Overview

Who we are

We are Huma Therapeutics Limited, the owner and provider of a healthcare platform which facilitates the collection and integration of patient data from medical databases and patient devices, which may be accessed by healthcare professionals and organisations.

Huma Therapeutics Limited may hereinafter also be referred to as “Huma”. All references in this policy to "Company", "our", "us" or "we" refer to Huma Therapeutics Limited (formerly Medopad Limited), or our group companies, as appropriate. All references in this policy to "our website," refer to the website owned by us at www.huma.com (formerly www.medopad.com).

Our company number is 07725451 and our registered office is 13th Floor Millbank Tower, 21-24 Millbank, London, England, SW1P 4QP.

Our values and what this policy is for

Huma respects your privacy and is committed to protecting your personal information. We value being fair, transparent, and accountable to you in relation to the way that we collect and use your personal information. In line with these values, this privacy policy tells you what to expect when we collect and use personal information about you. Huma does not sell personal information.

Any information that we refer to as "personal information" throughout this policy also constitutes “Personal Data .” Personal Data means any information about an individual by which that person is identified or from which that person can be identified by some means (for example, by combining the data set we hold with a different data set). It does not include data which is not identifiable (such as anonymous data or non-attributable inferences derived from aggregate data).

We are always looking to improve the information we provide to our customers and contacts so if you have any feedback on this privacy policy, please let us know using our contact details in Section 8.

Quicklinks

Depending on our relationship with you, we may collect and use your Personal Data in different ways. Please click on the links to find out the information that is relevant to you.

🌐	Visitors to our website, www.huma.com
👤	Customers, and employees of our customers
❤️‍🩹	Healthcare Patients (Users of the Huma app and platform)
🩺	Healthcare Provider (Users of the Huma app and platform)

Legal basis for use of your Personal Data

Depending on our relationship with you, we may collect and use your Personal Data in different ways. The legal bases for using your personal information as set out in this privacy policy are as follows:

Contract

Our use of your personal information may be necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our app, platform or website which you accept by registering for app and platform or browsing our website).

Legal Obligation

Our use of your personal information may be necessary for complying with our legal obligations (for example, due to tax retention periods).

Legitimate Interests

Where neither Contract nor Legal Obligation apply, the use of your personal information may be necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests may be:

to run, grow and develop our business (as well as the businesses of our group companies),
for the operation of the Huma app and platform (for example, for keeping our app updated and relevant and for better understanding how individuals interact with the app and which features and functionality are and are not useful),
to obtaining feedback about potential improvements in the user experience,
for the improvement of our Huma app and platform,
for internal group administrative purposes,
in the context of a business reorganisation or group restructuring exercise,
to select appropriately skilled and qualified suppliers,
to receive professional services (for example, the provision of administration and IT services),
to ensure a safe environment for our residents and suppliers,
to place, track and ensure fulfilment of orders with our suppliers,
to carry out marketing, market research and business development,
for network security,
to prevent fraud,
in connection with any legal proceedings or prospective legal proceedings or law enforcement purpose.

If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details in Section 8.

Consent

We may use your special categories of data (such as health and wellbeing information) where you have provided your consent. This includes all data you or your named clinician, healthcare professional or healthcare organisation provide to us in order to use it within the Huma app and platform.

We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).

If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at privacy@huma.com and we will stop doing so.

However, if you withdraw your consent, this may impact the ability for us to be able to provide the Huma app and platform and associated services to you, such as providing our services to you or performing contractual and other legal obligations that we have to you. In these circumstances, if you do not provide us with such personal information, withdraw consent or ask us to delete your information, you may no longer be able to access Huma app and/or platform for receipt of the Huma services. Where you choose to withdraw consent, this action does not impact data lawfully collected prior to your withdrawal.

Retention (How long we store your personal information)

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. We shall only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for.

To determine the appropriate retention period for Personal Data, multiple factors may be considered including:

the amount, nature and sensitivity of the Personal Data ,
the potential risk of harm from unauthorised use or disclosure of your Personal Data ,
the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and
the applicable legal, regulatory, tax, accounting or other requirements.

