BACK
Effective date: 01/03/2025
ieso ("We") are committed to protecting and respecting your personal data and privacy.
These Privacy Notices cover personal data processing of data collected via this Site (iesohealth.com) and reflect legal requirements and regulations.
[N.B. There are separate, different, more detailed Privacy Notices on our UK therapy site relevant to the collection and use of personal data in connection with receiving our online therapy services, and on the app for our digital products.
These Privacy Notices describe how the Ieso Digital Health group of companies (including Ieso Digital Health Limited and Ieso Digital Health, Inc.) (collectively, “ieso”, “we”, “us”, or “our”) handle your personal data that we collect through the use of this site. We are data controllers of your personal data and are registered with the Information Commissioner (registration numbers ZA239229 and Z5383093). If you require further information on anything below, please contact our Privacy team: info@iesohealth.com
Here we explain what personal data we collect, how it is used, shared, secured, stored, and how you can exercise choices and manage your personal data.
Information we collect from you
Information collected automatically from you as a result of your interactions with the Site
How we use collected information
Legal basis for processing your personal data:
We use your Personal Data only as permitted by law, for the purposes for which we collected it. Under the UK General Data Protection Regulations the different purposes of processing your data collected here are legally permitted under Article 6 (1) (a) consent or Article 6 (1) (b) contract.
ieso takes care to ensure that only the right people have access to your personal data. We have internal procedures in place to safeguard your privacy and anyone within ieso receiving information about you will be under an equal legal duty to keep it confidential.
We will always seek your permission ahead of disclosing any information that identifies you directly to any other person ororganisation or for any other reason than those set out in this policy without your knowledge or permission unless we have an overriding legal duty to do so.
In the event that we undergo re-organisation or all or a part of our business is sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party, whether such acquisition is by way of merger, consolidation, or purchase of all or a portion of our assets, or in connection with any bankruptcy or reorganization proceeding brought by or against us.
We may disclose aggregate statistics about visitors to the Site in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
We place great importance on the security of personal information. We have put controls in place to safeguard your personal information, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal information under our control.
We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We have achieved the International Standard certification for Information Security (ISO 27001) and maintain the Cyber Essentials Plus certification.
We use a small number of well-known Softwareas a Service (SaaS) providers to store your information enabling the use of information described in these notices. We have rigorous 3rd party supplier processes in place to ensure your data is secure and your data protection rights are upheld.
We retain your account data for specific durations based on the type of data and its use. We follow a criteria-based approach, retaining information as long as necessary to fulfil the purposes for which it was collected and comply with legal obligations. When your data is no longer needed, we will securely delete it.
We seek where possible to prevent any transfers of your personal information to countries which do not have adequate data protection standards.
The European Commission makes decisions on the adequacy of the protection of personal data in third countries and have decided that personal data can flow safely between countries in the European Union, the European Economic Area (EEA), and other listed territories without any further safeguards being necessary. Post UK departure from the EU, the UK has been granted adequacy by the EU, and the UK has accepted the European Commission’s adequacy decisions for the UK too, and also included Gibraltar.
If we transfer your Personal Data out of the EEA and the UK to a country not deemed by the relevant regulatory authority to provide an adequate level of personal information protection, the transfer will be performed (i) pursuant to the recipient’s compliance with standard contractual clauses or Binding Corporate Rules; (ii) pursuant to your consent; or (iii) as otherwise permitted by applicable data protection requirements.
Data protection law provides you with rights that ieso is committed to supporting you with. These rights may be available to you:
PLEASE NOTE that these rights are not absolute in all situations and may be subject to conditions and provisions set out in data protection laws. For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
A cookie is a small data file stored by your browser on your device's hard disk for record-keeping purposes and typically includes a unique reference code that relates to, or is accessed from, a user's device and that enables that device to be remembered when next visiting the same site.
Cookies that are necessary for functionality, security and accessibility, are set and cannot be turned off by you.
You can ‘manage preferences’ via our cookie banner regarding analytics and targeting cookies. We rely on consent as our UK lawful basis for processing the information collected for the optional cookies we use.
You can read more about how we use cookies, and how to change your preferences, by visiting our cookies policy.
You can also change your browser settings to prevent any automatic acceptance of cookies, or to notify you each time a cookie is set. You can learn more about cookies by visiting www.allaboutcookies.org which includes additional information on cookies and how to block them using different types of browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the site.
Questions, comments and requests regarding these privacy notices or data protection should be addressed to our Privacy Team: info@iesohealth.com
We reserve the right to change these privacy notices from time to time by changing it on the Site and we may provide you notice of these changes by any reasonable means, including by providing notice through the Site. By continuing to access, browse or use the Site, you confirm your acceptance of the revised privacy policy. We strongly recommend that you periodically visit this page of the Site to review this privacy policy.
It is important that the personal data we hold about you is accurateand current. Please keep us informed if your personal data changes during your relationship with us.
Our site may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.