Oncio App Privacy Policy
Introduction
This notice (together with our Terms and Conditions for Patients and any additional terms of use
incorporated by reference into the Terms and Conditions for Patients) applies to your use of:
The Oncio mobile application software (App), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device).
Any of the services accessible through the App (Services).
This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This App is not intended for children and we do not knowingly collect data relating to children.
Important information and who we are
Oncio CIC is the controller and is responsible for your personal data (referred to as “Oncio”, “we”, “us” or “our” in this policy).
We have appointed a data protection officer (DPO). If you have any questions about this privacy notice, please contact them using the details set out below.
Contact details
Our full details are:
Full name of legal entity: Oncio CIC
Name or job title of DPO: Emma Higginson, Oncio Operations and Communications Manager
Email address: emma@oncio.org
Postal address: The Old Yard, Sunnyside View, Stockbridge Road, Kings Somborne, United Kingdom, SO20 6PH
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection.
Changes to the privacy notice
We keep our privacy notice under regular review.
This version was last updated on 4 May 2023. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next start the App or via the App Bulletin function. The new notice may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the Services.
Third party links
The App may, from time to time, contain links to and from the websites or resources of our partner networks, advertisers and affiliates. Please note that these websites, resources and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services.
Please check these policies before you submit any personal data to these websites or resources or use these services.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
Identity Data: first name, last name, username or similar identifier, marital status, title, date of birth, gender.
Contact Data: email address and telephone numbers, location (country).
Device Data: includes the type of mobile device you use and your mobile operating system.
Content Data: includes information stored on your Device, including login information, check-ins, programme engagement and progress, content viewed.
Profile Data: includes your username and password, your upcoming appointments, your interests, preferences, progress with programs, step count, sleep tracking, Practitioner ID details(if applicable), feedback (including programme ratings) and survey responses including your MyCAW symptom score, FACT-G quality of life score, ICECAP-A overall impact score and WEMWBS mental wellbeing scale.
Usage Data: includes details of your use of our App including, but not limited to, traffic data and other communication data, and the resources that you access.
Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect the following special categories of personal data about you where you have chosen to provide it (“Health Data”):
Type of cancer, cancer stage and diagnosis
Treatment and medication
Medical appointments – appointment details and notes
Weight
Height
Ethnicity
Information from wearable devices where you choose to connect them to the App, e.g. heart rate variability, activity and sleep data
We do not collect any information about criminal convictions and offences.
We may collect or create de-personalised data
We may collect data about your use of the App. Initially it is personal data, but when we store usage information we do not include information about the person (you) that it relates to, or retain any way to ‘link’ the information back to you. This method is called de-personalisation. Similarly, we will de-identify your other personal data in the App. We will store, use and share this information so that we can create statistics and evidence about how the App is used, and how it benefits users. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. Although de-personalised information is derived from your personal data, it is no longer personal data.
How is your personal data collected?
We will collect and process the following data about you:
Information you give us. This is information (including Identity, Contact, Profile Data, Health Data and Marketing and Communications Data) you give us about you by filling in forms on the App, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to use the App, create an account, subscribe to any of our Services,
enter a survey and when you report a problem with an App. If you contact us, we will keep a record of that correspondence.
Information we collect about you and your Device. Each time you use our App we will automatically collect personal data including Device, Content and Usage Data. We collect this data using cookies and other similar technologies. Please see our Cookie Notice for further details.
Information we receive from other sources including third parties and publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Identity Data for sign in purposes from third party apps Apple, Google or Facebook where you use these apps for the purposes of signing into your account.
Health Data, including activity, heart rate variability, step count, and sleep tracking from any third party wearable devices (Google Health, Apple Health, Samsung Health, Garmin Connect and Oura) if you allow such devices to connect with the App.
Local Storage
If you agree, the App will store some of its resources on your device. Resources like video and images are large files and take a long time to download. Storing them on your device reduces the time required for downloads.
Each app on your device has its own allocated local storage. Our App uses its own allocation. It does not have access to storage allocated to other apps, and our App is not intended to allow other apps access to its local storage.
You can decide whether our App (and other apps) can use local storage on your device. The way that you do this depends on the make and model of your device and its operating system.
For local storage, consult your documentation about your device and operating system to confirm how to delete App content from local storage or, if your device allows, to turn off local storage (whether for all apps, or just this App if your device allows you to be specific).
You can find more information about the App’s use of local storage in the table below.
Your and our third-party service providers who we use to operate the App may process the above information. Your connectivity provider will transmit the stored information, and it will be used by the computer systems that support the App (and currently we use Amazon Web Services to host those systems). Their task is to transmit and process, not to view, the information and, for our part, that is how we instruct AWS.
Purposes for which we will use your personal data
We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
Some of your personal data in the app has special status: Health Data, and any information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life or sexual orientation. We and the App use your special status personal data based on your consent, which we request in the App as part of your registration as a user.
Providing us with special status personal data is entirely optional and if you do not consent to us using this data you should not provide this information when registering for the App.
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose we will inform you by providing you with an updated version of this notice.
Your responsibility to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes whilst you have an account with us.
Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out in the table above:
Your healthcare provider who is also a user of the App, and where, between you, you have agreed (via the App) that the healthcare provider can view your in-App data.
Our service providers acting as processors who provide IT and system administration services.
Amazon Web Services (AWS) for storage, hosting and computer processing purposes.
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
We do not transfer your personal data outside the UK. If this changes we will notify you by updating this privacy notice and, where appropriate, we will notify you when you next start the App or via the App Bulletin function.
Data retention
By law we have to keep basic information about our customers (including Contact and Identity Data) for six years. In some circumstances you can ask us to delete your data: see Your legal rights below for further information.
We will retain de-personalised personal data indefinitely, and may use and share it for any purpose.
Your legal rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data.
Request erasure of your personal data, in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to use of your personal data where we are relying on any legitimate interest and you feel that the use of your data by the App or Services impacts on your fundamental rights and freedoms. This right may not apply if we have compelling and overriding reasons to use your data.
Object to marketing. You have the right to object where we are using your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the use of your personal data in certain limited scenarios.
Request the transfer of your personal data to you or to a third party if we rely on your consent for using the information. If you validly exercise this right, we will provide the data in a commonly used, machine-readable format.
Withdraw consent at any time where we are relying on consent to use your personal data.
If you exercise your rights we may need to request specific information from you to help us confirm your identity and confirm your rights.
You will not have to pay a fee to exercise any of the rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
You can exercise any of these rights at any time by contacting us at Oncio CIC, The Old Yard, Sunnyside View, Stockbridge Road, Stockbridge SO20 6PH OR hello@oncio.org.
Appendix : Data collection - anonymised sharing for licensed use of MYCaW® scale
We use a questionnaire called MYCaW® in our data collection in the Symptom Tracking section of the Home Screen. Meaningful Measures Ltd operates the licence for MYCaW® and collects anonymised and non-identifiable data to create a database of anonymised concerns/symptoms/activities. This data collection helps organisations understand people’ needs. Your MYCaW® data will be fully anonymised and sent securely ONLY to Meaningful Measures Ltd, for more information see the website: www.meaningfulmeasures.co.uk