The data collected and processed within the scope of contractual relationships with us will be deleted upon completion of your request, if necessary after the expiry of contractual warranty and/or liability periods as well as statutory retention periods.

Insofar as the processing of Personal Data is based on your consent, we will delete this data if you revoke your consent to us. We will delete the data collected and processed in the context of our correspondence upon completion of your request, unless we have a legal retention obligation to observe.

Where you choose to take part in research, we will retain your personal information in line with the duration of the study or research initiative, as required to meet a contractual obligation, legal obligation, or until you withdraw your consent.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In Detail

1. How we obtain your personal information

The way that Personal Data may be collected about you may vary depending on the means by which you engage with Huma. Data may be manually input by you when you set up an account on our app and use it, collected when you fill in data forms, answer surveys, fill in questionnaires, use boards, forms or forums on our website, contact us by phone, email or by other means, or where you choose to share information with us via a connected device such as a wearable monitoring device.

We may also receive information about you from third parties such as our suppliers (such as research companies), contractors, consultants, marketing companies (such as marketing agencies or market research companies,consultants, Huma group companies, or public websites and public agencies. For users of the Huma app, Huma does not compile personal information about you from third-party sources without your consent.

2. Personal Data we collect about you

Please go to the section below that best describes our relationship with you to find out the information that we collect about you and how we use this information.

🌐	2.1 Visitors to our website, www.huma.com
👤	2.2 Customers, and employees of our customers
❤️‍🩹	2.3 Healthcare Patients (Users of the Huma app and platform)
🩺	2.4 Healthcare Provider (Users of the Huma app and platform)

2.1 Visitors to our website

Purposes of Processing

If you visit our website, we will collect, use and store the personal information listed below for the following reasons:

to allow you to access and use our website,
for improvement and maintenance of our website,
to provide technical support for our website,
to recognise you when you return to our website,
to store information about your preferences,
to allow us to customise the website according to your individual interests,
to ensure the security of our website,
to evaluate your visit to the website,
to prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive.
to run, grow and develop our business (as well as the businesses of our group companies),
to operate and improve our website and the Huma app and platform,
to carry out marketing, market research and business development,
for internal group administrative purposes.

Personal Data

We may collect and process the following Personal Data about you, as described below:

Technical information. We use this personal information to administer our website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our web-pages. This may include:

the Internet Protocol (IP) address used to connect your computer to the internet address (full or partial),
the website address and country from which you access information,
files requested,
browser type and version,
browser plug-in types and versions,
operating system,
platform.

Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include:

cookie preferences,
the website you visit before and after visiting our website (including date and time),
time and length of visits to certain pages,
page interaction information (such as scrolling, clicks, and mouse-overs),
methods used to browse away from the page,
traffic data,
location data,
weblogs and other communication data and information provided when requesting further service or downloads.

Contacting us through our website

Purposes of Processing

We will collect, use and store the personal information listed above for the following reasons:

to allow you to provide information on projects on which you are working and on which you would like to inquire,
to register to receive sales or other notifications and materials,
to receive enquiries from you through the website about our website, app and associated services,
to communicate with you about and process your information in relation to an employment opportunity.

Personal Data

Where you choose to contact us through our website, we may collect and process your personal (and sensitive data, if you choose to share this information with us), as described below:

your name,
your contact information,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
your date of birth,

We may also collect information concerning your employment relationship or potential employment relationship with Huma.

2.2 Customers, and Employees of Customers

Conclusion and Performance of Contracts

Purposes of Processing

We will collect, use and store the personal information listed for the following reasons:

to register you to receive sales or other notifications and materials,
to allow you to provide information on projects on which you are working and on which you would like to inquire,
to send you certain communications (including by email or post) about our products and services such as administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges),
to deal with any enquiries or issues you have about our the Huma app, platform and associated services that you request from us, our app which helps you manage our services, and about our products and services,
to provide you with our interfaces, which help you manage our services,
to facilitate deliveries of data, new products and services to you.

