Last updated: 30/05/2022
This Policy explains how we collect, use, maintain and disclose information collected about you, including when you visit or use our Services or otherwise interact with us. Data privacy is important to us, and we recognise the importance of protecting information collected about you.
If your employer has entered into an agreement with Kami to procure your access to our Services, the terms of your employer’s contract for your use of our Services may restrict our collection or use of your information further to what is described in this Policy.
Please read this Policy carefully to understand how we will collect, use, maintain and disclose your personal data. This Policy also describes your choices regarding use, access and correction of your personal data.
We are the data controller, registered as Optimum Health Limited (d.b.a. Kami), with an office at 7 Bell Yard, London, England, WC2A 2JR.
We may change this Policy from time to time, with any such changes to be effective prospectively. If we make any changes, we will notify you by revising the “Effective Date” at the top of this Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our Services, or by sending you an email notification). We encourage you to review this Policy whenever you access our Services to stay informed about our information practices and the ways you can help protect your privacy.
Your continued use of our Services after any change to this Policy will constitute your acceptance of such change.
If you have any questions, comments, or concerns regarding this Policy or our Services, please email our Data Protection Officer (DPO) at firstname.lastname@example.org
When you use or access our Services or otherwise interact with us, we may collect a variety of information about you and others, as described below. Such information includes, but is not limited to, information about you which is in a form that permits us to identify you (your “personal data”).
Information you provide to us. We collect information that you provide to us, or that someone on your behalf (such as your employer) provides to us. For example, when you inquire about our Services, subscribe to our publications, request our marketing materials, create a user account on our Services, access and use our Services (including, but not limited to, if you use the Kami chatbot function or attend a session with a Consultant), request customer support, attend an event, apply for a job with us, or communicate with us by phone, email, via third-party social media sites or otherwise.
The types of information may include:
- Contact data, such as your name, employer, username or similar identifier, email address and telephone numbers.
- Credentials, such as passwords, password hints or similar security information used for authentication and account access.
- Marketing data, such as your preferences in receiving marketing from us.
- Candidate data, such as employment history, qualifications, academic qualifications and education records, and any other information that you provide to us when applying for a job with us, for example in your curriculum vitae, a covering letter, on an application form or during an interview, or that we have received from a recruitment agency or background check provider.
We also receive parenting and wellbeing information that you share with us when using, signing up for, or requesting more information about the Services, including, but not limited to your pregnancy/parental status, due date, and your/your child’s demographic information, such as gender, first name and date of birth.
We will also collect the content of your communications when you use our chatbot function or teleconsultation feature within the Kami Website in order to provide a more personalised service to you and to ensure the effective monitoring of Consultants that provide services on the Kami Website.
Information we get from your employer. We may receive information from your employer to enable us to confirm you are eligible to use the Services, to contact you in order to inform you of the availability of our Services, and to help us measure the effectiveness of our Services. We may share general information with your employer on general usage of the Kami Website including statistics and summaries of employee wellness levels, however any user information shared will be aggregated and will not contain any of your personally identifiable or sensitive information.
Information we collect automatically. When you use or access our Services, we may also collect certain information through automated means, including but not limited to some or all of the following:
- Device data, such as your mobile phone number, unique device ID, device type, machine ID, geolocation information, computer and connection information, browser type, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer or device when you use the Internet, which may vary from session to session), domain name, and date and time stamps for your visits. We also may collect any telephone number from which you contact us.
- Log data, including information associated with your activities on our Services, including information about the way you interact with our Services, statistics regarding your page views and traffic to and from our Services, and the number of bytes transferred, hyperlinks clicked, and other actions you take. We may also track information such as the URL that you visited before you come to our Services and the URL to which you next go.
Cookies and similar tracking technologies.As with most websites and other digital Services, we employ cookies, pixel tags, web beacons, and similar technologies to collect and store certain information about visitors to our Services. We use this information to improve our Services, and to help us remember you and your preferences when you next. For more information about our practices in this area, please see our Cookie Notice.
We process your personal data for the purposes set out in this Policy only where we have a valid legal ground for doing so under applicable data protection law. The legal ground will depend on the purpose for which we process your personal data.
We will process your personal data for the following purposes as is necessary for the performance of our obligations under our Terms and Conditions, or to answer questions or take steps at your request prior to entering those terms:
- to create and maintain your user account;
- to provide, operate and maintain our Services;
- to manage use of our Services, respond to enquiries and comments and provide customer service and support;
- to process and complete transactions, and send related information, including transaction confirmations and invoices;
- to send technical alerts, updates, security notifications, and administrative communications;
- to manage registration, payments and your attendance to our events;
- to investigate and prevent fraudulent activities, unauthorised access to our Services, and other illegal activities; and
- to respond to requests or inquiries.
We use your sensitive personal data, including your parenting and wellbeing information, to provide you with an enhanced personalised service, for example showing you content that’s relevant to your parental status (and if relevant to your children’s ages), and offering customised mental wellbeing suggestions, where you have given your explicit consent to the extent required by applicable law (such consent can be withdrawn at any time).
