General Data Protection Regulation (GDPR)
GDPR Privacy Notice
Who are we?
The Data Controller is the Soza Health Ltd. (“SOZA”), Unit 44, Cranfield Innovation Centre, Cranfield, MK43 0BT.
Our Data Protection Officer can be contacted directly here:
- Tim King
- 01234 619 242
The personal data we would like to collect from you and process is:
|Personal Data Type||Source|
|Contact information, to include: First name, last name, date of birth, Address, phone number(s), email address, address, mother’s maiden name, date of birth. 90 health measures collected as part of the health screening process.|
Contact information, to include: First name, last name, Address, phone number(s), email address.
|Collected as part of Data Subjects appointment setting and health assessment process by SOZA.|
Collected from Data Subjects register an interest in our services.
The personal data we collect will be used for the following purposes:
- Internal communications to SOZA customers including prospective customers engaged in the application process.
- Communications to non-customers who receive services from SOSZA or who interact with it.
Our legal basis for processing for the personal data (one or more of the following):
- Consent from Data Subject.
- Contractual obligation to the Data Subject.
- Vital interests of the Data Subject.
- Public interest.
- Legitimate interest of SOZA.
Any legitimate interests pursued by us, or third parties we use, are as follows:
- Processing your data readings to produce a personalized report that is not shared with a third party without your explicit consent, above and beyond and general GDPR consent provided.
- Use of anonymized data for analytics and medical research. Use of this data will be on the basis that it will not be possible to identify the source of the data.
Special categories of data
For medical reasons, we hold the following special categories of personal data. This is solely to allow us to take account of physiological differences that the data provides us in order to provide more accurate results:
- Ethnic origin
With respect to special categories of personal data; we do not collect and hold or process any Personal Data that could be classified as displaying one or more of the following attributes:
- Political opinions
- Religious beliefs
- Philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Data concerning a natural person’s sex life
- Sexual orientation
- Criminal convictions
We do not hold or process Personal Information relating to children under the age of 18.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Consent is required for SOZA to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
You may withdraw consent at any time by contacting the Data Protection Officer.
SOZA will not pass on your personal data to third parties without first obtaining your consent.
SOZA will process personal data for as long as you remain a customer of SOZA or remain in receipt of services rendered by SOZA and retaining your Personal Data is required in order to ensure service delivery. We will by default delete your Personal Data on expiration of our relationship with you, or if you require us to do so, subject to legislation in place that may require SOZA to retain your Personal Data for longer, for example the requirements of the Counter-Terrorism and Security Act 2015.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that SOZA refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.
Please read our Privacy Statement.
In the event that you wish to make a complaint about how your personal data is being processed by SOZA (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and SOZA’s Data Protection Officer.
The details for each of these contacts are:
|Supervisory Authority Contact Details||Data Protection Officer (DPO) Contact Details|
|Information Commissioners Office www.ico.org.uk|
0303 123 1113
|Unit 44, Cranfield Innovation Centre, Cranfield, MK43 0BT|