Effective date: May 15, 2023

Here are some important definitions to help you understand our terms and this Privacy Policy:

• Silence Media SRL and our relevant affiliates are referred to as “Silence Media,” ”Company“, “we”, “us”, and “our”.
• Our mobile application One Log is referred to as “our application”, “app”, or “application”.
  Users are referred to as “users”, “you” or “your”, as applicable.
• Your use of the applications (including downloading, installing, registering with, accessing, or otherwise using it) is referred to as “Use”.
• To the extent information is: (i) associated with an identified or identifiable natural person and (ii) protected as personal data under applicable data protection laws, such information is referred to in this Privacy Policy as “Personal Data”.

Please get acquainted with our Terms and Conditions to understand how we provide services to you.

We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy explains what we do with your Personal Data (as defined below) and allows you to manage your Personal Data effectively.

Please read this Privacy Policy carefully to understand our privacy practices. The purpose of our Privacy Policy is to explain what data we collect, how it is used and shared, and how you can control it. If you do not want us to process your Personal Data as it is described in this Privacy Policy, please do not Use OneLog.

By using the One Log app or website, you certify that you understand and fully agree with our Terms and Conditions, and our Privacy policy.

If you have any questions about this Privacy Policy or OneLog, please contact us at contact@onelog.co.uk

1. WHAT INFORMATION WE COLLECT AND HOW WE COLLECT IT

As part of our operations, we may gather a variety of information, encompassing but not restricted to Personal Data, related to you. This information can be sourced directly when you submit it through the OneLog application or website, or through any other form of communication, both verbal and written, that transpires between us. Additionally, information could be accumulated automatically as you navigate through our application or website or from third parties.

WE MAY COLLECT, STORE AND PROCESS THE FOLLOWING INFORMATION:

• Your name, email, and GMC number.
• Data regarding your training status, grade, and hospitals.
• The name of your clinical and educational supervisors.
• Data introduced in any field of any section of the OneLog application.
• Identifiers that associate data (including but not limited to cases, activities, settings) to your account.
• Crash stack traces.
• Information on how you use our website, stored through cookies.
• Information from third parties, for example, our Service Providers.
• If you contact us, records, copies of your correspondence with us and contact details that you have provided us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted online or offline), in order to investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other Users inquiries in relation to OneLog.
• Device information: Information about your mobile device and internet connection, including your IP address, the device’s unique device identifier (IDFV on iOS, iPadOS, persistent random NSUUID on macOS), operating system, jailbreak state, and mobile network information. Your IP address when collected from the application is never stored and only used to identify the country the app is used from.
• Usage details: Details of your Use of One Log, including frequency of Use, areas, and features of the application that you access and engagement with particular features. This information is used for in-app event analytics. Aggregated, combined, and anonymised usage details may be used for marketing purposes. 

The technologies we use for automatic data collection:

To better understand and optimise the usage patterns of One Log we use private cloud analytical platform Countly. The data collected through this platform is owned and only viewable by us.

This platform accumulates data through its respective software development kit integrated within OneLog. The type of information collected includes your anonymised user ID, details of the OneLog web pages accessed when you click on available links within OneLog, your activities within the OneLog application, and basic data related to your subscription type.

We collect and use this analytics information in an aggregated manner with analytics information from other users so that it cannot reasonably be used to identify any particular user.

2. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

We use your personal information for the following purposes:

• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us in relation to OneLog (e.g., the Terms of Use).
• To provide you with support and to respond to your inquiries. If you share your Personal Data (including your name and contact information) to ask a question about OneLog, we will use that Personal Data to investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other users’ inquiries in relation to OneLog. It is our legitimate interest to provide you with high-quality support
• To notify you about changes to OneLog application, website or any products or services we offer or provide through OneLog, including by sending you technical notices, notices about your account/subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages, which we may send through an in-app or a push notification (you may opt-out of push notifications by changing the settings on your mobile device). It is our legitimate interest to keep you updated on your use of OneLog.
• To present to you and others with OneLog and its contents and any other information, products, or services that you request from us. We do so to provide you with the services according to our contractual obligation
• To monitor aggregated metrics such as total number of users, traffic, and demographic patterns (including via Service Providers). It is our legitimate interest to make aggregated analytics of our audience as it helps us understand our business metrics and improve our product
• To provide, improve, test, and monitor the effectiveness of OneLog in an aggregated manner. It is our legitimate interest to make analytics of our audience as it helps us understand our product and business metrics
• To provide personalised content and information to you in relation to OneLog, which could include online ads or other forms of marketing (including via email)
• In any other way, as described in this Privacy Policy

We are committed to ensuring that your Personal Data is used strictly in alignment with the original purposes for which it was gathered or for which you provided authorization, as stipulated in this Section 2, and will avoid any unnecessary collection of Personal Data not pertinent to these stated purposes (“principle of purpose limitation”). Should there arise a need to use your Personal Data for a new processing purpose that deviates from the initially stated purposes, we will seek your distinct and explicit consent prior to such processing.

As part of our commitment to the integrity of your Personal Data, we implement all feasible measures to guarantee its reliability, accuracy, completeness, and timeliness, as it pertains to the processing purposes outlined. In line with the “data minimisation principle,” we limit our collection of your Personal Data to the precise quantity and categories that are essential for fulfilling the purposes stated in this Section 2.

3. YOUR RIGHTS

Access, modification, correction, and erasure. You can send us an email at contact@onelog.co.uk to request access to, modification, correction, update, erasure, or portability of any Personal Data that you have provided to us and that we have about you.

You can also request deletion of your account inside the app. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

EEA/UK residents. Individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2020 (SI 2020/1586), as may be amended from time to time (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below. You can exercise these rights by contacting us (for contact information, please, see How to Contact Us Section).

• Access to your Personal Data: You have a right to request information about whether we have any Personal Data about you, to access your Personal Data (including in a structured and portable form) that you have provided to us, when Using OneLog and that we have about you. You can do this by contacting us.
• Rectification of your Personal Data: You are responsible for ensuring the accuracy of your Personal Data that you provide to us. Inaccurate information may affect your experience when Using One Log features and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is incomplete or inaccurate, you have a right to contact us and ask us to correct such Personal Data. 
• Restriction of processing: You also have the right to demand restriction of processing of your Personal Data, for example, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
• Erasure of your Personal Data: If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent, or object to the processing of your Personal Data, or where the processing of your Personal Data does not otherwise comply with the GDPR, or if your Personal Data have to be erased for compliance with a legal obligation under EU or EU member state law, you have the right to contact us and ask us to erase such Personal Data. Please be aware that erasing some Personal Data may affect your ability to Use One Log.
• Right to portability of your Personal Data: If we process your Personal Data on the basis of your consent, or if this is necessary for the performance of our contract, you have the right to request us to receive any Personal Data you provided us in a structured, commonly used and machine-readable format. You may further ask us to give that Personal Data to another party. 
• Right to object processing or otherwise using your Personal Data: Where we are processing your Personal Data based on our legitimate interest, you may object to the processing or otherwise using your Personal Data. You can do this by contacting us. Please be aware that our inability to process or otherwise use some of your Personal Data may affect your ability to Use One Log. If you have opted in to receiving marketing communications, you have the right to opt out of those.
• Right to withdraw your consent at any time: Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
• Right to lodge a complaint with a supervisory authority: Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) here. 

​​
Please keep in mind that in case of a vague request to exercise any of the aforementioned right we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your user or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorised person.

Please note that we will process your request within 1 month after receiving it. We may extend this period by two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know within one month from your request. We will not discriminate against you for exercising your rights under the law.

