BLOOM⁴³ App Privacy Policy 

This privacy policy is designed to help you understand why and how we use your personal data. By personal data we mean information that relates to a living individual and which can identify or be identified with that individual. 

We are Plexāā, a trading name of Plexāā Ltd a company with number 11798195 and registered office at 20-22 Wenlock Road, London, Greater London N1 7GU, United Kingdom. 

We may use your personal data to: 

  • enable you to access the BLOOM⁴³ app and website (the “app”); 

  • provide you with health information and support in connection with your breast surgery experience; 

  • enable you to log information within your ‘My Health Hub’ on the app; 

  • allow you to participate in our community on the app; 

  • generate anonymised statistics to share with others for the purposes of research; and 

  • send you information about the app, our company, and the development of the app. 

The above is an overview of how your personal data may be processed and is by no means exhaustive – please see below for information on how specific types of personal data are collected, processed and shared. 

Categories of Personal Information Collected 

We collect the following categories of personal information from users: 

  1. Identifiers – Such as your full name, display name, email address, phone number (for two-factor authentication “2FA”), date of birth, and country of residence. 

  1. Protected Classifications – Such as your ethnic origin and sex assigned at birth. 

  1. Health Data – Such as details regarding your medical history, symptoms, surgery, breast cancer treatments, and uploaded clinical documents or images. 

  1. Internet or Network Activity – Such as interactions with the app, pages visited, and features used. 

  1. Community Data – Such as discussion topics you engage in, messages within group conversations, and participation in live sessions. 

  1. Inferences – Such as insights derived from your health data to provide tailored recommendations and support. 

Below, we have tried to provide you with as much information as we possibly can to explain how your personal data may be used. This means there is a lot of information on this page so we have split this information into sections, enabling you to find the information that you are most interested in or the information that is most relevant to you. 

You may contact us by: 

  • email on app@plexaa.com; or 

  • writing to us at 20-22 Wenlock Road, London, Greater London N1 7GU, United Kingdom. 

[T]  How is your data processed to enable you to access the app? 

Data collected directly from you 

We obtain the following personal data directly from you: 

  • your full name; 

  • Your display name; 

  • a valid email address; 

  • your phone number (used for two-factor authentication “2FA” when you log in); 

  • your date of birth; 

  • your ethnic origin; 

  • your sex assigned at birth, and 

  • your country of residence. 

We refer to this information as the “access data”

How long is access data kept for?      

We retain your access data for up to 7 years after the date on which your membership account is closed, unless you request deletion earlier under your CCPA rights, subject to legal exceptions. 

How do we use your access data? 

We use your access data to log you in to the app and to verify that you are a real person.  Our legal basis for processing this data is contractual necessity. Without this processing we wouldn’t be able to authorise you to access and use the app. 

[T] How is your data processed to provide health information and support? 

Where do we obtain your health data from? 

When you first register for the app and at various points after that, we will ask you to provide health data and complete questionnaires about your surgery and medical history.  This includes questions about your symptoms, surgery procedure, breast cancer treatments, and health background. You can update your answers at any time via the app. You also have the option of uploading personal images and clinical documents for your personal use only which are protected by iOS/Android biometric authentication. We refer to this personal data above as “health data”

Sensitive Personal Information 

Some of the personal data we collect, including details about your health, medical history, and ethnicity, is classified as Sensitive Personal Information under applicable privacy laws, including the California Consumer Privacy Act (CCPA). We collect and process this information solely for the purpose of providing you with personalised health information, tracking symptoms, and improving our services. 

We do not use or disclose Sensitive Personal Information for any purposes beyond what is necessary to operate the app, provide support, and comply with legal obligations. Our legal basis for processing this data is your explicit consent, which you can withdraw at any time by contacting us or deleting the app. 

How long is your health data kept for? 

We retain all your health data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized, unless you request deletion earlier under your CCPA rights, subject to legal exceptions. 

How do we use your health data? 

We use your health data to provide you with tailored health information and support, and so that it can be used in the generation of your symptoms tracker report.  

Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app.  As the data involved relates to your health, then we shall ensure that any such consent obtained is explicit consent.   

Please note that without your consent to do this, we will be unable to offer you access to the app.  This is because your health data is necessary for us to provide the support and information. 

[T]     How is your data processed to allow you to participate in our community? 

Where do we obtain your community data from? 

Once you have registered to use the app, you may choose to engage in group conversations, propose new discussion topics, and join live sessions with expert speakers.  By engaging with our community, you agree to share your username with other members of the community on the app. We refer to this personal data below as “community data”

How long is your community data kept for? 

We retain all your community data for up to 7 years after the date on which your membership account is closed, after which it will either be deleted or anonymized, unless you request deletion earlier under your CCPA rights, subject to legal exceptions. 

How do we use your community data? 

We store your community data on the app and will display the community data that you have chosen to share with others with other members of the community. 

Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app.  By sharing within the community you are making your shared health data public. 

[T]     How is your data processed to allow anonymised statistics to be shared with others? 

