Raiys is a health and wellness improvement platform that supports our clients to work and live a more balanced, healthier, and happier life, Raiys has an interactive online health and wellbeing solution designed to increase individual and workforce wellbeing. We are a health and wellbeing coaching and behavioural change service provider.
Raiys is the Data Controller for data processed by our people and systems and has an appointed Data Protection Officer.
Within this policy the following words mean:
"Raiys", "we" or" us" - Raiys Limited is a company registered at Holly House, Raiys Ltd, Belmont House, Sitka Drive, Shrewsbury, SY2 6LG
Brands - Raiys means our brands Raiys, PAM Life, Skip CBT and our partner’s brand PAM Assist
Data Protection Laws - Data Protection Act (2018 and GDPR (EU regulation 2016/679) and all other laws and regulations relating to the collection and processing of personal data
You, Your, Yours and Yourself - Any user of the Raiys platform.
Personal data - Refers to personal data as defined in the DPA (including, if relevant, health data)
Under Data Protection Law We have a legal duty to protect any information we collect from you, and we are committed to protecting and respecting your privacy. We use leading technologies and encryption software to safeguard personal data and keep strict security standards to prevent any unauthorised access to it. In this policy:
Consumer Clients are individuals who subscribe to Raiys services for their personal and private use.
Corporate Clients are individuals where their employer pays for the Raiys service as a benefit to their employees.
This policy is information for all Users of the Raiys Service that we process their data and explains:
Raiys holds "Personal and Special Category Data (Health)” as defined by the GDPR and Data Protection Regulations. We collect personal data information when you register for an account, participate in interactive features (including health assessments), fill out a form or a survey, participate in a contest or promotion, make a purchase, communicate with us via social media sites, request customer support, or otherwise communicate with us. The information you may provide includes your name, email, password, address, postcode, date of birth, sex at birth, payment method information, feedback and survey responses, and other information about you included within your messages to us. Some users also provide Special Category data this is health-related information in connection with receiving coaching feedback, completing assessments or other messages to us. This includes data about your general wellbeing, physical and mental health, and we process that data consistently with the purpose for which it was provided.
When you use our Services, we collect the following information about you:
Usage Information: Whenever you use our Services, we collect usage information, such as the sessions you use, videos you view or audio you listen to, what screens or features you access, and other similar types of usage information.
Transactional Information: When you make a purchase or return, we collect information about the transaction, such as the product description, price, subscription or free trial expiration date, and time and date of the transaction.
Log Information: We collect standard log files when you use our Services, which include the type of web browser you use, app version, access times and dates, pages viewed, your IP address and location data, and the pages you visited before navigating to our websites.
Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).
Information we Record: On some occasions, we may record phone or video calls with your consent, such as in connection with our coaching program.
Information we Generate: We generate some information about you based on other information we have collected. For example, like most platforms, we use your IP address to derive the approximate location of your device. We also use your first name to make an educated guess about your gender and use information about your activity to help determine the likelihood of you continuing to use our Services in the future (which we hope will be the case!).
Data may be collected via Apple Healthkit and Google Fit upon installing our mobile application. This consent will be explained and obtained from you within the app, and you may revoke this access at any point within your phone’s system settings.
When you register for our services, you will be required to accept our terms and conditions this also includes that you are consenting to Raiys processing your data for the purposes of Raiys delivering health and wellbeing services. If we change any of our terms and conditions, we will require you to update your acceptance which updates your consent. During some assessments where we may process your health data, we may require you to confirm your consent to us We do not and will never sell your personal identifiable information to anyone else.
Data Collected - How it is Collected:
Personal data such as name, email, password, DOB & sex - Manually provided by yourself during registration to the service and as and when you amend such data within your profile settings.
General Wellbeing, physical and mental health - Manually provided by yourself during the completion of the available assessments and recorded by our coaches during coaching sessions.
Usage data, Log & device information - Automatically collected when you are using the service.
Transactional information - Automatically collected as you complete your subscription to one of our membership packages.
Recorded information - Automatically collected via your consent during coaching sessions.
