Privacy Policy

ORCHA Data Protection Principles

ORCHA respects the privacy and confidentiality of all users who engage with the ORCHA App Review platform, or organisations who engage in partnership or project work with ORCHA.

There are seven keys principles that underpin Data Protection legislation:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

These principles are central to how we store, manage and process data at ORCHA.

ORCHA strives to ensure that all data that is shared with us is treated with respect for personal, and client, privacy and protected in line with all our legal responsibilities and recognised best practice standards and processes.

ORCHA will only collect the minimum levels of personal data necessary to support our operational processes and will never share, or sell, personally identifiable data collected in the course of maintaining ORCHA business without clearly gaining informed consent from any ORCHA users, or clients, who may be affected by that action.

ORCHA will retain any personal data it captures for the duration of a registered relationship with the data subject. Once this formal, contractual relationship has ended ORCHA will maintain the personal data for a period of 2 years to support any operational management, or legal requirements that may arise. After this period, ORCHA converts any personally identifiable data into anonymous data and the personally identifiable elements of the stored data is destroyed using best practice data deletion standards.

Where possible, ORCHA strives to ensure that any personal data held by us is accurate and of a high quality, but end users can inform us of any issues with data related to them and we will amend the data accordingly to ensure its ongoing accuracy. To request changes to your personal data, please e-mail dpo@orcha.co.uk , using the email header ‘Data Quality’ and we will make the necessary changes to your records as requested.

All data is stored in the secure ORCHA cloud data warehouse, which is hosted within the EAA region. Access to this data is limited to accredited ORCHA staff and access is managed using role-based access controls.

Where possible, data is always encrypted in transmission between ORCHA websites and the data server.

ORCHA is the Data Controller and Data Processor of data captured within the ORCHA systems and adheres to all the legal responsibilities these roles entail.

Why we publish this policy?

This Data Privacy Policy is published in order to comply with the provisions of the General Data Protection Register (GDPR), the Data Protection Act 1998, and the Freedom of Information Act 2000.

ORCHA also publishes this policy to ensure all ORCHA data capture, data management and data utilisation processes are transparent to our end users; and to clearly explain what data we collect and how ORCHA uses any personal information that you supply to us.

Our legal basis for processing

ORCHA requires your consent before we collect any personal data. Your consent is recorded when you register for the ORCHA sites and we provide the information relating to how, why and what we process when we request your consent.

This forms the ‘legal basis’ under which we can then process your data for the purposes outlined within this Privacy Policy.

Your consent

By providing ORCHA with personal information, the end user is agreeing to ORCHA’s use of that information as stated in this Privacy Statement.

The capturing of your consent to utilise ORCHA member services is contained within the ORCHA registration process and will clearly inform the user at the point of registration why the data we are requesting is necessary and what that data will be used for by ORCHA.

The ORCHA consent process requires all end users to positively opt-in to a range ORCHA services, with information provided to explain each option prior to sign up. Users who do not wish to opt-in to these services can still use the ORCHA site without hindrance, but will not have access to some enhanced functionalities.

Consent preference can be changed through accessing the User Profile page at any time.

Alternatively, you can e-mail dpo@orcha.co.uk to request that your consent is withdrawn. Please use ‘Consent Management’ in the header of the email you send for this purpose.

Your individual rights as a data subject

Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data.

This Privacy Policy provides the information you need to understand our approach to managing personal data. The policy sets out:

  • Why we need to access your personal data?
  • How long we will hold that data after your interaction with ORCHA has completed?
  • Who we share your data with?

Right of access

You have the right at any time to ask for a copy of the information that ORCHA holds about you, and ORCHA will supply that data to you in line with its legal requirements to do so.

To request access to your data please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right of Access’ in the e-mail header.

The ORCHA team will respond as soon as possible and aims to address any queries you may have within 7 working days.

Right to rectification

If any information that ORCHA holds about you is wrong, you have the right to ask ORCHA to make the necessary corrections.

To request amendments to your data please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right to Rectification’ in the e-mail header.

The ORCHA team will respond as soon as possible and our aim is to address any queries you may have within 7 working days.

Right to erasure

You have the right to ask ORCHA to remove all personal data we hold about you from our systems.

To request that your personal data is securely deleted from our records, please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right to Erasure’ in the e-mail header.

The ORCHA team will respond as soon as possible and aims to address any queries you may have within 7 working days.

Right to restrict processing

You have the right to request that your data is not used for specific forms of processing that ORCHA undertakes.

To request limits to be placed on how your data is processed by the ORCHA team, please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right to Restrict Processing’ in the e-mail header.

