Privacy policy
Last updated: November 2022
Welcome to our privacy policy (the “Privacy Policy”). Our mission is to provide you and everyone on the planet access to a constantly improving supportive psychological digital assistant to help improve people’s management of their emotional health and wellness. This Privacy Policy explains how we use and manage data collected to achieve this goal.
We care about the protection and confidentiality of your personal data. We do not sell, rent or give away your personal data or conversational history.
We understand that your privacy and your personal data is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our Website and uses our App. We will only collect and use your personal data in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
This Privacy Policy applies to our use of any and all personal data collected by us in relation to your use of our Website and App. This Privacy Policy aims to give you information on how we collect and process your personal data through your use of our Website and the App. Please read our Privacy Policy carefully and ensure that you understand it and are happy with its contents.
1 Definitions and interpretation
In this Privacy Policy the following terms shall have the following meanings:
“Account”
means an account required to access and/or use certain areas and features of our Website and App;
“App”
means our AIME app available for download on mobile or handheld devices;
“Cookie”
means a small text file placed on your computer or device by our Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used on our Website are set out in section 16;
“Data Protection Laws”
means:
a. to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data;
b. to the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which we are subject, which relates to the protection of personal data;
“EU GDPR”
means the General Data Protection Regulation ((EU) 2016/679);
“UK GDPR”
has the meaning given to it in the Data Protection Act 2018;
“We/Us/Our”
means Cyberlimbic Systems Ltd, a company registered in England with company number 11975055, whose registered office is at;
“Website”
means our website available at www.aime-health.com;
2 Information about us
We are the data controller and responsible for your personal data. We are registered as a limited company in England and Wales with company number 11975055 and our registered office is at 3rd Floor, 207 Regent Street, London, W1B 3HH.
Our Website and App are owned and operated by us.
3 Contacting us
If you have any questions about our Website, App or this Privacy Policy, please contact us by email at privacy@aime-health.com . Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you (as under section 18, below).
Should you wish to raise a concern about our processing of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner’s Office, the UK regulator for data protection issues: https://ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
4 Changes to our Privacy Policy and your duty to inform us of changes
We keep our Privacy Policy under regular review. We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our Website and App and any major changes will be emailed to our mailing list. We recommend that you check this Privacy Policy regularly to keep up-to-date.
It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you by contacting us as set out in section 3 above.
5 Scope and third party links
This Privacy Policy applies only to your use of our Website and our App. It does not extend to any websites that are linked to from our Website or App (whether we provide those links or whether they are shared by other users). We have no control over and are not responsible for how your personal data is collected, stored or used by other websites or apps and we advise you to check the privacy policies of any such websites or apps before providing any personal data to them.
6 What data do we collect?
Some personal data will be collected automatically by our Website and App (for further details, please see section 16 on our use of Cookies), other personal data will only be collected if you voluntarily submit it, for example, when registering for the App or registering for an Account via our Website.
Our Website and App are not intended for children and we do not knowingly collect personal data relating to children. You are required to confirm you are over the age of 18 when registering for an Account.
Depending upon your use of our Website or App, we may collect some or all of the following data:
- Name, nickname, gender, age;
- Username, password;
- Gender;
- Contact information such as your email address;
- Demographic information such as post code and preferences and interests;
- Location data including GPS technology on your computer or mobile device. You can disable this at any time via the settings on your computer or mobile device;
- IP address, Cookies Preferences, traffic data and usage data (automatically collected);
- Web browser type and version (automatically collected);
- Operating system (automatically collected);
- A list of URLs starting with a referring site, your activity on our Website, and the site you exit to (automatically collected);
- Health information such as your height, weight, medical information, hours of sleep, exercise and information relating to your mental health, as manually inputted by you on the App (see section 11 on “Special Category Data”); and
- Information relating to your race or ethnicity as manually inputted by you on the App (see section 11 on “Special Category Data”).
7 How do we use your data?
All personal data is stored securely in accordance with the principles of the UK GDPR and/or EU GDPR (as applicable) and in compliance with all applicable Data Protection Laws. For more details on security see section 14 below.
We use your personal data to provide the best possible products and services to you. This includes:
- Providing and managing your Account;
- Providing and managing your access to our Website and App;
- Personalising and tailoring your experience on our Website and App;
- Supplying our products and services to you;
- Personalising and tailoring our products and services for you;
- Responding to communications from you;
- Keeping you up to date on the latest product announcements, software updates, or other information we think you would like to hear about from us where you have given consent for the appropriate type of communication;
- Supplying you with email alerts and newsletters that you have subscribed to (you may unsubscribe or opt-out at any time using the unsubscribe link at the bottom of these emails);
- Market research;
- Analysing your use of our Website and our App and gathering feedback to enable us to continually improve our Website, App and your user experience, including in relation to App beta testing; and
- In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
With your consent and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam [FL4] and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable Data Protection Laws.
8 Purposes for which we will use your personal data
There are a number of lawful bases on which we rely to collect, share, use or otherwise process your data, including:
- Where you have provided your explicit consent to the processing. You can revoke consent at any time by contacting privacy@aime-health.com.
- As is necessary to provide our services to you on the basis of any contract we have with you.
- Where necessary on the basis of our legitimate interests (provided this is not overridden by considerations regarding your rights and interests).
- Where necessary to comply with a legal or regulatory obligation, a court order, or to exercise and defend legal claims.
- To protect your vital interests, or those of others, such as in the case of emergencies.
- Where necessary in the public interest.
The below table includes some examples of our data processing activities and the lawful basis for doing so.
Purpose/activity | Type of data | Lawful basis for processing |
To install the App and register you as a new App user. | Name, age, email address, information about your device (including IMEI number and MAC address). | Your consent. |
To provide you with the App’s services including health questionnaires and App chat function. | Name, gender, date of birth, email address, medical information, including hours of sleep, exercise, diet, details of in App conversations weight, height, ethnicity, location data. | Your consent including when you manually input this data yourself. Vital Interests. |
To register you as a beta tester and to keep you regularly informed with updates as to the App’s launch and any updated features. Marketing, including keeping you up to date on the latest product announcements, software updates, or other information we think you would like to hear about. | Name, email address. | Your consent. Necessary for our legitimate interests (for running our business and developing our App). |
To manage our relationship with you including: (a) notifying you of changes to the App, our terms or this Privacy Policy (b) asking you to leave a review or take a survey | Name, email address, telephone number Profile Data including your username and password, in-App purchase history, your interests, preferences, feedback and survey responses. | Your consent. Performance of a contract with you. Necessary for our legitimate interests (to keep records updated and to analyse how customers use our App). Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions). |
To administer and protect our business and this App including troubleshooting, data analysis and system testing. | Name, email address, telephone number, Information about your device (including IMEI number and MAC address). | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security). |
To process App and in-App purchases and delivery services including managing payments and collecting money owed to us. To provide a service you have requested. | Name, email address, payment card details, Information about your device (including IMEI number and MAC address). | Your consent. Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us). |
To deliver content to you. To monitor trends so we can improve the App. | Name, address, email address, Information about your device (including IMEI number and MAC address), information about your use of the App and Website including traffic data, Profile Data including your username and password, in-App purchase history, your interests, preferences, feedback and survey responses. | Your consent. Necessary for our legitimate interests (to develop our products/services and grow our business). |
9 International transfers
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
10 Do we share your data?
We will not sell your personal data to third parties except as described in this Privacy Policy.
We may share your personal data with third parties in the following circumstances:
- We may compile statistics about the use of our Website and App including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such anonymised data with third parties such as prospective investors, scientific research teams. Personal Data will be anonymised where possible and will only be shared and used in compliance with Data Protection Law.
- In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority such as HMRC. We do not require any further consent from you in order to share your data as this is processed on the basis of the fulfilment of our legal obligations.
- In certain circumstances we may be required to share data with our professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing, advertising and marketing. In some cases, the third parties may require access to some or all of your personal data for example in order to process a payment. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
- We may share your personal data with a third party if sharing the information is reasonably necessary to provide a service that you have requested.
