Privacy Policy
Overview........................................................................................................................................................................................................2
Who we are..............................................................................................................................................................2
Our values and what this policy is for................................................................................................................2
Quicklinks................................................................................................................................................................. 2
Legal basis for use of your Personal Data ......................................................................................................2
Retention (How long we store your personal information).......................................................................... 4
In Detail................................................................................................................................................................................... 4
1. How we obtain your personal information..........................................................................................................4
2. Personal Data we collect about you....................................................................................................................5
2.1 Visitors to our website....................................................................................................................................5
Contacting us through our website............................................................................................................6
2.2 Customers, and Employees of Customers.................................................................................................6
2.3 Healthcare Patients (Users of the Huma app and platform)................................................................. 8
Use of Artificial Intelligence........................................................................................................10
Research, studies and evaluations in the field of health......................................................................11
2.4 Healthcare Providers (Users of the Huma app and platform).............................................................12
2.5 Other uses for your personal information.............................................................................................. 14
3. How and why we share your personal information with others.................................................................. 14
Sharing Data with Group Companies..............................................................................................................14
Sharing data with External Third-Parties........................................................................................................ 14
Third-party links....................................................................................................................................................16
4. Data Transfers..........................................................................................................................................................16
5. Your Rights............................................................................................................................................................... 17
Response Times................................................................................................................................................... 18
Exceptions..............................................................................................................................................................19
Children..................................................................................................................................................................19
6. Risks and how we keep your personal information secure................................................................................................19
7. Changes to our privacy policy................................................................................................................................................... 19
8. Further questions and how to make a complaint.................................................................................................................20
1
Overview
Who we are
We are Huma Therapeutics Limited, the owner and provider of a healthcare platform which facilitates
the collection and integration of patient data from medical databases and patient devices, which may
be accessed by healthcare professionals and organisations.
Huma Therapeutics Limited may hereinafter also be referred to as “Huma”. All references in this policy
to "Company", "our", "us" or "we" refer to Huma Therapeutics Limited (formerly Medopad Limited), or
our group companies, as appropriate. All references in this policy to "our website," refer to the website
owned by us at www.huma.com (formerly www.medopad.com).
Our company number is 07725451 and our registered office is 13th Floor Millbank Tower, 21-24
Millbank, London, England, SW1P 4QP.
Our values and what this policy is for
Huma respects your privacy and is committed to protecting your personal information. We value
being fair, transparent, and accountable to you in relation to the way that we collect and use your
personal information. In line with these values, this privacy policy tells you what to expect when we
collect and use personal information about you. Huma does not sell personal information.
Any information that we refer to as "personal information" throughout this policy also constitutes
“Personal Data .” Personal Data means any information about an individual by which that person
is identified or from which that person can be identified by some means (for example, by
combining the data set we hold with a different data set). It does not include data which is not
identifiable (such as anonymous data or non-attributable inferences derived from aggregate data).
We are always looking to improve the information we provide to our customers and contacts so if you
have any feedback on this privacy policy, please let us know using our contact details in Section 8.
Quicklinks
Depending on our relationship with you, we may collect and use your Personal Data in different
ways. Please click on the links above to find out the information that is relevant to you.
🌐
Visitors to our website, www.huma.com
👤
Customers, and employees of our customers
󰵘
Healthcare Patients (Users of the Huma app and platform)
🩺
Healthcare Provider (Users of the Huma app and platform)
Legal basis for use of your Personal Data
Depending on our relationship with you, we may collect and use your Personal Data in different
ways. The legal bases for using your personal information as set out in this privacy policy are as
follows:
2
Contract
Our use of your personal information may be necessary to perform our obligations under any
contract with you (for example, to comply with the terms of use of our app, platform or website
which you accept by registering for app and platform or browsing our website).
Legal Obligation
Our use of your personal information may be necessary for complying with our legal obligations
(for example, due to tax retention periods).
Legitimate Interests
Where neither Contract nor Legal Obligation apply, the use of your personal information may be
necessary for our legitimate interests or the legitimate interests of others. Our legitimate interests
may be:
to run, grow and develop our business (as well as the businesses of our group companies),
for the operation of the Huma app and platform (for example, for keeping our app
updated and relevant and for better understanding how individuals interact with the app
and which features and functionality are and are not useful),
to obtaining feedback about potential improvements in the user experience,
for the improvement of our Huma app and platform,
for internal group administrative purposes,
in the context of a business reorganisation or group restructuring exercise,
to select appropriately skilled and qualified suppliers,
to receive professional services (for example, the provision of administration and IT
services),
to ensure a safe environment for our residents and suppliers,
to place, track and ensure fulfilment of orders with our suppliers,
to carry out marketing, market research and business development,
for network security,
to prevent fraud,
in connection with any legal proceedings or prospective legal proceedings or law
enforcement purpose.
