Initial Effective Date: January 30, 2020 (GMT)
Latest Revised Date: February 19, 2020 (GMT)
In terms of regulations we have:
- Class 1 medical device certification
- Compliance with DCB 0129 and DCB 0160, which are two standards issued by NHS Digital.
- We have carried out a risk assessment on our technology
- Hazzard logs completed
- Clinical Safety Case completed
- This means we have now evidenced the clinical safety of our product and by completing the Clinical Risk Management: its Application in the Manufacture of Health IT Systems
Note that, in the main, the two standards have got little to do with security, privacy or information governance. Those are covered by other standards and frameworks such as ISO 27001. DCB 0129 and DCB 0160 are strictly about safety, i.e. ensuring that the system doesn’t cause patient harm.
UControlHealth respects the privacy of every person who visits are websites (http://ucontrolhealth.com/ or http://www.ucontroldrink.com/ or registers on our UcontrolDrink app. We are committed to making a safe online and mobile experience for our users.
Purpose of our Policy
Who are we and what do we do?
The UcontrolHealth website, the UcontrolDrinkApp are provided by UControlHealth. UControlHealth is a Medtech company who create web and mobile-based platforms that focus on mental health and addiction and was registered in the Republic of Ireland, registration number 528514 on June 5th 2013 at registered address 173 Rathgar Road Rathgar, Dublin 6, Ireland. Our first app is UcontrolDrink. The UControlHealth development team brings together expertise in clinical practice, research, business, and technology development. The overall design and implementation of the platform has been headed by Dr. Conor Farren, Consultant Psychiatrist and Professor of Psychiatry, Trinity College Dublin.
How to contact us?
The Data Protection Officer,
173 Rathgar Road Rathgar, Dublin 6, Ireland
We do not share any of your information that you give us with any third parties.
UControlHealth uses some software analysis tools to help identify and prevent app problems. UControlHealth does not share personal or identifying information with any of the vendors of these tools.
In using a UControlHealth mobile app for the first time, it is your responsibility to set a passcode on your device to help keep your information safe and it is your responsibility to keep your password safe.
What personal information do we collect about you and how do we use it?
Our primary goal in collecting personal information from you is to verify your identity.
We collect and maintain personal information that you voluntarily submit to us during your registration ie email, password and gender. This information is encrypted.
We also store up to 4 weeks of your data under “Weekly Stats” on a database, which you can retrieve on your mobile device. This data that you input on the mobile app ie the number of drinks recorded or not and your list of recovery activities is stored on our cloud server based in the UK.
You can volunteer to provide us with additional personal information about you when you are being onboarded on our Ucontroldrink website such as, you can give your name or not but you must use an email of your choosing to onboard. You can also elect to input information into the app regarding your drinking habits, recovery activities, use of our CBT sessions or your motivations to change.
This data is stored in a data base on a cloud server in the UK. Your clinician/service worker who onboarded you may view this information for the purposes of helping you with your recovery.
UControlHealth may generally examine this information to see which features are working best for users so we can improve outcomes for current and subsequent users.
How long do we keep your personal information for?
We keep your personal information for 2 years for the purposes of improving features to improve outcomes for current and subsequent clients. If you request, we will delete your personal information. To do this email us at email@example.com or write to us by post at:
The Data Protection Officer,
173 Rathgar Road Rathgar, Dublin 6,
Confidentiality and security of your personal information
We are committed to keeping the personal information you provide to us secure. We will take reasonable precautions to protect your personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:
- unauthorised access
- improper use or disclosure
- unauthorised modification
- unlawful destruction or accidental loss
All of our employees and data processors, who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our technology.
If there is ever a data breach due to a hack for example, we will contact you immediately to let you know it happened and how we will rectify the breach.
All personally identifiable data is encrypted in transit between the device and any developer host storage. To see who has access to this data, go to section “What personal information do we collect about you and how do we use it”
How to access your information and your other data rights?
You have the following rights in relation to the personal information we hold about you:
Your right of access.
