Privacy Policy

Privacy Policy

PSTEP App – Personalised Space Technology Exercise Platform

Your walk, your space, your way. Your privacy

Important Information

This privacy notice is provided by the University of Leicester (‘we’, ‘us’, or ‘our’), and describes how and why we might collect, store, use, and/or share (‘process’) your information when you use our P-STEP mobile app.

The University is the Data Controller for the P-STEP mobile app and our address is University Road Leicester LE1 7RH. Our Data Protection Officer is Parmjit Singh Gill, DPO and Head of Information Assurance Services who can be contacted by email at [email protected].

When you use our P-STEP mobile app you trust us with your personal information. We take your privacy very seriously. We seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it.
Reading this privacy notice, as well as our terms and conditions for use of the P-STEP app (referred to throughout as our “Terms and Conditions”), will help you understand your privacy rights and choices. If you do not agree with our privacy notice and practices, please do not use our App. If you still have any questions or concerns, please contact us at [email protected].

1. WHY DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons including:

  • We collect personal information including health information that you voluntarily provide to us when registering with the P-STEP mobile app, when using the P-STEP App or otherwise contacting us.
  • To provide you with guidance on exercising taking into account the specific long term health condition/s you tell us about when you register for the P-STEP app.
  • To enhance your experience by linking our guidance with real-time data on pollution levels and pollution risks and providing guidance on where and when to exercise by making use of location data (where you have consented to share this data with us).
  • To enhance your experience and the data available to you during use of the P-STEP app by using data you agree to provide to us via third party apps such as Google Fit or HealthKit.
  • To allow you to receive feedback so you can track your progress against the goals you set.
  • To enable us to demonstrate the effectiveness of the app on population health. We only access pseudonymised data for this purpose.
  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To fulfil and manage our contract with you.
  • To request feedback.
  • To protect our P-STEP Mobile App.
  • To evaluate and improve the P-STEP app, and your experience.
  • To comply with our legal obligations.

2. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

The UK GDPR requires us to explain the valid legal bases we rely on in order to process your personal information when you use our Platform. As such, we may rely on the following legal bases to process your personal information:

Consent. We may process your information if you have given us permission to use your personal information for a specific purpose for example your location data or health and fitness information from Google Fit or HealthKit. You can withdraw your consent at any time.

Performance of a Contract. We process your personal information when it is necessary to fulfil our contractual obligations to you, including at your request prior to entering into a contract with you to use the P-STEP app.

Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:

  • We may send users information about this product
  • Analyse how our app is used so we can improve them to engage and retain users
  • Diagnose problems and/or prevent fraudulent activities
  • Understand how our users use the P-STEP app and services so we can improve user experience

Legal Obligations.We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

3. WHAT INFORMATION DO WE COLLECT?

The personal information that we collect depends on the choices you make, and the features you use.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Personal Information Provided by You when you register:

  • Name and Contact data.Your first and last name, email address.
  • Credentials.Your username, passwords and similar security information.
  • Other Personal data.Your date of birth, gender.
  • Special category Health data.Your long-term health condition(s) height, weight, BMI and Ethnicity.

Information collected during your use of the app

  • Special Category Personal Information Health data, if you provide us with updated information about your weight and any newly diagnosed long term health condition.
  • Physical activity data.Physical activity intensity minutes, daily step count, calories and distance walked during physical activity.

Mobile Application Data

  • Geolocation Information. We may request access or permission to track location-based information from your mobile device’s GPS to enable us to provide certain location-based services. You don’t have to give us permission to collect this data but if you do so, you can change your mind at any time by changing our access or permissions in your device’s settings.The P-STEP app will still work without geolocation information, but we can only provide the location- based benefits of the app if you give us permission to access this information from your mobile device.
  • Other Mobile Device Access. We may request access to your mobile device HealthKit(iOS) or Google Fit (Android), and other features. You don’t have to give us permission to collect this data but if you do so, you can change your mind at any time by changing our access or permissions in your device’s settings.The P-STEP app will still work without this access, but you will not receive the full benefits of our app if you do not give us permission to access this information from your mobile device.
  • Mobile Device Data.Your mobile device ID, model, and manufacturer, operating system, version information and system configuration information, device and application identification numbers. If you are using our application(s), we may also collect information about the, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
  • Push Notifications.We may request to send you push notifications regarding your account or certain features of the P-STEP application. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.

Information collected during your use of the app

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access the P-STEP app and which we record in log files. This log data may include your device information, and information about your activity on the Platform (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports which are sometimes called ‘crash dumps’).

Information collected from other sources

We do not obtain information about you from other sources, such as public databases or from other third parties.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (‘third parties ‘) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties who process personal data, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We do not intend to keep your personal information for longer than six (6) years past the start of the idle period of the user’s account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented technical and organisational security measures designed to protect the security of any personal information we process.

We have contractual arrangements with our third-party processors requiring them to comply with implement technical and organisational security measures which also comply with UK Data Protection Legislation.

All information we collect when you use the P-STEP app (and any location and other data from other sources you permit us to access) is stored on secure servers held in the UK.

Where We have given you (or where you have chosen) a password which enables you to access our P-STEP app, you are responsible for keeping this password confidential. We ask you not to share your password with anyone else.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our P- STEP app is at your own risk. You should only access the P-Step app within a secure environment.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or permit anyone under 18 years of age to use our P-STEP app. By using the P-STEP app, you represent that you are at least 18. If we learn that our app is being used by and/or that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware that we may have collected data from children under age 18, please contact us by email [email protected].

8. WHAT ARE YOUR PRIVACY RIGHTS?

In the UK you have certain rights under the UK Data Protection Legislation. Depending on the lawful basis we are using these may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by using the contact information provided in this policy.

We will consider and act upon any request in accordance with UK data protection laws..

Withdrawing your consent: If we are relying on your Consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by email [email protected].

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:

  • From within the mobile application, go to your Profile and then Account
  • Contact us using the contact information provided [email protected].

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations or research analysis, to enforce our legal terms and/or comply with applicable legal requirements.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

10. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this privacy notice from time to time. The updated version will be indicated by an updated ‘Revised’ date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are using and protecting your information.

11. HOW CAN YOU CONTACT US?

If you have questions or comments about this privacy notice, your privacy rights or concerns please contact Information Assurance Services by email to [email protected] quoting (‘PSTEP app’) in any communication.

If you believe we are unlawfully processing your personal information, or have contacted us and are unhappy with our initial response, please contact our Data Protection Officer by email at [email protected], quoting (‘PSTEP app’) in any communication.

You have the right to raise your concerns with the Information Commissioners Office (ICO)as follows:

  • By Post addressed to: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
  • By telephone: 0303 123 1113.
  • By Email: contact can be made by accessing ico.org.uk

Where can I download the app?

Following 18 months of design and testing, the app is currently being piloted by members of the EXCEED cohort prior to the next phase of release and isn’t yet available to the public.