Raiys Privacy Policy

About Raiys

Raiys is a health and wellness improvement platform that supports our clients to work and live a more balanced, healthier, and happier life, Raiys has an interactive online health and wellbeing solution designed to increase individual and workforce wellbeing. We are a health and wellbeing coaching and behavioural change service provider.

Raiys is the Data Controller for data processed by our people and systems and has an appointed Data Protection Officer.

About this Privacy Policy

Within this policy the following words mean:

"Raiys", "we" or" us" - Raiys Limited is a company registered at Holly House, Raiys Ltd, Belmont House, Sitka Drive, Shrewsbury, SY2 6LG

Brands - Raiys means our brands Raiys, PAM Life, Skip CBT and our partner’s brand PAM Assist

Data Protection Laws - Data Protection Act (2018 and GDPR (EU regulation 2016/679) and all other laws and regulations relating to the collection and processing of personal data

You, Your, Yours and Yourself - Any user of the Raiys platform.

Personal data - Refers to personal data as defined in the DPA (including, if relevant, health data)

This Privacy Policy explains how Raiys. collects, uses, and discloses information about you when you access or use our websites, mobile application, and other online products and services (collectively, the "Services"), and when you contact our customer service team, engage with us on social media, or otherwise interact with us.

Under Data Protection Law We have a legal duty to protect any information we collect from you, and we are committed to protecting and respecting your privacy. We use leading technologies and encryption software to safeguard personal data and keep strict security standards to prevent any unauthorised access to it. In this policy:

Amending this Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy, we may provide you with additional notice (such as adding a statement to our website homepage or sending you a notification). We will re-obtain your consent to an amended policy when you next log into our services. We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you. We will always publish the most current version of our Privacy Policy on our website www.raiys.com

Who is the Policy for?

Consumer Clients are individuals who subscribe to Raiys services for their personal and private use.
Corporate Clients are individuals where their employer pays for the Raiys service as a benefit to their employees.

This policy is information for all Users of the Raiys Service that we process their data and explains:

  • What we hold?
  • Why we hold it?
  • How long we hold it for

What Data do we Hold?

Collection of Information

Raiys holds "Personal and Special Category Data (Health)” as defined by the GDPR and Data Protection Regulations. We collect personal data information when you register for an account, participate in interactive features (including health assessments), fill out a form or a survey, participate in a contest or promotion, make a purchase, communicate with us via social media sites, request customer support, or otherwise communicate with us. The information you may provide includes your name, email, password, address, postcode, date of birth, sex at birth, payment method information, feedback and survey responses, and other information about you included within your messages to us. Some users also provide Special Category data this is health-related information in connection with receiving coaching feedback, completing assessments or other messages to us. This includes data about your general wellbeing, physical and mental health, and we process that data consistently with the purpose for which it was provided.

Other Information about your use of services

When you use our Services, we collect the following information about you:

Usage Information: Whenever you use our Services, we collect usage information, such as the sessions you use, videos you view or audio you listen to, what screens or features you access, and other similar types of usage information.

Transactional Information: When you make a purchase or return, we collect information about the transaction, such as the product description, price, subscription or free trial expiration date, and time and date of the transaction.

Log Information: We collect standard log files when you use our Services, which include the type of web browser you use, app version, access times and dates, pages viewed, your IP address and location data, and the pages you visited before navigating to our websites.

Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).

Information we Record: On some occasions, we may record phone or video calls with your consent, such as in connection with our coaching program.

Information we Generate: We generate some information about you based on other information we have collected. For example, like most platforms, we use your IP address to derive the approximate location of your device. We also use your first name to make an educated guess about your gender and use information about your activity to help determine the likelihood of you continuing to use our Services in the future (which we hope will be the case!).

Information Collected by Cookies and Similar Tracking Technologies: We use different technologies to collect information, including cookies and web beacons. Please see our Cookie Policy for more details.

Information we collect from other sources

Data may be collected via Apple Healthkit and Google Fit upon installing our mobile application. This consent will be explained and obtained from you within the app, and you may revoke this access at any point within your phone’s system settings.


How do we obtain your consent?