If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to erasure.
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).
Your right to restrict processing.
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing it. It won’t stop us from storing your personal information though. We’ll tell you before we lift any restriction.
Your right to withdraw consent.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority.
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the UK Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
If you are thinking about or committing harm or suicide or if you feel that you may be a danger to yourself or to others or if you otherwise have any medical or mental health emergency or if you are in a crisis or trauma or abuse, please discontinue use of the service immediately and call the relevant emergency number in your country for example in the UK, you can find your suicide emergency number at:
Citizens Advice Bureau
Other useful contacts:
Alcoholics Anonymous: 0800 917 7650
Al-Anon: 020 7403 0888
Help for family and friends
Family Lives: 0808 800 2222
NHS Helpline: 111
Talk to Frank: 0300 123 6600
Free drugs advice
We strongly recommend that you allow notifications when onboarding to the app or in the UcontrolDrink App in the application manager settings of your mobile device to get the latest UcontrolDrink App text messages/notifications, which are evidenced based and proven to help in your recovery.
The GDPR sets out the key principles about processing personal data for patients.
- Data must be processed lawfully, fairly and transparently.
- It must be collected for specific, explicit and legitimate purposes.
- It must be limited to what is necessary for the purposes of which it is processed.
- Information must be accurate and kept up-to-date.
- Data must be held securely.
- It can only be retained for as long as necessary for the reasons this it was collected.
There are also stronger rights for patients regarding the information that companies hold about them these include:
- Being informed about how their data is used.
- Users to have access to their own data.
- Users can ask to have incorrect information changed.
- Restrict how their data is used.
- The right to object to their information being processed in certain circumstances.
These terms and conditions are the contract between you and UControl Health Ltd. (“us”, “we”, etc). By visiting or using Our Website, or signing up for our Services, you agree to be bound by them.
We are a Limited Liability Company, registered in Ireland, number 528514.
Our address is 173 Rathgar Road, Rathgar, Dublin 6, Ireland
You are: Anyone who uses Our Website or buys any service from us.
Under 18 years? Sorry, but we deal only with people who are legally able to enter into a binding contract.
These are the agreed terms
“Content” – means the textual, visual or aural content that is encountered as part of your experience on Our Website. It may include, among other things: text, images, sounds, videos and animations. It includes Content Posted by you.
“Intellectual Property” – means intellectual property owned by us, of every sort, whether or not registered or registrable in any country, including intellectual property of all kinds coming into existence after today; and including, among others, patents, trademarks, unregistered marks, designs, copyrights, software, domain names, discoveries, know-how, creations and inventions, together with all rights which are derived from those rights.
“Our Website” – means any website or service designed for electronic access by mobile or fixed devices which is owned or operated by us or any member of our group of companies. It includes all of the hardware and software installations that enable our website to function.
“Post” – means place on or into Our Website any Content or material of any sort by any means.
“Services” – means all of the services available from Our Website, whether free or charged.
In this agreement unless the context otherwise requires:
2.1. the headings to the paragraphs and schedules (if any) to this agreement are inserted for convenience only and do not affect the interpretation.
2.2. any agreement by either party not to do or omit to do something includes an obligation not to allow some other person to do or omit to do that same thing.
2.3. this agreement is made only in the English language. If there is any conflict in meaning between the English language version of this agreement and any version or translation of this agreement in any other language, the English language version shall prevail.
3.1. Data Protection We respect your right to privacy in relation to your interactions with this website and app. Any information which is provided by you will be treated in accordance with the terms of The Data Protection Acts 1988 & 2003 (“The Acts”) and Statutory Instrument Number 336 of 2011 European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011 (“SI 336/2011”), and any implementing and/or amending legislation as may be adopted in Ireland from time to time.
3.2. Maximising Your Privacy We have designed our website to work with anonymised data such as user name and email address. You do not have to use your own name – in fact we suggest that you use a user name meaningful to yourself but which does not identify yourself. You may use your own email address, or choose a new email address if you wish to maximise your privacy.
