Privacy Policy 2021

ALCURIS PRIVACY NOTICE November 2021

Alcuris Privacy Notice
Effective Date: 23rd November 2021.
At Alcuris, trust is our #1 value. This Alcuris Privacy Notice (“Privacy Notice”) explains our privacy practices for the activities described herein. Please read this Privacy Notice carefully to learn how we collect, use, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding your Personal Data.
Alcuris is committed to protecting the rights and freedoms of data subjects and to process personal data safely and securely in accordance with all of its legal obligations. Alcuris values a data subject’s right to control what personal information is collected about them and how this information is used. Alcuris believes that responsible stewardship of the information entrusted to it is crucial in developing and maintaining the public trust essential for the continued success of the processes it digitally enables.
Alcuris is committed to ensuring it always does the right thing for its platform users and the data subjects regarding whom data may be processed using the Alcuris platform to support intelligent care decisions.

To this end, Alcuris is committed not only to the letter of the law but also to the spirit of the law and places the highest possible premium on its correct, lawful, and fair handling of all Personal Data provided through its platform; respecting the legal rights, privacy, and trust of every individual with whom its customers and data subjects choose to engage by consent.
Because what Alcuris does as a digital enabler is built on trust, it cannot ever afford to get privacy wrong. Policy purpose The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the policy you may wish to cease viewing / using the Service, and or refrain from submitting your personal data to us. Policy key definitions: • “I”, “our”, “us”, or “we” refer to the business, Alcuris, an Access Group company and its relevant affiliate involved in the collection, use, sharing, or other processing of Personal Data. • “You”, “the user” refer to the person(s) using an Alcuris Service. • GDPR means UK General Data Protection Act. • PECR means Privacy & Electronic Communications Regulation. • ICO means UK Information Commissioner’s Office. • Cookies mean small files stored on a user’s computer or device.
• ALCURIS means Alcuris Limited, an Access Group company, registered in the UK with Company Number 09895397, having its principal place of business at 5 Oakwood Drive Loughborough LE11 3QF, UK.
Responsible Alcuris entity
Alcuris is the controller of your Personal Data as described in this Privacy Notice, unless specified otherwise.

This Privacy Notice does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates) otherwise collect, use, share or process Personal Data via our products and services.
For detailed privacy information related to a Alcuris customer or a customer affiliate who uses Alcuris products and services as the controller, please contact our customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Notice.
Processing activities covered
This Privacy Notice applies to the processing of Personal Data collected by us when you:
• Visit our websites;
• Visit our branded social media pages;
• Visit our offices;
• Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls, or texts;
• Download, log into or use our products and services as an authorised user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data;
• Act as or work for a service provider or supplier to Alcuris, to the extent Alcuris acts as a controller with respect to your Personal Data;
• Participate in surveys, research or other similar data collection facilitated by us.
Our websites and services may contain links to other websites, applications, platforms, and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.
Please note Processing of Personal Data is required for receiving certain products or services.
Personal data
Alcuris defines Personal Data as the broader of the definitions contained in the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).
While some data will always relate to an individual, other data may not, on its own, relate to an individual. Such data would not constitute Personal Data unless it is associated with, or made to relate to, a particular individual. Generic information that does not relate to a particular individual may also form part of an individual’s Personal Data when combined with Personal Data or other information to enable an individual to be identified.
Alcuris defines Sensitive Personal Data as the broader of the definitions contained in the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR). Any use of sensitive Personal Data is strictly controlled in accordance with this Privacy Notice.
In seeking to protect personal data and ensure Alcuris personnel understand the rules governing its use of the personal data to which they have access in the course of their work; staff are required to ensure the Alcuris Data Protection Officer (DPO) is consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