Opting Out of Promotional Emails
In compliance with applicable laws, we will seek your permission prior to dispatching promotional and marketing emails to you. If at any point you decide to discontinue receiving such emails, you can choose to withdraw from our promotional and marketing email list by utilising one of the following methods:

• by following the opt-out links in any marketing email sent to you;
• by contacting us at any time using the contact details in How to Contact Us Section.

4. SHARING OF COLLECTED INFORMATION

We do not rent or sell your Personal Data, to any third parties outside the Company or its Affiliates (as defined below).

Parties with whom we may share your Personal Data
We may share your Personal Data with businesses that are legally part of the same group of companies that we are part of.
We also may share your Personal Data, and other collected information with third-party organisations such as contractors and service providers that we use to support our business and who are bound by confidentiality and data protection terms (consistent with this Privacy Policy) to keep your Personal Data confidential and use it only based on our instructions (“Service Providers”), for example when we need technical support.

Such Service Providers include:

• Cloud provider Amazon Web Services Inc., which we use for server infrastructure, including for your feedback sent to us through the application.
• Cloud database provider MongoDB Inc., which we use for storing all of the application’s data, including your personal data.
• Cloud analytics and crash reporting provider Countly Ltd.
• email delivery services.

For the avoidance of doubt, we do not sell, rent or transfer your data, including your user profile, app usage information, clinical cases and activities to third parties. We use only secure places of storage, such as Amazon Web Services and MongoDB. The physical location of our MongoDB Inc. and Amazon Web Services Inc. servers is in London, United Kingdom.  The physical location of our Countly Ltd servers is in Belgium, EU

What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of the Company or our assets to another organisation (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganisation, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other collected information may be among the items sold or transferred. 

Responding to legal requests and preventing harm. In response to a legal obligation (such as a search warrant, court order, or subpoena), or a governmental or regulatory directive, we may access, conserve, and disclose your information if we genuinely believe we are legally mandated to do so. This includes responding to requests from jurisdictions where we genuinely believe the law necessitates such action, impacting users within that jurisdiction, and in accordance with globally accepted standards. Additionally, we may access, conserve, and disclose information when we genuinely believe it is imperative to: (i) identify, impede, and address fraudulent and other unlawful activities; (ii) safeguard ourselves, you, and others, as part of investigations; and (iii) avert imminent death or bodily harm. Your information may be accessed, processed, and retained for an extended duration in the event of a legal request or obligation, a government investigation, inquiries concerning potential breaches of our terms or policies, or to avert harm.

5. DATA SECURITY

We implement reasonable and suitable information security measures designed to maintain the security of collected information and protect it from accidental loss, as well as unauthorised access, use, alteration, and disclosure. Regrettably, the transmission of information over the internet is not entirely secure. While we strive to safeguard your collected information, we cannot assure the absolute security of information transmitted to or via OneLog, nor guarantee that such information will not be accessed, disclosed, altered, or destroyed. The transmission of your collected information is at your own risk, and we disclaim responsibility for any circumvention of the security protocols in place within OneLog. It is important to recognise that no technology or measure can guarantee complete security.
Among others, we utilise the following information security measures:

• Encryption of your Personal Data in transit and at rest.
• All collected information is stored on our secure servers behind firewalls.
• Databases can only be directly connected to from whitelisted IP addresses.
• Organisational and legal measures. For example, our employees and employees of our subsidiaries have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of One Log. We impose strict liability on such employees for any disclosures, unauthorised accesses, alterations, destructions and misuse of your Personal Data.
• Conducting periodical data protection impact assessments in order to ensure that the Company fully adheres to the principles of “privacy by design”, “privacy by default” and others. We also commit to undertake a privacy audit in case of the Company’s merger or takeover.

The safety and security of your information also depend on you. Your privacy settings may also be affected by changes to the social media services, through which you may share data. We are not responsible for the functionality, privacy, or security measures of any other organisation.

