Privacy Policy

Introduction

“Keep On Keep Up” (KOKU) – is the software application Keep On Keep Up, provided by Keep-On-Keep-Up Health CIC (“KOKU Health”). KOKU is a tablet-based application and multimedia to encourage and track exercise in older people. KOKU provides gamified health literacy activities and is designed for individuals to use without therapists. Keep On Keep Up can be used at home, alone or with family members, or in clinical environments with the supervision of a physiotherapist/exercise specialist. Keep On Keep Up gathers and stores personal data and information about you and your engagement with the system, which may be used to directly or indirectly identify you. This Privacy Policy describes what data is collected, how it is stored and for what purposes it is used.

Purpose

The purpose of this Privacy Policy lets you know what limited information we collect about you when you use the Keep On Keep Up platform and how that information is used and the limited ways in which we use the additional information you provide.
KOKU Health takes very seriously its obligation to protect the confidentiality of your personal information.

Your Personal Information

KOKU Health does not sell or license any information that it may collect from you from using Keep On Keep Up.
All the data and information collected about you (which may include ‘personal data’ or ‘sensitive personal data’ as defined under data protection
law (including the EU General Data Protection Regulation or ‘GDPR’)) shall be processed in accordance with Section 3 – Security and shall be used, stored and transmitted within the limits described in the Security section.

Your Rights

GDPR outlines the following rights for you as an individual:
  • The right to be informed
  • The right to access a copy of their personal data
  • The right of rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
This privacy notice acts as our method for keeping you informed, along with updates delivered via email when required. You may contact us to exercise your rights under GDPR, including the right to a copy of your data or to rectify or request erasure.
We can only action such requests where personally identifiable information exists. Anonymous data is not subject to these rights under GDPR.
At this time we do not use any automated decision making or profiling so you will find no information on this.
You have the right to lodge a complaint about the way we process your data with the relevant supervisory body in your country of residence. In the UK, this is the Information Commissioner’s Office.

Our legal basis for processing your personal data

KOKU Health uses the basis of Legitimate Interests to process your personal data. Our app encourages and tracks exercise in older people. To ensure that it is meeting its intended purpose, we need to process limited personal data, such as using a date of birth to understand the age of our app users. We ensure to only process the minimum amount of data required in order to provide this service.
We only use personal data to personalise the experience of using the app, such as greeting you by name.
The sustainability of the services we offer relies on understanding how people use them so we can constantly improve and demonstrate success.

How We Protect Your Personal Information

The security of your information and personal data while using the Keep On Keep Up is very important to us. Keep On Keep Up employs a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.
More about how we protect your Personal Information is described in Section 3 – Security.

How We Use Your Personal Information

Your personal information is used to:
  • Fulfil our obligations under the Terms & Conditions of the service we provide through the KOKU app
  • Personalise your experience of using the app, such as greeting you by name
  • Evaluate and demonstrate the performance of the app in its objective of encouraging and tracking exercise in older people, with an ultimate objective of reducing avoidable falls
  • Understand how people use the app so we can continue to improve it and the content it offers

Changes to data collection

This privacy will be updated if and when there is a change in the purpose of data collection. Any consent from you the user (if consent was lawfully required) may need to be re-obtained.

Contact KOKU Health

If you have any questions about this Privacy Policy, you may contact KOKU Health at info@kokuhealth.com

Security

This document outlines the security specification of the Keep On Keep Up platform. The security specifications will fall into two categories:
  1. Security overview. This section will present the different types of data handled by the application along with an overview of the data architecture of the solution.
  2. Database security. This section describes how data is secured while at rest.