We are committed to ensuring that data minimisation principles are met and collect only the data necessary to provide our services to you. When we process your personal data, we will only do so in the following situations:
We use the information we collect to:
All information you provide to us is stored within encrypted databases on secure servers. All special data is protected by additional cyber security measures and all data transferred between your device and our database is sent via secure HTTPS. Coaching sessions are protected by transmission protocols, Transport Layer Security (TLS) and Web Socket Secure (WSS).
Your registration process provides your unique identity profile to your data. No one outside Raiys can access your data. If you are a platform user, our client, who may be your employer, cannot access your data where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or applications, you are responsible for keeping this password confidential. Please do not share this password with anyone. When you send information to us by email, please bear in mind that the transmission of information over the internet is not completely secure, unless the information is encrypted. Whilst we take all reasonable steps to protect your personal data on our systems, we cannot guarantee the security of any data you choose to email to us, so, please be aware that sending us your personal data via email is at your own risk. Once we have received your information, we will use strict procedures and security controls to ensure its ongoing confidentiality and protection.
With regards to each of your visits to our site, we may automatically collect the following; technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); plans you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page and any phone number used to call our customer service numbers.
Raiys is fully ISO27001-certifed. If you would like to request our ISO27001 certificate, please contact email@example.com
Raiys is the Data Controller for the data that we hold regarding you. We have several Data Processors these include, health experts, employers, insurance companies’ other healthcare providers and or other partners of our services.
Data Processor - How they process data
Health Experts - Processing notes related to any coaching session that you have via the platform i.e., a summary of the conversation and any action points that the coach may have set because of the coaching session. Health experts also have access to your assessment scores and any goals that you have set on the platform to help tailor their advice to you.
Employers - Have access to anonymised aggregated data about employees to help them to identify any patterns in their workforce and assist with any decisions to make positive changes to improve employee wellbeing.
Raiys administrators - Have access to platform usage statistics which include demographics about users and their browsing habits whilst using the service. They may also process actions on your behalf such as deleting your account, changing your membership status and refunding membership costs (if applicable).
Insurance companies - Who act as partners and promote, sell or offer the services provided by Raiys.
We may use anonymised personal data for internal and external research and publicity purposes. This may include publishing aggregate, anonymous information about our users for the purpose of providing public information and conducting academic research.
You may opt out of receiving promotional emails from Raiys by following the instructions in those emails or by logging into your account. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
You may update certain account information you provide to us (such as your password, name, and email address) by logging into your account or contacting us through our Help Centre at firstname.lastname@example.org
If you wish to disable your account, please contact us at email@example.com but note that we retain certain information when required or permitted by law. We also retain cached or archived copies of information about you for a certain period.
The information we hold is electronic and our servers are located within the UK.
Providing a personalised service to you on the platform via the personal, general wellbeing, physical and mental health data that you provide - You have the right to remove your explicit consent to the processing of your data through your profile settings. As we depend on this data to provide our services, opting out will disable your account until you opt back in again. You can also opt out of the collection of health data from your mobile devices upon 1st use of the app or at a later stage.
Marketing and promotional purposes - You can opt out of these through your profile settings and/or opting to unsubscribe via any emails received.
Recordings from consultations - You will be informed of any intentions to record a consultation which would require your explicit consent to proceed.
Usage, log, device, and transactional data - You are unable to opt out of these processing activities. We use this data to improve the services that we provide and to process transactions on your behalf i.e., the renewal of your membership subscription. You can however opt out of the tracking of location data for the mobile application through the privacy settings on your mobile device.
The following data retention periods are applied for Consumer and Corporate Clients.
Data type or processing activity - Data retention period
Health data collected by a User who does not subscribe to our service - 7 days after data entry
Personal Data collected from a User who does not subscribe to our service - 1 year after entry
Health data collected by and stored in our kiosk - 3 days after entry
Health data collected from a client - 45 days after service ends
Personal data collected from a client - 1 year after service ends
Non personal statistical data from users and clients is held with no personal identification - 7 years after entry
Subject to certain limits and conditions provided under law, you have the following rights: