION 1: DEFINITIONS

In the provision of the LiveSmart service, both Personal Data and Sensitive Personal Data will be collected and used.

Personal Data means data which relates to a living individual who can be identified from the data or from the data and any other information which is in the possession of, or likely to come into the possession of, the data controller.

Sensitive Personal Data means personal data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.  This definition of sensitive personal data is consistent with the special categories of data defined in Article 9 of the General Data Protection Regulation (GDPR).

Member means an individual who has signed up to the LiveSmart service and accepted the LiveSmart Member terms (of use).

We will also refer to the Data Protection Officer (DPO) and the Data Controller.

The GDPR [and Data Protection Act 2018 (DPA)], which became law in the UK in May 2018, requires LiveSmart to appoint a DPO as we carry out large scale systematic monitoring of individuals and carry out large scale processing of special categories of data. The purpose of the DPO is to inform and advise LiveSmart and our employees about obligations to comply with the GDPR and other data protection laws; to monitor compliance with GDPR and data protection laws; and to be the first point of contact for supervisory authorities and for individuals whose data is processed.

The Data Controller is a person who determines the purposes for which and the manner in which any personal data are or are to be processed.

The Data Processor means any person who processes the data on behalf of the Data Controller.

 SECTION 2: WHAT DATA WE USE

 

Data Category

Purpose of Data

Type of Data

Personal Data

We collect Personal Data at the point of contacting us via email, subscribing to any of our email lists, submitting a ‘contact’ form or purchasing the product/service.

Name, Age, Phone Number, Address, Email

Sensitive Personal Data

We collect Sensitive Personal Data after you have purchased the product as part of fulfilling the product/service.

Ethnicity; Physical/mental health information; Biometric information; Passport; ID; Gender; Family or Marital status; Medical history; Pathology results; Bank Account/Card Details

Cookies

Cookies (small text files placed on your computer while using our site) may be used to assist with improving your site experience and to safeguard your privacy whilst browsing our site. For more information visit www.allaboutcookies.org

Strictly necessary cookies; Performance cookies; Functionality cookies; Targeting/Advertising cookies

Browser Event Data

Browser event data is collected during your visit to our website. This information is collected and processed to provide insights into user behaviour in order for us to continually improve our service.

Device IP address; Device screen resolution; Device type; Country location; Preferred language; Mouse events; Keypresses; Log data

Web Beacons

Webpages and HTML emails may also contain a small snippet of code called a web beacon. In their simplest form, web beacons allow a website to transfer or collect information through a graphic image request. LiveSmart may use web beacons as part of the site, but only for fraud detection.

 

 

SECTION 3: WHO WE SHARE YOUR DATA WITH AND WHY

 

The LiveSmart service is run by us with our third party service providers to provide the overall service. These companies will, as necessary, process your data in order for us to fulfill the LiveSmart service you purchase.

 

The following parties are Data Controllers:

 

LiveSmart UK Ltd

Provides the overall service; Coordinates with and provides policy to Third Party Suppliers to fulfill the service.

AXA PPP

For Members using the LiveSmart service through Active+, AXA PPP become a data controller for those purchases.

 

 

The following Third Party Suppliers are Data Processors and this table reflects their requirements to fulfill our service and the data we share with them in order to do so:

 

Supplier

Purpose

What data we share

County Pathology

Receive blood samples, process blood samples and return results back to LiveSmart

Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample

Nationwide Pathology

Receive and process blood samples and return results back to LiveSmart. Also provide a Clinic service to allow users to visit their clinics to have their blood taken.

Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample

Medical Screening Solutions (MSS)

Provides a nurse service where nurses visit the user to take their blood sample. They then post the blood sample back to our lab.

Full name, Gender, Date of Birth, Email, Phone Number, Address, Pathology Sample

Shopify LLC

Acts as our checkout processor to receive your details and process the payment for your order

Full name, Address, Age, Email, Phone Number

Stripe Inc

Act as our card merchant and host your payment details for the purpose of any transactions you make to us

Full name, Address, Email, Phone Number, Credit card details

First Beat

Act as our ‘First Beat’ supplier as part of our ‘Perform’ product. They provide the kit and data collection tool to record stress and Heart Rate Variability. They then provide that report back to our clinical team

Full Name, Language, Address, Email, Phone Number

GP

Contractors

GP’s review individual health results and surveys to make health recommendations on our user dashboard

Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Results, Health Sample

 SECTION 4: WHERE DO WE STORE YOUR DATA

All Data is stored within Servers in the Republic of Ireland (Eire) using Amazon Web Services. We conduct annual security testing to ensure our database is secure.