If we rely on our (or another person's) legitimate interests for using your personal information, we
will undertake a balancing test to ensure that our (or the other person's) legitimate interests are
not outweighed by your interests or fundamental rights and freedoms which require protection of
the personal information. You can ask us for information on this balancing test by using the contact
details in Section 8.
Consent
We may use your special categories of data (such as health and wellbeing information) where you
have provided your consent. This includes all data you or your named clinician, healthcare
professional or healthcare organisation provide to us in order to use it within the Huma app and
platform.
We may process your personal information in some cases for marketing purposes on the basis of
your consent (which you may withdraw at any time after giving it, as described below).
If we rely on your consent for us to use your personal information in a particular way, but you later
change your mind, you may withdraw your consent by contacting us at privacy@huma.com and
we will stop doing so.
3
However, if you withdraw your consent, this may impact the ability for us to be able to provide the
Huma app and platform and associated services to you, such as providing our services to you or
performing contractual and other legal obligations that we have to you. In these circumstances, if
you do not provide us with such personal information, withdraw consent or ask us to delete your
information, you may no longer be able to access Huma app and/or platform for receipt of the
Huma services. Where you choose to withdraw consent, this action does not impact data lawfully
collected prior to your withdrawal.
Retention (How long we store your personal information)
We keep your personal information for no longer than necessary for the purposes for which the
personal information is processed. The length of time for which we retain personal information
depends on the purposes for which we collect and use it and/or as required to comply with applicable
laws and to establish, exercise or defend our legal rights. We shall only retain your Personal Data for
as long as reasonably necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for Personal Data , multiple factors may be
considered including:
the amount, nature and sensitivity of the Personal Data ,
the potential risk of harm from unauthorised use or disclosure of your Personal Data ,
the purposes for which we process your Personal Data and whether we can achieve those
purposes through other means, and
the applicable legal, regulatory, tax, accounting or other requirements.
The data collected and processed within the scope of contractual relationships with us will be deleted
upon completion of your request, if necessary after the expiry of contractual warranty and/or liability
periods as well as statutory retention periods.
Insofar as the processing of Personal Data is based on your consent, we will delete this data if you
revoke your consent to us. We will delete the data collected and processed in the context of our
correspondence upon completion of your request, unless we have a legal retention obligation to
observe.
Where you choose to take part in research, we will retain your personal information in line with the
duration of the study or research initiative, as required to meet a contractual obligation, legal
obligation, or until you withdraw your consent.
We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably
believe there is a prospect of litigation in respect to our relationship with you.
In Detail
1. How we obtain your personal information
The way that Personal Data may be collected about you may vary depending on the means by which
you engage with Huma. Data may be manually input by you when you set up an account on our app
and use it, collected when you fill in data forms, answer surveys, fill in questionnaires, use boards,
forms or forums on our website, contact us by phone, email or by other means, or where you choose
to share information with us via a connected device such as a wearable monitoring device.
4
We may also receive information about you from third parties such as our suppliers (such as research
companies), contractors, consultants, marketing companies (such as marketing agencies or market
research companies,consultants, Huma group companies, or public websites and public agencies. For
users of the Huma app, Huma does not compile personal information about you from third-party
sources without your consent.
2. Personal Data we collect about you
Please go to the section below that best describes our relationship with you to find out the
information that we collect about you and how we use this information.
🌐
2.1 Visitors to our website, www.huma.com
👤
2.2 Customers, and employees of our customers
󰵘
2.3 Healthcare Patients (Users of the Huma app and platform)
🩺
2.4 Healthcare Provider (Users of the Huma app and platform)
2.1 Visitors to our website
Purposes of Processing
If you visit our website, we will collect, use and store the personal information listed below for the
following reasons:
to allow you to access and use our website,
for improvement and maintenance of our website,
to provide technical support for our website,
to recognise you when you return to our website,
to store information about your preferences,
to allow us to customise the website according to your individual interests,
to ensure the security of our website,
to evaluate your visit to the website,
to prepare reports or compile statistics to understand the type of people who use our website,
how they use our website and to make our website more intuitive.
to run, grow and develop our business (as well as the businesses of our group companies),
to operate and improve our website and the Huma app and platform,
to carry out marketing, market research and business development,
for internal group administrative purposes.
