We take data privacy and security very seriously at Clara, and have created this Privacy Policy to explain how we collect, use, and process your data.
Last updated January 8, 2021
1. You and Clara: When we say "you" or "your" we mean both you, the registered user of the Services, and any organisation you are using Clara for. When we say "we", "us", "our" or "Clara", we mean the limited company Get Clara Ltd, registered in Scotland number SC615412, registered office: 4 Lynedoch Place, Glasgow, G3 6AB.
2. Our services: When we say "Service" or "Services", we mean the applications, APIs, content and websites under the "getclara.uk" domain, and any other services we provide now or in the future.
3. Your data: When we say "your Data", we mean any data that you enter, provide us with, or upload whilst using the Service.
4. Data Protection Laws: When we say "Data Protection Laws", we mean any law applicable in the United Kingdom relating to the processing, privacy and use of Personal Data, including: (i) the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing Directive 95/46/EC (Data Protection Directive) or Directive 2002/581/EC; (ii) the General Data Protection Regulation (EU) 2016/679, and/or any corresponding or equivalent national laws or regulations; and/or (iii) any judicial or administrative implementation of any of the above, any guidance, guidelines, codes of practice, codes of conduct or approved certification mechanisms issued by the Information Commissioner, or other regulatory or supervisory authority responsible for administering Data Protection Laws in the United Kingdom.
5. Our registration: We are registered with the Information Commissioner's Office with notification number ZA486655.
6. Scope: This Privacy Policy ("Policy") applies to the software and information services that form the Service, access to which is governed by our Terms of Service and the myClara Terms of Service. The purpose of this Policy is to explain how we collect, store and process personal data when you use our Services. In providing our Services, we are a data processor only, and act on behalf of clients who are data controllers for the personal data of data subjects which we process.
7. Changes to this policy: We may modify or update this Policy from time to time and will post updated versions to our website. We will endeavour to notify registered users by email of any material changes to this policy.
8. Questions or complaints: If you have any queries relating to this Policy or the way we handle your data, please contact us at hello@getclara.uk and ask to speak to our Privacy Officer. Alternatively, you may write to:
Clara Privacy Officer
4 Lynedoch Place
Glasgow
G3 6AB
9. Your personal data: Your "Personal Data" is any information that relates to or identifies you as a living person, which includes the information you provide to us, or authorise someone else to provide to us, when you sign up for an account, provide feedback, participate in surveys, or contact our support. Personal Data includes your name, email address, phone number, and correspondence sent by you to us.
10. Your financial information: In order to pay us for the Service, you may provide us with invoicing and payment information, including your credit card or bank account information.
11. Pharmacy data: If you are using the Services as a pharmacy organisation, you may provide us with information which may identify your patients, customers, employees, partners, suppliers and other individuals, for example their name, address, phone number, gender, date of birth, and healthcare data such as medication, diagnoses and demographic information. Note that this data may be entered manually by you or transferred automatically from integrated software which you have chosen to connect to your account. Some of this patient data falls under a special category defined as "sensitive personal data". You are responsible for obtaining the necessary consent from your data subjects, including patients, for us to process their Personal Data and and special categories of data.
12. Medical and demographic data: If you are using the Services as a patient, particularly the myClara app, you may provide us with demographic information such as your name, age, date of birth, sex or gender. You may also provide us with details of the medication you take, details of health concerns, and your NHS/CHI number. We use this data to enable certain aspects of our Services, such as to allow you to order repeat medication, enable your GP to find your records, and allow you to book appointments with your community pharmacy.
13. Automatically collected information: When you use our Service, we may receive and automatically collect some information such as your IP address, the type of device and browser you are using, data stored in "Cookies" and related technologies (see our Cookie Policy at https://getclara.uk/legal/cookie-policy), and information such as access patterns, usage, and the links you click on. This data helps us to provide and improve the Service.
14. Aggregated data: Under the Terms of Service, we may derive anonymised, aggregate data from your data, and may share this with third parties. This helps us to improve our Services, and may be used for such purposes as to help health organisations understand prescribing patterns for example. Once aggregated and anonymised, such data is not considered personal data under Data Protection Laws, as it does not reveal the identity of an individual data subject. However, aggregated data combined with other data in such a way that individual data subjects may then be identified will be treated as personal data and only used in accordance with this Policy.
15. Essential: We store certain data about you that is essential to the functioning of our app, so the only way to refuse consent for this is to not use the app. Examples include storing who the current user is.
16. Providing our Services: We will use your data to provide our Services to you and to manage our relationship with you. Some of the data is required in order for us to be able to provide the Service to you, and if you do not provide data that we ask for, we may not be able to provide you with the service. Examples of this include your email address, password, billing address, and payment information.
17. Giving you support: We may use your data when you contact our support team and for ongoing customer service, including to inform you of changes to the Service or our Terms of Service, and to handle any complains, queries or requests relating to your use of the Service.
18. As required by law: We may be required to use your data to comply with a legal or regulatory obligation, such as protecting against or investigation of fraud or other unlawful activities.
19. Legitimate interests: We will process your data where it is in our legitimate interests to do so, provided the data subjects' fundamental rights and freedoms do not override those interests. Examples include: giving you insights and recommendations on how to optimise your use of the Services, investigating suspected breaches of the Terms of Service, producing aggregated and anonymised usage statistics, and tracking the functionality you use to allow us to optimise our provision of that functionality.
20. Legal reasons: We may disclose your personal data where it is required to comply with the law or assist with a lawful investigation, or in order to protect our rights, property, or the safety of our employees, customers or others.
21. Data you choose to share: By adding users to your account or enabling integrations with third-party software, your data will be shared with those parties. We may also share other data to third parties if you give us explicit permission to do so.
22. Suppliers and sub-contractors: We use various third party suppliers to support the operation of our Service, including Amazon Web Services to host our websites, Stripe to process our payments, Postmark to manage our email communication, and LiveChat to manage our customer support.
23. Acquisition: If some or all of the assets or operations of our business are acquired or transferred to another party, that party may acquire access to your data.
24. Duration: We will only store your data for as long as is necessary for the purposes for which it was collected, including our obligations under our Terms of Service and any legal requirements.
25. Protection: Our database is continuously replicated onto multiple nodes to ensure no single point of failure. It is also separately backed up twice a day. We always use encryption when storing or transferring data.
26. Credit card details: We never store or process your credit card details. They are provided directly by you from your browser to our payment provider (Stripe) via an encrypted connection, and are never stored or routed through our systems. Stripe give us a token to identify your account, which we use for ongoing billing. You can find Stripe's privacy policy here.
27. Obtaining your data: You can ask us in writing for a copy of your data at any time, which we will provide to you in the form of a JSON export, a standard format which can be interpreted by a wide variety of software. We will normally provide this for free, but we reserve the right to charge you for our time, provided that the charge is not unreasonable. We recommend you ask us for a copy of your data before cancelling your subscription, as we have no obligation to retain data on your behalf if you no longer have an active subscription.
28. Deleting your data: You can also ask us in writing to delete your data at any time. Your data will be removed from our main application and data servers, and access to your account will no longer be possible, but some of your data may still be stored in backups according to our data retention policies. Even if we have your data in a backup, your account and data cannot be recovered by you after you ask us to delete it.
29. Other rights under data protection law: You have other rights granted to you by the Data Protection Laws under certain circumstances, including rights to: change or withdraw your consent, rectify or amend inaccurate information held about you, and a right to object to or restrict certain processing of your data. Please contact us by email to hello@getclara.uk if you wish to exercise any of these rights.