Lypy Privacy Policy

Last Update: October 19, 2015

Lypy Limited, Kemp House, 152 City Road, London, England, EC1V 2NX (“Lypy” or “We”), is the responsible entity and has created the following Privacy Policy to describe how Lypy uses information it collects when people visit Lypy’s website located at https://lypy.com (the “Lypy Site” or “Site”) or sign up to use Lypy’s services (the “Services”).

Lypy may periodically make changes to this Privacy Policy that will be posted on this web page. If Lypy makes any material changes to this Privacy Policy, Lypy will provide notice of such changes through a posting on the Lypy Site or through other reasonable means of communication. Every published Privacy Policy made available on this web page is signed off by the Board of Directors (the “Board”) at the date that prefixes this statement.

Lypy abides by the Information Governance Toolkit (the “IG Toolkit”), as provided by the Department of Health and regards the way organisations ‘process’ or handle information. It covers personal information, i.e. that relating to patients/service users and employees, and corporate information, e.g. financial and accounting records (“Personally Identifiable Data”) which directly, or used in conjunction with other provided information, enables the identification of a specific individual. Lypy has certified that it adheres to the IG Toolkit in regard to the processing or handling of information.

To learn more about the IG Toolkit, and to view Lypy’s self certification, please visit https://www.igt.hscic.gov.uk/

What information does Lypy collect?

When you use the Lypy Site or sign up for the Services, Lypy may collect certain contact information from you, including without limitation: first and last name, email address, and phone number (collectively, “Contact Information”). When purchasing Services, you will be required to provide additional information that may include a credit card number or other banking or payment information (“Billing Information”).

Lypy collects population wide cryptographically hashed Contact Information from sites that wish for their patients to access Lypy Services for the validation purposes. The cryptographically hashed Contact Information is non-reversible (it cannot be read once hashed) and is used exclusively to validate user supplied Contact Information.

To improve the navigation experience on the Lypy Site, Lypy also automatically receives and records information on our server logs from your browser, including the pages you request (“Site Information”).

Certain Site Information is collected through Lypy’s use of cookies. Cookies are sets of data which are stored by your web browser and which contain data. In as far as your consent is necessary in this respect, this will only take place if you have granted the required consent.

The same applies to web beacons and other standard collection tools. These tools help provide additional functionality to the Lypy Site and help us analyze use of the Lypy Site more accurately. We may also use cookies to help track the level of interest in different features of the Lypy Site and to compile data that can help us improve our Services. You can choose not to use cookies but then you will not be able to take advantage of certain features of the Lypy Site.

In addition to the collection of Site Information, in connection with your use of the Services, Lypy may collect information that is created or provided by you for such purposes (collectively, “Service Information”). For example, if you receive an electronic or SMS message through the Services, Lypy will collect and maintain the metadata (phone number/electronic address, size and time of message and other transactional data). Service Information may include information that is Personally Identifiable Data. All attachments sent via the Lypy Service are encrypted and cannot be decrypted by Lypy services and as such the Service Information does not include the contents of letters.

How is Data used?

Lypy may use the Site Information to monitor the use of the Lypy Site and to improve the user experience associated with the Lypy Site. Lypy uses the Site Information internally and only as described in this Privacy Policy.

If you are not a user of Lypy (i.e., if you have not signed up to receive the Services), Lypy will use your Contact Information only for the purpose for which such information was provided. For example, if you have signed up to receive product information from Lypy, we will use your Contact Information only to send you that information. You may always opt-out of the receipt of any of those communications. Email opt out instructions are contained in each email.

Lypy uses and stores Service Information only for the purpose of providing services to you. For example, we will use your Contact Information to provide you with access to the Services you have ordered, as well as support services, technical updates or updates on changes in Lypy’s usage policies. Lypy may also use your Contact Information to send you company updates and marketing offers and information as long as you have expressly consented to receiving these or in case we have received your Contact Information in the course of registration of our Products and Services and we limit such marketing communication to similar Lypy products and services. You may opt-out at any time from receiving marketing information from Lypy by clicking the link in the respective electronic marketing communication and, as described in the preceding paragraph. You may not opt out from non-marketing communications, including service notifications and other operational updates. To note, Lypy’s use of the Service Information is also governed by the agreement you enter into with Lypy in connection with the Services (the “Services Agreement”). Please refer to the Services Agreement for specific provisions concerning confidentiality and data protection. In the event of any conflict between this Privacy Policy and the Services Agreement, the Services Agreement will control.

Also, for clarification, this Privacy Policy applies if you are a visitor to the Lypy Site or if you register for the Services. If you use a third party application or service that is integrated with Lypy, then such third party’s privacy policy will govern the use, storage and disclosure of your data in connection with such application or service. Lypy may receive orders, witness summons or other legal demands for Personally Identifiable Data that has been collected on behalf of such third party providers through the use of their applications or services. In such cases, Lypy refers the party requesting the Personally Identifiable Data to the applicable third party provider. That provider will respond in accordance with its own policies and may disclose your Personally Identifiable Data in response to such witness summons or other demand for information. Please remember that Lypy is not responsible for the policies and practices of such third party providers. If you have questions about any such disclosures, you should contact the applicable provider directly. Lypy will have no liability in connection with any act or omission of any such provider with respect to your data or information or otherwise.

Lypy takes reasonable precautions such as policy-based access control to protect Data in our possession from loss, misuse, and unauthorised access. Lypy follows generally accepted industry standards to protect the Data, both during transmission and once received by Lypy. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Lypy strives to protect your Data, Lypy does not guarantee its security.

Personal Information collected via this Site and Services is stored on servers located in the England, and these servers are subject to Lypy’s IT security policies and procedures. To discuss the security programmes, procedures and policies that we have selected and utilise to reasonably secure your personal information and Content, please contact ig@lypy.com.

Does Lypy access Personally Identifiable Data?

The provision of Lypy Services happens in a non-interactive manner however for audit, problem resolution or benchmarking activities it is possible that Personally Identifiable Data might be witnessed by Lypy staff. All interventions that potentially involve the witness of Personally Identifiable Data by Lypy staff require authorisation and are subject to verbose audit.

Lypy staff are contractually bound to complete information governance training both at the start of their role and every year in position. If you have concerns about Lypy accessing your data please contact ig@lypy.com.

Does Lypy disclose Personally Identifiable Data to third parties?

Lypy does not share or disclose any of your Personally Identifiable Data except as described in this Section.

Information about, correction or deletion of Contact Information

You can request information about all personal information we have stored about you by contacting us at ig@lypy.com.

The same applies to your request to have all these personal information deleted.

In the event that you have volunteered Contact Information and/or provided Billing Information, you may correct or amend that information by editing your account profile or email us at ig@lypy.com.