• AfterTrauma Recovery App
• AfterTrauma Recovery App privacy statement

AfterTrauma Recovery app privacy statement

PRIVACY POLICY

Queen Mary University of London (QMUL) and Soda Ltd. built the After Trauma recovery app (“the app”) as a free app. This resource is provided by QMUL and Soda Ltd. at no cost and is intended for use as is.

QMUL, located at Mile End Rd, London E1 4NS, is the body responsible under data protection regulations. In other words, we decide on the purpose and means of processing user data and are responsible for security and compliance with existing laws. Our use and handling of personal user data on the app is compliant with the European Union’s General Data Protection Regulation (GDPR).

This page is used to inform potential app users regarding our policies with the collection, use, and disclosure of personal information.

If you choose to use our app, then you agree to the collection and use of information in relation to this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

The personal information that we collect is used for providing and improving the app. Anonymised usage data that is collected may be used to both improve the app and to inform research and analysis that improves academic and clinical understanding of how people recover from major injury. This data will only by used by Soda Limited, Barts Health NHS Trust and Queen Mary University of London. This research will be used mainly to determine and improve techniques for helping trauma survivors recover from their injuries.

INFORMATION COLLECTION AND USE

Users can download the app and look at the general information provided there without inputting any personal information.  However, in order to gain access to other app features such as the Chat room function, users will need to register. Registration requires the provision of: an email, password, your age, sex, avatar image, and a public description of yourself of your own choosing. You also have the option of indicating what body parts are injured. The purpose of this latter bit of information is to potentially help other people with similar injuries find you in the Chat room.

Personal data is stored on your device. It is also sent securely to a server and encrypted in transit via https or secure web socket (WSS).  Each data transfer, without exception and by default, is encrypted during transfer using HTTPS (hypertext transfer protocol secure) or secure web socket (WSS). This ensures that your data is not intercepted by unauthorized third parties. Passwords are encrypted on the server itself.

When you are using the app, Log Data is generated and sent to the server which includes the time and date of use.

All data that requires no personal reference for supporting the app’s functions (e.g. for research and analysis) is subject to anonymization. This prevents a connection to a specific user being made in all cases.

Chats are also saved to the server but are only linked by a numerical ID. My Recovery data, Diary entries, My Challenges, My Rehab info entered into the app all stays on the phone and the user must assume responsibility for access to that data on their own device. You can uncheck the “stay logged in” option in 'Settings' if you wish to make that data inaccessible to anyone else using your device.

You can also choose to disable notifications in some or all of the Challenges you decide to undertake, if you do not wish these notifications to appear when the device is locked but on show.

The server is Digital Ocean Lon1, which is located in London. You can read Digital Ocean’s privacy policy here: https://www.digitalocean.com/legal/privacy-policy/ and find out more about how Digital Ocean complies with the EU’s General Data Protection Regulations (GDPR) requirements here: https://www.digitalocean.com/legal/gdpr/ 

Digital Ocean also complies with the International Organisation for Standardisation (ISO) standard ISO/IEC 27001:2013 which sets out the requirements for establishing, implementing, maintaining and continually improving an information security management system. You can find their certificate of compliance with this ISO standard here: https://www.digitalocean.com/legal/compliance/

The only personal data that will be shared outside of the app is the data that you choose to export/share with others.

The app does use third party services that may collect information used to identify you – those services are the Google Play and Apple Store shops from where you can download the app. The Google privacy policy can be found here, and the Apple privacy policy here.

How long your personal data is kept

User data will be stored as long as necessary to support the app’s functions.

Each user has the right to request a copy of all the personal information held about them on the server. To do so, please contact info@aftertrauma.org

Each user has the right to request the deletion of their personal data.  To do so, please contact info@aftertrauma.org

Confidentiality breaches

If you are concerned that your data confidentiality might have been breached in some way or that we are not protecting your data protection rights adequately, please contact us at info@aftertrauma.org  at any time, and we will respond to your request by the next working day.  Similarly, if we become concerned that a confidentiality breach may have occurred that you should be aware of, we will contact you by the next working day after this suspected breach has come to our notice.

COOKIES

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

The AfterTrauma app does not use these "cookies" explicitly. However, the app includes links to websites that may use cookies. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device.

LINKS TO OTHER SITES

This resource may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

SERVICE PROVIDERS

We may employ third-party companies and individuals as cooperation partners to help us with for example:

• Providing customised versions of this app, for example in different languages or using content that is tailored to the needs of users in different countries;
• To assist us in analysing how the app is used so it can be improved;
• To better understand how people recover from serious injury.

Our cooperation partners will be bound by agreements signed with us as well as by the GDPR and will only use data according to our instructions. They will be obligated not to disclose or use the information for any other purpose.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.