Personal Data

We may collect and process your Personal Data as described below:

your name,
your contact information,
your payment information,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
access data to our products or services that have been provided to you or generated by you.

We may receive some of your personal information from third parties, such as from other customers or clinicians where you use the Huma app, platform or other related interface.

Improving our products and services

Purposes of Processing

We will collect, use and store the personal information listed for the following reasons:

to carry out statistical analysis, product research and feedback and market research on people who may be interested in our existing or new Huma products and services,
if it is in our legitimate interests for business development and marketing purposes, to =contact you (including by telephone or post) with information about our products and services or the products and services of our suppliers which either you request, or which we feel will be of interest to you,
if you are a sole trader or a non-limited liability partnership and if you have consented, to contact you by email with information about our products and services or the products and services of our suppliers which either you request, or which we feel will be of interest to you.

Personal Data

We may collect and process your Personal Data as described below:

your name,
your contact information,
your job title,
your company name,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
access data to our products or services that have been provided to you or generated by you,
information about the provision of existing or potential projects or studies using or developing new elements of the Huma app and platform, and the associated services we provide (or may provide) to you including:

information needed to provide the services to you, or develop future services (including information on joining forms, order details, order history and payment details),
customer/patient/clinician services information,
customer/patient/clinician relationship management and marketing information,
information you provide to help us provide you with improved service, for example if we ask you to fill in a survey or questionnaire.

Some of the personal information that we collect about you or which you provide to us about you or your family members may be special categories of data. ‘Special categories’ of data include information about physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data.

We may receive some of your personal information from third parties, such as from other customers or clinicians where you use the Huma app, platform or other related interface.

2.3 Healthcare Patients (Users of the Huma app and platform)

Purposes of Processing

The purposes for which we process your personal information may vary depending on the set-up of the respective Huma app and are applicable in accordance with your declaration of consent.

We may collect, use and store the personal information listed above for the following reasons:

to register you as a new user,
to provide the Huma app and platform to you,
to help you manage your profile, preferences and other choices in relation to the Huma app and platform and associated services or to send you push notifications,
for our own general research and development purposes (such as improvement of Huma products, services, and future app experience),
to track your activity levels,
to record and collate your symptoms, mood, change in any physical or mental characteristics,
to suggest appropriate projects or initiatives operated or developed by Huma or third parties,
for the purpose of anonymising and/or de-identifying certain categories of that personal information, aggregating that anonymised data with the anonymised data of other users of the Huma app or platform, and the provision of that data to third parties in order for those third-parties to collect, use and store that data for research into medical conditions and trends as well as to measure adherence and efficacy of treatments,
to communicate with you, including managing our relationship with you, responding to any queries you may have and notifying you about changes (such as changes to our terms or privacy policy),
to support your use of the Huma app and platform. The app treats your health data confidentially. Access to your name (or other personal information) is restricted on a ‘need-to-know’ basis such that only people at Huma who need to see it can have access.

Where we process your information on behalf of your healthcare provider, we may collect, use and store the personal information listed above for the following reasons:

to share information with your clinical team and healthcare provider. The data allows people to track their own health and their clinical team to monitor them, e.g. to reduce the risk of exposure to infections and improve overall efficiencies. This information includes your health data, such as your symptoms and heart rate, and is gathered when you answer questions, fill out forms or allow us to link with other devices or apps,
to contact your named clinician or healthcare professional to obtain access to and upload your medical records and other documentation relating to your medical history to the Huma app and platform,
to enable named clinicians or healthcare professional to access your medical records and other logged information via the Huma app or platform in order to provide you with care or treatment or any other recommended course of action (including for the purpose of ensuring adherence and efficacy of treatments), your clinical team may use anonymised and/or aggregated health data for research purposes. Upon anonymisation, such data may be shared with third parties worldwide for research purposes, and the research results may be used for respective own purposes. This includes the development and distribution of digital biomarkers and digital therapeutics. These recipients will not be able to identify you as a person.

Categories of Personal Data

We may collect and process your personal and sensitive data (as described in the table below). We receive your personal information from you (including from apps or devices that you have connected with the Huma app) and from your named clinician, healthcare professional or healthcare organisation which collects and stores your medical records and associated information.

Category of Personal Data	Data Elements
Identity and contact Personal Data	first name and/or last name, age, date of birth, contact information, emergency contact information, unique identifier (such as your national identification card or residency card), the email address you used to register for your App account (this will be provided by you at the point you register an account with the App), data related to you that has been encrypted or pseudonymised.
Communications information	user feedback (including answers to surveys), previous communications with Huma, reminders, text messages, email messages, push-notifications.
Other sensitive data	Some of the personal information that we collect about you or which you provide to us about you or your family members may be special categories of data. This may include: Nationality or ethnicity, gender, data concerning sex life and/or sexual orientation.
Health information	The health information that is collected will depend on the nature of your condition and the purpose for which you are using the App. This could include data that is manually input by you, including into data forms, surveys or questionnaires to be filled by you, or which is collected via a connected device such as a wearable monitoring device. age, gender, Health Identifiers (a number or alphanumeric that allows healthcare staff and/or healthcare provider to identify you), information about your medical condition, your medical records and other documentation related to your medical history; the name, address, telephone number and email address of any doctor, care provider or healthcare professional and their associated healthcare organisation, information about your mental and physical health and wellbeing, treatment information shared between you and Huma, communications with your healthcare provider, your height, weight and other physical characteristics, responses to health questionnaires, photo, audio and video information, blood pressure readings, heart rate information, respiratory information, details of your leisure activities and interests. Please note that Huma uses Google Fit. The use of information received by Huma will adhere to Google’s Google Fit Permissions and APIs policies, including the Limited Use requirements.
Technical data	Username, user ID, internet Protocol ‘IP’ address (full or partial), browser information, device type, preferences in relation to push notifications, please note that you may at any time disable push notifications in a Huma app by respectively changing the settings of the app and/or your mobile device, location data sent from the Huma app or platform.
Usage data	User interaction data (with our App), such as duration of usage, frequency of usage, online and offline status, and how you communicate with us), user access to learned content (e.g. self-help articles).
Marketing/ communications information	Preferences in receiving marketing from us, patient experience and feedback surveys, communications preferences,

Use of Artificial Intelligence

AI-generated content is content that is created by generative AI models based on user prompts. If you are a healthcare patient and Huma has been instructed by your healthcare provider to provide you with monitoring services, our nurse monitoring staff may use a conversational generative AI chatbot (specifically, GPT 3.5 model on Microsoft Azure) for the purpose of receiving assisted typing. This chatbot will be used to generate messages to you about your care. The use of this chatbot is limited in scope to healthcare patients in the United States of America.

In order to facilitate this service, Huma may share certain limited Personal Data about you with Microsoft including your gender, biological sex, healthcare provider’s name, zip code, and date-of-birth.

Where the Health Insurance Portability and Accountability Act of 1996 applies, this information is considered to be PHI (Protected Health Information). Where this is the case, Huma operates as a Business Associate in relation to the processing of this information and we have executed appropriate contractual agreements with Microsoft to ensure the privacy and security of data disclosed as a part of this processing. Huma also complies with Google Play Developer Policies.

Research, studies and evaluations in the field of health

Your health data is extremely valuable for use in research to learn more about population health, early disease detection, and patterns in disease progression (“Research”).

We would like to use your health data for this purpose because we believe that using digital technologies, we can help identify new insights into treatments to help clinicians make better informed choices for our collective health. Our research relates to developing the understanding of your medical condition(s) on a general basis and we will not use our research findings in a way that impacts or may impact your own treatment other than in instances where such research has been approved by an appropriate authority under applicable laws.

