CUE App Privacy Policy

Last updated 04 December 2023

Thank you for choosing to be part of our community at Charco Neurotech Ltd (“Company,” “we,” “us,” or “our“). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact our Data Protection Officer at [email protected].

This privacy notice describes how we might use your information if you:

  • Download and use our mobile application — CUE APP 
  • Engage with us in other related ways ― including any sales, marketing, or events

In this privacy notice, if we refer to:

  • the App,” we are referring to any application of ours that references or links to this policy, including the CUE APP.
  • Services,” we are referring to the CUE APP, and other related services, including any sales, marketing, or events

The purpose of this privacy notice is to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

Please read this privacy notice carefully, as it will help you understand what we do with the information that we collect.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE USE YOUR INFORMATION?
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
4. HOW LONG DO WE KEEP YOUR INFORMATION?
5. HOW DO WE KEEP YOUR INFORMATION SAFE?
6. DO WE COLLECT INFORMATION FROM MINORS?
7. WHAT ARE YOUR PRIVACY RIGHTS?
8. DO WE MAKE UPDATES TO THIS NOTICE?
9. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
10. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

1.1 Personal information you disclose to us

In Short: We collect personal information that you voluntarily provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the App or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the App, the choices you make and the products and features you use. The personal information we collect includes email addresses and passwords for authentication and communication purposes. When you use the App, you also have the option to provide other personal information such as gender, age and health information.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

1.2 Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our App.

We automatically collect certain information when you visit, use or navigate the App. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our App and other technical information. This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the App (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called ‘crash dumps’) and hardware settings).
  • Mobile or Tablet  Device Data. We may collect device data such as information about your computer, phone, tablet or other device you use to access the App. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information. 
  • CUE1 Device Data. We may collect data from your CUE1 device such as basic information (serial number, firmware version, battery level), stimulation settings (strength, pulse length, rest length), event logs with battery level and time stamp (vibration on by clicking button, vibration off by clicking button, vibration off by timeout (error), vibration off by low battery, medication alert off by clicking button, medication alert off by timeout, charging start, charging stop, boot, reset, app connected,  app disconnected and so on). 

1.3 Information collected through our App

In Short: We automatically collect information about your mobile or tablet device and CUE1 device and may request access or permission to information regarding your geolocation, mobile device and push notifications. When you use the App, you can also choose to provide information about your health. 

If you use our App, we also collect the following information:

  • Geolocation Information. We may request access or permission to and track location-based information from your mobile or tablet device, either continuously or while you are using our App, to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
  • Mobile or Tablet Device Access. We may request access or permission to certain features from your mobile or tablet device, including your device’s bluetooth, internet, vibration, location, notifications, reminders, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
  • Mobile or Tablet Device Data. We automatically collect device information (such as your mobile or tablet device ID, model and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our App, we may also collect information about the phone network associated with your device, your device’s operating system or platform, the type of device you use, your device’s unique device ID and information about the features of our App you accessed.
  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the App. If you wish to opt-out from receiving these types of communications, you may turn them off in your mobile or tablet device’s settings.
  • Health Data. We may, with your express consent, collect data that you have inputted into the App that can be associated with your health, such as gender, age, stage of Parkinson’s, exercise patterns, diet, qualitative and quantitative symptom tracking including severity of symptoms and type/s of symptom/s, medication name, nickname, dosage, description and schedule, medication history, game scores and other rated scores and linked medical device usage, including usage of your CUE1 device. 
  • Data on how you interact with the App. This includes mobile device identifiers including Advertising Identifier (IDFA) and Vendor Identifier, user sessions and interactions with the App, user engagement and individual screen view.

If you need any help changing or accessing permissions in your devices settings, please contact us at  [email protected] and we will do our best to help.

2. HOW DO WE USE YOUR INFORMATION?

In Short: We process your personal information for business purposes based on our legitimate business interests, to enter into or perform a contract with you, to comply with our legal obligations and/or with your consent. 

We use personal information collected via our App for a variety of business purposes described below. 

