Privacy Notice

Back to home

Xploro is committed to protecting your privacy.

At Xploro we take protecting your privacy seriously. This notice explains what to expect when we collect information through Xploro.

We will explain:

  • Who is Xploro ?
  • What data do we collect and how do we use it?
  • The Xploro Website:
  • — Statistical data
  • — Google Analytics
  • — Contact Form
  • — Storing and sharing data
  • The Xploro App
  • — Logging in
  • — Using the app
  • — Storing and sharing data
  • The Xploro Advisory Group
  • Lawful Basis for Using Your Data
  • What are my rights?
  • — Your right of access
  • — Your right to rectification
  • — Your right to erasure
  • — Your right to restriction of processing
  • — Your right to object to processing
  • — Your right to data portability
  • How long will my personal data be kept?
  • How is my personal data secured?
  • Can I complain about how you are using my personal data?

Who is Xploro ?

Xploro is a mobile application that uses augmented reality, gameplay and artificial intelligence to deliver health information to patients, in a way which makes them feel empowered, engaged and informed, whilst having fun at the same time.

We work closely with our sister company Corporation Pop, and their team of expert designers, project managers and developers to design and develop our app.

Xploro is a Limited company registered in England & Wales - our company number is 11761110

Our registered address is:

21-23 Shudehill,
Manchester,
U.K.
M4 2AF

Xploro is a registered trademark

What data do we collect and how do we use it?

We collect and use a number of different types of data, some which is personal data and some which isn’t. All personal data is subject to an internal set of policies and procedures which are designed to make Xploro GDPR compliant.

The types of data we collect is detailed below along with where we collect it:

The Xploro Website:

Statistical data

Xploro collects information about website visitors using statistics tools. This information includes (but is not limited to) the date and time of visit, browser name and version, IP address, and referring website. This information is used for evaluating and further developing our website for digital audiences. No personal data is collected via statistics tools.

Google Analytics

We use Google Analytics to let us know what age and gender our website users are, along with the interests they express through their online travel and purchasing activities. We will use the data provided by Google Analytics to develop our website and content around our users’ interests. The data is provided in aggregate and is not personally identifiable to us. You can opt-out of Google Analytics using their add-on to disable tracking by Google Analytics and you can see Google’s privacy notice here.

Contact form

When you get in touch with us through the contact form on the Xploro website the information you enter is emailed to us directly. Your message is not stored on a database however it may be retained, as an email, along with your email address and any other information you include in it, in order that we can contact you again in the future.

Storing and sharing data

Xploro does not store, rent, sell or otherwise share information about anyone using our website with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.

The Xploro App:

Logging in

Someone with parental responsibility for the user will receive an invitation and login code from the health authority the patient is engaging with. When accepting this invitation they will enter their own email address and the patient’s preferred name. No other personal data will be processed at login.

By accepting this invitation they are consenting, on behalf of the user, to the processing of personal data summarised below.

Using the app

The Xploro app can collect personal data in the following places:

Users and clinicians can add events to a shared calendar which includes appointments for treatment, visitors, check-ups and anything else they choose. This information is used by patients to record their activities during their treatment programme.

Users are regularly asked to indicate their mood. This is recorded as an emoji and is often linked to treatments and procedures, and the time of day they are asked.

Storing and sharing data

Xploro acts as a Data Processor for the health authority which invites patients to use the app. The health authority in question is the data controller and as such we share data from the app with each other. We have contracts in place to ensure that all personal data we share is done so securely and in accordance with GDPR rules. Furthermore Xploro has policies & procedures which are designed to ensure any data sharing is done securely and only when necessary.

Xploro is based in the European Union. When we work with health authorities in countries outside the EU our contracts include standard contractual clauses to protect the rights of individuals whose personal data is transferred. They contain contractual obligations on companies and their EU partners and are approved by the European Commission.

Xploro does not store, rent, sell or otherwise share information about anyone using the app with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.

The Expert Advisory Group

The Xploro Expert Advisory Group has been set up to assist us in developing and delivering the very best and most relevant experience to users.

Members of the group are children supported by their parent or carer. The person with parental responsibility for the child will be asked for their name, phone number and email address as a means of communication. Additionally both the child and their responsible adult will be given the opportunity to join a group instant messenger service.

We do not market to the group and membership of it is completely voluntary. Any personal data that we collect is used as a means of communication only and is subject to a set of internal policies and procedures which are designed to make Xploro GDPR compliant.

Xploro does not store, rent, sell or otherwise share information about anyone in the Expert Advisory Group with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.

Lawful Basis for Using Your Data

The Xploro App provides benefits for the person using it by explaining medical procedures in an age appropriate manner and helping them understand their treatment. This helps to reduce stress and anxiety which has been shown to improve medical outcomes. Because of this the lawful basis for processing personal data in this instance is a Legitimate Interest.

Where users are aged 16 or under we ask the consent of the person with parental responsibility for them.

When contacting us through the Xploro website your email address, which is classed as personal data, is retained. We consider retaining it as a legitimate interest to our business and this is the lawful basis for processing that data.

The people with parental responsibility for the Expert Advisory Group members are asked for their contact details, which are classed as personal data. They are used solely for the purpose of communication and we consider this a legitimate interest to our business which is the lawful basis for processing it.

What are my rights?

Under the General Data Protection Regulation (GDPR) anyone whose personal data is stored by Corporation Pop has a set of rights relating to it. Those rights are as follows and the descriptions include links to the ICO website for more information:

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us at info@xploro.health if you wish to make a request, or call us on +44 (0)161 838 0808

How long will my personal data be kept?

Any personal data processed by Xploro will be retained for no longer than one month after the user stops using the Xploro app.

How is my personal data secured?

Xploro’s sister company Corporation Pop is a registered Data Controller with the Information Commissioner’s Office (ICO) in the UK. Both companies have a set of policies and procedures which are designed to make all processing of personal data secure and GDPR compliant. Xploro has a contract with Corporation Pop to which it is subcontracting.

The policies include removal of personal data from devices when not being used; regular encrypted backups; not removing personal data from the workplace; restriction of access to only those people who need it; secure transfer of personal data; and their membership of Cyber Essentials - a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.

Can I complain about how you are using my personal data?

If you think we are handling your personal data incorrectly you should approach us in the first instance and we will do everything possible to rectify the situation. If you are not happy with our response you have a right to contact the supervisory authority, in this case the Information Commissioner’s Office (ICO). You can lodge a complaint through their website here and they, in turn, will deal with it.

Please note:

This privacy notice may be updated from time to time so please check back occasionally to make sure you’re happy with any changes. By using our website you’re agreeing to be bound by this notice.

If you have any questions about this privacy notice or our privacy practices you can email us at info@xploro.health call us on +44 (0)161 838 0808 or write to us at:

Xploro,
21-23 Shudehill,
Manchester,
U.K.
M4 2AF