Personal Data
We may collect and process the following Personal Data about you, as described below:
Technical information. We use this personal information to administer our website, to measure
the efficiency of our systems and to undertake an analysis on the locations from which people
access our web-pages. This may include:
the Internet Protocol (IP) address used to connect your computer to the internet address
(full or partial),
the website address and country from which you access information,
files requested,
browser type and version,
5
browser plug-in types and versions,
operating system,
platform.
Information about your visit and your behaviour on our website (for example, the pages that
you click on). This may include:
cookie preferences,
the website you visit before and after visiting our website (including date and time),
time and length of visits to certain pages,
page interaction information (such as scrolling, clicks, and mouse-overs),
methods used to browse away from the page,
traffic data,
location data,
weblogs and other communication data and information provided when requesting further
service or downloads.
Contacting us through our website
Purposes of Processing
We will collect, use and store the personal information listed above for the following reasons:
to allow you to provide information on projects on which you are working and on which you
would like to inquire,
to register to receive sales or other notifications and materials,
to receive enquiries from you through the website about our website, app and associated
services,
to communicate with you about and process your information in relation to an employment
opportunity.
Personal Data
Where you choose to contact us through our website, we may collect and process your personal (and
sensitive data, if you choose to share this information with us), as described below:
your name,
your contact information,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
your date of birth,
We may also collect information concerning your employment relationship or potential employment
relationship with Huma.
2.2 Customers, and Employees of Customers
Conclusion and Performance of Contracts
Purposes of Processing
We will collect, use and store the personal information listed for the following reasons:
to register you to receive sales or other notifications and materials,
to allow you to provide information on projects on which you are working and on which you
would like to inquire,
6
to send you certain communications (including by email or post) about our products and
services such as administrative messages (for example, setting out changes to our terms and
conditions and keeping you informed about our fees and charges),
to deal with any enquiries or issues you have about our the Huma app, platform and
associated services that you request from us, our app which helps you manage our services,
and about our products and services,
to provide you with our interfaces, which help you manage our services,
to facilitate deliveries of data, new products and services to you.
Personal Data
We may collect and process your Personal Data as described below:
your name,
your contact information,
your payment information,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
access data to our products or services that have been provided to you or generated by you.
We may receive some of your personal information from third parties, such as from other customers
or clinicians where you use the Huma app, platform or other related interface.
Improving our products and services
Purposes of Processing
We will collect, use and store the personal information listed for the following reasons:
to carry out statistical analysis, product research and feedback and market research on people
who may be interested in our existing or new Huma products and services,
if it is in our legitimate interests for business development and marketing purposes, to contact
you (including by telephone or post) with information about our products and services or the
products and services of our suppliers which either you request, or which we feel will be of
interest to you,
if you are a sole trader or a non-limited liability partnership and if you have consented, to
contact you by email with information about our products and services or the products and
services of our suppliers which either you request, or which we feel will be of interest to you.
Personal Data
We may collect and process your Personal Data as described below:
your name,
your contact information,
your job title,
your company name,
information you provide us throughout our correspondence with you,
communications and marketing preferences,
access data to our products or services that have been provided to you or generated by you,
information about the provision of existing or potential projects or studies using or
developing new elements of the Huma app and platform, and the associated services we
provide (or may provide) to you including:
information needed to provide the services to you, or develop future services
(including information on joining forms, order details, order history and payment
details),
customer/patient/clinician services information,
7
customer/patient/clinician relationship management and marketing information,
information you provide to help us provide you with improved service, for example if
we ask you to fill in a survey or questionnaire.
Some of the personal information that we collect about you or which you provide to us about you or
your family members may be special categories of data. Special categories of data include
information about physical and mental health, sexual orientation, racial or ethnic origin, political
opinions, philosophical belief, trade union membership and biometric data.
We may receive some of your personal information from third parties, such as from other customers
or clinicians where you use the Huma app, platform or other related interface.
2.3 Healthcare Patients (Users of the Huma app and platform)
Purposes of Processing
The purposes for which we process your personal information may vary depending on the set-up of
the respective Huma app and are applicable in accordance with your declaration of consent.
