The Preptrack Foundation takes data privacy seriously. This privacy policy explains who we are, how we collect, share and use Personal Information, and how you can exercise your privacy rights.
We recommend that you read this privacy policy in full to ensure you are fully informed. However, to make it easier for you to review the parts of this privacy policy that apply to you, we have divided up the document into sections that are specifically applicable to Website Visitors (Section 2), App Users (Section 3) and Email Subscribers (Section 4). Sections 1 and 5 are applicable to everyone.
If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the end of Section 5.
To the extent we provide you with notice of different or additional privacy policies, those policies will govern such interactions.
1. The Basics
1.1 About us
The Preptrack Foundation is a registered charity (reg. number 1190908) in England and Wales ("we," “us,” “our,” “Preptrack,” “The Preptrack Foundation,” and “The Foundation”).
1.2 Key terms
In this privacy policy, these terms have the following meanings:
“App User” means any person who downloads, installs, or uses any of our mobile applications, including but not limited to Preptrack for iOS.
“Websites” refers to our websites, including but not limited to https://preptrack.co.uk.
“Website Visitor” means any person who visits our Websites.
“Email Subscriber” means someone who has signed up to receive email communications from us for marketing purposes.
As defined by the General Data Protection Regulation (GDPR), “Personal Information” means any information relating to an individual who can be identified either directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, email address, gender and sexual identity, or other demographic information.
“you” and “your” means, depending on the context, either an Email SubScriber, Website Visitor or an App User.
“PrEP” means oral Pre-Exposure Prophylaxis for HIV prevention.
2. Privacy for Website Visitors
This section applies to Personal Information that we collect and process when you visit our Websites. In this section, “you” and “your” refer to Website Visitors.
2.1 Personal information we collect
When you visit our Websites, we may collect information about you. We use cookies and other identifiers, and other tracking technologies, to collect this information. Our use of cookies and other tracking technologies is discussed more below and in more detail in our Cookie Statement available here.
We currently collect and process the following information:
- Device and browser information: We collect information about the device and applications you use to visit our Websites, such as your IP address, your operating system, your browser ID, and other information about your system and connection. We only collect this data if you consent to data collection.
- Usage data: We collect usage data about your interactions with our Websites, which may include dates and times you visited our Websites and your browsing activities (such as which pages are viewed and for how long). We only collect this data if you consent to data collection.
2.2 Use of Personal Information
We use the Personal Information we have collected in order to provide, support and improve our Websites and other service offerings, and to improve the effectiveness of our advertising and outreach campaigns.
We may share this information with our third-party analytics service provider, “Google Analytics”. For the purposes of the General Data Protection Regulation (GDPR), The Foundation is a Data Controller and the provider of Google Analytics, “Google LLC”, is a Data Processor. Personal Information processed by Google Analytics is also subject to and processed in accordance with the “Google Privacy Policy”, available here. Further information on the way Google LLC processes information from our Websites can be found here.
We may also share this information with our third-party marketing platform provider, “HubSpot”. For the purposes of the General Data Protection Regulation (GDPR), the provider of HubSpot, “HubSpot Inc.”, is a Data Processor. Personal Information processed by HubSpot is also subject to and processed in accordance with the “HubSpot Privacy Policy”, available here.
We may also share this information with our third-party digital advertising provider, “Meta Ads”. For the purposes of the General Data Protection Regulation (GDPR), the provider of Meta Ads, “Meta Platforms, Inc.”, is a Data Processor. Personal Information processed by Meta Ads is also subject to and processed in accordance with the “Meta Privacy Policy”, available here.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
Your consent. We only collect Personal Information about you on our Websites if you explicitly opt-in to this collection through the pop-up banner that appears on first visit to our websites. You are able to remove your consent at any time. You can do this by contacting dpo@preptrack.co.uk or by clearing your browser’s cookies
2.3 How we store Personal Information
Your information is securely stored by Google Analytics, HubSpot and Meta Ads. We keep information in Google Analytics for at most 26 months, after which it will be automatically deleted by Google Analytics. Information in HubSpot and Meta Ads may be retained indefinitely.
