March 2022

 

 

Upstream Health Privacy Notice

 

Our contact details

 

 

Name: Upstream Outcomes Ltd

 

 

Address: C4Di Group, 31-38 Queen’s St, Hull, East Yorkshire, HU1 1UU, United Kingdom

 

 

Phone Number: +44 345 528 0008

 

 

E-mail: contact@bridgit.care or contact@upstream.health

 

 

What type of information we have

 

 

We currently collect and process the following information:

 

 

  • Personal identifiers, contacts and characteristics (for example, name and contact details).

  • Financial information, such as bank details or credit/debit card details, where you provide them to make a payment. We don’t store credit or debit card details, but we’re required to store bank details in some circumstances, including when they’re used for direct debit payments.

  • Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location.

  • Information about our services which you use/which we consider of interest to you.

  • Information as to whether you are a taxpayer so that we can claim Gift Aid.

  • Information you’ve populated through our carer assessment process. Including things like your care needs, care goals and progress.

  • Information relating to your family members that interact with you through our services, either through the carer service or through our home support devices or watch.

  • The internet protocol (IP) address used to connect your computer to the internet.

  • Your browser type and version.

  • Your time zone setting.

  • Browser plug-in types and versions.

  • Your operating systems and platforms.

  • The uniform resource locator (URL) clickstream to, through and from this site (including date and time).

  • Products/services you viewed and searched for.

  • Page response times.

  • Download errors.

  • Length of visits to certain pages.

  • Referral sources (how you arrived at the website)

  • Page interaction information (such as scrolling and clicks)

  • Methods used to browse away from the page.

 

 

How we get the information and why we have it

 

 

Most of the personal information we process is provided to us directly by you for one of the following reasons:

 

 

  • interact with us online

  • register with us

  • communicate with us

  • take part in an event

  • when authorised through a 3rd party application

  • buy something from our store

  • apply to work or volunteer for us

  • give us your personal information in any other way, for example, if you’re receiving products

  • for online consultations, or other video conversations.

 

 

We also receive personal information indirectly, from the following sources in the following scenarios:

 

 

  • websites

  • business partners

  • sub-contractors in technical, payment and delivery services

  • event organisers

  • sponsors

  • advertising networks

  • analytics providers and search information providers.

 

 

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

 

 

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting contact@bridgit.care or contact@upstream.health

 

 

(b) We have a contractual obligation.

 

 

(c) We have a legal obligation.

 

 

(d) We have a vital interest.

 

 

(e) We need it to perform a public task.

 

 

(f) We have a legitimate interest.

 

 

What we do with the information we have

 

 

We use the information that you have given us in order to:

 

 

  • provide you with services, products or information you’ve asked us for

  • provide further information about our work, services, activities or products

  • allow you to purchase goods

  • use your data to support our learning products (such as machine learning) to identify trends and areas we can support you

  • further our social enterprise aims, including for fundraising and procurement

  • research the impact and effectiveness of our work and services

  • register, administer and personalise online accounts

  • register and administer your participation in events you’ve registered for

  • administer and keep our website safe and secure and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

  • improve your interactions with our website, for example by making sure that content is presented in the most relevant and effective manner for you and for your computer/mobile device

  • report on the results and impact of our work, services and events

  • analyse and improve our work, services, activities, products or information (including our website) or for our internal records

  • use IP addresses and monitor website use to identify locations, block disruptive use, record website traffic or personalise the way information is presented to you

  • to process your application for a job or volunteer role with us

  • training and/or quality control

  • audit and/or administer our accounts

  • satisfy legal obligations which are binding on us, for example, arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work

  • prevent fraud, misuse of services or money laundering

  • reduce credit risk

  • communicate with you in any other way

  • for the establishment, defence and/or enforcement of legal claims; and/or

 

 

If you are in communication with our Carers Support Service, you should note that:

 

 

  • Our Carers Support Service has a duty of care to all of its clients. Where all communication with our service is confidential, we hold the right to notify public services should you disclose something we feel highlights serious risk or harm to you or a 3rd party individual.

 

 

How we store your information

 

 

In general, the personal information that we collect from you will be stored at a destination within the UK.

 

 

However, we use agencies and suppliers to process personal information on our behalf.

 

 

Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK who work for us or for one of our suppliers.

 

 

Please note that some countries outside of the UK have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.

 

 

Where your personal information is transferred, stored and/or otherwise processed outside the UK, we’ll take all reasonable steps necessary to make sure the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy.

 

 

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure.

 

 

In general, if we no longer need your information for the reasons you gave it to us, we remove your personal information from our records six years after the date it was collected.

 

 

But we’ll remove it sooner if:

 

 

  • your personal information is no longer required for the purpose you shared it with us

  • we’re no longer lawfully entitled to process it

  • you ask us to remove it.

 

 

If you ask to receive no further contact from us, we’ll keep some basic information about you to make sure we don’t send you unwanted materials in the future.

 

 

Exceptions

 

 

Please note that special rules apply to health records, which may often be kept for longer than six years.

 

 

Where your personal information is used to support research, it is usually kept for longer and may be used in the future to help with further research as medical science advances.

 

 

Your data protection rights

 

 

Under data protection law, you have rights including:

 

 

Your right of access – You have the right to ask us for copies of your personal information.

 

 

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

 

 

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

 

 

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

 

 

Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.

 

 

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

 

 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

 

Please contact us at contact@bridgit.care or contact@upstream.health, +44 345 528 0008 or C4Di Group, 31-38 Queen’s St, Hull, East Yorkshire, HU1 1UU, United Kingdom if you wish to make a request.

 

 

How to complain

 

 

You can also complain to the ICO if you are unhappy with how we have used your data.

 

 

The ICO’s address:         

 

 

Information Commissioner’s Office

 

 

Wycliffe House

 

 

Water Lane

 

 

Wilmslow

 

 

Cheshire

 

 

SK9 5AF

 

 

Helpline number: 0303 123 1113