3.3. What we do with the information we gather: We use this anonymised data to understand your needs and provide you with a better service.
3.4. Security: We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
3.5. Cookies: This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies”, which are text files placed on your computer, to collect standard internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for E-therapy Health.
3.6. PII and IP Addresses We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a form on our website.
3.7. Controlling your personal information: If at any time after giving us information you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you are free to notify us, and we will remove or rectify the information within a reasonable time.
3.8. You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held on you please write to:
The attention of the Chief Security Officer
173 Rathgar Road
3.10. UControlDrink reserves the right in its sole discretion to amend this privacy statement at any time, and you should regularly check this privacy statement for any amendments.
4. Security of Our Website
If you violate Our Website we shall take legal action against you.
You now agree that you will not, and will not allow any other person to:
4.1. modify, copy, or cause damage or unintended effect to any portion of Our Website, or any software used within it.
4.2. link to our site in any way that would cause the appearance or presentation of the site to be different from what would be seen by a user who accessed the site by typing the URL into a standard browser;
4.3. download any part of Our Website, without our express written consent;
4.4. collect or use any product listings, descriptions, or prices;
4.5. collect or use any information obtained from or about Our Website or the Content except as intended by this agreement;
4.6. aggregate, copy or duplicate in any manner any of the Content or information available from Our Website, other than as permitted by this agreement or as is reasonably necessary for your use of the Services;
4.7. Despite the above terms, we now grant a licence to you to:
4.7.1. create a hyperlink to Our Website for the purpose of promoting an interest common to both of us. You can do this without specific permission. This licence is conditional upon your not portraying us or any product or service in a false, misleading, derogatory, or otherwise offensive manner. You may not use any logo or other proprietary graphic or trademark of ours as part of the link without our express written consent.
4.7.1. you may copy the text of any page for your personal use in connection with the purpose of Our Website or a Service we provide.
5. Viruses, hacking and other offences
5.1. You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack.By breaching this provision, you would commit a criminal offence under legislation. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
5.1. We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any material posted on it, or on any website linked to it.
6. Interruption to Services
6.1. It may be necessary for us to interrupt the Services at any time for a period.
6.2. You acknowledge that the Services may also be interrupted for many reasons beyond our control.
6.3. You agree that we are not liable to you for any loss, foreseeable or not, arising from any interruption to the Services.
7. Intellectual Property
7.1. Not use any part of the materials on our site for commercial purposes without obtaining a licence to do so from us;
7.2. not to cause or permit anything which may damage or endanger our title to the Intellectual Property;
7.3. inform us of any suspected infringement of the Intellectual Property;
7.4. indemnify us for any loss or expense arising from your misuse of the Intellectual Property;
7.5. not use any name or mark similar to or capable of being confused with any name or mark of ours;
7.6. far as concerns software provided or made accessible by us to you, you will not:
7.6.1. copy, or make any change to any part of its code;
7.6.2. use it in any way not anticipated by this agreement;
7.6.3. give access to it to any other person than you, the licensee in this agreement;
7.6.4. in any way provide any information about it to any other person or generally.
7.7. not use the Intellectual Property except directly as anticipated by us in provision of the Services.
8. Disclaimers and limitation of liability
8.1. The law differs from one country to another. This paragraph applies so far as the applicable law allows.
8.2. All implied conditions, warranties and terms are excluded from this agreement. If in any jurisdiction an implied condition, warrant or term cannot be excluded, then this sub paragraph shall be deemed to be reduced in effect, only to the extent necessary to release that specific condition, warranty or term.
8.3. Our Website and our Services are provided “as is”. We make no representation or warranty that the Service will be:
8.3.1. useful to you;
8.3.2. of satisfactory quality;
8.3.3. fit for a particular purpose;
8.3.4. available or accessible, without interruption, or without error.
8.4. We claim no expert knowledge in any subject. We disclaim any obligation or liability to you arising directly or indirectly from information you take from Our Website.