3. Privacy for App Users
This section applies to Personal Information that we collect and process when you download, install, or use our mobile applications. In this section, “you” and “your” refer to App Users.
Some of the Personal Information we collect is essential for the proper functioning of our mobile applications, and must necessarily be collected when you use the app. We refer to this as “Necessary Personal Information”.
Optionally, we also collect other Personal Information in order to provide, support and improve our mobile applications and other service offerings. We only do this if you consent. We refer to this information as “Personal Information for Analytics”.
3.1 Necessary Personal Information we collect
When you use our mobile applications, we will collect necessary information about you in order to provide essential functionality.
We currently collect and process the following information:
- Medical and health information: We collect information about your health, in the form of the times and dates of your PrEP doses, and the way you take your PrEP, e.g. whether you take event-based or daily PrEP.
- Sex life information: We collect information about your sexual practices, such as the times of your sexual activities that you report.
- Information about you: We collect information about whether you are over 18 years of age.
- Information about device performance, problems, crashes and bug reports: We collect information about the functioning of our mobile applications, and about when things go wrong, such as when our mobile applications crash, or when you report bugs or other feedback.
- Information about your notifications preferences: We collect information about whether you have enabled mobile notifications on your device.
3.2 Use of Necessary Personal Information
We use the Necessary Personal Information we have collected in order to provide the essential functionality of our mobile applications. We only collect the minimum amount of Necessary Personal Information that is required to the enable the proper functioning of our mobile applications.
Information about device performance, problems, crashes and bug reports may be shared with our third-party analytics service provider, “Firebase Crashlytics”. For the purposes of the General Data Protection Regulation (GDPR), The Foundation is a Data Controller and the provider of Firebase Crashlytics, “Google LLC”, is a Data Processor. Personal Information processed by Firebase Crashlytics is also subject to and processed in accordance with the “Terms of Service for Firebase Services”, available here. Further information on the way Firebase Crashlytics processes information can be found here.
Information when you report a bug or send us feedback may be shared with our third-party bug reporting service provider, “Instabug”. The provider of Instabug, “Instabug Inc”, is a Data Processor. Personal Information processed by Instabug is also subject to and processed in accordance with the “Instabug Privacy Policy”, available here.
Information about your notifications preferences may be shared with our third-party notifications service provider, “OneSignal”. The provider of OneSignal, “OneSignal, Inc.”, is a Data Processor. Personal Information processed by OneSignal is also subject to and processed in accordance with the “OneSignal Privacy Policy”, available here.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
Legitimate Interests. We only collect Necessary Personal Information about you in our mobile applications in order to provide our services to support PrEP use.
Some of the information we collect is Special Category Data, including your medical and health information and information about your sex life. Under the GDPR, the Article 9 condition we rely on for processing this information is:
Not-for-profit bodies. The Preptrack Foundation, as a registered charity in England and Wales, is a not-for-profit body, and we only use this information to serve our beneficiaries through the provision of essential services.
3.3 How we store Necessary Personal Information
Your medical and health information, your sex life information and information about you is securely stored on your device, and is not accessible to anyone other than you. We keep this Personal Information until you uninstall the mobile application from your device.
Information about device performance, problems and crashes is securely stored by Firebase Crashlytics and will be automatically removed after 90 days.
Information about bug reports and feedback is securely stored by InstaBug and will be automatically removed after one month.
Information about notifications is securely stored by OneSignal and will be automatically removed after 30 days.
3.4 Personal Information we collect for Analytics
When you use our mobile applications, we may collect information about you. We use identifiers and other tracking technologies to collect this information.
We currently collect and process the following information:
- Device information: We collect information about the device you use to access our mobile applications, such as, your IP address, your operating system, and other information about your system and connection.
- Usage data: We collect usage data about your interactions with our mobile applications, which may include dates and times you used our mobile applications and your activities (such as what parts of the app are viewed and for how long).