  • To manage user accounts. We may use your information, such as your email address and password, for the purposes of authentication, managing your account and keeping it in working order.
  • Requesting feedback. We may use your information, such as your email address, for the purpose of requesting feedback and to contact you about your use of our App.
  • To send administrative information to you. We may use your personal information, such as your email address, to send you product, service and new feature information and/or information about changes to this privacy notice and our other terms, conditions, and policies.
  • To respond to user inquiries/offer support to users. We may use your information, such as your email address, to respond to your inquiries and solve any potential issues you might have with the use of our Services.
  • To protect our Services. We may use your information as part of our efforts to keep our App safe and secure. For example, geolocation information, mobile and tablet device access and other device data is collected to maintain the security and operation of the App.
  • To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contracts.
  • To respond to legal requests and prevent harm. If we receive a legal request, we may need to inspect the data we hold to determine how to respond.
  • To deliver and facilitate delivery of services to the user. We may use your information to provide you with the requested service. For example geolocation information, mobile and tablet device access, mobile and tablet device data, error logs and performance logs are collected for the purpose of troubleshooting, error debugging and enhancing the performance of the App. CUE1 device data is collected for the purpose of identifying and remedying any maintenance or service issues with your CUE1 device and helping you use the stimulation settings in the best way possible.
  • For other business purposes. We may use your information for other business purposes. We process health information to support our business purpose of helping people with Parkinson’s and other movement disorders, including research and development. For example, geolocation information, mobile and tablet device access, mobile and tablet device data and performance logs are collected for the purpose of internal data analytics, reporting, identifying usage trends and to evaluate and improve the App and enhance your experience. CUE1 device data such as stimulation settings is collected for the purpose of understanding which stimulation settings are preferred and beneficial.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfil business obligations.

We may process or share your data that we hold based on the following legal bases:

  • Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
  • Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests, including research and development for the purpose of helping people with Parkinson’s and other movement disorders.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include the parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
  • Business Partners. We may share your information with our business partners to offer you certain products or services.
    • We use Sentry for error debugging and performance monitoring services. You can find a copy of Sentry’s Privacy Notice here
    • We store information with Amazon Web Services (AWS) in London. You find a copy of the AWS Privacy Notice here.
    • We use Google Analytics to understand how you interact with the App. For more information on how Google Analytics collects and processes data, please see Google’s privacy policy here

We retain the right to sell your data in the future with your consent for business purposes including research and development, pharmaceutical, medical and healthcare purposes. You have the right to withdraw your consent to sell your personal data at any time. Please contact our Data Protection Officer at [email protected] for more information.

4. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

The Company and its business partners will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements), or as otherwise communicated to you. How long we retain specific personal information varies depending on the purpose for its use.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

All event data and inactive aggregate issues stored with Sentry for error debugging and performance monitoring services will be deleted after 90 days.

5. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. We encrypt data and store email and passwords in an authentication managed system separate from other information. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our App is at your own risk. You should only access the App within a secure environment.

6. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the App, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the App. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact our Data Protection Officer at [email protected].

7. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA) and United Kingdom (UK), you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to transfer your personal data (data portability). In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please contact our Data Protection Officer at [email protected]. We will consider and act upon any request promptly in accordance with applicable data protection laws.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you are a resident in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

If you access the App outside of the UK, you fully understand and unambiguously consent to the transfer of your personal information to, and the collection and processing of such personal data in the UK.

We may transfer anonymised data outside the UK. If we need to make a restricted transfer of personal information (data that is not anonymised and can be used to identify individuals) we will ensure that adequate safeguards are in place. The Government of the UK has decided that data protection regimes of some countries and regions, including the EEA, provide equivalent and adequate safeguards, and so personal information can be transferred to these countries without additional requirements. You can contact the Data Protection Officer to find out what other countries and regions are covered by UK adequacy regulations.

If we need to transfer your personal information to a country or territory without a UK adequacy decision for the purposes listed in this privacy notice, we will implement appropriate safeguards, including undertaking a risk assessment, to ensure that we are satisfied that you and your personal information continue to have a level of protection equivalent to that under the UK data protection regime. 

We may also occasionally transfer your personal information outside of the UK in other limited circumstances, such as where you have given your explicit consent, for the purpose of entering into or performing a contract, and to make or defend a legal claim. For more information, please contact our Data Protection Officer at [email protected].

8. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

9. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at [email protected], or by post to:

Charco Neurotech Ltd
Wellington House
East Road
Cambridge CB1 1BH
United Kingdom

10. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to transfer your personal information (data portability). To make a request please contact our Data Protection Officer at [email protected]