Tuune is a data-driven personalized female healthcare platform. Tuune is creating a new type of healthcare for women with a focus on whole health, we are taking into account aspects of female health that weren’t considered before. We educate and empower women about hormones and their relationship to their overall health such as cardio-metabolic, mental and bone health. Our proprietary algorithm matches women with the right medical and lifestyle options based on their side effect profile, medical history, hormone levels, and genetic profile ( the “Services”).
Tuune is a ‘Data Controller’ under the GDPR and we want to be transparent about how we collect, store and use and protect personal information about you and how you can exercise your data subject rights under the GDPR.
3. Information we collect about you
User Content information when you create an account with us, use our Services, contact us for customer care or participate in our surveys. This includes personal information, like your name, address, date of birth, contact number, email, billing and shipping address and other information you voluntarily share with us.
Financial information to facilitate transactions when you purchase products on our Site. The information may include cardholder details, cardholder number and other payment details. We use Viva Wallet to ensure payment transactions are completed safely.
Web Behaviour Information via cookies and other similar tracking technologies when you use, access or otherwise interact with our Services i.e. our website, mobile apps, products, software and other services. Tuune maintains web logs to record data about all visitors who use the Site and interact with the Services and we will store this information. These logs may contain IP address information, type(s) of operating system(s) you use, the date and time you visited the site, and information about the type of device you use to connect to the Services and the Site pages you visited.
4. Information you share with us
4.1 Special Categories of Data
Health data. We may process data concerning your health which may include past, current or future physical or mental health status. This may include information about your past medical history, current conditions or other information that may be required to assess your health status. We collect this information when you fill in our survey.
Other sensitive data. We may ask you to provide us details around you lifestyle choices, habits or other circumstances (i.e. smoking habits, sex life etc) to ensure we have all relevant information and provide you with accurate recommendations. Patients who have elected to see a clinical expert will be offered to have their clinical report and any prescriptions shared with Tuune optionally.
5. Why we process your data
Tuune takes into account the principle of data minimisation under the GDPR to ensure no more data is processed than necessary. We aim to collect the minimum information required to accurately provide our Services to you.
The personal data that you agree to share with us may be processed for the following purposes:
To help us better understand your needs and provide high-quality services,
To continuously assess your progress and needs when you answer further questionnaires as part of our ‘Ongoing Monitoring’ process,
To assess the safety of various contraceptive methods, to ensure we recommend the right treatment according to your personal needs,
To send you marketing communications via email when you agree to be contacted you about our products or to discuss clinical trials that may be of interest to you,
To share your information with our trusted parties, subject to your consent and when necessary for service-related or other purposes ( see Clause 7 below for more information),
To contribute to research purposes when you agree to share to participate in research projects and while maintaining all data anonymous,
To send your service-related communications via email, and lastly,
To continuously improve our products and Services.
6. Legal Basis for processing your data
Under the GDPR, personal data can only be processed where one of the specific conditions for processing is satisfied. We may process data for different purposes and we rely on the following legal basis for processing as defined by the GDPR to ensure all of our purposes of processing are legally justified:
Consent. We will rely on consent to use personal data and technical information, such as cookie data for certain marketing purposes. Where we would like to use special categories of data, like health, biometric or genetic data that we collect from you, we will only do so with your explicit consent if required by law, unless we have to comply with other legal obligations. You may withdraw your consent at any time by contacting us at firstname.lastname@example.org.
Legitimate interests. t is in our legitimate interests to process personal data in order to improve our products, services, perform administrative tasks, communicate with you, including the delivery of marketing communications with users (and where consent is not required by applicable law), customize and personalize content for users, identify and authenticate you, secure our systems and information, conduct research, provide clinical care and develop new products.
Legal obligations – We may use Personal Information to comply with legal obligations to which we are bound. For example, we may disclose Personal Information for medical device regulatory reporting requirements or to law enforcement in accordance with legal process.