3.5 Use of Personal Information for Analytics
We use the Personal Information for Analytics we have collected in order to provide, support and improve our mobile applications and other service offerings.
We may share this information with our third-party analytics service providers, “Google Analytics”. For the purposes of the General Data Protection Regulation (GDPR), The Foundation is a Data Controller and the provider of Google Analytics, “Google LLC”, is a Data Processor. Personal Information processed by Google Analytics is also subject to and processed in accordance with the “Google Privacy Policy”, available here. Further information on the way Google LLC processes information from our mobile applications can be found here.
If you are an alpha or beta tester, we may receive information about your usage of our mobile applications through “TestFlight”. This information will relate to when our mobile applications crash, or when you provide feedback about our mobile applications. For the purposes of the General Data Protection Regulation (GDPR), The Foundation is a Data Controller and the provider of TestFlight, “Apple Inc.”, is a Data Processor. Personal Information processed by TestFlight is also subject to and processed in accordance with the “Apple Privacy Policy”, available here, and the “TestFlight Terms of Service”, available here. Further information on the way TestFlight processes information from our mobile applications can be found here.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
Your consent. We only collect Personal Information for Analytics about you on our mobile applications if you explicitly opt-in to this collection. You are able to remove your consent at any time. You can do this by contacting dpo@preptrack.co.uk or changing your privacy settings in the mobile application.
3.6 How we store Personal Information for Analytics
Your information is securely stored by Google Analytics. We keep this Personal Information for at most 26 months, after which it will be automatically deleted by Google Analytics.
If you are an alpha or beta tester, information regarding crashes and feedback is securely stored by TestFlight. We keep this information for at most 1 year, after which it will be automatically deleted by TestFlight.
4. Privacy for Email Subscribers
This section applies to Personal Information that we collect and process when you sign up to receive email communications from us for marketing purposes. In this section, “you” and “your” refer to Email Subscribers.
4.1 Personal information we collect
When you sign up to receive email communications from us, or when you open and read one of our emails, we may collect information about you. We use cookies and other identifiers, and other tracking technologies, to collect this information. Our use of cookies and other tracking technologies is discussed more below and in more detail in our Cookie Statement available here.
We currently collect and process the following information:
- Email address, name and organisational affiliations: We collect your email address to be able to contact you, and your name and organisational affiliations to be able to address you appropriately and communicate more effectively.
- Device and browser information: We collect information about the device and applications you use to visit our email subscription forms and to open and read our emails, such as your IP address, your operating system, your browser ID, and other information about your system and connection.
- Usage data: We collect usage data about your interactions with our emails, which may include dates and times you open or read our emails, and any links you may have clicked.
4.2 Use of Personal Information
We use the Personal Information we have collected in order to provide, support and improve our email communications and other service offerings.
This information is collected on our behalf by our third-party email marketing provider, “Mailchimp”. For the purposes of the General Data Protection Regulation (GDPR), The Foundation is a Data Controller and the provider of Mailchimp, “Intuit Inc.”, is a Data Processor. Personal Information processed by Mailchimp is also subject to and processed in accordance with the “Intuit Global Privacy Statement”, available here, and the “Intuit Data Processing Addendum”, available here.
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
Legitimate Interests. We only ever communicate with you via email if you have explicitly signed up for email communications using one of our online forms. You may stop receiving email communications at any time by clicking the “Unsubscribe” link the footer of any of our emails, or by contacting dpo@preptrack.co.uk.
4.3 How we store Personal Information
Your information is securely stored by Mailchimp, a part of Intuit Inc.
5. General Information
5.1 Your data protection rights
Under data protection law, you have rights including:
Your right of access
You have the right to ask us for copies of your personal information.
Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing
You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at dpo@preptrack.co.uk if you wish to make a request.
5.2 How to contact us
If you have questions, comments, or requests, you can contact us as at:
Contact details
The Preptrack Foundation Unit 50345 PO Box 6945 London W1A 6US
Email: dpo@preptrack.co.uk
Website: https://preptrack.co.uk
5.3 How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@preptrack.co.uk or using the contact details above.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk