Last Updated: 25 Sep 2023
Who Are We?
We are PreMO, a digital platform that helps optometrists calculate the likelihood of myopia progression in their patients. We operate as a Data Processor under the EU General Data Protection Regulation (GDPR), while the optometrist is the Data Controller.
What Data Do We Collect?
We process patient data exclusively for generating Myopia risk calculations and sending PDFs to parents. Types and categories of data processed are outlined in Exhibit 1 of our Data Processing Agreement (DPA).
How Do We Use Your Data?
Data is processed for the following purposes:
Generating Myopia risk calculations.
Sending PDFs to parents.
Post-market surveillance for medical device regulation compliance.
Data anonymisation and aggregation for industrial sponsor evaluation.
Data sharing with research partners upon obtaining consent.
How Do We Store Your Data?
All data is stored in secure databases managed through Google Firestore, which serves as a subprocessor. We employ secure data transmission protocols and encrypted storage solutions.
Who Has Access to Your Data?
Confidentiality and data security are of paramount importance to PreMO. Access to your personal data is strictly limited to your healthcare provider, namely, your optometrist, who utilises this information exclusively for the provision of medical diagnostic services. Additionally, a select cadre of PreMO's Development Team members may gain technical access to the data, strictly for system maintenance and troubleshooting purposes.
Each member with such access rights has undergone a rigorous vetting process and is contractually bound to adhere to stringent data protection protocols. These protocols comply with industry-leading standards and are routinely audited to ensure compliance with Applicable Data Protection Laws. Access logs are meticulously maintained and closely monitored to preclude any unauthorised data interaction.
Research Use of Data
PreMO may share pseudonymised patient data with research institutions, specifically Ulster University or Aston University, for legitimate research purposes. This sharing is contingent upon obtaining explicit consent from the data subject for this specific purpose. If consent is given, PreMO will pseudonymise the data to ensure an additional layer of data protection before sharing it. If consent is not given, no data will be shared for research purposes. The data subject has the right to withdraw their consent at any time. Further details on how data will be pseudonymised and protected during the transfer will be provided at the time of seeking consent.
Transfer of Data to Third Countries
Data may be transferred to authorised Sub-processors in third countries in compliance with EU and UK Data Protection Law. Any such transfer will be subject to Standard Contractual Clauses and other required supplementary measures.
Your Rights as a Data Subject
You have the right to:
Request access to your personal data.
Request correction or deletion of your data.
Object to the processing of your data.
Request data portability.
If you wish to exercise any of these rights, please contact the Data Controller (the optometrist).
Data Breach Notification
In the event of a data breach, we will notify the Data Controller within 48 hours of identifying the breach, following the protocols outlined in Section 11 of our DPA.