Privacy Policy
Cambridge Medical Innovation Ltd is a company registered in England and Wales with company number 12635344 and ICO registration number ZA768514, whose registered address is at Lewis House, Great Chesterford Court, Great Chesterford, Saffron, Walden CB10 1PF. If you have any questions about this policy, including any requests to exercise your legal rights, please contact us using the contact form on this website. This policy was last updated on 16 August 2023.
This policy explains the processing of personal data by us in relation to our information website and the DigiVis® web applications licenced to our customers (our Customer). For this purpose, DigiVis® web applications include any third-party web applications to which we provide access. When you use a DigiVis® web application to undertake a test provided to you by one of our Customers, such as a vision or hearing test, interactive questionnaire or any other test, we only receive limited information including the order ID, which is used to uniquely identify each customer order. We will not be able to identify you from this data, but our Customer may be able to do so. In the case that our Customer uses our systems to send you an invitation to undertake a test by email or SMS text, they will also provide us with your email address and / or mobile phone number for this purpose and with your consent. We do not store this information, but it may be logged by our third-party providers. In both cases, we act as a processor for our Customer. Please see the Privacy Policy of the Customer who provided you with access to the DigiVis® web application to understand how they process your data and your rights in relation to the same. The information we collect during the course of a test you undertake using a DigiVis® web application includes your age and the results of the test. Both we and our customer will have access to this information, but we will not be able to identify you from this data.
## How do you use my data? - **When you communicate with us via our information website** we may collect and process your Personal Data such as your phone number, email address and other information provided in the contact forms. We use this information based on our legitimate interest to process your request and to understand how you interact with us. - **When you use our information website** we may collect information about how you use our website. We use this information to improve our website and to better understand how people use it. In the normal course of connecting to our services, certain non-personal statistical information will be collected via the use of a third-party service. Such Analytics allows us to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to our websites. This information is only collected and processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our websites. We also collect visitor’s IP (internet) addresses (Log Files) to analyse trends and administer our website. Stored IP addresses are used based on our legitimate interest to enhance the security of our website by allowing authorised persons to inspect audit logs in the event of any security breach. - **When you apply for a job with us** we may collect your name, contact details, recruitment information (e.g. right to work documentation and references), test results (inc. psychometric), qualifications, accreditations and any additional information we may receive from our recruitment partners. We will use your personal information to assess your suitability for our available roles. We do this to perform our contract obligations or to take steps at your request, before entering into a contract. Where we process your right to work documentation, we will do so to comply with our legal obligations. - **If our business is sold**. We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you.
## Who do you share my data with? - **Business partners, suppliers, and investors** for the performance of the contract we enter into with them or you. - **Email or SMS service providers** to enable us to send you a test invitation or to send test results at your request. - **Promotional events and marketing organisations**, but we do not sell data for marketing purposes. - **Regulators/ Authorities/ Enforcement Agencies** if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection. - **Prospective buyers of our business** under our legitimate interest to ensure our business can be continued by the buyer.
## Where do you store my data? We store your data on third party servers which are based in the UK. When working with third parties we may need to transfer your personal data outside of the UK and / or EU. Whenever we transfer your personal information outside of the UK and the EU, we ensure it receives additional protection as required by law. To keep this policy as short and easy to understand as possible, we haven’t set out the specific circumstances when each of these protection measures are used. Please contact us using the contact form on this website for more detail on this.
## How long do you keep my data for? We will only retain your personal information for as long as we need it unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements. Information related to tests undertaken through a DigiVis® web application will be deleted no later than 7 years after the test date. In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to improve the way we work.
## What are my rights under data protection law? You have various other rights under applicable data protection laws, including the right to: - access your personal data (also known as a “subject access request”); - correct incomplete or inaccurate data we hold about you; - ask us to erase the personal data we hold about you; - ask us to restrict our handling of your personal data; - ask us to transfer your personal data to a third party; - object to how we are using your personal data; and - withdraw your consent to us handling your personal data. You also have the right to lodge a complaint with us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales. If you are based in the EU you can find your relevant supervisory authority here. Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.
## Cookie Policy Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also helps us make improvements. You are able to accept or decline our use of optional cookies,on our information website, where applicable, through the cookie banner which should open when you visit our website. We use the following cookies on our websites:
| App | Cookie Name | Type | Purpose | Duration |
|---|---|---|---|---|
| Portal | digivis_portal_session | Necessary | recognises user during session | 1 hour |
| Portal | XSRF-TOKEN | Necessary | prevent cross-site request forgery | 1 hour |
| DVA | digivis_session | Necessary | recognises user during session | 1 hour |
| DVA | XSRF_TOKEN | Necessary | prevent cross-site request forgery | 1 hour |
| DVA | CloudFront-Signature | Necessary | AWS Cloudfront signed URL cookie | session |
| DVA | CloudFront-Policy | Necessary | specifies the restrictions on the signed cookie | session |
| DVA | CloudFront-Policy-Key-Pair-Id | Necessary | used to verify the URL signature | session |
| DVA | disclaimer_acknowledged | Necessary | confirms disclaimer acknowledged | session |
| eye+dot | laravel_session | Necessary | recognises user during session | 1 hour |
| eye+dot | XSRF_TOKEN | Necessary | prevent cross-site request forgery | 1 hour |
| eye+dot | CloudFront-Signature | Necessary | AWS Cloudfront signed URL cookie | session |
| eye+dot | CloudFront-Policy | Necessary | specifies the restrictions on the signed cookie | session |
| eye+dot | CloudFront-Policy-Key-Pair-Id | Necessary | used to verify the URL signature | session |
© 2023 Cambridge Medical Innovation Ltd
Registered in England No 12635344 Lewis House Great Chesterford Court Great Chesterford Saffron Walden CB10 1PF
DigiVis is a registered trademark.
Registered in England No 12635344 Lewis House Great Chesterford Court Great Chesterford Saffron Walden CB10 1PF
DigiVis is a registered trademark.