All information supplied to or through Alcuris’ intelligent platform to whom the individual has given consent, is processed, and protected by Alcuris in accordance with the current applicable data protection laws and security best practice.
What Personal Data do we collect?
The Personal Data we collect directly from you for a variety of legitimate reasons when you provide it to us, when you use our Services, and when other sources provide it to us, includes but may not be limited to identifiers, professional or employment-related information, financial account information, commercial information, visual information, and activity information, among others. We collect such information in the following situations: Information you provide to us
If we hold or process data about you as a user, it’s typically because you input it into the Services or otherwise provided it directly to us usually for one or more of the following:
1. You have been invited to provide personal information as part of a telecare monitoring programme to which you have given your consent, utilising the Alcuris platform to digitally enable your interactions by appropriate mutual consent.
2. You’re a business or local authority using Alcuris’ Connec+ platform.
3. Data relating to you is shared by an external trusted data source where appropriate consent has been given by the individual for the passing of information about them.
4. If you express an interest in obtaining additional information about our services; request customer support (including accessing the Help & Training Portal); use our “Contact Us” or similar features; register to use our websites or to receive communications; sign up for an event, webinar or contest; participate in a program or survey; act as an authorized user for our products and services; or download certain content, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
5. If you make purchases via our websites or register for an event or webinar, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information; If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers), which may qualify as Personal Data (please see Section 4 below) using cookies, web beacons, or similar technologies;
6. If you use and interact with our products and services, we collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data;
7. If you communicate with us via a phone call, we may record that call in accordance with applicable laws;
8. If you attend an event or visit our offices, we may collect your image or video;
9. If you voluntarily submit certain information to us, such as filling out a survey, responding to a questionnaire or participating in other forms of research, we may collect the information you have provided as part of that request, which may include special categories of Personal Data, to the extent you voluntarily choose to provide it;
10. If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival; or
11. If you are a supplier or service provider to Alcuris (or work for a supplier or service provider), you may also be required to provide us with Personal Data such as your contact details and payment and billing information.

In practise, you will usually provide us with your data via: Account and Profile Information: information collected about you when you register for an account, create, or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. We keep track of your preferences when you select settings within the Services. Content you provide through our services: information collected about you that you may choose to provide through your use of the Services. Content you provide through our websites: The Services also include the websites owned or operated by us. We collect other content that you submit to these websites, which may include social media or social networking presences operated by us. Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of the Alcuris team directly or otherwise engage with our support team, you may be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue. Payment Information: We collect payment and billing information when you register for or purchase certain paid Services including name and contact information and billing or payment information, such as payment card details (which we collect via secure payment processing services). Information we collect automatically when you use the Services We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services. Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information may include the pages you visit. Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services including IP address. Cookies and Other Tracking Technologies: Alcuris may use cookies and other tracking technologies to provide functionality and to recognise you across different Services and devices. Information we receive from other sources
We also collect information about you from other sources including third parties. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, health and/or social care information, commercial information, visual information, internet activity information, and inferences about preferences and behaviours.
The data protection principles we work to
Alcuris seeks to comply with the principles of data protection (the Principles) enumerated in the UK GDPR and Data Protection Act 2018 (DPA 2018) and makes every effort possible in all that we do to do so.
The Principles are:
1. Lawful, fair, and transparent – data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
2. Limited for its purpose – data will only be collected for a specific purpose.
3. Data minimisation – any data collected must be necessary and not excessive for its purpose.
4. Accurate – the data we hold must be accurate and kept up to date.
5. Retention – we will not store data longer than necessary.
6. Integrity and confidentiality – the data we hold will be kept safe and secure.
What we do with data
We aim to put data on our users side. We use it for good, to help individuals and their carers achieve their mutual goals. As part of our commitment to transparency, we explain through our Privacy Policy how users can find out about the data we may hold and what their rights are in relation to it.
Purposes for which we process Personal Data and the legal bases on which we rely
We collect and process your Personal Data (including, where legally permissible, special categories of Personal Data) for purposes which include those listed before. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where: • We need it to provide you the Services, including to operate the Services, provide customer support and personalised features and to protect the safety and security of the Services; • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; • You give us consent to do so for a specific purpose; or • We need to process your data to comply with a legal obligation.
Where required by law, we obtain your consent to use and process your Personal Data for the below purposes. Otherwise, we rely on another authorised legal basis (including but not limited to the (a) performance of a contract or (b) legitimate interest) to collect and process your Personal Data as further detailed below.
• Providing and promoting our websites and services (including necessary functionality): We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfil our obligations under the applicable terms of use and service; if we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and services and to provide you with content you access and request (e.g., to download content from our websites);
• Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the services, websites, systems and applications and the security of Alcuris generally, and in protecting our rights and the rights of others;
• Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
• Handling contacts and user support requests: If you request user support, or if you contact us by other means including but not limited to via phone, we process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
• Managing payments: If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you;
• Contract fulfilment: We may process your Personal Data for the purposes of fulfilling our contract with you or your employer (e.g., if you are an authorised user of our products and
services or work for a customer of or supplier to Alcuris). We do this where it is necessary for the performance of the relevant contract;
• Reviewing compliance with applicable usage terms: We process your Personal Data to validate that you are a licensed user and to review compliance with the applicable usage terms in our customer’s or user’s contract to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
• Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
• Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
• Administering surveys and conducting research: We process your Personal Data (including special categories of Personal Data) in order to meet the goals, set out in surveys or research as well as to analyse our compliance with internal policies. If required under applicable law, we will obtain your consent to process your responses;
• Sending communications: We will process your Personal Data or device and usage data, which in some cases may be associated with your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us, including information about our products, promotions, news or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent;
• Collection of diversity information: We may process your Personal Data (including special categories of Personal Data) to the extent you voluntarily consent to provide it to meet our broader community-minded goals related to diversity and equality of opportunity. If required under applicable law, we will obtain your consent or explicit consent; and
• Compliance with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites or services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you. How we store and secure information we collect
Information storage and security We use industry standard technical and organisational measures to secure the information we store. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. How long we keep information How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or de-identify your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about you. Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain. Managed accounts: If the Services are made available to you through an organisation (e.g., your employer), we retain your information as long as required by the administrator of your account. Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Alcuris account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How users can access, amend, or take back the personal data they have provided using Alcuris
The Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) exist to protect and clarify the rights of individuals with regards to data privacy. This means that users retain various rights in respect of their data, even once they have given it to us. Users have rights to their data which we must respect and comply with to the best of our ability.
Under the UK GDPR your rights are as follows: • the right to be informed; • the right of access; • the right to rectification; • the right to erasure; • the right to restrict processing; • the right to data portability; • the right to object; and • the right not to be subject to automated decision-making including profiling. You also have the right to complain to the UK ICO if you feel there is a problem with the way we handle your data.

