PRIVACY POLICY
We are committed to protecting and respecting your privacy. We act as a data controller under UK data protection law. This means we determine the purposes and means of processing your personal information.
“Personal information” means data that identifies you directly, such as your name or contact details, or indirectly when combined with other information.
In some circumstances we process your personal information on behalf of third parties. Those third parties may also act as data controllers and will have their own privacy policies, which we recommend you review.
1. Scope
This Policy applies to your use of the Klarity app and website at klarity.health and to services we provide through our screening programmes and related features.
2. Information we collect and how we collect it
You may provide information when you:
enter details into the Klarity app or our website
allow us access to data held by third parties (for example, wearable or health data)
complete forms, questionnaires or assessments
correspond with us by phone, email or otherwise.
We will make it clear at the time what information we are requesting. If you do not provide required information, or later withdraw your consent where consent is the lawful basis, we may be unable to deliver the relevant services. You can stop using the app or our services at any time.
Each time you use the Klarity app we may automatically collect:
technical information such as device type, unique device identifier, mobile network, operating system and time zone
data accessed from your device where you have given explicit consent, including GPS location, date and time.
usage details about your interaction with the app and our services.
To create and manage your account we collect:
name, email address, telephone number, date of birth and gender
details of support queries you raise about technical issues
We collect self-reported data and health information to assess your risk and recommend appropriate screening tests. For services requiring clinic appointments or sample collection, such as mammographies, skin cancer checks, or full blood draws, we collaborate with partners, including The Mole Clinic, Scan.com, Bloodsandbeyond, and The Doctors Laboratory. Your data may be shared with these partners to facilitate the provision of these services.
3. Screening programmes and partners
For screening services requiring clinic appointments or sample collection, such as mammograms, skin checks or blood draws, we work with trusted partners including The Mole Clinic, Scan.com, Bloodsandbeyond and The Doctors Laboratory. Your data may be shared with these partners solely to deliver the services you request. We also receive test results back so we can provide them to you.
4. How we use your information and lawful bases
We process your personal information for the purposes below under the lawful bases indicated.
4.1 Contract
to register you for services, create and manage your account
to deliver the app, website and services you request
to investigate and resolve queries, questions and complaints that affect your use of our services.
4.2 Legal obligation
to make disclosures required by law or in response to reasonable requests by regulators or law enforcement.
4.3 Legitimate interests
to review and enhance service quality and performance
to respond to general enquiries and feedback
for internal operations including analysis and reporting troubleshooting, fraud detection, log analysis, testing, security, audit and statistics
to maintain a suppression list if you opt out of communications
to establish, exercise or defend legal claims.
Where we rely on legitimate interests, we assess and document the balance between our interests and your rights. You can request information about these assessments.
4.4 Consent
where we rely on your explicit consent to process special category data (for example, certain health data where consent is the most appropriate legal basis)
where we use your information for specific optional features such as certain personalised insights or communications.
You can withdraw consent at any time, although this will not affect processing already carried out lawfully. Withdrawal may mean we can no longer provide parts of the services.
4.5 Recommendations and personalisation
to recommend content, products or services that may be of interest
to identify your preferences and personalise your Klarity experience
to generate health scores, chronic disease risk assessments and related insights where you choose to use those features.
Where the personal information used includes special category data, we rely on explicit consent or, where data comes from a third party, the lawful basis relied on by that provider together with the applicable Article 9 condition under UK GDPR, such as explicit consent or healthcare-related processing.
5. Profiling and automated decision-making
Our models may analyse your data to provide risk scores or recommendations. These outputs support your decision-making and do not replace professional medical advice. We do not make decisions with legal or similarly significant effects on you solely by automated means without appropriate safeguards. If we ever introduce such processing, we will notify you and explain your rights.
6. When we share your information
We do not sell your personal information.
We share personal information only as follows:
Service providers: with third parties who process data for us, such as communications, payment processing, analytics, identity verification, customer relationship management and security. They must process data only on our instructions and in line with law and this Policy.
Partners delivering services you request: for example, The Mole Clinic, Scan.com, Bloodsandbeyond and The Doctors Laboratory.
Legal and rights protection: where required to comply with law, enforce our terms or protect the rights, property or safety of Klarity, our customers or others.
With your consent: where you ask us to share your information.
We will not give or sell your personal or sensitive data to others without your specific consent, provide third parties with direct real-time access to your data, or share tracking identifiers or cookies with advertisers or insurers.
7. International transfers
We store personal information within the UK or EU. If your data is transferred outside the UK or EU, we use appropriate safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses or other lawful transfer mechanisms. You can contact us for details of the safeguards in place.
8. Security
We take appropriate technical and organisational measures to protect your information, including:
access controls and role-based permissions
encrypted communications using TLS/HTTPS
secure storage with encryption at rest
data lifecycle management, including secure disposal when data is no longer needed.
No system is perfectly secure, but we apply strict procedures and features to help prevent unauthorised access.
9. How long we keep your information
We keep personal information for as long as needed to provide services and meet legal or regulatory requirements. In most cases we retain data for 7 years after our last contact. We may keep data longer where required by law, to resolve disputes or to enforce our agreements. When we no longer need information, we securely erase or anonymise it. Where third-party providers process your data for us, they keep it only for as long as necessary to deliver their services and must securely delete or return it when our relationship ends.
10. Links to other sites
Our app and website may contain links to third-party sites or apps. Those sites are not under our control and have their own privacy policies. You should review those policies before providing personal information.
11. Your rights
You have the following rights, subject to conditions and exemptions in law:
Right to be informed: about how your information is used
Right of access: to your information
Right to rectification: of inaccurate or incomplete information
Right to erasure: in some circumstances
Right to restriction of processing: in some circumstances
Right to data portability: to obtain and reuse your information
Right to object to certain processing, including processing based on legitimate interests.
Right to withdraw consent at any time where we rely on consent
Right to lodge a complaint with a supervisory authority.
We usually act on requests free of charge. We may charge a reasonable fee or refuse to act on requests that are unfounded, excessive or repetitive. We will respond within one month, or inform you if more time is needed for complex requests.
In the UK the supervisory authority is the Information Commissioner’s Office (ICO).
12. Website visitors
If you visit the website without subscribing to the app or programmes, we will usually not ask you to provide health or medical data. We may collect:
queries you submit by phone, email or otherwise
interactions with our social media channels
technical information and analytics about your visit.
We use this information to respond to queries, contact you where you have registered interest, improve our site and analyse usage.
Public posts on message boards or social media are your choice and may be visible to others.
13. Data breach notification
If a personal data breach may pose a risk to your rights and freedoms, we will notify you and the relevant authority without undue delay, and within 72 hours where feasible, in line with UK GDPR.
14. Children
Our services are not directed to children under 13. If you believe we hold information about a child without appropriate consent, contact us and we will take steps to delete it.
15. Changes to this Policy
We may update this Policy from time to time. We will post changes in the app and on the website and, where appropriate, notify you. You may be required to acknowledge new terms to continue using our services.
CONTACT US
If you have any questions, comments and requests regarding this Privacy Policy, please get in touch with us:
Klarity / Managed Self Ltd
Alum House, 5 Alum Chine Road
Westbourne, Bournemouth
BH4 8DT
United Kingdom
Our email address is info@getklarity.io
If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: ico.org.uk/concerns/
Email: casework@ico.org.uk