We may collect, use and store the personal information listed above for the following reasons:
to register you as a new user,
to provide the Huma app and platform to you,
to help you manage your profile, preferences and other choices in relation to the Huma app
and platform and associated services or to send you push notifications,
for our own general research and development purposes (such as improvement of Huma
products, services, and future app experience),
to track your activity levels,
to record and collate your symptoms, mood, change in any physical or mental characteristics,
to suggest appropriate projects or initiatives operated or developed by Huma or third parties,
for the purpose of anonymising and/or de-identifying certain categories of that personal
information, aggregating that anonymised data with the anonymised data of other users of
the Huma app or platform, and the provision of that data to third parties in order for those
third-parties to collect, use and store that data for research into medical conditions and trends
as well as to measure adherence and efficacy of treatments,
to communicate with you, including managing our relationship with you, responding to any
queries you may have and notifying you about changes (such as changes to our terms or
privacy policy),
to support your use of the Huma app and platform. The app treats your health data
confidentially. Access to your name (or other personal information) is restricted on a need-to-know
basis such that only people at Huma who need to see it can have access.
Where we process your information on behalf of your healthcare provider, we may collect, use
and store the personal information listed above for the following reasons:
to share information with your clinical team and healthcare provider. The data allows people
to track their own health and their clinical team to monitor them, e.g. to reduce the risk of
exposure to infections and improve overall efficiencies. This information includes your health
data, such as your symptoms and heart rate, and is gathered when you answer questions, fill
out forms or allow us to link with other devices or apps,
to contact your named clinician or healthcare professional to obtain access to and upload
your medical records and other documentation relating to your medical history to the Huma
app and platform,
8
to enable named clinicians or healthcare professional to access your medical records and
other logged information via the Huma app or platform in order to provide you with care or
treatment or any other recommended course of action (including for the purpose of ensuring
adherence and efficacy of treatments), your clinical team may use anonymised and/or
aggregated health data for research purposes. Upon anonymisation, such data may be
shared with third parties worldwide for research purposes, and the research results may be
used for respective own purposes. This includes the development and distribution of digital
biomarkers and digital therapeutics. These recipients will not be able to identify you as a
person.
Categories of Personal Data
We may collect and process your personal and sensitive data (as described in the table below). We
receive your personal information from you (including from apps or devices that you have connected
with the Huma app) and from your named clinician, healthcare professional or healthcare
organisation which collects and stores your medical records and associated information.
Category of
Personal Data
Data Elements
Identity and contact
Personal Data
first name and/or last name,
age,
date of birth,
contact information,
emergency contact information,
unique identifier (such as your national identification card or
residency card),
the email address you used to register for your App account (this
will be provided by you at the point you register an account with
the App),
data related to you that has been encrypted or pseudonymised.
Communications
information
user feedback (including answers to surveys),
previous communications with Huma,
reminders,
text messages,
email messages,
push-notifications.
Other sensitive data
Some of the personal information that we collect about you or which
you provide to us about you or your family members may be special
categories of data. This may include:
Nationality or ethnicity,
gender,
data concerning sex life and/or sexual orientation.
Health information
The health information that is collected will depend on the nature of your
condition and the purpose for which you are using the App. This could
include data that is manually input by you, including into data forms,
surveys or questionnaires to be filled by you, or which is collected via a
connected device such as a wearable monitoring device.
age,
9
gender,
Health Identifiers (a number or alphanumeric that allows
healthcare staff and/or healthcare provider to identify you),
information about your medical condition,
your medical records and other documentation related to your
medical history;
the name, address, telephone number and email address of any
doctor, care provider or healthcare professional and their
associated healthcare organisation,
information about your mental and physical health and
wellbeing,
treatment information shared between you and Huma,
communications with your healthcare provider,
your height, weight and other physical characteristics,
responses to health questionnaires,
photo, audio and video information,
blood pressure readings,
heart rate information,
respiratory information,
details of your leisure activities and interests.
Please note that Huma uses Google Fit. The use of information received
by Huma will adhere to Google’s Google Fit Permissions and APIs
policies, including the Limited Use requirements.
Technical data
Username,
user ID,
internet Protocol ‘IP’ address (full or partial),
browser information,
device type,
preferences in relation to push notifications,
please note that you may at any time disable push notifications in
a Huma app by respectively changing the settings of the app
and/or your mobile device,
location data sent from the Huma app or platform.
Usage data
User interaction data (with our App), such as duration of usage,
frequency of usage, online and offline status, and how you
communicate with us),
user access to learned content (e.g. self-help articles).