The ORCHA team will respond as soon as possible and aims to address any queries you may have within 7 working days.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

The data that ORCHA holds about you can be delivered directly to you, or to external organisations you grant permission to, in a variety of electronic formats depending on your request. This data will only be delivered when a written request is received from a validated user.

To request that your data can be shared/transferred to another system external to ORCHA, by the ORCHA team, please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right to Data Portability’ in the e-mail header.

The ORCHA team will respond as soon as possible and aims to address any queries you may have within 7 working days.

Right to object

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.

To request that your data is not processed under certain circumstances, please place your request in an e-mail to dpo@orcha.co.uk quoting ‘Right to Object’ in the e-mail header. It is important to understand that certain types of processing are essential to ensure that ORCHA can deliver its services and requesting to be excluded from these processing tasks may limit your ability to access all of the functionality provided by the ORCHA platforms.

The ORCHA team will respond as soon as possible and aims to address any queries you may have within 7 working days.

Rights related to automated decision making, including profiling

The GDPR has provisions on:

  • automated individual decision-making (e.g. making a decision solely by automated means without any human involvement)
  • profiling (automated processing of personal data to evaluate certain things about an individual) Profiling can be part of an automated decision-making process

ORCHA does not undertake any form of automated decision making or profiling.

How to complain

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address is:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

How we collect information

ORCHA collects personal information about you when you:

  • register with us to become a member of an ORCHA site
  • undertake actions on the ORCHA site such as:
    • Recommend an App to another user
    • Visit webpages on an ORCHA site
    • Complete specific actions on an ORCHA webpage – e.g. Click on the ‘Download an App’ button
  • complete an ORCHA survey
  • take part in an ORCHA event or competition
  • provide us with personal information in any other way
  • enquire about the fundraising campaigns that we run

All of these actions are required to enable ORCHA to deliver its services and only the minimum level of data is captured at each point.

The data that is captured through your interactions with ORCHA are stored securely in a protected data warehouse and are only accessible to accredited administrative users with specific access permissions. Data in transit between webpages and the data store are fully encrypted in transit, in line with best practice encryption methodologies to minimise the risk of interception.

What information we collect

ORCHA only collects personal data from its users where users have proactively consented to this.

The types of personal information ORCHA collects may include:

  • Your name
  • Your address
  • Your gender
  • Your email address or mobile telephone number
  • Your credit/debit card or direct debit details (if applicable)
  • Non-mandated additional information volunteered by yourself (e.g. Age).
  • The pages you view on ORCHA websites
  • The Apps you recommend to others
  • The Apps you download via the ORCHA sites
  • The address and name of your business
  • The address and name of your GP

Any information we collect about you is stored securely and treated in accordance with current International Data Protection principles and legislation.

A user can access the ORCHA site without providing access to any of their personally identifiable data without hindrance, as the personal data collections only support the delivery of additional functionality for those users who proactively choose to share their data.

How we use your information

ORCHA uses the information that you give to us:

  • to send you information, products or services that you have consented to receive
  • to improve the information, products and services ORCHA offers to its users. (This includes improving our capability to match Health Apps specific to your health need/age/preferences and general improvement of ORCHA website and review functionality and presentation)
  • to contact you about events, fundraising, campaigning and our other work, where you have consented to receiving marketing information
  • to develop aggregated reports and analysis, using anonymised data, to support research into the broader ongoing development of the Health App market and the utilisation of Health Apps within a defined Health Economy

ORCHA may link data captured from different ORCHA services, at a personal level, in order to improve our understanding of service utilisation and to support analyses on site utilisation and activity, but ORCHA will never publish, share or sell personally identifiable data without explicit, and informed, consent being received from all parties whose data is being used for those purposes.

How do we protect personal information?

ORCHA implements a range of measures to ensure that any personal information that you provide us with is kept secure, accurate and up to date.

ORCHA’s protective measures cover everything from:

  • Regular reviews of data capture processes to ensure only data that is necessary to support the delivery of ORCHA services is captured
  • The implementation of transparent, informative Consent capture mechanisms to ensure that all ORCHA service users understand why ORCHA collects their data and how ORCHA manages that data. In addition, ORCHA consent processes allow users to monitor and amend their consent preferences should their preferences change
  • The encryption of data in transit between the ORCHA sites/Apps to the secure data storage facilities
  • The maintenance of secure data management environments through strong application of Data Warehousing standards and role-based access controls for authenticated and accredited users. Access to the raw data collected through ORCHA interactions with end users of our services is limited to only those with the appropriate administrative permissions
  • ORCHA only keeps personally identifiable data for as long as it is needed and only for the purposes for which our end users have agreed we can use it.