8.5. We make no representation or warranty and accept no responsibility in law for:
8.5.1. accuracy of any Content or the impression or effect it gives;
8.5.2. delivery of Content, material or any message;
8.5.3. privacy of any transmission;
8.5.4. third party advertisements which are posted on Our Website or through the Services;
8.5.5. the conduct, whether online or offline, of any user of Our Website or the Services;
8.5.6. failure or malfunction of computer hardware or software or technical equipment or system connected directly or indirectly to your use of the Services;
8.5.7. any act or omission of any person or the identity of any person who introduces himself to you through Our Website;
8.5.8. any aspect or characteristic of any goods or services advertised on Our Website;
8.6. You agree that in any circumstances when we may become liable to you, the limit of our liability is the amount you have paid us in the immediately preceding 12 month period for the Services concerned.
8.7. Except in the case of death or personal injury, our total liability under this agreement, however it arises, shall not exceed the sum of €500. This applies whether your case is based on contract, tort or any other basis in law.
8.8. We shall not be liable to you for any loss or expense which is:
8.8.1. indirect or consequential loss; or
8.8.2. economic loss or other loss of turnover, profits, business or goodwill even if such loss was reasonably foreseeable or we knew you might incur it.
8.9. This paragraph (and any other paragraph which excludes or restricts our liability) applies to our directors, officers, employees, subcontractors, agents and affiliated companies as well as to us.
8.10. If you become aware of any breach of any term of this agreement by any person, please tell us by email. We welcome your input but do not guarantee to agree with your judgement.
9. You indemnify us
9.1. your failure to comply with the law of any country;
9.2. your breach of this agreement;
9.3. a contractual claim arising from your use of the Services
9.4. a breach of the intellectual property rights of any person;
9.5. and for the purpose of this paragraph you agree that the cost of our management and technical time is properly recoverable and can reasonably be valued at €250 per hour without further proof.
10. Dispute resolution
In this paragraph the term “ADR Provider” means an approved body under the European Union (Online Dispute Resolution for Consumer Disputes) Regulations 2015
10.1. If you are not happy with our services or have any complaint then you must tell us by email and we will use our best efforts to resolve it.
10.2. If a dispute is not settled as set out above, we hope you will agree to attempt to resolve it by engaging in good faith with the other in a process of mediation or arbitration.
10.3. We can propose an ADR Provider or will listen to your proposal. If you are in any way concerned, you should read the regulations at http://ec.europa.eu/consumers/odr/
11. Miscellaneous matters
11.1. If any term or provision of this agreement is at any time held by any jurisdiction to be void, invalid or unenforceable, then it shall be treated as changed or reduced, only to the extent minimally necessary to bring it within the laws of that jurisdiction and to prevent it from being void and it shall be binding in that changed or reduced form. Subject to that, each provision shall be interpreted as severable and shall not in any way affect any other of these terms.
11.2. The rights and obligations of the parties set out in this agreement shall pass to any permitted successor in title.
11.3. If you are in breach of any term of this agreement, we may:
11.3.1. publish all text and Content relating to the claimed breach, including your name and email address and all correspondence between us and our respective advisers; and you now irrevocably give your consent to such publication.
11.3.2. terminate your account and refuse access to Our Website;
11.3.3. remove or edit Content, or cancel any order at our discretion;
11.3.4. issue a claim in any court.
11.4. No failure or delay by any party to exercise any right, power or remedy will operate as a waiver of it nor indicate any intention to reduce that or any other right in the future.
11.5. You agree that we may disclose your information including assigned IP numbers, account history, account use, etc. to any judicial or proper legal authority who makes a written request without further consent or notification to you.
11.6. Any communication to be served on either party by the other shall be delivered by hand or sent by first class post or recorded delivery or by e-mail. It shall be deemed to have been delivered if sent by registered post to the correct address: within 72 hours of posting.
11.7. This agreement does not give any right to any third party.
11.8. The validity, construction and performance of this agreement shall be governed by the laws of the Republic of Ireland.