 SECTION 5: LAWFUL BASIS OF PROCESSING

Article 6 of the GDPR requires us to determine our lawful basis of processing personal information.  We rely on Legitimate Interest [Article 6 (1) (f)].  Where we are processing sensitive or special categories of data, in order to meet the conditions required, for our customers we rely on Article 9 (2) (h) and for our employees we rely on Article 9 (2) (b).

 

Where an individual has decided to use the LiveSmart service we are also processing personal information because it is necessary for the performance of a contract with that individual.

 

Where appropriate we will process personal data in order to comply with legal obligations to which we are subject – for example, to meet the requirements of our Care Quality Commission (CQC) registration.

 

SECTION 6: HOW DO WE PROVIDE THE LIVESMART SERVICE WITH OTHERS

This section explains the purposes to which we put your Personal Data and Sensitive Personal Data.

We will never share the Personal Data or Sensitive Personal Data with any other parties except for the purposes of fulfilling our service and aggregated data or research, in which case all data we use would not be identifiable.

 6.1     To provide the LiveSmart service

How we collect this data: This data is provided to us at the time of your registration on the LiveSmart platform and completion of your Health Profile

What Data we use: Name, Email, Date of Birth, Address, Telephone Number, GP Information, Medical history, Medication information, Biometric Data, Dietary and exercise data

How We will use Data:

  1. We will use your Personal Data and Sensitive Personal Data to provide the service, including to manage our relationship with you, to verify your identity and eligibility to use our service and/or to contact you to provide and administer our service. Without this information, we cannot provide the LiveSmart service.
  2. Where our service results indicate to our doctor that further investigation is required the Member will be guided to his/her general practitioner or existing healthcare provider(s).

 6.2       To improve the LiveSmart Service

How we collect this data: This data is provided to us at the time of your registration on the LiveSmart platform and completion of your Health Assessment

What Data we use: Name, Email, Date of Birth, Address, Telephone Number

How we will use Data:

  1. We may contact you for your feedback or use your information to improve the LiveSmart service by creating pseudonymised reports and by contacting you to receive anonymous feedback. We can use your data in this way because we have a legitimate interest in improving and tailoring our service and keeping our customers happy.
  2. If you are a LiveSmart Member who has accessed the service through AXA PPP’s Active+ you may be contacted with recommendations for products relevant to the results of your assessment. For example, if your assessment reveals you have a Vitamin D deficiency then you may receive a recommendation for a product which will address this deficiency.

 6.3       To conduct research and aggregated reports

How we collect this data: This data is provided to us at the time of your registration on the LiveSmart platform and completion of your Health Profile

What Data we use: Pseudonymised Personal Data and Sensitive Personal Data

How We will use Data:

  1. We may use this data to conduct research on the efficacy of our products and to identify where we can improve our product, or to provide aggregated anonymised reports to analyse the usage, uptake and efficacy of the products and services.
  2. If you become a Member of LiveSmart through your organisation, we may use this data to provide aggregated anonymised reports to analyse the usage, uptake and efficacy of the service back to the HR manager or assigned representative at the organisation.

 6.4     To do what we are required to do by law

How we collect this data: This data is provided to us at the time of your registration on the LiveSmart platform and completion of your Health Profile; or at the time of commencing employment with us

What Data we use: Name, Email, Date of Birth, Address, Telephone Number

How we will use Data: We may be required to retain or use your data if we have a legal duty or obligation to do so. LiveSmart are CQC registered and will comply to any requirements to remain so. Part of CQC registration is to be audited annually where we may be required to produce evidence of data storage, protection and demonstrate its purpose.

 6.5     To process job applications

How we collect this data: You submit this to us through job applications

What Data we use: Name, Email, Phone Number, Previous employment information, Reference information

How we will use the Data: We may use this data to contact you by email or phone about the role you have applied for; to arrange interviews and to conduct reference checks with your permission. We can use your data in this way when you apply for a role with us because it enables us to process your application for potential employment.