We use your personal data for the following purposes as is necessary for certain legitimate interests, or where you have given your consent to such processing to the extent required by applicable law (such consent can be withdrawn at any time):
- to deal with any enquiries or complaints you or others make, to troubleshoot and diagnose problems, repair issues and provide other customer care and support services;
- to confirm, update and improve our records, and to analyse and develop our relationship with you;
- to conduct other marketing and commercial activities and offer our Services to you in a personalised way;
- for internal administrative and technical operations to keep our Services, network and information systems updated, patched and secure;
- to continually improve our Services, including adding new features or capabilities, and
- to develop new products and services; and to (i) comply with legal obligations, (ii) respond to requests from competent authorities; (iii) protect our interests; (iv) protect our rights, safety or property, and/or that of our partners, you or others; and (v) enforce or defend our legal rights.
If you apply to work for Kami, we will use your personal data in the following ways as necessary in our legitimate interests, and to decide whether to enter into a contract with you:
- to assess your skills, qualifications, and suitability for the role you have applied for;
- to carry out background and reference checks, where applicable;
- to communicate with you about the recruitment process;
- to keep records related to our hiring processes; and
- to comply with legal or regulatory requirements.
Access to your data is restricted to certain technical and administrative individuals within Kami who need to process your data as part of providing our services to you, and to parenting and wellness professionals on the platform when you book a private consultation session.
There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed in this Policy.
We may share or disclose your personal data to the following third parties:
- Our professional advisors, such as our auditors, accountants and lawyers.
- Trusted third-party service providers who perform services on our behalf in connection with our Services. The services provided by such third parties include services in the following categories: processing payments on our behalf, sending marketing communications on our behalf, authenticating identities on our behalf, helping us to create or maintain our databases, helping us to research or analyse visitors to our Services and maintaining the security of our cloud-hosting services, backend support services and data analysis and visualisation support services.
- Another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. A successor organisation or other legal entity, in the case of a merger, financing, acquisition or dissolution, transition, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. We do not guarantee that any entity receiving your information in connection with one of these transactions will comply with all of the terms of this Policy following such transaction.
- Public authorities and other third parties, to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce other agreements you may have with Kami, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a reporting agency for fraud protection). We reserve the right to release information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
- Any other third party where you have provided your consent.
We may also share aggregated or anonymous information that cannot identify you with third parties. For example, we may disclose the number of visitors to our Services, what features were used and how projects are developed.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will store your personal data for no longer than is necessary for the purpose for which such personal data is processed.
If you unregister from the Kami Website, your personal data will be fully anonymised and aggregated within 1 month.
Please note, however, that we may retain and use your personal data as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements and rights, or if it is not technically and reasonably feasible to remove such information from our databases, which means that we may retain and use your personal data as necessary after you stop using our Services.
The security of your personal data is important to us. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it, including access controls, monitoring and logging, and encryption. As all Kami Website account holders are assigned a random unique ID, any sensitive information collected is linked to that ID and not to your name, email address or any other identifiable feature. However, no method of transmission over the Internet and no method of electronic storage are 100% secure. Therefore, while best efforts are made to secure your data, we cannot guarantee absolute security. If you have any questions about security on our Services, you can contact us using the details in the “HOW TO CONTACT US” section at the beginning of this Policy.
You can always opt not to disclose information to us, but keep in mind some information may be needed to create a user account or to take advantage of some of our Services features, and other information about you may be collected automatically in connection with your use of our Services.
Marketing communications: You can opt-out of receiving certain marketing communications from us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting us using the details contained in the “CONTACT US” section at the beginning of this Policy. We may continue to send you non-promotional communications, such as service-related emails.
Your data subject rights: In certain circumstances you have rights under data protection laws in relation to your personal data that we hold about you—specifically:
- Request access to your personal data: You may have the right to request access to any personal data we hold about you as well as related information, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making.
- Request correction of your personal data. You may have the right to obtain without undue delay the rectification of any inaccurate personal data we hold about you.
- Request erasure of your personal data. You may have the right to request that personal data held about you be deleted.
- Request restriction of processing your personal data. You may have the right to prevent or restrict processing of your personal data.
- Request transfer of your personal data. You may have the right to request transfer of your personal data directly to a third party where this is technically feasible.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Our Services may contain links to other websites that are not covered by this Policy and where information practices may be different from ours. Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our Services and go to another website. During this process, another entity may collect information from you. We have no control over, do not review, and are not responsible for the privacy practices or the content of such other websites. Please be aware that the terms of this Policy do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites.
Our Services is not directed to individuals under the age of 18. We do not knowingly collect information from individuals under the age of 16 years without parental consent. However, if you are a parent, legal guardian, or personal representative of a minor child, you may, in compliance with our Terms and Conditions, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Policy. If we learn that we have received any information from an individual under the age of 16 without parental consent, we will take steps to remove the data as permitted by law. If you believe an individual under 16 years of age has provided us with personal data without parental consent, please contact us using the contact details contained in the “CONTACT US” section at the beginning of this Policy.