We may also use your Personal Data relating to health on the basis of its necessity for reasons of public interest in the area of public health and/or scientific research in accordance with applicable public health and data protection regulations and subject to compliance with applicable prior formalities and/or obtaining any required authorisations from the appropriate national health and/or data protection authorities. Sometimes, we also work with carefully selected research partners.

We will ask for your consent to use data for this purpose, and if you choose to share your data with us, we will process your health data as described in this Policy and will always keep your data secure. Where applicable, you will be provided with information regarding procedures, risks, and benefits of participation in research prior to collection of your Personal Data .

Huma shall (to the extent possible without impacting the research), aggregate, de-identify or anonymise your Personal Data prior to undertaking research activity. This process will not affect the security of your data. Where we fully anonymise your Personal Data , it cannot be reasonably used to identify you. Such data is no longer considered to be Personal Data . Where it is not possible to undertake the research with anonymised, aggregated or de-identified data, we shall pseudonymise your Personal Data . Your health data (except, if relevant and applicable, any data that may be derived from Health Connect) may be used in combination with other health data contained in public databases (where applicable).

You may object to the use of your health data for this purpose by contacting us at privacy@huma.com. Some of your data protection rights may not be available where satisfying them would seriously impair our specific research purpose. Where this is the case you may not be able to request erasure or portability of your data. You can read more about other rights available to you below. Please refer to the Retention section of this Policy for more information regarding the retention of your data. If you have any questions about our use of data for scientific research, please contact us.

2.4 Healthcare Providers (Users of the Huma app and platform)

The Huma ‘Web App’ (henceforth ‘Web App’) is a web-based application which connects to a database for clinicians to use. Huma’s Web app helps you review information relating to your patient’s health, condition and how it affects them with you, to facilitate your provision of patient care and/or treatment. In some instances the Web App will also help you interpret that information and share your recommendations and treatment options with your patient. The Huma Platform.

Huma’s processing of Personal Data is governed in accordance with our contractual agreement with the Data Controller (if there is one). Generally, you will act as Controller in connection to the patient’s Personal Data processed for this purpose, with Huma generally acting as a Data Processor in connection with its processing of patient and healthcare provider data in respect of the delivery of the services provided by the Huma Web app.

Purposes of Processing

The purpose of Huma’s Huma Web App is to improve care and understanding of the health conditions it is used in relation to. Understanding more about health conditions can assist the Healthcare Providers we support in making swift and effective treatment decisions, and assist the organisations who design and manufacture healthcare interventions (such as Huma) in making improvements and focusing their efforts where they are most effective. The purposes for which we process your personal information may vary depending on the concrete set-up of the respective Huma app and are applicable in accordance with your declaration of consent.

We may collect, use and store the personal information listed above for the following reasons.

to register you as a new user,
to provide the Huma Web app to you,
to help you manage your profile, preferences and other choices in relation to the Huma app and platform and associated services or to send you push notifications,
for our own general research and development purposes (such as improvement of Huma products, services, and future app experience),
to allow you to monitor your healthcare patients,
to allow you to communicate with your healthcare patients,
to allow you to access information pertaining to your healthcare patience, including to medical records, information logged by patients via the Web app, upload patient medical records and other documentation relating to the patients’ medical history to the Web app and platform, provide patients with care or treatment or any other recommended course of action (including for the purpose of ensuring adherence and efficacy of treatments),
to suggest appropriate projects or initiatives operated or developed by Huma or third parties;
for the purpose of anonymising and/or de-identifying certain categories of that personal information, aggregating that anonymised data with the anonymised data of other users of the Web app and the provision of that data to third parties in order for those third-parties to collect, use and store that data for research into medical conditions and trends, as well as to measure adherence and efficacy of treatments,
for Huma to communicate with you, including managing our relationship with you, responding to any queries you may have and notifying you about changes (such as changes to our terms or privacy policy),
to support your use of the Web app. The Web app treats your health data confidentially. The Web app treats your health data confidentially. Access to your name (or other personal information) is restricted on a ‘need-to-know’ basis such that only people at Huma who need to see it can have access.

