Privacy Policy

1. Purpose of our Privacy Policy

PainChek UK Ltd, (a company registered in England with Company number: 12170151) (we, us or our) provides the PainChek® web & mobile system (PainChek), which is intended to allow users to access parts of a Patient’s account to:
a) Assess and record the Patient’s level of pain and the pain relief administered to manage their pain over time.
b) Connect and share information with other authorised users.
c) Access such other information and features, as we may make available via PainChek® from time-to-time in accordance with the PainChek® Terms of Service.
In order to achieve the above, Users have to create, store and edit personal data about Patients and Users.
Care-Receivers being assessed for pain shall be collectively referred to as Patients throughout this Privacy Policy.
Patients, Care-Givers and the organisations responsible for caring for Patients shall be collectively referred to as Users throughout this Privacy Policy.
We respect your privacy and are strongly committed to protect your personal data. We have adopted this Privacy Policy to ensure that we have standards in place to protect the personal data that we collect about Patients and Users that is necessary and incidental to:
a) Providing the system and services that PainChek UK Ltd offers; and
b) The normal day-to-day operations of our business.
We process personal data in compliance with all legislation and regulatory requirements in the UK and Europe relating to the use of personal data, including (i) the Data Protection Act 2018 and any successor UK legislation, (ii) the General Data Protection Regulation ((EU) 2016/679), and (iii) the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (Privacy Laws).
We are the data controller (as defined by the relevant Privacy Laws) of the information that Users provide us. A data controller determines the purposes and means of the processing of personal data. We are the data controller (as defined by the relevant Privacy Laws) of the information that Users provide us. A data controller determines the purposes and means of the processing of personal data. This Privacy Policy explains how we, as a data controller, may collect, use, share and protect information that we obtain about Users directly or indirectly in accordance with applicable Privacy Laws.
By publishing this Privacy Policy, we aim to make it easy for our customers and the public to understand what personal data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their personal data in our possession.
This Privacy Policy applies to all forms of personal data, physical and digital, whether collected or stored electronically or in hardcopy.
PainChek may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
If you have any questions in relation to this Privacy Policy, please let us know using the contact details at paragraph 11 below.

2. The Information We Collect

Personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We handle personal data of adults and children in our own right and also for and on behalf of our customers and users.
In the course of business, it is necessary for us to collect personal data. This information allows us to identify who an individual is for the purposes of our business, share personal data when permitted and/or required of us by law, contact the individual in the ordinary course of business and transact with the individual.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
a) Health Information. We may collect information about the health, injuries, disability, health services, medical histories, prescriptions, allergies, racial or ethnic origin, genetic data, biometric data and other information about an individual defined as “Special Categories of Personal Data” in the relevant Privacy Laws;
b) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, profile image, nationality, and family details;
c) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
d) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
e) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and/or
f) Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Statistical Information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
Due to the services that we provide, we may on occasion process data relating to children. Where the Patient is a child, if you are the “Responsible Person” for the child as defined in relevant local laws (such as the parent or guardian of the child) you will be responsible for providing the required consent to each collection, use and disclosure of that personal data collected and should monitor the child’s usage of PainChek.
If you require a version of this Privacy Policy for a Patient who is a child, please contact use (details in paragraph 11 below) and we will provide you with a relevant policy to ensure your child’s understanding of how we collect and process their data.

3. How Information is Collected

Most personal data will be collected directly from you in association with your use of our services, the PainChek® mobile application, the PainChek® Web Administration Console, the public PainChek UK Ltd web site, an enquiry about PainChek® or generally dealing with us.
Some information may be collected from authorised Users in relation to a Patient. However, we may also receive personal data from sources such as automated technologies or interactions, advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
a) Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
b) Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
c) Using PainChek®. When an Individual enters Personal or Health Information into PainChek® for any reason, records a profile image, or performs an automated facial assessment. Note the facial images used by the automated facial assessment process to determine a patient’s level of pain are discarded immediately and are not stored on the device nor transmitted to other systems.
d) Supply. When an individual supplies us with goods or services;
e) Contact. When an individual contacts us in any way;
f) Access. When an individual makes contact with us in-person we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
g) Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their personal data is being collected.
Where we obtain personal data without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information.