Consent
In certain circumstances, Alcuris may be required to obtain consent to the processing of personal data in relation to certain activities. Depending on exactly what the Alcuris platform may do with that information, this consent will be opt-in consent or soft opt-in consent.
Article 4(11) of the UK GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

In plain language, this means that data subjects must:
1. be able to give their consent freely, without it putting them under any type of pressure;
2. know what they are consenting to – so Alcuris will make sure enough information is provided to allow an informed choice to be made both where it is required and where it is appropriate;
3. have control over which processing activities they are consenting to and which they don’t. Alcuris enables these finer controls within its privacy preferences; and
4. take positive and affirmative action in giving their consent to ensure this obligation is met in a clear and unambiguous fashion.
Alcuris will keep records of the consents it is given in this way. In some cases, Alcuris will be able to rely on soft opt-in consent. Our policy towards children Alcuris Services are not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. Email marketing messages & subscription Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you. Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P. addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign. Any email marketing messages we send will be in accordance with the GDPR and the PECR. We will provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences. How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection or as long as required to fulfil our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorised use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data. How you can access your information (Subject Access Request) You can request a copy of the information that we collect and maintain about you and your business by sending us an email to privacy@alcuris.co.uk. If you request your information to be edited or removed from our systems, we will do this free of charge. Your requests and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have

your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to the UK data protection authority. Who’s responsible at Alcuris
Alcuris is both a data controller and processor for the personal data users may process through the Alcuris platform to which this statement applies. Alcuris’ Data Protection Officer has overall responsibility for the day-to-day implementation of this privacy policy. Alcuris will deal with any data subject request received without undue delay and in any event within one month (subject to any extensions to which we are lawfully entitled).
How to contact your local supervisory authority
If you are not satisfied with Alcuris’ response or believe it has not processed your personal data in accordance with UK law and the requirements of the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR); data subjects can complain directly to:
The UK Information Commissioner’s Office Alcuris is registered with the ICO under the Data Protection Register, under registration number is: A8391959. The ICO can be contacted in any of the following ways:
• Phone: 0303 123 1113
• Email: casework@ico.org.uk
• Web: www.ico.org.uk
• Post: Information Commissioner’s Office, Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF. UK
Changes to our privacy policy We may change this privacy policy from time to time. We will post any privacy policy changes to our Service pages and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy. If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s).
How to contact Alcuris By Mail to: Alcuris, ATIC, 5 Oakwood Drive, Loughborough, LE11 3QF, UK By Email to: privacy@alcuris.co.uk