Categories of Personal Data

The purpose of this section is to explain how Huma intends to use your Personal Data in connection with the Portal for this secondary purpose and other purposes in connection with which Huma acts as a controller as outlined in this notice.

Category of Personal Data	Data Elements
Identity and contact Personal Data	first name and/or last name, telephone number(s), age, date of birth, contact information, emergency contact information, unique identifier (such as your national identification card or residency card), the email address you used to register for the Web app account (this will be provided by you at the point you register an account with the app), data related to you that has been encrypted or pseudonymised.
Communications information	user feedback (including answers to surveys collected via phone or email) for the purpose of providing patient support with adherence levels and service maintenance and improvement on behalf of the Healthcare Provider, experience surveys, communications with your patients, previous communications with Huma, reminders, text messages, email messages, push-notifications.
Technical data	Username, User ID, Internet Protocol ‘IP’ address (full or partial), Browser information, Device type, Preferences in relation to push notifications, location data sent from the Huma Web app.
Usage data	Information collected when you use the Web app including patient notes, treatment decisions, and communications with your patient, technical user interaction data (with the Web app), such as duration of usage, frequency of usage, online and offline status, and how you communicate with us), user access to learned content (e.g. self-help articles).
Marketing/ communications information	Preferences in receiving marketing from us, patient experience and feedback surveys, communications preferences,

2.5 Other uses for your personal information

Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional universal reasons:

to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you;
for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;
to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and
to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

Before using your personal information for any purposes which fall outside those set out in this Section 2, we will undertake an analysis to establish if our new use of your personal information is compatible the original purposes for dafta collection. Please contact us using the details in Section 8 if you want further information on the analysis we will undertake.

3. How and why we share your personal information with others

Sharing Data with Group Companies

We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes. For example, for the purpose of:

supporting corporate strategy,
ensuring compliance,
auditing and monitoring,
research and development,
machine learning and quality assurance, or
billing and accounting.

If the processing is based upon your consent, we will only share your Personal Data with third parties (with the exception of processors) if you have also declared your express consent thereto; this specifically applies to the processing of special categories of Personal Data (such as health data).

Sharing data with External Third-Parties

Where permitted under applicable law, we may share your Personal Data with the parties set out below. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.

We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws. Huma ensures that any third-party who has access to user data will provide similar or equal protection as that which is required under Apple’s App Store Review Guidelines.

We may share your Personal Data with limited third-parties:

In order to enable Huma to provide the Huma App or Platform To you, Huma may disclose your Personal Data to its third-party processors.

Your data is shared with these limited suppliers or contractors, for the purposes described in this notice and (if applicable) in line with the agreement we have in place with your Healthcare Provider.

We share your personal information outside our organisation with our suppliers or contractors, for the purposes described in this notice and in line with the agreement we have in place with your Healthcare Provider. This data sharing may be required for the performance of contracts we have agreed on or that you have requested. Our suppliers are bound by obligations of confidentiality.

Our suppliers and contractors may include:

IT and communications service providers,
payment processors;
insurers,
logistic providers
cloud service providers
call centres;
repair service providers;
marketing agencies and partners;
courier and delivery suppliers.

We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions or the Healthcare Provider’s instructions, as applicable.

If you use third party apps, products or services to measure data about your health that you then input into the Huma App, your use of those apps, products and services will be subject to the applicable third party terms of use and privacy policies, and Huma will not have any responsibility for them or the information they provide.

In addition, we may disclose information about you to other third parties that act as Data Controllers in their own right, such as:

regulators, tax authorities and other applicable authorities who require reporting of processing activities in certain circumstances. For example, we may be under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
legal advisors, regulators, law enforcement agencies, where required to do so by law, such as in connection with any legal proceedings or prospective legal proceedings, law enforcement purposes, or in order to establish, exercise or defend our legal rights;
a third party to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy policy. If substantially all of our or any of our affiliates' assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets

We will also disclose your personal information to third parties:

where it is in our legitimate interests to do so to run, grow and develop our business;
in order to enforce or apply our terms of use, our terms and conditions for customers or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
to protect the rights, property, or safety of Huma, our staff, our customers or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

We may also disclose and use anonymised or aggregated reporting and statistics about users of our app, platform, website or associated services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised or aggregated reports or statistics will enable our users to be personally identified.

Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

Third-party links

The Huma app and platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party solutions or websites and are not responsible for their privacy notices or practices.

Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

4. Data Transfers

Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us, other members of our group or suppliers. Further details on to whom your personal information may be disclosed are set out in Section 3.

If we transfer any personal information about you to countries outside the EEA, we will take appropriate measures to ensure that the respective recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following permitted in Articles 45 and 46 of the General Data Protection Regulation:

in the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.

Further details on the steps we take to protect your personal information, in these cases, are available from us on request by contacting us by email at privacy@huma.com at any time.

5. Your Rights

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at privacy@huma.com or privacy@medopad.com at any time. You have the following rights:

The right to be informed	Be informed of the purpose and the valid legal basis or practical justification for collecting the Personal Data , and that your data shall not be processed later in a manner inconsistent with that purpose.
The right to request access	Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you, check if we are processing your personal information, check if we are lawfully processing it, details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the European Economic Area ("EEA").
The right to request correction	Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the Personal Data we hold about you is accurate and current. Please contact us at privacy@huma.com if your Personal Data changes during your relationship with us.
The right to erasure	Request erasure of your Personal Data . This enables you to ask us to delete Personal Data which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in Section 8. You also have the right to ask us to delete your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
The right to object to processing	Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) you can object to processing on this ground if you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
The right to restriction of processing	Request restriction of processing of your Personal Data . This enables you to ask us to suspend the processing of your Personal Data in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in Section 8. These circumstances include: If you want us to establish the data's accuracy. Where our use of the data is unlawful but you do not want us to erase it. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
The right to portability	Request the transfer of certain of your Personal Data to you or to a third party (the right of data portability). We shall provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to information you provided to us and which we process on the basis of consent or where it is necessary to perform a contract with you.
The right to withdraw your consent	Withdraw consent at any time where we are relying on consent to process your Personal Data . However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We shall advise you if this is the case at the time you withdraw your consent.

Response Times

We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

Exceptions

If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

Children

Our website and services are not directed at children and we do not knowingly collect any personal information from children without express consent from a parent or guardian. You must be aged 18 or over to purchase products or services from us (or 16 and older if you are from the United Kingdom or European Union).

If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible.

Please contact us at privacy@huma.com if you are aware that we may have inadvertently collected personal information from a child.

6. Risks and how we keep your personal information secure

The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.

Huma is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Access to your information is limited in accordance with our agreement with your Healthcare Provider.

In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. Please keep that in mind when providing data to us using the Internet. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7. Changes to our privacy policy

Your use of the App signifies your acceptance of this Policy, and the terms and conditions that govern it. If you do not agree to this policy, you must not use any of the content or the services offered through the App.

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy.

This notice was last updated on 07 March 2024. We will contact you to let you know about any substantive change.

8. Further questions and how to make a complaint

If you have any queries or complaints about our collection or use of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us using the information provided here. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

Huma Therapeutics Limited is a company based in the UK and registered under number 07725451, with its registered office located at 13th Floor Millbank Tower, 21-24 Millbank, London, England, SW1P 4QP.

Huma has appointed a DPO who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy or our privacy practices, including any requests to exercise your legal rights, please contact us using the details shown below.

Please note that if you contact us in relation to processing in connection with which the Healthcare Provider (as opposed to Huma) acts as a Data Controller, we will normally respond requesting that you forward your request to the Healthcare Provider, as the Healthcare Provider will be better placed to respond.

Full name and address of legal entity: Huma Therapeutics Limited 13th Floor Millbank Tower, 21-24 Millbank, London SW1P 4QP
Email address: Please contact us at privacy@huma.com

In accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the Information Commissioner's Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.