4. When Personal Data is Used and Disclosed

The primary reason personal data is used or disclosed is so that a Patient’s level of pain and pain relief usage can be recorded and reviewed by Users.
In general, the primary principle is that we will not use any personal data other than for the purpose for which it was collected (or purposes which are directly related to that purpose, and which the individual would reasonably expect), except with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Except as noted elsewhere in this section, we will never use an individual’s personal data for any purpose other than:
a) Processing or sharing that information with a User authorised by the individual to receive it.
b) Processing or sharing that information with third parties authorised by the individual to receive it.
c) Supporting and developing PainChek® (using our internal resources and third-party service providers under obligations of confidence).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
a) Where you have given us your explicit consent to the processing of those personal data for one or more specified purposes. Users may be asked to provide the Users’ consent in connection with certain services that we offer, for example in respect of any processing of the Users’ personal data for our marketing purposes where Users or the Users’ employing organisation is not a client of PainChek, or in respect of certain special categories of personal data such as the Users’ health or racial background for which we are legally obliged to gain the Users’ consent due to the sensitive nature of such information and the circumstances in which it is gathered or transferred. Where we are reliant upon the Users’ consent, Users may withdraw this at any time by contacting us in accordance with paragraph 11 below, however please note that we will no longer be able to provide Users with our services that rely on having the Users’ consent.
b) Where we need to perform the contract that we are about to enter into or, have entered into with you.
c) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
d) Where we need to comply with a legal obligation.
e) Where processing is necessary for the purposes of preventive or occupational medicine, for the assessment of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis local law or pursuant to contract with a health professional. Where this is the case, we will only process Health Information where it is necessary for health care purposes and appropriate local safeguards and local laws are complied with.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Please note, where the health information of children is processed, we require consent from the guardian and will at all times take responsibility for identifying the risks and consequences of the processing and have age-appropriate safeguards in place.

	Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
1	To register you as a Patient, or User or otherwise, in order to use our services.	Personal Information Health Information Contact Information Including, the information of children.	(a) Performance of a contract with you. (b) In relation to Health Information, where it is required for the assessment of medical diagnosis.
2	To provide our services to you.	Personal Information Health Information Contact Information Including, the information of children	(a) Performance of a contract with you. (b) In relation to Health Information, where it is required for the assessment of medical diagnosis. (c) Consent.
3	To process your use of our services including: Manage payment, fees and charges. Collect or recover money owed to us.	Personal Information Financial Information Contact Information	(a) Performance of a contract with you. (b) Necessary for our legitimate interests (to recover debts due to us).
4	To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy. Asking you to leave a review or take a survey.	Personal Information Health Information Contact Information Statistical Information Information an Individual sends us	(a) Performance of a contract with you. (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services). (d) In relation to Health Information, where it is required for the assessment of medical diagnosis, or the provision of healthcare.
5	To provide you with healthcare information received from authorised Users.	Health Information Personal Information Including, the information of children	(a) Performance of a contract with you. (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (to provide you with information as received from Authorised Users). (d) In relation to Health Information, where it is required for the assessment of medical diagnosis, or the provision of healthcare.
6	To collect Health Information in order to provide our services to you and connect you with authorised Users and healthcare providers.	Health Information (including the health information of children)	(a) Performance of a contract with you. (b) Consent. (c) Necessary for our legitimate interests (to provide you with information as received from Authorised Users). (d) Where it is required for the assessment of medical diagnosis, or the provision of healthcare.
7	To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Personal Information Statistical Information Contact Information	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). (b) Necessary to comply with a legal obligation.
8	To verify an individual’s identity.	Personal Information	(a) Necessary for our legitimate interests (for running our business). (b) Necessary to comply with a legal obligation.
9	To undertake research studies.	Health Information Personal Information	(a) Consent. (b) Performance of a contract with you.
10	To enable you to partake in a prize draw, competition or complete a survey	Personal Information Contact Information Statistical Information	(a) Performance of a contract with you. (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business).
11	To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Personal Information Contact Information Statistical Information	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
12	To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	Statistical Information	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
13	To make suggestions and recommendations to you about goods or services that may be of interest to you	Personal Information Contact Information Statistical Information Information an Individual sends us	Necessary for our legitimate interests (to develop our products/services and grow our business).
14	To comply with any applicable local laws.	Personal Information Contact Information	Necessary to comply with a legal obligation.
15	To investigate any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity.	Personal Information Health Information Contact Information Statistical Information Information an Individual sends us	(a) Performance of a contract with you. (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (to deal with complaints received by you). (d) In relation to Health Information, where it is required for the assessment of medical diagnosis, or the provision of healthcare.

