Privacy NoticeBack to home
Xploro is committed to protecting your privacy.
At Xploro we take protecting your privacy seriously. This notice explains what to expect when we collect information through Xploro.
We will explain:
- Who is Xploro ?
- What data do we collect and how do we use it?
- The Xploro Website:
- — Statistical data
- — Google Analytics
- — Contact Form
- — Storing and sharing data
- The Xploro App
- — Logging in
- — Using the app
- — Storing and sharing data
- The Xploro Advisory Group
- Lawful Basis for Using Your Data
- What are my rights?
- — Your right of access
- — Your right to rectification
- — Your right to erasure
- — Your right to restriction of processing
- — Your right to object to processing
- — Your right to data portability
- How long will my personal data be kept?
- How is my personal data secured?
- Can I complain about how you are using my personal data?
Who is Xploro ?
Xploro is a mobile application that uses augmented reality, gameplay and artificial intelligence to deliver health information to patients, in a way which makes them feel empowered, engaged and informed, whilst having fun at the same time.
We work closely with our sister company Corporation Pop, and their team of expert designers, project managers and developers to design and develop our app.
Xploro is a Limited company registered in England & Wales - our company number is 11761110
Our registered address is:
Xploro is a registered trademark
What data do we collect and how do we use it?
We collect and use a number of different types of data, some which is personal data and some which isn’t. All personal data is subject to an internal set of policies and procedures which are designed to make Xploro GDPR compliant.
The types of data we collect is detailed below along with where we collect it:
The Xploro Website:
Xploro collects information about website visitors using statistics tools. This information includes (but is not limited to) the date and time of visit, browser name and version, IP address, and referring website. This information is used for evaluating and further developing our website for digital audiences. No personal data is collected via statistics tools.
We use Google Analytics to let us know what age and gender our website users are, along with the interests they express through their online travel and purchasing activities. We will use the data provided by Google Analytics to develop our website and content around our users’ interests. The data is provided in aggregate and is not personally identifiable to us. You can opt-out of Google Analytics using their add-on to disable tracking by Google Analytics and you can see Google’s privacy notice here.
When you get in touch with us through the contact form on the Xploro website the information you enter is emailed to us directly. Your message is not stored on a database however it may be retained, as an email, along with your email address and any other information you include in it, in order that we can contact you again in the future.
Storing and sharing data
Xploro does not store, rent, sell or otherwise share information about anyone using our website with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.
The Xploro App:
Someone with parental responsibility for the user will receive an invitation and login code from the health authority the patient is engaging with. When accepting this invitation they will enter their own email address and the patient’s preferred name. No other personal data will be processed at login.
By accepting this invitation they are consenting, on behalf of the user, to the processing of personal data summarised below.
Using the app
The Xploro app can collect personal data in the following places:
Users and clinicians can add events to a shared calendar which includes appointments for treatment, visitors, check-ups and anything else they choose. This information is used by patients to record their activities during their treatment programme.
Users are regularly asked to indicate their mood. This is recorded as an emoji and is often linked to treatments and procedures, and the time of day they are asked.
Storing and sharing data
Xploro acts as a Data Processor for the health authority which invites patients to use the app. The health authority in question is the data controller and as such we share data from the app with each other. We have contracts in place to ensure that all personal data we share is done so securely and in accordance with GDPR rules. Furthermore Xploro has policies & procedures which are designed to ensure any data sharing is done securely and only when necessary.
Xploro is based in the European Union. When we work with health authorities in countries outside the EU our contracts include standard contractual clauses to protect the rights of individuals whose personal data is transferred. They contain contractual obligations on companies and their EU partners and are approved by the European Commission.
Xploro does not store, rent, sell or otherwise share information about anyone using the app with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.
The Expert Advisory Group
The Xploro Expert Advisory Group has been set up to assist us in developing and delivering the very best and most relevant experience to users.
Members of the group are children supported by their parent or carer. The person with parental responsibility for the child will be asked for their name, phone number and email address as a means of communication. Additionally both the child and their responsible adult will be given the opportunity to join a group instant messenger service.
We do not market to the group and membership of it is completely voluntary. Any personal data that we collect is used as a means of communication only and is subject to a set of internal policies and procedures which are designed to make Xploro GDPR compliant.
Xploro does not store, rent, sell or otherwise share information about anyone in the Expert Advisory Group with any other business, organisation or individual. The only exception to this is where we are legally obliged to do so to comply with a current judicial proceeding, a court order or legal process served on our website or company.
Lawful Basis for Using Your Data
The Xploro App provides benefits for the person using it by explaining medical procedures in an age appropriate manner and helping them understand their treatment. This helps to reduce stress and anxiety which has been shown to improve medical outcomes. Because of this the lawful basis for processing personal data in this instance is a Legitimate Interest.
Where users are aged 16 or under we ask the consent of the person with parental responsibility for them.
When contacting us through the Xploro website your email address, which is classed as personal data, is retained. We consider retaining it as a legitimate interest to our business and this is the lawful basis for processing that data.
The people with parental responsibility for the Expert Advisory Group members are asked for their contact details, which are classed as personal data. They are used solely for the purpose of communication and we consider this a legitimate interest to our business which is the lawful basis for processing it.
What are my rights?
Under the General Data Protection Regulation (GDPR) anyone whose personal data is stored by Corporation Pop has a set of rights relating to it. Those rights are as follows and the descriptions include links to the ICO website for more information:
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
How long will my personal data be kept?
Any personal data processed by Xploro will be retained for no longer than one month after the user stops using the Xploro app.
How is my personal data secured?
Xploro’s sister company Corporation Pop is a registered Data Controller with the Information Commissioner’s Office (ICO) in the UK. Both companies have a set of policies and procedures which are designed to make all processing of personal data secure and GDPR compliant. Xploro has a contract with Corporation Pop to which it is subcontracting.
The policies include removal of personal data from devices when not being used; regular encrypted backups; not removing personal data from the workplace; restriction of access to only those people who need it; secure transfer of personal data; and their membership of Cyber Essentials - a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats.
Can I complain about how you are using my personal data?
If you think we are handling your personal data incorrectly you should approach us in the first instance and we will do everything possible to rectify the situation. If you are not happy with our response you have a right to contact the supervisory authority, in this case the Information Commissioner’s Office (ICO). You can lodge a complaint through their website here and they, in turn, will deal with it.
This privacy notice may be updated from time to time so please check back occasionally to make sure you’re happy with any changes. By using our website you’re agreeing to be bound by this notice.