7. Third parties that we share your information with
We make reasonable endeavours to ensure that all third parties used in connection with our Services are compliant with standard privacy practices. Tuune does not share personal data with any public databases, insurance companies or employers without explicit permission being granted to do so. Your personal data may be shared with the following partners:
With our service providers, as necessary for them to provide their services to us. Those include our IT security consultants, payment providers, email marketing providers and Cloud Service Providers
With our carefully vetted pharmacy suppliers and clinical partners through the use of APIs. Our pharmacy and clinical partners are engaged in the United Kingdom and comply with the applicable regulatory framework.
With qualified research collaborators, only if you provide your explicit consent.
8. Keeping your data secure
We take our IT security seriously and ensure we have the appropriate administrative, physical, technical and organisational measures in place to keep your data safe. We use the following methods to ensure your data is kept safe and confidential:
a. Data storage & security
We use account information in a password-protected environment and host our data in a secure cloud environment. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption. We use industry-standard SSL encryption to enhance the security of electronic data transmissions.
b. Data access & disclosure
At Tuune, we restrict access to personal information to only those staff who need to see this information staff and suppliers who need to access this information are subject to strict contractual confidentiality obligations.
Tuune will adhere to all applicable regulatory requirements to the extent that it has access to, or otherwise stores, processes or transmits personal data. We evaluate these safeguards on an ongoing basis to help minimize risks from new security threats as they become known. However, as it is the case with all websites, we are unfortunately unable to guarantee security for data collected through our website (i.e. from cookies installed by alternate sites you may visit).
9. Withdrawing participation
If a participant changes their mind and wants to withdraw then they are free to do so and this will always be acted on without delay as we aim to make this process as easy as possible. There are two options:Option 1 – partial withdrawal: ‘no further contact’ –Option 2 – full withdrawal: ‘no further use’ –
Finally, regardless of the option chosen above, we will keep an archived record to say that the participant was once part of the project and then withdrew. This includes their surname, first name, date of birth, address and contact details. We are required by law to keep certain information you provide to us for up to ten years consistent with our obligations under the GDPR, the EU Medical Device Regulation 2017/745 and the EU Product Liability Directive 85/374/EEC. This information may include information you have provided to Tuune when you use our Services such as medical information and information relating to your health or lifestyle. This information is held in a secure area with access limited to designated staff trained in data protection within Tuune.
10. Your data subject rights
Under certain circumstances, by law, you have a number of rights in respect of your personal data. These include the right to:
Request access to your personal information, known as a ‘data subject access request’. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request that we correct the personal data we hold about you if it is inaccurate or out of date.
Request that we erase your personal data where there is no good reason for us continuing to process it. Tuune is obliged to delete your data no later than one calendar month days after your request. When you request that we erase your personal data we will comply, unless there is a lawful reason for not doing so. If you request to erase medical information we may refuse, give a written reason for refusal, or a request to erase data if we have a lawful reason to do so. In our case, it will be because Tuune is obliged for legal reasons to retain medical information for 10 years after the last time you use our systems.
Request that we restrict the processing of your personal data where there is a dispute about its accuracy or the reason for processing it.
Request the transfer of your personal information to another party where our processing of it is under a contract or based on your consent and the processing is carried out by automated means.
If you want to obtain access to, request correction or erasure of, restrict the processing of or request the transfer of your personal information please contact email@example.com.
11. Data Retention Periods
We continually review our information collection, data retention, storage and processing practices, including physical security measures, to guard against unauthorised access to systems. We store your personal data for no longer than is necessary and to ensure we deliver our services smoothly, we provide you with our services at the highest level and contribute to the medical community for research purposes. We are required to retain certain data relating to health such as medical records in accordance with specific statutory frameworks applying to medical care providers for 10 (ten) years.
13. Complaints and requests for information
When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including the Information Commissioner's Officer, to resolve any complaints.
The address of Uniq Health is: 82b High Street, Sawston, Cambridge, England, CB22 3HJ. For general enquiries – firstname.lastname@example.org
Last Updated : 2020-10-30