 SECTION 7: HOW LONG CAN WE KEEP YOUR PERSONAL DATA

We may only keep your personal data for as long as it is required for one of the reasons detailed in the above section.

We have policies about how we keep/store your personal data. The periods differ depending on the purpose for which we are using your personal data and the nature of the personal data.

How long we keep the data is determined by the period we need to keep it for in line with fulfilling the service and our legal obligations.

We typically retain personal data in your health profile for approximately 7 years from the point we obtained the data. However in some cases, for example, to meet our legal requirements, we may be required to keep it longer. When data is no longer required for its purpose, we ensure data is securely and irrevocably deleted from our system.

For job applications that have been unsuccessful personal data will be held for 6 months and then the data is securely and irrevocably deleted from our system.

 SECTION 8: YOUR RIGHTS

Current data legislation provides data subjects who use the LiveSmart service with various rights relating to their personal data. These rights are set out in Chapter 3 of the GDPR.

Specifically, we can be contacted at the addresses below for one or more of the following reasons:

  • Right of access by the data subject (Art.15) - To ask us to send you the personal data we have about This is sometimes called a "subject access request". 
  • Right to rectification (Art.16,19) - To ask us to fix personal data about you that is wrong or
  • Right to erasure (Art.17,19) – To ask us to delete personal data about
  • Right to restriction of processing (Art.18) - To request that we restrict use of Your Personal Data or to object to its use (including objecting to data used in our "legitimate interests").
  • Right to data portability (Art.20) - To ask us to provide you with the Personal Data you have provided to We will provide the Personal Data in a CSV formatted document so that another organisation's software can understand that Personal Data. This is sometimes called a "data portability" right.
  • Right to object to processing (Art.21) - To tell us to stop using Your Personal Data for direct marketing

 

There may be occasions when we are unable to fully meet our obligations to you under your rights – for example, where we are required by law under the restrictions laid out in Article 23 of the GDPR.

 SECTION 9: IF YOU ASK US TO STOP USING YOUR DATA

You can ask us to stop using your Data at any time, however in doing so we will be unable to continue providing the service.

In order to request that we stop using your data, you can send us an email to dpo@getlivesmart.com stating that you wish for us to stop using your data immediately.

 WHAT HAPPENS IF YOU DON’T GIVE US SOME OF YOUR DATA

It is entirely optional for you to provide us with your personal data so we can process that data to deliver our service. However, where you do not provide the Data we need in order to provide the requested LiveSmart service or for us to fulfill a legal requirement, we will not be able to fulfill the service requested.

 HOW TO CONTACT US ABOUT THIS PRIVACY POLICY

You may contact us at any time via email or post to query anything that may have come up from reading this policy.

By Post: LiveSmart UK Ltd, Att: Operations, 58-64 City Road, London EC1Y 2AL United Kingdom Email: dpo@getlivesmart.com

 SECTION 10: COMPLAINTS

You have the right to complain about how we treat your personal data to the Information Commissioner's Office (the "ICO"). The ICO can be contacted at:

 SECTION 11: CHANGES TO THIS PRIVACY STATEMENT

We may update this Privacy Policy from time to time. We will notify you of the changes where required by law to do so.

 SECTION 12: LEGITIMATE INTEREST ASSESSMENT STATEMENT

To establish Legitimate Interest as a lawful basis for processing personal data for these purposes a Legitimate Interest Assessment was conducted.

 

LiveSmart is a health screening service which provides health assessments to individuals using pathology, technology and human intervention.

 

To grow and generate income, LiveSmart need to sell and market its products and services to new potential customers and attract partners who want to market our products.

 

Generating income and profits will mean that individuals will be benefiting from wellness screenings which may contribute to their overall health and well-being and enable LiveSmart to contribute to the economy by paying taxes in the UK, pay its staff and reward them for the great work they do and reward its investors for having the confidence to invest.

 

To achieve these aims LiveSmart have a legitimate interest to process personal data to conduct health screenings and conduct research which may benefit the wider community as well as the individual.

 

As LiveSmart also processes sensitive personal data, we have identified the special conditions required by Article 9(2) of the GDPR.

 

You can request a copy of this LIA by contacting our Data Protection Officer at the address listed above.