The legal stuff

Peachy Digital is the trading name of Hlthie Labs Ltd which is incorporated in England and Wales (company number: 14465814). Our registered address is 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ.

We collect a variety of information depending on the context of your interaction with our platform and services. We act as both a data controller and a data processor depending on the context of data collection and processing:

‍

Data controller

We act as a data controller when collecting and using personal data for our own purposes, such as:

• Managing accounts and providing access to our platform
• Responding to inquiries and support requests
• Marketing our services or sending newsletters (with your consent)
• Ensuring compliance with legal and regulatory obligations

‍

Data processor

‍We act as a data processor when insurers or other clients use our platform to process personal data. In these cases:

• Our customers act as the data controllers, determining the purposes and means of processing
• We process personal data on their behalf under their instructions and in accordance with applicable data protection laws.

‍

Customers using our platform are responsible for ensuring they have the appropriate legal basis for processing the data they provide to us. If you are a customer of one of our clients, please refer to their privacy policy for information on how your data is handled.

Below is an overview of the types of data we may collect:

‍

1. Personal data

(Data controller)

Information that identifies you as an individual or relates to you as a contact point, including:

• Name
• Email address
• Phone number
• Job role and industry details provided during sales inquiries
• Company or organization name
• Information about your business needs or challenges shared during discussions

‍

2. Account data

(Data controller)

Data related to your account with us, such as:

• Login credentials
• Profile information, preferences, and settings
• Usage details specific to your account on our platform

‍

3. Usage data

(Data controller)

Information generated from your interactions with our platform, including:

• IP address
• Browser type and version
• Pages visited and navigation patterns
• Time and date of access
• Referral sources 

‍

4. Device information

(Data controller)

Technical data about the device used to access our platform:

• Device type (e.g. mobile, desktop)
• Operating system
• Screen resolution
• Browser configuration

‍

5. Customer data

(Data processor)‍

When acting as a processor on behalf of insurers or other clients using our platform, we collect data related to their customers, including:

Healthcare Information (Special Category Data):

• Medical history and conditions
• Claims-related healthcare data (e.g., diagnosis, treatments, prescriptions)
• Data related to pre-authorisations or healthcare service usage

Personal Identifiable Information:

• Full name, date of birth, gender, and other identifying detail
• National ID numbers or equivalent identifiers, where required
• Billing and payment information
• Banking details or payment preferences related to insurance premium collection
• Claims disbursement information for reimbursements or direct payments to providers

Policy and Claims Data:

• Insurance coverage details, policy numbers and claim history
• Provider details, appointment history and treatment records

All processing of customer data is performed under the explicit instructions of the insurers or other clients using our platform and they remain the data controllers for such data.

‍

6. Transaction data

(Data controller)

Details related to your purchases or interactions with Peachy Digital services:

• Billing and payment information
• Subscription and licensing details

‍

7. Communications

(Data controller)

Information captured during interactions with our team:

• Correspondence or responses related to sales inquiries, proposals and licensing discussions
• Support requests and related correspondence
• Emails or messages sent to our customer service or account managers
• Recorded calls, where permitted and applicable

‍

8. Cookies and tracking data

(Data controller)

Data collected using cookies and similar tracking technologies to:

• Enhance platform functionality
• Track session and usage behavior
• Provide a personalised user experience

You can manage your cookie preferences through your browser settings.

‍

9. Marketing and survey data

(Data controller)

Information gathered from your participation in our events, campaigns or surveys:

• Preferences and interests based on responses or interactions
• Contact details for sending newsletters or promotional content, where you have consented

‍

10. Compliance and security data

(Data processor for insurers and other clients; Data processor for Platform Security)

Information collected to meet legal, regulatory and security requirements:

For insurers and other clients using our platform:

• Data related to identity verification, liveness checks, and compliance screening (e.g. PEPs and sanctions)
• Logs of access and activity specific to their customers

For platform security:

• Logs of access and activity on our systems to ensure compliance and audit readiness
• Information used for threat detection and security monitoring

Peachy Digital collects information in several ways, depending on how you interact with our platform and services. The methods include:

‍

1. Information you provide directly

We collect personal and account data directly from you when you:

• Create an account or sign up for our services
• Update your profile or preferences within the platform
• Contact us via email, phone or other communication channels
• Details shared during meetings, calls or product demonstrations (e.g. business needs, desired features and use cases)
• Participate in surveys, marketing campaigns or events
• Submit billing or payment information for subscriptions or purchases

2. Information provided by insurers or other clients

When insurers or other clients use our platform, they may provide us with customer data to facilitate their services. This includes:

• Personal data related to their customers, such as names, contact information and policy details
• Healthcare information for claims processing or pre-authorisation requests
• Billing and payment information to process premiums or disburse reimbursements

We collect and process this data strictly under the instructions of the insurers or clients, who remain the data controllers.

‍

3. Information collected automatically

We automatically collect certain types of data when you use our platform or website. This includes:

• Usage data: Such as IP addresses, browser types, pages visited and navigation patterns
• Device information: Including operating system, device type and browser configuration
• Cookies and similar technologies: Used to enhance platform functionality, track session behavior and personalize your experience. You can manage cookies through your browser settings
• Tracking data related to your interactions with marketing emails or sales collateral

‍

4. Information from third parties

We may collect information about you from trusted third-party sources, such as:

• Customer relationship management (CRM) platforms or email marketing tools, specifically for sales and business development purposes
  Payment processors to verify and process transactions
• Compliance service providers for identity verification and anti-money laundering checks (e.g. PEP and sanctions screening)
• Marketing or analytics partners to enhance user experience and engagement

‍

5. Information generated by platform usage

Our platform generates certain data as part of its operation. For example:

• Logs of your interactions with our platform, such as login attempts and actions performed within the system
• Security and compliance data, including activity logs and threat detection alerts.

