OKKO collect and store your data in order to monitor your eye health.
Updated on 16th March 2021.
OKKO collect and store your data in order to monitor your eye health
We collect your name, your DOB, your hospital number in order to ensure that we’re storing your results to the correct user file, and so that your eye professional can ensure they’re looking at the correct record. We ask for your mobile number in case there are any problems in connecting your record.
We collect the time of your gameplay session so that we can understand how your vision varies at different times of the day.
We use the front-facing camera as a mirror to help you to check you are covering the correct eye, but we do not store an image of your face.
If you have a compatible device, we use data from the front-facing sensor sensor to measure how far you are from the screen — this is very important since it helps give the most accurate vision results. We do not collect or store any images or any data that could identify your face. We securely store data points about the position and orientation of your head while playing the games, this data is used to determine how far you are from the screen only during active gameplay. This data is sent securely to our AWS server, encrypted alongside the information below. Please see below for information on our disclosure, sharing, retention, and deletion of this data.
We collect information about what and where you tap on the screen and when, to help us understand the limits of your vision and how accurately you respond.
We keep this data stored securely on our cloud servers, the same specification servers that are used by the NHS.
When we will contact you
When you sign up to confirm your account — we may ask you to verify your hospital and doctor etc.
Notification/reminders on a preset basis (weekly) — we ask you not to turn these off because the reminder is important so that you use the app consistently.
Sharing this with the eye professionals you chosen to be involved in your care
If your eye professional has prescribed you this app, they will be able to log in and see the results of your vision tests over time, to determine if your vision is stable or if it is improving or deteriorating. They will be able to see when you used the app, and we may notify them if you have not used the app for an extended period of time so that they can ensure you are still doing fine.
We may want to share your data with other professionals we feel could help you, but we will always ask you first. We may identify charities or support groups that could be of interest to you, but we will never share your data with them without asking you first.
Using your data for research
Getting the most accurate results to you and your health team is really important to us at OKKO. As such, we work with top vision scientists and data scientists to help us analyse the data we collect. Any data shared in this way is fully anonymised and the third party are contracted to adhere to the same privacy standards outlined here.
We never share personal data with any third parties and they will not be able to identify you (e.g. your name and date of birth).
We do share how old you were in months when you played, because that’s really important for analysis, alongside any diagnosis. We also share your gameplay results.
Working with scientists will enable us to fine-tune our software and develop analytics/algorithms that identify vision problems earlier — so your data could really help others. It might be that the analysis of other peoples’ data helps us to identify a problem with your vision ahead of time and we’ll get in touch with you if this is the case (and you’re still using our services).
We are processing your personal data because we need it in order to perform a task carried out in the public interest — i.e. supporting the assessment of eye care (1). If you access our services directly from us, rather than via a hospital, we will be processing your personal data in order to fulfil the contract between us (2)
We are processing information about your vision and health (special category personal data) so we can provide medical diagnosis and provide health care and/or treatment (3)
We are processing the gameplay results and distance, age (in months) and diagnosis for the purpose of scientific research purposes and/or statistical purposes: we believe the data is necessary for these purposes, is carried out in accordance with Article 89(1) of the GDPR and Section 19 of the Data Protection Act 2018 (see Data deletion below for more on this) and is in the public interest (4).
Under GDPR you have the right to have your data deleted. If you request this from us, we will delete your personal account information but we will retain the data that does not identify you, including your gameplay results, your distance tracking data, and the age (in months) or diagnosis, so that others with the same diagnosis can continue to benefit from our algorithms. To make a request to delete your personal data or to revoke any consent given, please send an email to [email protected]
We are doing this on the basis that we meet the criteria defined in the GDPR and Data Protection Act 2018 for the retention and use of personal data for purposes of scientific research purposes and/or statistical purposes.
This is because we believe that we are using the data for scientific and/or statistical research purposes that will not cause you harm or distress (and are not likely to cause substantial damage or substantial distress to you). Also, we will not process the data for the purposes of taking measures or decisions with respect to you (this only happens when you are using our services) (5)
We apply safeguards as required by the GDPR. Those safeguards ensure that technical and organisational measures are in place so that, when using data for our scientific and/or statistical research purposes, we take steps to ensure this data cannot be traced back to you.
To do this we pseudonymise the personal data — i.e. we ensure the data can no longer be attributed to you without the use of additional information (such as your personal account information: name, date of birth and hospital reference). We keep that data separately and use technical and organisational measures to ensure that it cannot be used to link the gameplay results back to you.
We are comfortable holding onto this information and continue to keep it safe and secure as we do not believe that it is traceable back to you, and it’s really important for our researchers to be able to develop the best diagnostics to help everyone.
We will not disclose any of your data described above to anyone without your consent, unless we are required to by law.
We collect anonymous analytics data about what sections of the app are shown and when, to enable us to make sure the best and most used features of our app are prioritised.
We collect data about taps on the screen during gameplay as part of the core functionality to monitor your eye health.
We collect data about app crashes to enable us to support our users.
Info about eye condition
We want you to have the most personalised experience of our app as possible, including having it represent the information most important to each eye condition. As such, if your eye care professional prescribes you the app, we collect the eye condition(s) that they believe you have and your experience of the app will be personalised accordingly. In addition, when you tell the app about a new treatment or pair of glasses, we will update our records accordingly, to ensure that you and your doctor get the most value from your graphs.
OKKO Health is the trading name for Okulo Ltd, who are the data controllers of your personal information for the purposes of any data protection legislation that applies. We take protecting your data really seriously and are registered with the ICO (reference ZA557755). Dr Stephanie Campbell is the data protection officer. Please contact [email protected] if you have any concerns about data breaches.
1 GDPR Article 6(1)(e).
2 GDPR Article 6(1)(b).
3 GDPR Article 9(2)(h) / Data Protection Act 2018 Schedule 1, Part 1, Paragraph 2 “Health or Social Care Purposes” http://www.legislation.gov.uk/ukpga/2018/12/schedule/1/enacted
4 GDPR Article 9(2)(j) / Data Protection Act 2018 Schedule 1, Part 1, Paragraph 4 “Research etc” http://www.legislation.gov.uk/ukpga/2018/12/schedule/1/enacted
5 Data Protection Act 2018, Section 19 “Processing for archiving, research and statistical purposes: safeguards” Paragraphs (2) and (3) http://www.legislation.gov.uk/ukpga/2018/12/section/19/enacted
6 GDPR Article 89(1) https://gdpr-info.eu/art-89-gdpr/