Marketing/
communications
information
Preferences in receiving marketing from us,
patient experience and feedback surveys,
communications preferences,
Use of Artificial Intelligence
AI-generated content is content that is created by generative AI models based on user prompts. If you
are a healthcare patient and Huma has been instructed by your healthcare provider to provide you
with monitoring services, our nurse monitoring staff may use a conversational generative AI chatbot
(specifically, GPT 3.5 model on Microsoft Azure) for the purpose of receiving assisted typing. This
10
chatbot will be used to generate messages to you about your care. The use of this chatbot is limited
in scope to healthcare patients in the United States of America.
In order to facilitate this service, Huma may share certain limited Personal Data about you with
Microsoft including your gender, biological sex, healthcare provider’s name, zip code, and
date-of-birth.
Where the Health Insurance Portability and Accountability Act of 1996 applies, this information is
considered to be PHI (Protected Health Information). Where this is the case, Huma operates as a
Business Associate in relation to the processing of this information and we have executed appropriate
contractual agreements with Microsoft to ensure the privacy and security of data disclosed as a part
of this processing. Huma also complies with Google Play Developer Policies.
Research, studies and evaluations in the field of health
Your health data is extremely valuable for use in research to learn more about population health,
early disease detection, and patterns in disease progression (“Research”).
We would like to use your health data for this purpose because we believe that using digital
technologies, we can help identify new insights into treatments to help clinicians make better
informed choices for our collective health. Our research relates to developing the understanding of
your medical condition(s) on a general basis and we will not use our research findings in a way that
impacts or may impact your own treatment other than in instances where such research has been
approved by an appropriate authority under applicable laws.
We may also use your Personal Data relating to health on the basis of its necessity for reasons of
public interest in the area of public health and/or scientific research in accordance with applicable
public health and data protection regulations and subject to compliance with applicable prior
formalities and/or obtaining any required authorisations from the appropriate national health and/or
data protection authorities. Sometimes, we also work with carefully selected research partners.
We will ask for your consent to use data for this purpose, and if you choose to share your data with
us, we will process your health data as described in this Policy and will always keep your data secure.
Where applicable, you will be provided with information regarding procedures, risks, and benefits of
participation in research prior to collection of your Personal Data .
Huma shall (to the extent possible without impacting the research), aggregate, de-identify or
anonymise your Personal Data prior to undertaking research activity. This process will not affect the
security of your data. Where we fully anonymise your Personal Data , it cannot be reasonably used to
identify you. Such data is no longer considered to be Personal Data . Where it is not possible to
undertake the research with anonymised, aggregated or de-identified data, we shall pseudonymise
your Personal Data . Your health data (except, if relevant and applicable, any data that may be
derived from Health Connect) may be used in combination with other health data contained in public
databases (where applicable).
You may object to the use of your health data for this purpose by contacting us at
privacy@huma.com. Some of your data protection rights may not be available where satisfying them
would seriously impair our specific research purpose. Where this is the case you may not be able to
request erasure or portability of your data. You can read more about other rights available to you
below. Please refer to the Retention section of this Policy for more information regarding the
11
retention of your data. If you have any questions about our use of data for scientific research, please
contact us.
2.4 Healthcare Providers (Users of the Huma app and platform)
The Huma Web App (henceforth ‘Web App’) is a web-based application which connects to a
database for clinicians to use. Huma’s Web app helps you review information relating to your patient’s
health, condition and how it affects them with you, to facilitate your provision of patient care and/or
treatment. In some instances the Web App will also help you interpret that information and share
your recommendations and treatment options with your patient. The Huma Platform.
Huma’s processing of Personal Data is governed in accordance with our contractual agreement with
the Data Controller (if there is one). Generally, you will act as Controller in connection to the patient’s
Personal Data processed for this purpose, with Huma generally acting as a Data Processor in
connection with its processing of patient and healthcare provider data in respect of the delivery of the
services provided by the Huma Web app.
Purposes of Processing
The purpose of Huma’s Huma Web App is to improve care and understanding of the health conditions
it is used in relation to. Understanding more about health conditions can assist the Healthcare
Providers we support in making swift and effective treatment decisions, and assist the organisations
who design and manufacture healthcare interventions (such as Huma) in making improvements and
focusing their efforts where they are most effective. The purposes for which we process your
personal information may vary depending on the concrete set-up of the respective Huma app and are
applicable in accordance with your declaration of consent.