When you register for our services, you will be required to accept our terms and conditions this also includes that you are consenting to Raiys processing your data for the purposes of Raiys delivering health and wellbeing services. If we change any of our terms and conditions, we will require you to update your acceptance which updates your consent. During some assessments where we may process your health data, we may require you to confirm your consent to us We do not and will never sell your personal identifiable information to anyone else.

Information we collect from other sources

Data Collected - How it is Collected:

Personal data such as name, email, password, DOB & sex - Manually provided by yourself during registration to the service and as and when you amend such data within your profile settings.

General Wellbeing, physical and mental health - Manually provided by yourself during the completion of the available assessments and recorded by our coaches during coaching sessions.

Usage data, Log & device information - Automatically collected when you are using the service.

Transactional information - Automatically collected as you complete your subscription to one of our membership packages.

Recorded information - Automatically collected via your consent during coaching sessions.

What do we use your data for?

We are committed to ensuring that data minimisation principles are met and collect only the data necessary to provide our services to you. When we process your personal data, we will only do so in the following situations:

  • As necessary to perform our responsibilities under our contract with you (like processing payments and providing the products or services you have requested).
  • As necessary to comply with our legal obligations; and
  • When we have your consent to do so.

We use the information we collect to:

  • Provide, maintain, and improve our services, and develop new products and service.
  • Process transactions and fulfil orders and payments.
  • Communicate with you about products, services, and events offered by Raiys and others, request feedback.
  • Monitor and analyse trends, usage, and activities in connection with our Services.
  • For the promotion and provision of health and wellbeing services.
  • For the purposes of marketing our services or services of selected partners related to our services.
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and Property of Raiys and our partners.

We share information about you as follows and as otherwise described in this Privacy Policy:

  • With companies and contractors that perform services for us, including email service providers, payment processors, fraud prevention vendors and other service providers;
  • In response to a request for information, any applicable law or legal process or requested by a statutory body or law enforcement agency.
  • If we believe your actions are inconsistent with our Terms and Conditions or policies, if we believe you have violated the law, or to protect the rights, and safety of PAMLife or others;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
  • With your consent or at your direction. For instance, you may choose to share actions you take on our Services with third-party social media services

Sharing of information

  • With companies and contractors that perform services for us, including email service providers, payment processors, fraud prevention vendors and other service providers.
  • In response to a request for information, any applicable law or legal process or requested by a statutory body or law enforcement agency.
  • If we believe your actions are inconsistent with our Terms and Conditions or policies, if we believe you have violated the law, or to protect the rights, and safety of Raiys or others.
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.
  • With your consent or at your direction. For instance, you may choose to share actions you take on our Services with third-party social media services.

How do we protect your data?

All information you provide to us is stored within encrypted databases on secure servers. All special data is protected by additional cyber security measures and all data transferred between your device and our database is sent via secure HTTPS. Coaching sessions are protected by transmission protocols, Transport Layer Security (TLS) and Web Socket Secure (WSS).

Your registration process provides your unique identity profile to your data. No one outside Raiys can access your data. If you are a platform user, our client, who may be your employer, cannot access your data where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or applications, you are responsible for keeping this password confidential. Please do not share this password with anyone. When you send information to us by email, please bear in mind that the transmission of information over the internet is not completely secure, unless the information is encrypted. Whilst we take all reasonable steps to protect your personal data on our systems, we cannot guarantee the security of any data you choose to email to us, so, please be aware that sending us your personal data via email is at your own risk. Once we have received your information, we will use strict procedures and security controls to ensure its ongoing confidentiality and protection.

With regards to each of your visits to our site, we may automatically collect the following; technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); plans you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page and any phone number used to call our customer service numbers.

Raiys is fully ISO27001-certifed. If you would like to request our ISO27001 certificate, please contact
hello@raiys.com

Raiys is the Data Controller for the data that we hold regarding you. We have several Data Processors these include, health experts, employers, insurance companies’ other healthcare providers and or other partners of our services.

Data Processor - How they process data

Health Experts - Processing notes related to any coaching session that you have via the platform i.e., a summary of the conversation and any action points that the coach may have set because of the coaching session. Health experts also have access to your assessment scores and any goals that you have set on the platform to help tailor their advice to you.

Employers - Have access to anonymised aggregated data about employees to help them to identify any patterns in their workforce and assist with any decisions to make positive changes to improve employee wellbeing.

Raiys administrators - Have access to platform usage statistics which include demographics about users and their browsing habits whilst using the service. They may also process actions on your behalf such as deleting your account, changing your membership status and refunding membership costs (if applicable).

Insurance companies - Who act as partners and promote, sell or offer the services provided by Raiys.

Advertising and Analytics Services provided by others

We allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications. These entities use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, device identifiers, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Raiys to analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our services.

We may also share personal data with third-party service providers that we have used to provide services on your behalf, including those who act as data processors on our behalf. All data processors are subject to the same privacy and security obligations consistent with our privacy policy and current data protection regulations and framework. They are limited to processing data in ways specified within our agreements with them. These services include (but are not limited to) Azure Microsoft Services which provides the app and website and Live chat who provide the platform to interact with coaches.

We may use anonymised personal data for internal and external research and publicity purposes. This may include publishing aggregate, anonymous information about our users for the purpose of providing public information and conducting academic research.

Cookies

Much of the information which we may collect using cookies is non-personal data, for the purposes of Data Protection Law but we treat Internet Protocol (IP) addresses and similar identifiers as personal data. Where non-personal data is combined with personal data, we also treat the combined information as personal data for the purposes of this Privacy Policy. Our cookie policy may be viewed at www.raiys.com/policies/cookie-policy

Promotional Communications

You may opt out of receiving promotional emails from Raiys by following the instructions in those emails or by logging into your account. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Mobile Push Notifications/Alerts

With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Account Information

You may update certain account information you provide to us (such as your password, name, and email address) by logging into your account or contacting us through our Help Centre at hello@raiys.com

If you wish to disable your account, please contact us at hello@raiys.com but note that we retain certain information when required or permitted by law. We also retain cached or archived copies of information about you for a certain period.

The information we hold is electronic and our servers are located within the UK.

How to opt out of data processing activities

Processing Activity - How to opt out

Providing a personalised service to you on the platform via the personal, general wellbeing, physical and mental health data that you provide - You have the right to remove your explicit consent to the processing of your data through your profile settings. As we depend on this data to provide our services, opting out will disable your account until you opt back in again. You can also opt out of the collection of health data from your mobile devices upon 1st use of the app or at a later stage.

Marketing and promotional purposes - You can opt out of these through your profile settings and/or opting to unsubscribe via any emails received.

Recordings from consultations - You will be informed of any intentions to record a consultation which would require your explicit consent to proceed.

Usage, log, device, and transactional data - You are unable to opt out of these processing activities. We use this data to improve the services that we provide and to process transactions on your behalf i.e., the renewal of your membership subscription. You can however opt out of the tracking of location data for the mobile application through the privacy settings on your mobile device.

How long do we hold your data for?

Data Retention

The following data retention periods are applied for Consumer and Corporate Clients.

Data type or processing activity - Data retention period

Health data collected by a User who does not subscribe to our service - 7 days after data entry

Personal Data collected from a User who does not subscribe to our service - 1 year after entry

Health data collected by and stored in our kiosk - 3 days after entry

Health data collected from a client - 45 days after service ends

Personal data collected from a client - 1 year after service ends

Non personal statistical data from users and clients is held with no personal identification - 7 years after entry

Data subject Requests

Subject to certain limits and conditions provided under law, you have the following rights:

  • You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or made available in a portable form. Email sar@raiys.com
  • You also have the right to object to certain processing (like receiving direct marketing), or request that we restrict processing in certain circumstances.
  • When we ask for your consent, you may withdraw that consent at any time.
  • You have the right to file a complaint regarding our data protection practices with the Information Commissioners Office and can be found at https://ico.org.uk/global/contact-us/
  • Automated Decision Making & Profiling: You have the right not to be subject to a decision based on automated processing and it produces a legal effect or a similarly significant effect on you. To request an opt-out of automated decision making & profiling, please contact the Data Protection Officer whose contact information is below.

Children's Privacy

We do not knowingly collect, maintain, or use personal information from children under 16 years of age, and no part of our Service is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at hello@raiys.com

Further Enquiries, concerns, or complaints

If you need to enquire further about this privacy policy, believe that any of your rights with respect to your personal information has been violated by us, our employees, or agents, or wish to lodge a formal complaint then please communicate with Raiys’ Data Protection Officer.