Skyelarke Platform User Privacy Notice
Effective Date: 18th October 2023
Last Reviewed: First Issue
This privacy notice is provided by Skyelarke Technologies Limited and our affiliates (“We/Us/Our”). We specialise in solutions which support the effective delivery of clinical trials. Services include personalised travel and logistics and expense reimbursement.
This notice describes how we as a data Controller, collect, use, and manage the Personal Data we hold about you, including how the Personal Data may be shared and how the confidentiality of Personal Data is maintained.
We share and process your Personal Data with certain third parties as described in the “Data Sharing and Transfers” section below. Full details of our Affiliates can be found at section 1.13.
The “At a Glance” section contains some very important information that will help explain what Personal Data we process and why. Capitalised terms used in this notice are defined in Personal Data Types (section 1.12) and Affiliates (section 1.13).
At A Glance
1.1 When do we collect Personal Data?
When we refer to Personal Data in this notice, we mean information that can or has the potential to identify someone as an individual.
We will collect and process Personal Data about an individual at the following stages:
The purpose of this is for the Skyelarke user administration team to engage with users and to help enrol them into Skyelarke services by completing and returning the appropriate documentation to us.
Service Delivery & Support
We may collect information relating to your access to the system and also your details when raising support tickets.
1.2 What Personal Data may we collect from you and why?
During this stage we largely rely on ‘Contractual Necessity’ to process an individual’s Personal Data.
REASON FOR PROCESSING
To provide the minimum personal information to create and administer your access to the system.
During this stage we will largely rely on ‘Contractual Necessity’ to process your Personal Data apart from Personal Data marked with a (#) below where we will rely on ’Compliance with a Legal Obligation’.
REASON FOR PROCESSING
To carry out our obligations to you arising from any contract.
To Assess the quality and type of service received and to investigate any concerns or complaints that may raise.
For internal record keeping and administration.
To administer our web site and Apps and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
For the purposes of internal and external audit and accounting purposes together with the preparation and review of management information.
For further details of the Personal Data types contained within each category please refer to the Personal Data Types which can be found in section 1.12.
Any decision to provide any Personal Data described above to us is voluntary. If individual’s chose not to provide any of the Personal Data requested or does not consent, we may not be able to provide them with our services and we may be prevented from complying with our legal obligations.
Further Detailed Information
1.3 Data Sharing & Transfers
In the usual course of business, we may disclose Personal Data to (i) our Affiliates, and (ii) certain third-party processors we have retained to perform services on our behalf and pursuant to our instructions. This may include sharing with:
- Affiliates for the provision and delivery of services, IT application support, internal audits and investigations, quality control, program monitoring, management reporting and other internal purposes.
- Affiliates to deal with any legal and compliance matters, providing assessment results, for record keeping, internal audit, reviews, management information, operational, administrative purposes.
- Auditors, lawyers, accountants, consultants, and other professional advisors.
- Business partners, suppliers, and sub-contractors for the provision of the contracted services such as travel companies and airlines.
- Organisations providing IT systems support and hosting in relation to the IT systems on which your Personal Data is stored.
- Our card and payment provider, B4B, to allow us to process payments to individuals.
- Third parties in connection with a disposal of assets, restructuring, merger or sale activities.
Where a third-party data processor is used, we ensure that they operate under contractual restrictions regarding confidentiality and security, in addition to their obligations under data protection laws.
We may also disclose your Personal Data (iii) if we are required to do so by law or legal process, or (iv) in response to lawful requests from public authorities, including to meet national security, public interest, or law enforcement requirements. We also reserve the right to transfer Personal Data in the event of an audit or if we or any of our Affiliates sell or transfer all or a portion of their business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, or liquidation).
1.4 Third country data transfers
Due to the global nature of our operations, we may transfer the Personal Data we collect about you to recipients in countries other than the country in which your Personal Data originally was collected. For example, we may disclose Personal Data to our Affiliates based in the U.S. or other offices worldwide.
Where we transfer the Personal Data to a country which may not have the same data protection laws as the country in which they were initially provided (such as the U.S.), we will make the transfer in line with data protection legislation. There will either be an adequacy decision in place, appropriate safeguards in place such as in the International Data Transfer Agreement or another appropriate safeguard in line with data protection legislation.
You may contact the Privacy Officer as indicated below to obtain further information on the transfer mechanism.
1.5 Health information collected during the provision of services
Special category data will not be collected by us in order to provide you with our services.
1.6 How we protect Personal Data
We maintain appropriate technical and organisational measures designed to protect Personal Data against loss or accidental, unlawful, or unauthorised, alteration, access, disclosure, or use.
1.7 Retention period
We retain Personal Data for as long as we reasonably require it for legal and business purposes. In determining data retention periods, we also take into consideration local laws, relevant regulations, and the contractual obligations or instructions that are specifically given by the study sponsor.
1.8 Data subject rights
At any point while we are in possession of or processing Personal Data, you have the following rights:
- Right of access – the right to request a copy of the Personal Data that we hold about you. We reserve the right to charge a reasonable fee based on our administration costs where further copies are requested.
- Right of rectification – the right to correct Personal Data that we hold that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can request the Personal Data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have the right to request that we restrict the processing.
- Right of portability – in certain circumstances you have the right to have the Personal Data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing and profiling – you have the right to object to automated processing and profiling.
All the above requests will be forwarded on should there be a third party involved in the processing of the Personal Data.
If you would like to exercise any of your data subject rights, please contact us using one of the methods highlighted below.
1.10 Contact Information
We have appointed Bulletproof as our Data Protection Officer, to oversee compliance with this privacy notice. Any questions about this notice or the processing of Personal Data by us or any of our Affiliates, should be directed to the Privacy Officer:
- By email at email@example.com or
- By writing to us at SKYELARKE TECHNOLOGIES LIMITED, Dykes, Henfield Common, North Henfield, West Sussex, United Kingdom, BN5 9RL.United Kingdom
If you wish to make a complaint about how your Personal Data is being processed by us (or third parties as described in 1.3 & 1.4 above) you should contact the Privacy Officer at the address detailed above.
If you are not satisfied with how your complaint has been handled, you have the right to lodge a complaint directly with the relevant supervisory authority.
The UK regulator can be contacted at the Information Commissioners Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel 0303 123 1113.
1.12 Personal Data types & items which may be processed
your name, e-mail address and phone number, the device’s phone number, username, password and other registration information.
Special Category Data
Third Party Information
Operating System & Version
In relation to Skyelarke or any Affiliate, any subsidiary or holding company of that entity and any subsidiary or holding company of that entity.
SKYELARKE TECHNOLOGIES LIMITED
SKYELARKE TECHNOLOGIES INC.
1.14 Lawful Basis of Processing
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are.
1.14.2 Contractual Necessity
Article 6 of the GDPR states that we can process Personal Data on the basis that such processing is necessary to enter or perform a contract.
The ’Contractual Necessity’ lawful basis permits the processing of Personal Data in two different scenarios:
- Situations in which processing is necessary for the performance of a contract to which you are a party. This may include, for example, processing your financial details for the processing of reimbursement claims.
- Situations that take place prior to entering a contract such as pre-contractual relations.
1.14.3 Compliance with a Legal Obligation
Article 6 of the GDPR states that we can process Personal Data on the basis that we have a legal obligation to perform such processing. Processing is permitted if it is necessary for compliance with a legal obligation.r