We may collect, use and store the personal information listed above for the following reasons.
to register you as a new user,
to provide the Huma Web app to you,
to help you manage your profile, preferences and other choices in relation to the Huma app
and platform and associated services or to send you push notifications,
for our own general research and development purposes (such as improvement of Huma
products, services, and future app experience),
to allow you to monitor your healthcare patients,
to allow you to communicate with your healthcare patients,
to allow you to access information pertaining to your healthcare patience, including to
medical records, information logged by patients via the Web app, upload patient medical
records and other documentation relating to the patients’ medical history to the Web app and
platform, provide patients with care or treatment or any other recommended course of
action (including for the purpose of ensuring adherence and efficacy of treatments),
to suggest appropriate projects or initiatives operated or developed by Huma or third parties;
for the purpose of anonymising and/or de-identifying certain categories of that personal
information, aggregating that anonymised data with the anonymised data of other users of
the Web app and the provision of that data to third parties in order for those third-parties to
collect, use and store that data for research into medical conditions and trends, as well as to
measure adherence and efficacy of treatments,
for Huma to communicate with you, including managing our relationship with you,
responding to any queries you may have and notifying you about changes (such as changes
to our terms or privacy policy),
to support your use of the Web app. The Web app treats your health data confidentially. The
Web app treats your health data confidentially. Access to your name (or other personal
12
information) is restricted on a need-to-know basis such that only people at Huma who need
to see it can have access.
Categories of Personal Data
The purpose of this section is to explain how Huma intends to use your Personal Data in connection
with the Portal for this secondary purpose and other purposes in connection with which Huma acts as
a controller as outlined in this notice.
Category of Personal Data
Data Elements
Identity and contact
Personal Data
first name and/or last name,
telephone number(s),
age,
date of birth,
contact information,
emergency contact information,
unique identifier (such as your national identification card
or residency card),
the email address you used to register for the Web app
account (this will be provided by you at the point you
register an account with the app),
data related to you that has been encrypted or
pseudonymised.
Communications
information
user feedback (including answers to surveys collected via
phone or email) for the purpose of providing patient
support with adherence levels and service maintenance
and improvement on behalf of the Healthcare Provider,
experience surveys,
communications with your patients,
previous communications with Huma,
reminders,
text messages,
email messages,
push-notifications.
Technical data
Username,
User ID,
Internet Protocol ‘IP’ address (full or partial),
Browser information,
Device type,
Preferences in relation to push notifications,
location data sent from the Huma Web app.
Usage data
Information collected when you use the Web app including
patient notes, treatment decisions, and communications
with your patient,
technical user interaction data (with the Web app), such as
duration of usage, frequency of usage, online and offline
status, and how you communicate with us),
user access to learned content (e.g. self-help articles).
13
Marketing/
communications
information
Preferences in receiving marketing from us,
patient experience and feedback surveys,
communications preferences,
2.5 Other uses for your personal information
Whatever our relationship with you is, we may also collect, use and store your personal information
for the following additional universal reasons:
to deal with any enquiries or issues you have about how we collect, store and use your
personal information, or any requests made by you for a copy of the information we hold
about you;
for internal corporate reporting, business administration, ensuring adequate insurance
coverage for our business, ensuring the security of company facilities, research and
development, and to identify and implement business efficiencies. We may process your
personal information for these purposes where it is in our legitimate interests to do so;
to comply with any procedures, laws and regulations which apply to us this may include
where we reasonably consider it is in our legitimate interests or the legitimate interests of
others to comply, as well as where we are legally required to do so; and
to establish, exercise or defend our legal rights this may include where we reasonably
consider it is in our legitimate interests or the legitimate interests of others, as well as where
we are legally required to do so.
Before using your personal information for any purposes which fall outside those set out in this
Section 2, we will undertake an analysis to establish if our new use of your personal information is
compatible the original purposes for dafta collection. Please contact us using the details in Section 8 if
you want further information on the analysis we will undertake.
3. How and why we share your personal information with others
Sharing Data with Group Companies
We may share your personal information with our group companies where it is in our legitimate
interests to do so for internal administrative purposes. For example, for the purpose of:
supporting corporate strategy,
ensuring compliance,
auditing and monitoring,
research and development,
machine learning and quality assurance, or
billing and accounting.
If the processing is based upon your consent, we will only share your Personal Data with third
parties (with the exception of processors) if you have also declared your express consent thereto; this
specifically applies to the processing of special categories of Personal Data (such as health data).
Sharing data with External Third-Parties
Where permitted under applicable law, we may share your Personal Data with the parties set out
below. We require all third parties to respect the security of your Personal Data and to treat it in
accordance with the law.
We will always ensure that any third parties with whom we share your personal information are
subject to privacy and security obligations consistent with this privacy policy and applicable laws.