Under 18-year olds

For users who are 18 or under, a parent/guardian’s permission is required before any personal information is captured relating to the individual.

Third parties

ORCHA will not pass your personal details to other people or organisations without first obtaining your consent.

ORCHA reserves the right to share your information with other companies that we own or other companies that help us provide any of our services.

However, there may be rare occasions where information gathered through the day to day collection of ORCHA data where the data identifies a clear need to safeguard the welfare of the individual and/or his/her family and, on those occasions, it may be necessary to contact relevant authorities to address this. ORCHA will only undertake these actions in line with appropriate legal guidelines and using formal, recognised and auditable processes.

Cookies are small text markers stored on your computer that enable us to understand how people use our website.

No personally identifiable information is stored in cookies. In common with many similar websites, ORCHA uses them to help remember preferences and for anonymous statistical measurements – for example so we know how many “visits” a page has had.

ORCHA uses cookies to:

  • remember certain information about users so they don’t have to repeatedly provide that information
  • recognise if users are already logged in to certain areas of the website
  • measure how people use our website so we can continually improve how information is provided.

You can control and delete cookies

Even though ORCHA does not use cookies to collect personally identifiable information about you, you might still want to restrict or block cookies.

You can do this through your chosen internet browser (Internet Explorer, Google Chrome, Mozilla Firefox etc.). Use the help function within the specific browser to find out how.

However, if you restrict cookies for the ORCHA website then there is a risk you will not be able to access the full functionality of the ORCHA website and your user experience may be undermined as a result.

What cookies are used on ORCHA sites?

The cookies applied on ORCHA websites are:

  • Google Analytics – This is a service we use from Google that collects information about how people use our website. We use this to make sure we are providing the best service we can to our web visitors. This information cannot be used to identify you and is only available for ORCHA’s internal use only. ORCHA does not allow Google to share it. Using cookies, Google Analytics captures information that allows ORCHA to understand:
    • What pages were viewed
    • How long those pages were viewed for
    • How the user came to the site
    • What website buttons and functions were clicked on
    • What browser was used to access the site
    • What country the computer is accessing the site from
    • What search terms were used
  • HubSpot Content Management System (Joomla) – This is the system ORCHA uses to build the website and update the pages. In a similar way to Google analytics this also collects information about how many times a page has been visited and how many times a file is downloaded (e.g. the PDFs of our research reports and briefings)
  • Third-party cookies – Many of our pages have a “Share this” function that allows you to share content with your friends or colleagues via email, Twitter, Facebook etc. ORCHA uses cookies to make this service work. It provides information on what items a site user has shared, how many people are sharing and how many page “views” the ORCHA site has received as a result of the sharing. As above, this data does not include information that is capable of personally identifying an ORCHA user.
  • Cookies that are set by other websites – If you are using the sharing facility already mentioned (i.e. Share content with Facebook, Twitter) then it is possible those websites (i.e. Facebook) may also set cookies when you log in to their service. ORCHA is not responsible for third party cookies of this nature and does not control these cookies.
  • Embedded third party services – Occasionally we embed things like video, audio and pictures from other websites such as such as YouTube, Vimeo, Flickr or Soundcloud. This means it looks like one of our web pages, but the video is being fed through from another site (i.e. YouTube). When this embedded content is accessed via the ORCHA site, the owner of that content sites may use their own cookies to record that you watched or viewed the content. ORCHA has no control over these cookies so you should check the relevant website for more information.

Changes to your personal details

If your personal details change, please help the ORCHA team to keep those details up to date by telling us about any changes.

If you want to see what information we have about you, or need to tell us about any changes to the information that you have given to us, please contact:

ORCHA Vanguard House,

Keckwick Lane,

Daresbury,

WA4 4AB

Email: dpo@orcha.co.uk

 

Resource Centre

Download our reports and brochures

Our team of clinical and digital experts continually monitor and ask questions about digital health developments, providing impartial and up-to-date insights which can be accessed in our reports, brochures and opinion pieces.

Sign up to our newsletter

For regular updates on digital health, apps, industry news, and more, sign up to our mailing list here.

Your Health and Care App Library

Search ORCHA’s App Library, featuring thousands of independent app reviews across a broad spectrum of health conditions. Every app is evaluated against more than 350 measures across Clinical/Professional Assurance, Data & Privacy, and Usability & Accessibility, making it easy for you to find the best apps for your needs.

Contact us

For more information about our services, to request a demo, or for advice on any aspect of digital health, please get in touch.

Sign-up to our newsletter

For regular updates on digital health, apps, industry news, and more, sign up to our mailing list here.