GroHealth.com and the Gro Health mobile app (each of and together the âSitesâ, "Service" or âPlatformâ) are owned and operated by DDM Health Ltd of Technology House, Science Park, University of Warwick, Coventry, CV4 7EZ (âweâ, âusâ, âourâ, âDDMâ).
The Gro Health W8Buddy app is brought to you in commercial partnership with the University Coventry and Warwickshire Hospital NHS Trust (UCHW) and DDM. The app has been developed with, and features, members of the UCHW Obesity Team, patients and feedback from professional healthcare bodies.
We are committed to protecting and respecting your privacy and this Privacy Policy (together with our Terms and Conditions and any other documents referred to therein) sets out how we process the personal data of each visitor and customer (resident in the European Union) to the Sites, where such personal data is provided to us through any of the Sites, via email communication and any branded pages on third party platforms (such as Facebook or YouTube). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By ticking the box/toggle where indicated on the Sites, submitting your personal data to us, and using our services you agree to the terms and practices described in this Privacy Policy.
For the purposes of data protection law: the data controller is University Coventry and Warwickshire Hospital NHS Trust, and data processor is DDM Health Ltd with registration number Z3613413. To learn more about data processors and data controllers, please see the ICO definition of what are processors and controllers.
We may amend this Privacy Policy at any time. Any changes we may make will be posted on this page, so please check back frequently. Your continued use of the Sites and our services after posting will constitute your acceptance of, and agreement to, any changes. You will be notified by email and/or in-app notification.
You can set, accept and reject your cookies on the GroHealth.com. website. Please note the mobile apps do not use cookies.
If you have any questions about this Privacy Policy, please contact support@grohealth.com. We will respond in 1 working day.
Last updated: 17/08/2022.
1. WHAT IS PERSONALLY IDENTIFIABLE INFORMATION (PII) / PERSONAL DATA
1.1. Personal data or PII means any information relating to a person who can be identified either directly or indirectly by that information; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history (âPersonal Dataâ).
2. INFORMATION WE MAY COLLECT FROM YOU
2.1. We may collect and process the following data about you:
2.2. Please note you have the option of what information in your account is publicly displayed. Furthermore, within your account, you have the option to opt-in or opt-out of automatically generated e-mails from us.
2.3. If you download the Gro Health W8Buddy app or access the Sites, you will need to redeem a code to access the complete service for free and use all features for a limited period of time (this is currently 2 years from when you redeem your activation code).
2.3.1. We hold the right to contact you with personalised communications in accordance with the communication preferences that you select. We may contact you via email, SMS, and push notifications. Communication preferences can be edited at any time via the preference centre in the settings section of the program.
2.3.2. Toward the expiry of your user subscription which is determined by your clinical team, we may contact you with information on how to purchase a subscription and the benefits of doing so.
2.3.2.1 You will receive details of how to extend your Gro Health W8Buddy should you wish to which will include details on i) paying to continue to access the app or ii) delete your account and export any associated data before deleting your account and all personally identifiable information held by DDM.
2.3.3. You will be given 3 months notice of ending of your free access to Gro Health W8Buddy to give you plenty of time to consider and speak to your clinical team if required.
2.3.4. Your uptake of a Gro Health W8Buddy membership is completely optional and does not affect the face to face care you will receive.
2.4. Data security is extremely important to us. All data is stored encrypted-at-rest (i.e. in storage) and also during transit. Your data is stored in the United Kingdom, using Google Cloud and Microsoft Azure services located in the United Kingdom.
2.5. Only data exported by the end user, with their consent to share, is sharable outside of the platform over and above what is listed in section 6.
2.6. What data do you collect and why? Gro Health W8Buddy is a personalised platform that moves away from a âone size fits allâ approach to the treatment and care of people and instead uses data to better manage peoplesâ health and target experiences and therapies to achieve the best outcomes in the management of health or predisposition to disease. As our health is determined by our inherent differences combined with our lifestyles and environment, by combining and analysing information that patients wish to share, with other clinical and diagnostic information, patterns can be identified that can help to determine our individual risk of developing disease; detect illness earlier; and, determine the most effective interventions to help improve our health, be they medicines, lifestyle choices, or even simple changes in diet.
To sign up, you just need to enter your date of birth, gender, email address and choose a password. We need your date of birth to ensure you are of legal age to use the app in your jurisdiction, and your gender to tailor your experience (education, resources, coaching, activities).
After signing up, you are asked to choose:
This is the minimum amount of information required to create your account.
After this, you can choose to tailor and improve your user experience optionally as follows, and use features of the app that track data:
We also collect usage data from use of the web and app, which you can opt-out of on the app once you login, and the website. You can set, accept and reject your cookies on the GroHealth.com website. Alternatively, you can do this by contacting the Support Team. To get in touch, tap on Help > Contact us.
3.1. You may choose to opt-in and out to receive our email and in-app communications. No marketing notifications are dispatched.
3.2. In order to unsubscribe from emails, please select âUnsubscribeâ from an email or toggle in-app. Similarly, toggle notifications from Settings > Notifications. Please contact us at support@grohealth.com if you require any assistance with unsubscribing from our newsletter.