By downloading this Application, the User agrees that they will not introduce any Patient Identifiable Data (PID) on this app, under no circumstances. Any breach of this clause will be solely the responsibility of the User. Silence Media SRL as a company as well as the app developers will not take any responsibility for any breach and associated reputational, intellectual, and financial loss.

Security breaches: If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email (if it was provided) and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in the Privacy Policy, we will also undertake particular actions to remedy the breach as appropriate under the circumstances, which may include, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.
If you want to report a security incident related to OneLog, please contact us at contact@onelog.co.uk

Contacting us: You can provide your feedback or report a technical issue by using the ”Found a Bug “or “Request a feature” button in OneLog app main menu.

The message may contain the following diagnostics information that will help us to resolve your issue/address your request:

• Phone model
• Device OS and version
• App version
• User ID
• Language
• Remaining hard disk space
• Available RAM

This information is used to assess your feedback, reply to you and/or identify the problem if you are reporting one and is NOT USED to identify users individually.
Contacting you: If you are using OneLog you may receive electronic communications from us (e.g., by posting in-app notices in OneLog, push notifications or emails). These communications may include notices about OneLog or its in-app subscriptions: e.g., changes/updates to features of OneLog and their scope, prices of in-app subscriptions, technical and security notices, as well as updates to this Privacy Policy and OneLog Terms and Conditions. Upon your consent, we will also share with you our marketing materials about new products, features or offers from Silence Media and its affiliates.

6. DATA RETENTION

Your Personal Data. Normally, the retention term would be the term of your account existence. It means that we will retain your Personal Data until you delete your account or request us to delete your data (by contacting us at contact@onelog.co.uk). Please note that deletion of One Log application does not imply the deletion of your account and your data! To delete the account and all the associated data, users must use the “Delete Account” button from the App menu.
We may retain your Personal data in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymised data previously collected that can no longer be used for personal identification.

7. CROSS-BORDER TRANSFERS

The Company is incorporated in Romania. Accordingly, your Personal Data may be transferred to and stored in Romania, the EU, or in other countries. 
Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.

Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.

As to the location of our servers, we use MongoDB and AWS servers located in London, United Kingdom for OneLog operation and analytics operations are processed on the same servers.
 
For further information please contact contact@onelog.co.uk

8. OTHER WEBSITES AND SERVICES

We do not assume responsibility for the methods adopted by any websites or services that are linked to or from OneLog, or for the information or content they contain. If you encounter a link on OneLog that redirects to another website or service, we strongly advise you to review the privacy policy of that respective website or service prior to sharing any information on it.

9. HOW TO CONTACT US, EEA/UK REPRESENTATIVE, AND DATA PROTECTION OFFICER

General contact details. If you have any questions about this Privacy Policy or OneLog, please contact us via email at contact@onelog.co.uk 

Appointed EEA/UK representative. If you are a resident of the EEA or the UK and you have any questions about this Privacy Policy or OneLog, please contact us via email at contact@onelog.co.uk 

Data protection officer. If you are a resident of the EEA or the UK and you wish to exercise your rights under Section 3, or you have any questions about this Privacy Policy or OneLog, you can contact our data protection officer via email at contact@onelog.co.uk.

10. CHANGES TO OUR PRIVACY POLICY

The most recent update date of this Privacy Policy is denoted at the top of this page.
The Company reserves the right to revise or refresh this Privacy Policy periodically. Certain modifications may not necessitate your consent, such as when we incorporate a new processing objective that aligns with existing purposes, or a new processing activity that falls within users’ reasonable expectations. However, if amendments made could potentially infringe on your rights and freedoms, such as introducing a new processing purpose incompatible with the current processing objectives, a new legal basis, a new category of personal data to be collected, or a new data subject, all of which are not reasonably expected by the users, we will request your explicit consent separately from this Policy. If you did not receive a consent request or declined to provide consent, these changes will not be applicable to you. Please note, this might adversely impact some of OneLog’s services provided to you if those services necessitate accepting the changes.