Omni Health

Privacy Policy

Responsible Party
Company: Omni AI Ltd
18 White Hart Mews, Telford, TF4 3FZ
England and Wales Company No. 12758009
Telephone number: +44 07735112242

Data Protection Officer
Name: Stella Poole

As of: 09/08/2020

    Basic information on data processing and legal basis

  1. This data protection statement explains to you the type, scope and purpose for the processing of personal data within our online offering and the associated websites, functions and content (hereinafter referred to together as “online offering” or “website”). The data protection statement applies independently of the domain, systems, platforms and devices used (such as desktop or mobile) on which the online offering is presented.
  2. The terms used, such as “personal data” or its “processing”, we refer to the definitions in article 4 of the General Data Protection Regulation (GDPR).
  3. The personal data of the user processed within the framework of this online offering includes file data (such as name and address of customers, contract data (such as services taken advantage of, name of processors, payment information), use data (such as the websites of our online offering visited, interest in our products) and content data (such as entries into the contact form).
  4. The term “user” includes all categories of the persons affected by the data processing. This includes our business partners, customers, interested parties and other visitors to our online offering. The terms used such as “user” are understood to be gender-neutral.
  5. We process the personal data of the user only adhering to the applicable data protection regulations. This means that the data of the users will only be processed if there is legal consent. This means in particular, when the data processing is required to perform our contractual services (such as processing of orders) and online services or is legally required, if there is consent from the user, and based on our legitimate interests (such as in the interest of analysis, optimization and economic operation and security of our online offering in terms of article 6 (1) GDPR, in particular in measuring scope, creation of profiles for advertising and marketing purposes and for the collection of access data and use of the services of third party providers.
  6. We note, that the legal basis for the consent in article 6 (1) (a) and article 7 GDPR, the legal basis of the processing for fulfilment of our services and the implementation of contractual measures article is 6 (1) (b) GDPR, the legal basis f or the processing for fulfilment of our legal obligations article 6 (1) (c) GDRP and the legal basis for the processing for preserving our legitimate interests is article 6 (1) (f) GDRP.
  7. Security Measures

  8. We take organisational, contractual and technical security measures pursuant to the state of the art of technology to ensure that the provisions of the data protection laws are upheld and to protect the data processed by us from accidental or intended manipulations, loss, destruction or from the access by unauthorised persons.
  9. The security measures include encrypted transfer of data between your browser and our server.
  10. Forwarding of data to third parties and third-party suppliers

  11. Forwarding of data to third parties only occurs within the framework of the legal regulations. We only provide the user data to third parties if required based on article 6 (1) (b) GDPR for contractual purposes or based on legitimate interests pursuant to article 6 (1) (f) GDPR for economical and effective operation of our business.
  12. If we use subcontractors to provide our services, we take the appropriate legal precautions and relevant technical and organisational measures to ensure the protection of the personal data pursuant to the applicable legal regulations.
  13. If within the framework of this data protection statement content, tools or other resources from other suppliers (hereinafter called “third party suppliers”) are used and their headquarters is located in another country, we assume that a data transfer occurs to the country in which the third-party supplier is headquartered. Third party countries are countries in which the GDPR is not a directly applicable law, meaning fundamentally countries outside of the EU or the European Economic Area. The transfer of data to third party states is either done when there is a suitable data protection level, consent by the user or there is another type of legal permission.
  14. Provision of contractual services

  15. We process file data (such as names and addresses and contact data of users), contractual data (such as services ordered, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to article 6 (1) (b) GDPR.
  16. As an option, users may create a user account to be able to review their membership type and number of their licenses. The required obligatory information of the users is provided within the framework of registration. The user accounts are not public and cannot be indexed by search engines. When users cancel their user accounts, the data regarding the user account is deleted, except if storage is required for commercial or tax reasons pursuant to article 6 (1) (c) GDPR. It is up to the user to secure their data after successful cancellation before the end of the contract. We are authorized to permanently delete all user data saved during the term of the contract.
  17. The IP address and the time of the relevant user action will be saved within the framework of the registration and subsequent logins and availing of our online services. Saving is done based on our legitimate interests as well as those of the user regarding protection from abuse and other unauthorized use. Forwarding of these data to third parties is generally not done, except if required to fulfil our claims or there is a legal obligation to do so pursuant to article 6 (1) (c) GDPR.
  18. We process use data (such as the websites of our online offering visited, interest in our products) and content data (such as entries in the contact form or user profile) for advertising purposes in a user profile to provide, for example, product information based on their previous ordered services.
  19. Contact information

  20. When contacting us (via contact form or e-mail), the information of the user is processed to process the contact request and its completion pursuant to article 6 (1) (b) GDRP.
  21. The user information may be stored in our Customer Service Relationship Management System (“CRM System”) or comparable request organisation.
  22. We use the “Omni CRM” CRM system for our legitimate interests (efficient and rapid processing of user inquiries).
  23. Comments and Contributions

  24. If users leave comments or other contributions, their IP addresses are saved for 7 days based on our legitimate interest in terms of article 6 (1) (f) GDPR.
  25. This is done for our security, if anyone has left illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held accountable for the comment or contribution and are therefore interested in the identity of the writer.
  26. Collection of access data and logfiles

  27. Based on our legitimate interests in terms of article 6 (1) (f) GDPR, we collect data about ever access to the server on which this service is located (so-called server logfiles). Access data include the name of the website queried, file, date and time of the query, transferred data quantity, report of successful query, browser type with version, operating system of the user, referrer URL (the page previously visited), IP address and requesting provider.
  28. Logfile information are saved for a maximum of 7 days for security reasons (such as clarification of abuse or fraudulent action) and then deleted. Data which are required to be stored for longer for evidentiary purposes are exempted from deletion until the case is ultimately clarified.

Omni Health