Privacy policy
This website (and any mobile site or applications that link to this privacy policy) (collectively, the “Sites”) is owned and operated by WE ARE COUCH LTD, trading as COUCH Health (a company registered in England and Wales under number 07414889 with its registered office 5 Richmond Street, Manchester, M1 3HF, United Kingdom) (“WE ARE COUCH“, “we”, “our”, and “us”).
Data privacy is important to WE ARE COUCH and maintaining your trust is our priority. This Privacy Policy explains how we collect and use personal data that we obtain through our website and other means, such as email, in person or from other third-party sources.
Contacting Us
If you have any questions about our privacy policy or your information, or to exercise any of your rights as described in this privacy policy or under data protection laws, you can contact us: By post: WE ARE COUCH LTD, 5 Richmond Street, Manchester, M1 3HF, United Kingdom. By email: dpo@couch.health
Data Protection Principles
WE ARE COUCH adheres to the following principles when processing your personal data:
- Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
- Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – data must be accurate and, where necessary, kept up to date.
- Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
Personal data we collect
WE ARE COUCH own and process a research panel, client information and other contact information so that we may operate and market our business. This may include the following information:
- your name;
- contact details (such as telephone number, postal address and email address);
- date of birth;
- gender;
- marital status;
- copies of passport, driving licence and similar documents;
- your image and likeness, including as captured in photographs and video recordings.
What we do with your personal data
You may provide us with information over the phone, email or otherwise, when you:
- request information or materials regarding our services or ask us to contact you;
- complete any of our online forms, for example, when you complete the “Get in Touch” or “Download Brochure Here” online forms;
- make any comment or contribution on our Sites.
We collect financial account information, such as your credit card information, billing contact information (such as email addresses) and/or your social security number, as needed to process payments and provide reimbursement services.
If you interact with us online, we use cookies and other technological tools to collect information about your device and your use of our Sites, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Site. We will use this information:
- to administer our Sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Sites to ensure that content is presented in the most effective manner for you and for your computer; and
- as part of our efforts to keep our Sites safe and secure.
- For more information about cookies and other technologies, please see the section Cookies below.
Applicants for employment
We also collect personal information from you when you apply for a job with us through our careers page or respond to a specific listed employment position with us. This information may include your contact information, curriculum vitae, previous work experience, education, employment records, performance history, driver’s license information, National Insurance number and information relating to references.
We collect most of this information from you directly. However, we also receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, subcontractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We also collect information about you:
- from publicly accessible sources, e.g. Companies House;
- from third party sources of information, e.g. client due diligence providers;
- which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn;
- from a third party, e.g. a person who has introduced you to us (such as a recruiter) or other professionals (such as accountants) you may engage.
Participants in our media and research content
We also collect personal information from you when you respond to a request to share your experience of participation in, and the processes involved in, a clinical trial . This information may include your contact information, date of birth, images and audio / video recordings. Where we collect personal information from you directly, a Participant Information Sheet and/or Consent Form will give you further detail about what information we are using and how we are going to use it.
We collect most of this information from you directly. However, we may also receive information about you from third party health care professionals and patient groups.
Sensitive personal data
If you are an employment applicant or a participant in our media and research content, we may also collect and process the following more sensitive types of personal information regarding your:
- ethnicity;
- religious beliefs;
- sexual identification;
- health data including medical conditions and information about disability.
If we do collect sensitive personal data, we will ask for your explicit consent to our proposed use of that data at the time of collection.
What we do with your personal data
The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained below.
Purposes for which we will process the information | Legal Basis for the processing |
---|---|
To enter into and perform contracts with you (whether you are an employee applicant or a participant in our media and research content). | It is necessary for us to process your personal data in this way in order to enter into a contract with you and to fulfil our contractual obligations to you. |
To enforce the terms and conditions and any contracts entered into with you. | It is in our legitimate interests to market our services. We endeavour to ensure that the contacts in our database are relevant and up-to-date. We consider this use to be proportionate and will not be prejudicial or detrimental to you. You can always opt-out of receiving direct marketing-related email communications or text messages by following the unsubscribe link. |
To send you publications, event information and marketing communications. | It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e. individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing. |
To send you information regarding changes to our policies, other terms and conditions and other administrative information. | It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you. |
To send you information regarding changes to our policies, other terms and conditions and other administrative information. | It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you. |
| For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you. |
To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you. | It is in our legitimate interests to continually improve our offering and to develop our business. We consider this use to be necessary in order to effectively generate business and will not be prejudicial or detrimental to you. |
For normal business purposes, such as payment processing and financial account management, product development, contract management, website administration, fulfilment, analytics, fraud prevention, corporate governance, reporting and legal compliance. | It is necessary for us to process your personal data in this way in order to enter into a contract with you and to fulfil our contractual obligations to you. |
For diversity monitoring. | It is in the public interest for us to ensure compliance with the Equality Act 2010 and monitor and promote equal opportunities. |
To measure or understand the impact of an individual’s circumstances and characteristics on research results. | It is in our legitimate interests to maximise the insights gained from our research work. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you. |
Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests. If you want further information on the balancing test we have carried out, you can request this from our Privacy Manager. If you do not wish to provide us with your personal data and processing such information is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us. WE ARE COUCH will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Email Marketing
For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to opt out of receiving email marketing communications from us at any time by:
- contacting us using the contact details set out above; or
- using the “unsubscribe” link in emails.
