This privacy policy explains how KTF Digital Healthcare (“KTF”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data across our mobile applications, web portal, website, and business operations, in compliance with the UK GDPR, EU GDPR (where applicable), and other relevant laws.
KTF Digital Healthcare Limited, registered in the United Kingdom, is the controller of personal data processed under this policy unless stated otherwise. Our contact details are provided in the Contact us section below.
If you choose to provide consent, we process the following information to provide the Services:
Lawful basis. Our lawful basis for processing your personal data is your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time within the app or by contacting us (see Contact us). Where uploaded content or other information constitutes special category data (e.g., health-related information), we rely on your explicit consent under Article 9(2)(a) GDPR.
Minimal identity data. We do not know your name, address or other contact details within our systems. Your healthcare provider or research institute maintains their own independent records that enable them to link your User ID to your contact details. We cannot make this link from our systems.
To keep our platform free of harmful or illegal content, photographs and media you upload may be automatically moderated by algorithms after upload. Automated moderation aims to detect and block content that may be unlawful or violate our terms (for example, content that is abusive, exploitative, or otherwise harmful). We do not use this process for advertising or profiling.
For users who access the web portal, we process account credentials (user ID and encrypted/hashed password), access logs (to provide security and audit trails), and any information you choose to submit or upload as part of your use of the Services. The same lawful basis and minimal identity principles described for mobile app users apply here.
Data for the mobile app and web portal is stored securely in Google Cloud Storage (GCS) data centres located within the United Kingdom. We use industry-standard encryption in transit and at rest. We do not routinely transfer this data outside the UK. If an exceptional transfer is necessary (for example, for support or incident response), we will implement appropriate safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses) and limit the scope of any data involved.
We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, or resolve disputes. If you withdraw consent or request deletion, we will delete or anonymise your personal data unless retention is required by law (for example, for regulatory or audit purposes). You may request deletion of your data through the app or by contacting us using the details in the Contact us section.
To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We limit access to personal information to authorized employees and third parties who need access to perform the business activities described in this notice. Although we strive to protect the personal information we process and maintain, no security system can prevent all potential security breaches.
Our website and app may contain links to other apps or websites of interest. Once you leave our app, website, or software, we have no control over other websites and cannot be held accountable for any aspect of data privacy and protection.
Our app and website use cookies, as almost all apps and websites do, to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites. We do not use cookies to collect any personally identifiable information or sensitive information without your express permission, nor to pass personally identifiable data to third parties.
KTF Digital Healthcare processes personal data about contacts of existing and potential customers and/or any individuals associated with them through emails, by phone, or electronic calendar invites. We process this personal data solely for our business contract and on the basis that it is in our legitimate interests to do so (i.e., to ensure that we can manage our relationship with our customers). This information will be retained securely for as long as necessary for the purposes set out for that business contract. Personal data, such as emails or phone numbers, will never be given or shared with third parties without express permission. We also have procedures to manage and protect commercially confidential information, typically covered by NDAs and contractual agreements as required.
When using Garmin or other wearable devices, location data is required as part of the pairing process and syncing data. We do not store this data within our apps and never share it.
If your hospital has chosen to sign up to our waiting times optimisation solution, you may be asked to provide access to your location. We do not store any location or tracking data, this data remains and is processed on your device and may be used to determine if you are entering or leaving the hospital so that we can calculate waiting times.
We use third-party providers including LinkedIn and Twitter to manage our social media interactions; each has its own privacy policy. If you contact us via social media (for example by tweeting us), we will use your social media handle and name, together with any other personal data you provide in your communication, to respond. We do this on the basis of our legitimate interests to handle correspondence appropriately.
KTF Digital Healthcare is the data controller for all information you provide during the processes of recruitment and employment. We collect only the information needed to progress and assess your application, which may include data from third parties such as recruitment agencies. If you are not successful, documentation not required is confidentially destroyed and/or electronically deleted at the end of the recruitment process. If you are successful, your personal data will be used per our Employee Data Privacy Notice provided on induction.
This website is owned and operated by KTF Digital Healthcare Limited in the United Kingdom. With the exception of trial-related personal information stored for the mobile app and web portal in the UK as described above, some personal information related to our general business operations may be transferred and processed by KTF Digital Healthcare, its affiliates, and trusted service providers in other countries. Where such transfers occur, we use appropriate transfer mechanisms (which may include consent, UK/EU Standard Contractual Clauses, adequacy decisions, or intra-group transfer agreements) and apply additional safeguards as needed. You can contact us for more information.
Depending on your location and applicable law, you may have the right to:
You can exercise your rights by contacting us using the details below. Where we rely on consent, you can withdraw it at any time; withdrawal does not affect the lawfulness of processing prior to withdrawal.
Data Protection Officer
KTF Digital Healthcare, 23 Hazelmere Road, NW6 7HA London, UK
Email: admin@ktfdigital.com
Telephone: +44 07478166035
We may update this policy from time to time. We will handle your personal information in accordance with the version in effect at the time it was collected unless we provide you with a new notice and/or obtain your consent, as appropriate. The effective date appears at the top of this policy.