5. When Personal Data is Disclosed

There are some circumstances in which we must disclose an individual’s personal data:
a) Where we need to provide information to Authorised Users, either with your specific consent, for the performance of our contract with you, or for the provision of healthcare;
b) As part of a sale (or proposed sale) of all or part of our business;
c) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of; and/or
d) As required or permitted by any law (including the Privacy Laws).
We may need to disclose and/or transfer your personal data to other companies in the PainChek company group. These are internal data transfers where the other member of our group is acting as joint controllers or processors may provide Support, IT, system administration services and undertake leadership reporting and are based in Australia (PainChek Limited).
We will not disclose an individual’s personal data to any entity outside of the UK or the EEA unless a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data in accordance with the Privacy Laws.
b) Where we use certain service providers, we may use specific contracts (and/or contractual clauses) approved for use in the UK and/or EEA which give personal data the same protection it has in the UK or the EEA.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We utilise external third-party service providers to communicate with an individual and/or to store and process personal data about them. Such services we currently use include:
a) Amazon Web Services (AWS) operated by Amazon.com, Inc. (a company incorporated in the Washington, United States) that host PainChek® systems and data on servers located in Australia.
b) SiteGround operated by DreamScape Networks FZ-LLC (a company incorporated in the UAE) for email and for hosting of the painchek.com website.
c) Office 365 operated by Microsoft for hosting @painchek.com email addresses.
d) JIRA operated by Atlassian Pty Ltd (a company incorporated in Australia) for bug tracking, issue tracking, and project management.
e) ZenDesk operated by ZenDesk Inc for Customer Service and Technical Support enquiries.
f) Dropbox operated by Dropbox International Unlimited Company (a company incorporated in Dublin) for data storage.
g) Wordpress operated by Automattic (a company incorporated in California) for hosting the PainChek® website.
h) Sentry operated by Sentry.io (a company incorporated in California) for reporting errors in the web backend, and web portal.

6. Opting “In” or “Out”

An individual may opt to not have us collect their personal data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us. The exercise of an opt-out right does not mean that we immediately delete all records of the individual, if there are still legitimate uses for the information we hold (including record keeping obligations).
Each individual has the right to opt out of receiving marketing communications from us by (i) logging into the website and/or a User account and checking or unchecking relevant boxes to adjust your marketing preferences, (ii) following the opt-out links on any marketing message sent to you, or (iii) contacting us at any time.

7. The Safety & Security of personal data

We have appointed a Privacy Officer to oversee the management of this Privacy Policy and compliance with the Privacy Laws. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In some circumstances, Users might be staff of institutions that provide care to a patient (e.g. a nursing home). We require that such organisations have a compliant privacy policy, adequate technical and safety measures in place and act in accordance, at all times, with the relevant Privacy Laws applicable to their jurisdiction.
We are not responsible for the privacy or security practices of any third-party (including third parties to which we are permitted to disclose an individual’s personal data in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
If an individual suspects any misuse or loss of, or unauthorised access to, their personal data, they should let us know immediately.
Except as provided by law, we are not liable for any loss, damage or claim arising out of another person’s use of the personal data where we were authorised to provide that person with the personal data.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
By law we have to keep certain information held about individuals in accordance with the relevant local laws and regulations, including tax laws and healthcare regulations. This may vary depending on your location. We will keep basic information about our customers (including Personal Information and Financial Information for six years after they cease being customers for tax purposes.
Health Information, as above, will be retained in accordance with local laws and regulations.
In some circumstances you can ask us to delete your data: see your legal rights at paragraph 9 below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you require further information about data retention, please contact our Privacy Officer.

9. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:
a) request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
b) request correction of your personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
c) request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local laws. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d) object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e) request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
i. If you want us to establish the data’s accuracy.
ii. Where our use of the data is unlawful but you do not want us to erase it.
iii. Where you need us to hold the data even if we no longer require it as you need it to establish,
exercise or defend legal claims.
iv. You have objected to our use of your data but we need to verify whether we have overriding
legitimate grounds to use it.
f) request transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) withdraw consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us using the details in paragraph 11 below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Use of Cookies

A cookie is a data file that a website transfers to your computer when you visit that website. This enables the website to track the pages you have visited. A cookie only contains information you supply. It cannot read data on your computer. There are many types of cookies that may be used for different purposes. For example, some cookies help a website to remember information about your visit, like your preferred language and other settings while others may identify which pages are being visited or offer security features.
PainChek uses cookies and other similar technologies, for example, to distinguish you from other users when you browse our website(s) or use our online services and to allow us to improve our online services. We may, for example, collect information about the type of device you use to access our online services, the operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the content you view and features you access on our online services, the web pages you view immediately before and after you access our online services, whether and how you interact with content available on our online services, and the search terms you enter on our online services.
PainChek sets cookies which remain on your computer for differing times. Some expire at the end of each session, and some remain for longer so that when you return to our website, you will have a better user experience.
You can set your browser to refuse cookies through the browser settings, however, this may mean you are unable to take full advantage of PainChek. Most browsers enable you to block cookies or to block cookies from particular sites. Browsers can also help you to delete cookies when you close your browser. You should note however, that this may mean that any opt-ins, opt-outs or preferences you set on our website will be lost.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org which includes information on how to manage your settings for the major browser providers.
The cookies and technologies used by us are below:

PainChek App:

	Cookie Name	Domain	Type	Description	Duration
1	Sessionid	PainChek portal url	Strictly necessary	Cache session credentials	20 minutes or 30 days (users choice)
2	csfrtoken	PainChek portal url	Strictly necessary	Prevent CSRF attacks	1 year
3	AWSALBCORS	widget-mediator.zopim.com	Functional	ZenDesk widget cookie for AWS load balancing.	7 Days
4	__zlcmid	painchek.com	Functional	Store a unique ZenDesk widget user ID	1 year

PainChek Website:

	Cookie Name	Domain	Type	Description	Duration
1	lang	ads.linkedin.com	Functional	LinkedIn sets this cookie to remember a user’s language setting	session
2	U	adsymptotic.com	Targeting	Browser Identifier for users outside the Designated Countries	3 months
3	test_cookie	doubleclick.net (Google)	Targeting	Test for cookie setting permissions in user’s browser	1 day
4	fr	facebook.com	Targeting	Ads targeting cookie for Facebook	3 months
5	AnalyticsSyncHistory	linkedin.com	Analytical/ performance	Used to store information about the time a sync took place with the lms_analytics cookie	30 days
6	UserMatchHistory	linkedin.com	Targeting	LinkedIn Ads ID syncing	30 days
7	bcookie	linkedin.com	Targeting	Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform	2 years
8	lang	linkedin.com	Functional	Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings.	Session
9	li_sugr	linkedin.com	Targeting	Used to make a probabilistic match of a user’s identity outside the Designated Countries	90 days
10	lidc	linkedin.com	Functional	To facilitate data center selection	24 hours
11	__zlcmid	painchek.com	Functional	Store a unique ZenDesk widget user ID	1 year
12	_fbp	painchek.com	Targeting	Used to distinguish and keep track of unique Facebook users	90 days
13	_ga	painchek.com	Targeting	Used by Google Analytics to provide technical monitoring	90 days
14	_gat_UA-*	painchek.com	Targeting	Used by Google Analytics to provide technical monitoring	session
15	_gcl_au	painchek.com	Targeting	Used by Google Adsense to store and track conversions	90 days
16	_gid	painchek.com	Targeting	Used by Google Analytics to store and count page views	90 days
17	AWSALBCORS	widget-mediator.zopim.com	Functional	ZenDesk widget cookie for AWS load balancing.	7 Days
18	bscookie	www.linkedin.com	Targeting	This cookie is used by LinkedIn to recognise a secure Browser ID.	2 years
19	mo_has_visited	www.painchek.com	Functional	The cookie is set by MailOptin. It is used to track whether the user has already visited the website.	11 years
20	mo_is_new	www.painchek.com	Functional	This cookie is set by MailOptin. It is used to count how many times the website has been visited by different users.	session
21	mo_page_views_counter	www.painchek.com	Functional	The cookie is set by MailOptin. It is used to track how many pages the user has viewed on the website.	session
22	moove_gdpr_popup	www.painchek.com	Functional	Store cookie consent preferences.	session
23	uncode_privacy[consent_types]	www.painchek.com	Functional	Store cookie consent preferences for WordPress GDPR Cookie Compliance (CCPA ready( plugin from Moove Agency	1 year
24	wordpress_test_cookie	www.painchek.com	Functional	to read if cookies can be placed.	session
25	wp_lang	www.painchek.com	Functional	Store language settings	session

11. Contacting Us

All correspondence with regards to privacy should be addressed to:
The Privacy Officer
PainChek UK Ltd
10 John Street
London
United Kingdom
[email protected]
You may contact the Privacy Officer by email in the first instance.

12. Complaints

You have the right to make a complaint at any time to the appropriate data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection authority, so please contact us in the first instance.
If you are in the UK, the relevant data protection authority is the Information Commissioner’s Office (ICO), and details can be found at www.ico.org.uk.
If you are in the EEA, the relevant data protection authority available to you can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

13. Changes to this Policy

We keep our privacy policy under regular review. This policy was last updated on 30 March 2022.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.