We also use your health data and in-app questionnaires data to generate anonymous statistics that may then be used by us and shared with third parties for research purposes.  This means that your health data in-app questionnaires data may be used to generate statistics, but you won’t be identifiable from that data.  Our legal basis for processing this data is consent, which you can withdraw at any time by notifying us using the contact details contained in the “Your rights and how to exercise them” below, and deleting the app.  As the data involved relates to your health, then we shall ensure that any such consent obtained is explicit consent.  

[T]        How is your data processed to enable us to send you information about the app, our company, and the development of the app? 

We will use your access data (see the “How is your data processed to enable you to access the app” section above for more details as to what this data is) to contact you and provide you with information about our activities and developments and improvements to the app.  We do so on the basis of our legitimate interests in keeping you up-to-date with changes in our business and products.  In doing so, we will offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages. 

[T]     Who do we share personal data with? 

Internally, we only grant access to personal data to those people that need access to that data to carry out their role. 

Externally, we may share from time to time personal data with the following categories of recipients: 

  • our service providers, for instance: 

  • the companies that manage our IT infrastructure; 

  • companies that provide us with cloud based IT systems; and 

  • our external advisors, for instance IT consultants, accountants and lawyers. 

  • where we share personal data with service providers we will always ensure that the service provider is committed contractually to only use personal data in compliance with our instructions and data protection law; 

  • our regulators, law enforcement, intelligence services and other government authorities, where they require us to do so; and 

  • potential buyers of or investors in our business where necessary in connection with a due diligence exercise. 

 

Data Selling and Sharing 

We do not sell personal data for monetary compensation. However, we may share certain data with third parties for purposes such as research, analytics, or advertising, in line with applicable laws and privacy regulations. 

All third-party service providers must comply with strict contractual obligations that limit their use of personal data to our specified purposes, in compliance with the CCPA and CPRA. 

For California residents, under the CCPA and CPRA, you have the right to opt-out of any sharing of your personal information for targeted advertising or analytics purposes. If you wish to opt out, please contact us at app@plexaa.com. 

We ensure that any data shared with third parties is either anonymised or subject to strict contractual agreements to protect your privacy. 

 

[T]     Transfers of personal data outside of the European Economic Area (EEA) 

          The EEA is a group of countries that share the same basic data protection law, and therefore the law assumes that where your personal data is transferred between these countries it enjoys a similar level of protection. 

We generally store and process personal data inside the EEA. 

          However, in some circumstances the third parties who assist us in providing the services (suppliers), may transfer personal data outside the EEA. 

Where suppliers do so, we require our suppliers to do so in compliance with UK data protection laws, typically requiring them to enter into standard contractual clauses approved by the European Union as providing equivalent protection to what would be in place had the personal data remained in the EEA. 

We can provide more information on the non-EEA countries to which we transfer your personal data on request. 

[T]     Your rights and how to exercise them 

The law gives you certain rights in respect of the personal data that we hold about you.  Below is a short overview of those rights (for more information about the rights you have in respect of your personal data please visit the Information Commissioner’s Office website: www.ico.org.uk). 

  • Access. 

With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. 

Access to the personal data we hold on you is free of charge however, we may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.  

Where you have given us your personal data (i.e. you have input it into the app), you may have the right to receive your copy of this data in a common electronic format. If you wish, we can provide copies of this data to other people, if it is technically feasible to do so. 

  • Correction. 

You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion. 

  • Deletion. 

In some limited circumstances, you have the right to have personal data that we hold about you erased (“the right to be forgotten”).  This right is not generally available where we still have a valid legal reason to keep the data (for example, in connection with a legal claim or because we are obliged to do so by law). 

  • Objection. 

You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection. 

  • Opting out of marketing. 

You have the right to require us to stop using your personal data to send you marketing information. If you want us to stop sending you marketing information, the quickest and most efficient way is to use the provided “unsubscribe” links in our communications (although you can contact us directly if you prefer). 

  • Temporary Restriction. 

You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, For example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights. 

  • Withdrawing Consent 

If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue. 

Please be advised that in certain circumstances withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, the service or part of the service. 

To exercise any of your rights, including withdrawing your consent you can: 

  • email on app@plexaa.com; or 

  • writing to us at 20-22 Wenlock Road, London, Greater London N1 7GU, United Kingdom. 

Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made. 

We treat the protection of your personal data with the utmost importance but if you have cause to complain, we would always ask that you contact us first so we can attempt to resolve the matter for you. However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office.  You can contact them on 0303 123 1113 or via their website www.ico.org.uk/make-a-complaint 

[T]    California Privacy Rights (CCPA & CPRA) 

California Residents’ Rights (CCPA & CPRA) 

If you are a California resident, you have specific rights regarding your personal data under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include: 

  • Right to Know: You can request details about the personal data we collect, use, disclose, or sell. 

  • Right to Delete: You can request deletion of your personal data, subject to certain legal exceptions. 

  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal data for monetary gain. However, if we share certain information for targeted advertising, you may opt out by emailing us at app@plexaa.com.