Disclosure of your personal data to third parties
WE ARE COUCH will share such information with its consultants, contractors, affiliates and advisers as necessary to carry out the purposes for which the information was supplied or collected. Personal data will also be shared with our third-party service providers who assist with the running of the sites and our services including marketing, database service providers, IT services such as backup and disaster recovery service providers and others. Our third-party service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions. In addition, WE ARE COUCH will disclose information about you:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if all or substantially all of WE ARE COUCH’s assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation;
- if necessary to protect the vital interests of a person;
- to establish, exercise or defend the rights of WE ARE COUCH, our staff, clients or others.
Please note that we may also disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our research. These reports do not contain any information that would enable the recipient to contact, locate or identify you.
International Transfers
WE ARE COUCH operates with staff, vendors and offices in many countries around the globe. Personal data and professional information you provide to WE ARE COUCH may be processed, transferred, shared with individuals in different countries for the purpose of routine business purposes. Where personal data is transferred to and stored in a country not determined by the UK as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including entering into standard contractual clauses approved for use in the UK which give the transferred personal data the same protection as it has in the UK. If you want further information on the specific mechanism used by us when transferring your personal data out of the UK, please contact us using the details set out above.
Security of your personal data
WE ARE COUCH use appropriate technical and organisational safeguards to protect personal data both online and offline from unauthorised use, loss or destruction. We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access. Only authorised personnel and third-party service providers are permitted access to personal data, and that access is limited by need. Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data. Despite these precautions, however, WE ARE COUCH cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of a data breach, WE ARE COUCH have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
How long we keep your personal data
WE ARE COUCH will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it. The criteria we use for retaining your personal data, includes the following:
- General queries and correspondence – when you make an enquiry or contact us by email or telephone, we will retain your information for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than one year if we have not had any active subsequent contact with you;
- Direct marketing – where we hold your personal data on our database for direct marketing purposes, we will retain your data for no longer than two years if we have not had any active subsequent contact with you.
- Participation in media content – where you consent to participating in media content to promote your patient experience of participating in a clinical trial, we will retain your information for no longer than six years.
- Legal and regulatory requirements – we may need to retain personal data for up 7 years where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.
Access to and updating your personal data
You have the right to access information which we hold about you (“data subject access request”). You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. Please keep us informed if your personal data changes during your relationship with us.
Right to object
Direct marketing
You have the right to object at any time to our processing of your personal information for direct marketing purposes.
Where we process your information based on our legitimate interests
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Your other rights
You also have the following rights under data protection laws to request that we rectify your personal information which is inaccurate or incomplete. In certain circumstances, you have the right to:
- request the erasure of your personal information erasure (“right to be forgotten”);
- restrict the processing of your personal information to processing in certain circumstances.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use that information without further notice to you.
Exercising your rights
You can exercise any of your rights as described in this privacy policy and under data protection laws by contacting us as provided in “Contacting us” above. Save as described in this privacy policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request. Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
Cookies
When you visit our Sites, we collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. For example, when you visit our Sites, we place cookies on your computer. Cookies are small text files that websites send to your computer or other Internet connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return, they are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website. Our Sites use the following types of cookies:
- Strictly necessary cookies – these enable you to move from page to page within our Sites and to use any features on the Sites. These cookies are deleted when you close your browser.
- Performance cookies – these allow us to collect information, including the number of visitors to our Sites; where they have come to our Sites from; the pages they visit; and the length of time they have spent on our Sites.
The table below explains more fully what cookies are used on our Sites.
Types of Cookie
- Essential website cookies: These cookies are strictly necessary to provide you with services available through our Website and enables you to move from page to page within our website and to use its features. These cookies are deleted when you close your browser.
- Performance and functionality cookies: These cookies are provided by Google Analytics and are used to enhance the performance and functionality of our Website but are non essential to their use. However, without these cookies, certain functionality may become unavailable.
- Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or to help us customize our Website for you.
- Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our Website through third party social networking and other websites; specifically, the Facebook button, Twitter button and LinkedIn button. These cookies may also be used for advertising purposes too.
Blocking Cookies
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by clicking on the appropriate opt out links provided. You can also set or amend your web browsers controls to accept or disable cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser settings to disable cookies if you prefer. If you decide to disable cookies, you may not be able to access some areas of our Sites.
Social Media Plugins
This Site uses social medial plugins (e.g. the Facebook “Share” button, Twitter “Share” button and LinkedIn “Share” button) to enable you to easily share information with others. When you visit our Sites, the operator of the social plugin can place a cookie on your computer, enabling that operator to recognize individuals who have previously visited our Site. If you are logged into the social media website (e.g. Facebook, Twitter) while browsing on our Sites, the social plugins allow that social media websites to share information about your activities on our Sites with other users of their social media website. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allows you to see your friends’ Facebook activity on our Sites. WE ARE COUCH does not control any of the content from the social media plugins. For more information about social plugins from other social media websites you should refer to those sites’ privacy and data sharing statements.
Links
The Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and WE ARE COUCH does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Complaints
If you have any questions or complaints regarding our Privacy Policy or practices, please contact us as provided in “Contacting Us” above. You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is ICO who can be contacted at https://ico.org.uk or telephone on 0303 123 1113.
Changes to our privacy policy
We will only use your personal information in the manner described in this Privacy Policy. However, we reserve the right to change the terms of this Privacy Policy at any time by posting revisions to our sites. If we make any material changes to this Privacy Policy, we will place a prominent notice on our Sites. If at any point, we decided to use personal information in a manner different from that stated at the time it was collected, you will be given a choice to allow or disallow any additional uses or disclosures of your personal information, beyond that which was stated in this Privacy Policy at the time your information was collected. This privacy policy was last updated on 15/07/24.