- We may share your personal data with a third party to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
11 Special category data
As part of your experience using the App and in order to enhance the App’s functionality, you may manually input and we may therefore collect special category data from you, which may include information about your ethnicity and medical information.
We will usually only obtain this information on the basis of your explicit consent which can be withdrawn at any time. In rare circumstances we will process your medical information in order to protect your vital interests or the vital interests of others where there is an emergency and a concern for your safety or the safety of others and we have been unable to obtain your consent.
12 Marketing
Your personal data will not be used for marketing or survey purposes without your explicit consent, which can be withdrawn at any time.
13 How you can restrict access to your data
When you submit information via our Website, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to stop receiving emails from us which you may do by unsubscribing using the links provided in our emails or by contacting us at privacy@aime-health.com). You may access certain areas of our Website without providing any data at all. However, to use all features and functions available on our Website you may be required to submit or allow for the collection of certain data.
You may access our App by providing minimal data consisting of a nickname, as well as your age and email address. However, to use all features and functions available on the App you may be required to submit or allow for the collection of certain personal data processed with your explicit consent, such as age and health information which requires your manual input. Please note that only providing your name, age and email address will limit the App’s effectiveness and functionality.
You may also restrict your internet browser’s use of Cookies. For more information, see section 16.
14 Data security
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website or when using the App you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All data is encrypted with a one way encryption key and access to the App is controlled using two factor authentication.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.
15 Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see your legal rights in section 18 below for further information. Your personal data will be automatically deleted when you delete the App, unless as otherwise set out in this Privacy Policy. You can withdraw your consent at any time (see section 18 below).
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We may retain basic data for legal purposes for 7 years after you cease to use the App. This is as required by law for tax or other regulatory purposes.
The table below sets out further details as to our specific retention policies for specific types of personal data:
Circumstances in which personal data was provided | How long do we keep it? |
When you visit our Website (including IP address, operating system, cookies). | 12 months from the date you visited our Website, for audit purposes. |
When you register for an Account and use the App. | Until you delete the App. Basic data may be retained for legal purposes for 7 years after you cease to use the App. |
When you register as a beta user and/or consent to receive marketing from us. | Until your consent is withdrawn. |
16 Cookies
Our Website may place and access certain Cookies on your computer or device. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytics cookies. We use Google Analytics and analytics cookies to anonymously track statistics about who uses our Website. This data allows us to count the number of visitors we get and which pages they visit. This helps us improve the way our Website works for visitors, for example, ensuring you find the information you’re looking for easily. The visitor information is sent to our Google analytics account via Google. On entry to our Website, you will be asked to consent to the use of these analytics cookies.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Marketing cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose . On entry to our Website, you will be asked to consent to the use of marketing cookies.
First party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of our Website and to provide and improve our products and services. We may also use your IP address to identify you, to administer our services and to assist in diagnosing problems with our servers By using our Website and agreeing to the use of certain Cookies, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us.
You can change your cookie settings at any time, this page explains how to do this: www.aboutcookies.org.
To manage the collection of information through cookies or other equivalent technology you can use the settings on your browser or mobile device. We are committed to providing you choices to manage your privacy and sharing. Not accepting cookies may make certain features unavailable to you.
17 Automated decision making
“Automated Decision Making” refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.
We may use automated decision making and profiling as part of the App’s services and offerings. This will only ever be done on the basis of your explicit consent which can be withdrawn at any time. In particular, we will use automated decision making and profiling in confirming the results of any questionnaires you complete on the App, and our recommendations. All such questionnaires are standard and created by clinical professionals.
If you are concerned about our use of automated decision making please do not take part in these questionnaires. You have certain rights in respect of automated decision making, where that decision has significant effects on you, including where it produces a legal effect on you – see section 18 which sets out your rights. Please contact us if you would like further information about automated decision making.
18 Your rights
Individuals who are habitually located in the UK have the right to access, rectify, download or erase their information, as well as the right to restrict and object to certain processing of their information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. If you are habitually located in the UK, these rights apply to you. These rights are described below:
As a data subject, you have a number of rights.
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. Please note that in some circumstances we may need to continue processing your personal data on a legal basis other than consent, such as to fulfil our legal obligations or for our legitimate interest.