Security Overview

Data Types
The application stores and uses the following types of data:
  1. Patient Identifiable Data. Personal patient information, such as:
    • Name
    • Age and Date of Birth
    • Sex
  2. Patient Non-Identifiable Data. Clinical data stored for each patient during therapy sessions, such as:
    • Range of motion values
    • Number of repetitions for certain exercises
    • Game points obtained during certain exercises
    • Diagnostic information and similar other.
    • Information about any falls in the previous year, including related injuries and changes to lifestyle as a result.
    • Information about the fear of falling and how it effects the following:
      • Getting dressed or undressed.
      • Taking a bath or shower.
      • Getting in or out of a chair.
      • Going up or down stairs.
      • Reaching for something.
      • Walking up or down a slope.
      • Going out to a social event.
    • Health status (based on EQ5D including questions around:
      • Mobility.
      • Self-care.
      • Usual activities.
      • Pain/discomfort.
      • Anxiety/ depression.
      • How good or bad is your health is today.

Data Flow

Data is gathered and used in the tablet application and stored in a local repository, stored on each individual machine running the application. This data is used to personalise the app experience. You are responsible for keeping data stored on your device secure by using a PIN code or other form of authentication to use your device and access the data stored on it by the app. Data stored on an Apple device will be encrypted using operating systems own storage encryption.
Anonymised personal data and data about how you use the app (performance data) is transmitted to Firebase. Firebase is a Google product that captures data about an app and its users. KOKU Health will have access to this anonymised personal and app performance data in Firebase. KOKU Health does not use any method of data analysis that allows us to identify an individual from this anonymised data.
This anonymised data is used to evaluate the performance of the app and to inform its development. The anonymous data is also used to inform research into exercise trends in older people. Data is transmitted over HTTPS.
The anonymised data collected and transmitted to Google Analytics app reporting includes:
Personal data values specified by KOKU Health:
  • Date of Birth
  • Sex
Default data values collected by Google Analytics app reporting:
Automatically generated and assigned app instance ID (a unique identifier of the app install
  • Age (one of 6 age brackets, based on the Identifier for Advertiser if you have opted in to interest based advertising on your device)
  • App Store the app was downloaded from
  • App Version
  • Country (inferred from IP address)
  • Device Brand
  • Device Category
  • Device Model
  • First Open Time
  • Gender
  • Information about any falls in the previous year, including related injuries and changes to lifestyle as a result.
  • Information about the fear of falling and how it effects the following:
    • Getting dressed or undressed.
    • Taking a bath or shower.
    • Getting in or out of a chair.
    • Going up or down stairs.
    • Reaching for something.
    • Walking up or down a slope.
    • Going out to a social event.
  • Health status (based on EQ5D including questions around:
    • Mobility.
    • Self-care.
    • Usual activities.
    • Pain/discomfort.
    • Anxiety/ depression.
    • How good or bad is your health is today.
  • Language
  • New/Established (whether you have opened the app in the last 7 days)
  • OS Version

Data retention and deletion

Any personal data mentioned in this section shall be solely used by KOKU Health for the purposes of analytics and marketing services in an anonymous and/or aggregated form. This retention and deletion policy applies only to data transmitted from the app to KOKU Health.
Data that is stored locally will be deleted when you delete the app from your device.
Your personal data will be securely stored for a period of maximum 5 years. After this period KOKU Health will:
  • Anonymise all the personal data in the Keep On Keep Up without being able to re-identify your personal data and;
  • Use only non-identifiable data stored during your activity using the Keep On Keep Up for its analytics and marketing services.
You reserve the right to
At your express request of deleting your personal data, KOKU Health will anonymise all the personal data in the Keep On Keep Up without being able to re-identify your personal data. We aim to respond to any exercise of your rights under GDPR as soon as possible and within 2 months of initial contact.
KOKU Health will not be able to fulfil any request to provide data after it has been annonymised, as KOKU Health will not have any information and/or record of your usage of the Keep On Keep Up platform.
Google Analytics retains certain advertising identifier associated data (e.g., Apple’s Identifier for Advertisers) for 60 days. All other data stored in Firebase is subject to the KOKU Health retention
policy.

Database security

The Local database on each device running the Keep On Keep Up platform is secured by the operating system and architecture of that device. The security of Local Database follows the following rules:
  1. The Local Database is encrypted and directly accessible only through the Keep On Keep Up platform.
  2. The Local Database encrypts all data at rest using the native OS encryption.

Data transmitted to Firebase is securely transmitted and secured at rest.

All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process.