Huma ensures that any third-party who has access to user data will provide similar or equal
14
protection as that which is required under Apple’s App Store Review Guidelines.
We may share your Personal Data with limited third-parties:
15
We may also disclose and use anonymised or aggregated reporting and statistics about users of our
app, platform, website or associated services for the purpose of internal reporting or reporting to our
group or other third parties, and for our marketing and promotion purposes. None of these
anonymised or aggregated reports or statistics will enable our users to be personally identified.
Save as expressly detailed above, we will never share, sell or rent any of your personal information to
any third party without notifying you and, where necessary, obtaining your consent. If you have given
your consent for us to use your personal information in a particular way, but later change your mind,
you should contact us and we will stop doing so.
Third-party links
The Huma app and platform may include links to third-party websites, plug-ins and applications.
Clicking on those links or enabling those connections may allow third parties to collect or share data
about you. We do not control these third-party solutions or websites and are not responsible for their
privacy notices or practices.
Third party websites have their own terms and conditions and privacy policies, and you should read
these carefully before you submit any personal information to these websites. We do not endorse or
otherwise accept any responsibility or liability for the content of such third party websites or third
party terms and conditions or policies.
4. Data Transfers
Your personal information may be used, stored and/or accessed by staff operating outside the EEA
working for us, other members of our group or suppliers. Further details on to whom your personal
information may be disclosed are set out in Section 3.
If we transfer any personal information about you to countries outside the EEA, we will take
appropriate measures to ensure that the respective recipient protects your personal information
adequately in accordance with this privacy policy. These measures may include the following
permitted in Articles 45 and 46 of the General Data Protection Regulation:
in the case of US based entities, entering into European Commission approved standard
contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy
Shield (see further https://www.privacyshield.gov/welcome); or
in the case of entities based in other countries outside the EEA, entering into European
Commission approved standard contractual arrangements with them.
16
Further details on the steps we take to protect your personal information, in these cases, are available
from us on request by contacting us by email at privacy@huma.com at any time.
5. Your Rights
You have certain rights in relation to your personal information. If you would like further information
in relation to these or would like to exercise any of them, please contact us via email at
privacy@huma.com or privacy@medopad.com at any time. You have the following rights:
The right to be
informed
Be informed of the purpose and the valid legal basis or practical justification
for collecting the Personal Data , and that your data shall not be processed
later in a manner inconsistent with that purpose.
The right to
request access
Request access to your Personal Data (commonly known as a "data subject
access request"). This enables you to receive a copy of the Personal Data we
hold about you, check if we are processing your personal information, check if
we are lawfully processing it, details about how and why it is being used; and
details of the safeguards which are in place if we transfer your information
outside of the European Economic Area ("EEA").
The right to
request
correction
Request correction of the Personal Data that we hold about you. This
enables you to have any incomplete or inaccurate data we hold about you
corrected, though we may need to verify the accuracy of the new data you
provide to us. It is important that the Personal Data we hold about you is
accurate and current. Please contact us at privacy@huma.com if your
Personal Data changes during your relationship with us.
The right to
erasure
Request erasure of your Personal Data . This enables you to ask us to delete
Personal Data which we are holding about you in certain specific
circumstances. You can ask us for further information on these specific
circumstances by contacting us using the details in Section 8. You also have
the right to ask us to delete your Personal Data where you have successfully
exercised your right to object to processing (see below), where we may have
processed your information unlawfully or where we are required to erase
your Personal Data to comply with local law.
Note, however, that we may not always be able to comply with your request of
erasure for specific legal reasons which will be notified to you, if applicable, at the
time of your request.
The right to
object to
processing
Object to processing of your Personal Data where we are relying on a
legitimate interest (or those of a third party) you can object to processing on
this ground if you feel it impacts your fundamental rights and freedoms. You
also have the right to object where we are processing your Personal Data
for direct marketing purposes. In some cases, we may demonstrate that we
have compelling legitimate grounds to process your information which
override your rights and freedoms.
The right to
restriction of
Request restriction of processing of your Personal Data . This enables you
to ask us to suspend the processing of your Personal Data in certain specific
circumstances. You can ask us for further information on these specific
17
processing
circumstances by contacting us using the details in Section 8. These
circumstances include:
If you want us to establish the data's accuracy.
Where our use of the data is unlawful but you do not want us
to erase it.
Where you need us to hold the data even if we no longer
require it as you need it to establish, exercise or defend legal
claims.
You have objected to our use of your data but we need to
verify whether we have overriding legitimate grounds to use
it.