4. MEDICAL INFORMATION
4.1. You should be aware that information captured via our Sites may be viewed by your medical team. None of this information will be passed to any other person except for:
4.2. Your medical information will be used to provide a personalised experience through automated decision making. Automated decision-making is the process of making a decision by automated means without any human involvement. For example, if you select that you have type 2 diabetes, you will see a type 2 diabetes specific version of our program. If you have been diagnosed with obesity, you will be shown an obesity-specific education stream. Similarly, male and females may see differing education based on age and preferences. You can opt out of this when you first log-in to Gro Health W8Buddy, however if you do not accept these terms you will not be able to use the app as intended as it provides precision health care using your data which is not shared with anyone else.
5. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
5.1. The platform has been developed to ensure that data minimisation principles are met. What this means is, that we build solutions that use as little data as required to provide a clinically safe and enjoyable user experience. We will only process your Personal Data, in accordance with applicable law, for the following purposes:
5.2. Your consent, as the âData Subjectâ, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:
5.3. Should the purpose of data collection change, you will be informed and opt-in consent re-obtained.
5.4. The platform does not send marketing emails. Emails and in-app notifications you receive are part of the behaviour change pathway, which you can toggle on/off from the Settings area. Informed consent will be requested for the purpose of marketing.
5.5. No user data is intended to be shared or processed for any purpose that has not been made clear to the user. The platform has been developed to ensure that data minimisation principles are met. What this means is, that we build solutions that use as little data as required to provide a clinically safe and enjoyable user experience. DDM has followed data minisation principles by ensuring that data collected and processed is not be held or further used unless:
5.6. To opt out of each, or any, of the processing activities, please contact us at support@grohealth.com. If you opt out of us holding and maintaining your account or us complying with applicable law you will not be able to use the Service because these processing activities are required to deliver you the Service.
6. DISCLOSURE OF YOUR INFORMATION
6.1. There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure to:
7. RETENTION OF PERSONAL DATA
7.1. Your Personal Data will be retained until your last use of our services and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.
7.1.1. You can delete your account and/or request for your data to be deleted at any time. We will delete all Personal Data help on your behalf; read Section 8 for more information.
7.2. We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
7.3. Please contact us at support@grohealth.com if you would further detail about our data retention periods.
7.4. You are free to withdraw your consent for Gro Health W8Buddy to process your personal information by deleting your Account - please instruct the Support Team to do so on your behalf. After you withdraw your consent, you will still be able to access some of the incredible features and content available on our websites, but you will not be able to log in.
8. DATA SUBJECT RIGHTS
8.1. Data protection law provides Data Subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data. Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law. To execute any of your rights listed, please contact us by writing at support@grohealth.com. We will get back to you in 1 working day, and respond to any requests to exercise your rights within 21 working days.
8.2. We do not knowingly collect Personal Data online from individuals under 18. If you become aware that a child has provided us with Personal Data without parental consent, please contact us at support@grohealth.com. If we become aware that an individual under 18 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel that individualâs account.
8.3. Gro Health retains your Personal Data:
8.4. Personal Data is destroyed when it is no longer necessary for the purposes listed in 8.3. The specific destruction process and method are as follows:
9. COMPLIANCE
9.1. DDM Health Ltd comply with recognised International Data Management Standards, including ISO9001 and ISO27001 and have been accredited as part of this process.
9.2. DDM Health Ltd are fully compliant with The Data Protection Act 1998 and General Data Protection Regulation (GDPR).
9.3. Sites are developed alongside recognised compliance standards such as NHS Data Standards, including the NHS Information Governance toolkit.
9.4. The iOS and Android Gro apps are compliant with OWASP Mobile Application Security Verification Standard (MASVS) Level 2+R.
9.5. Gro Health is a MHRA-regulated Class I Medical Device.
9.6. Our MHRA number is 8939.
10. LINKS
10.1. The Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other third parties. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
11. DATA PROTECTION OFFICER
11.1. The Data Protection Officer is Amar Singh. To contact the DPO, please email dpo@ddm.health or use the in-app contact form.
12. CONTACT
12.1. Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to support@grohealth.com.
Cookies Policy
1. OUR USE OF COOKIES
1.1 GroHealth.com (the âSitesâ) uses cookies, which are small text files stored on a userâs computer by their web browser. DDM Health Ltd (âweâ, âusâ, âourâ) uses cookies to store information about your preferences, speed up your searches, recognise you when you return to our Sites and estimate our audience size and usage pattern (and branded pages on third party platforms (such as Facebook or YouTube). For details on the specific categories of our cookies and what they are used for please see below. Please note, the app does not use cookies.
1.2. You may delete and block all cookies from our Sites by changing your browser settings to refuse the setting of all or some cookies. Making this change may affect the functionality of our Sites and you may not be able to access all or parts of the Sites.
By continuing to browse our Sites you are agreeing to our use of cookies.
2. OUR COOKIES
2.1. Strictly necessary cookies: these are cookies that are required for the operation of our Sites for example, cookies that enable you to log into secure areas of our Sites or use the shopping basket.
2.2. Tracking cookies and pixels:
3. MORE INFORMATION
3.1. For more detailed information about cookies please visit www.allaboutcookies.org.
4. CONTACT US
4.1. If you have any questions or comments about the use of cookies on our Sites please contact: support@grohealth.com.