The right to
portability
Request the transfer of certain of your Personal Data to you or to a third
party (the right of data portability). We shall provide to you, or a third party
you have chosen, your Personal Data in a structured, commonly used,
machine-readable format. Please note that this right only applies to
information you provided to us and which we process on the basis of consent
or where it is necessary to perform a contract with you.
The right to
withdraw your
consent
Withdraw consent at any time where we are relying on consent to process
your Personal Data . However, this will not affect the lawfulness of any
processing carried out before you withdraw your consent. If you withdraw
your consent, we may not be able to provide certain products or services to
you. We shall advise you if this is the case at the time you withdraw your
consent.
Response Times
We will consider all such requests and provide our response within a reasonable period (and in any
event within one month of your request unless we tell you we are entitled to a longer period under
applicable law). Please note, however, that certain personal information may be exempt from such
requests in certain circumstances, for example if we need to keep using the information to comply
with our own legal obligations or to establish, exercise or defend legal claims.
Exceptions
If an exception applies, we will tell you this when responding to your request. We may request you
provide us with information necessary to confirm your identity before responding to any request you
make.
Children
Our website and services are not directed at children and we do not knowingly collect any personal
information from children without express consent from a parent or guardian. You must be aged 18
or over to purchase products or services from us (or 16 and older if you are from the United Kingdom
or European Union).
If you are a child and we learn that we have inadvertently obtained personal information from you
from our websites, or from any other source, then we will delete that information as soon as possible.
Please contact us at privacy@huma.com if you are aware that we may have inadvertently collected
18
personal information from a child.
6. Risks and how we keep your personal information secure
The main risk of our processing of your personal information is if it is lost, stolen or misused. This
could lead to your personal information being in the hands of someone else who may use it
fraudulently or make public information that you would prefer to keep private.
Huma is committed to protecting your personal information from loss, theft and misuse. We take all
reasonable precautions to safeguard the confidentiality of your personal information, including
through use of appropriate organisational and technical measures. We have put in place appropriate
security measures to prevent your Personal Data from being accidentally lost, used or accessed in an
unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those
employees, agents, contractors and other third parties who have a business need to know. They will
only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Access to your information is limited in accordance with our agreement with your Healthcare
Provider.
In the course of provision of your personal information to us, your personal information may be
transferred over the internet. Although we make every effort to protect the personal information
which you provide to us, the transmission of information over the internet is not completely secure.
Please keep that in mind when providing data to us using the Internet. Once we have received your
personal information, we will use strict procedures and security features to prevent unauthorised
access to it.
Where we have given you (or where you have chosen) a password which enables you to access your
online account, you are responsible for keeping this password confidential. We ask you not to share a
password with anyone.
7. Changes to our privacy policy
Your use of the App signifies your acceptance of this Policy, and the terms and conditions that govern
it. If you do not agree to this policy, you must not use any of the content or the services offered
through the App.
We may update our privacy policy from time to time. Any changes we make to our privacy policy in
the future will be posted on this page and, where appropriate, notified to you by post or email. Please
check back frequently to see any updates or changes to our privacy policy.
This notice was last updated on 07 March 2024. We will contact you to let you know about any
substantive change.
8. Further questions and how to make a complaint
If you have any queries or complaints about our collection or use of your personal information, or if
you wish to exercise any of your rights in relation to your personal information, please contact us
using the information provided here. We will investigate and attempt to resolve any such complaint
or dispute regarding the use or disclosure of your personal information.
19
Huma Therapeutics Limited is a company based in the UK and registered under number 07725451,
with its registered office located at 13th Floor Millbank Tower, 21-24 Millbank, London, England,
SW1P 4QP.
Huma has appointed a DPO who is responsible for overseeing questions in relation to this privacy
policy. If you have any questions about this privacy policy or our privacy practices, including any
requests to exercise your legal rights, please contact us using the details shown below.
Please note that if you contact us in relation to processing in connection with which the Healthcare Provider
(as opposed to Huma) acts as a Data Controller, we will normally respond requesting that you forward your
request to the Healthcare Provider, as the Healthcare Provider will be better placed to respond.
Full name and address of legal entity: Huma Therapeutics Limited 13th Floor Millbank Tower,
21-24 Millbank, London SW1P 4QP
Email address: Please contact us at privacy@huma.com
In accordance with Article 77 of the General Data Protection Regulation, you may also make a
complaint to the Information Commissioner's Office, or the data protection regulator in the country
where you usually live or work, or where an alleged infringement of the General Data Protection
Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe
your rights have been breached.
20