‍

Peachy Digital uses the information we collect to provide, improve, and support our services, ensuring compliance with legal and regulatory obligations. The specific purposes depend on the context in which the information is collected and whether we act as a data controller or data processor.

When acting as a data controller, we use the information for our own purposes, such as:

Providing and managing access to our platform:

• Creating and managing user accounts
• Ensuring secure access and usage of our platform 

‍

Customer support:

• Responding to inquiries and support requests
• Resolving technical issues or complaints

‍

Platform improvement and analytics:

• Monitoring usage patterns and improving platform functionality
• Conducting internal analytics to identify trends and enhance user experience

‍

Marketing, sales, business development and communications:

• Understanding your requirements to tailor proposals for using our platform
• Creating and negotiating licensing and support agreements
• Communicating about service offerings, product demonstrations and partnership opportunities
• Sending promotional materials, updates, or newsletters (with your consent).
• Inviting you to participate in surveys, events or campaigns designed to enhance our relationship and inform future offerings

Legal and regulatory compliance:

• Maintaining records for tax, audit or regulatory reporting purposes
• Enforcing our terms of service and protecting our rights or the rights of others

We may share your information with trusted third parties to deliver our services, support our operations, and meet legal or regulatory obligations. The types of entities we share data with include:

1. Service providers

We work with third-party service providers to assist in various aspects of our operations, including:

• Hosting and maintaining our platform
• Providing customer support services
• Processing payments and managing billing
• Performing analytics and improving our services

These providers are only permitted to process your data for the specific purposes outlined in their agreements with us and are bound by strict confidentiality and security obligations.

‍

2. Insurers and other clients

When acting as a data processor, we share data with the clients (e.g. insurers) who act as data controllers. This includes data processed through our platform to support their operations, such as policy administration, claims management and compliance activities.

‍

3. Legal and regulatory authorities

We may disclose your data to governmental, regulatory or law enforcement agencies where required to comply with legal obligations or to protect our rights, users or the public.

‍

4. Business partners

In certain circumstances, we may share your data with business partners to support joint offerings, product development or partnership activities.

‍

5. Corporate transactions

If we are involved in a merger, acquisition or asset sale, your data may be transferred as part of the transaction. In such cases, we will ensure that your information remains protected and notify you of any significant changes to its use.

‍

Commitment to safeguarding your data

Whenever we share your information, we take steps to ensure it is handled securely and in compliance with applicable data protection laws. These steps include entering into data processing agreements or confidentiality agreements where required.

We use a combination of technical and organisational measures to protect your information from unauthorised access, misuse or disclosure. These measures include:

• Storing your information on secure servers with encryption and access controls
• Implementing password and username protection for accounts unique to each user
• Regularly monitoring and testing our systems to identify and address vulnerabilities

‍

Handling special category data

For sensitive data, such as healthcare information, we apply enhanced security measures, including stricter access controls and additional encryption protocols, to ensure its confidentiality and integrity.

‍

Data transfers and storage

The majority of personal data we collect is stored in the UK and the European Economic Area (EEA). If your personal data is transferred outside the EEA, it will only be transferred:

• To countries that have been identified as providing adequate protection for EEA data; or
• Under legally approved transfer mechanisms, such as the European Commission’s Standard Contractual Clauses or binding corporate rules

‍

Internet security

While we use all reasonable efforts to protect your information, please note that the transmission of information over the internet is not entirely secure. We cannot guarantee the security of data transmitted to or from our platform and you do so at your own risk.

‍

If you have any specific concerns about the security of your data, please contact us at dpo@peachy.digital

We keep your information for as long as is necessary in line with the reasons why we collected the information, which includes satisfying any regulatory or statutory requirements. In some cases we may anonymise your personal information so that it can no longer be associated with you, in which case we can use this information without notifying you.

To determine the appropriate amount of time to keep your information, we take into account the following:

• The amount, nature and sensitivity of the information
• The potential risk of harm from unauthorised use or disclosure of your information
• The reasons for collecting and processing your information and whether we can achieve these reasons through other means
• Any applicable regulatory or statutory requirements

Under certain circumstances we may need to keep your information for longer. This could be when we have a legal obligation to do so, to defend or manage legal claims.

Under Data Protection Laws, you have the following rights:

‍

Access

The right to request access to your personal information. This will enable you to request details and receive a copy of the personal information we hold about you, and check that we are processing it lawfully.

‍

Correction

The right to request correction or removal of inaccurate personal information.

‍

Erasure

The right to request that we delete your personal information. This enables you to request that we delete or remove your personal information where there is no good reason for us to continue storing or processing it. However, whilst we respect your right to be forgotten, we may still be required to retain some of your personal data to meet our regulatory and/or statutory obligations.

‍

Restriction of processing

The right to request that we stop processing your personal information and only store it. You can do this if you want us to establish the accuracy of your personal information or our reason for processing it.

‍

Data Portability

The right to request that we transfer your personal information to yourself, someone else or another company.

‍

Object to legitimate interest

The right to object to the processing and profiling of your personal information when we use it for legitimate interest (see What we use your information for).

‍

Object to marketing

The right to object to direct marketing at any point. You can do this via our app, by speaking to a member of our team or by requesting to be added to a marketing suppression list.

‍

Withdraw consent

The right to withdraw consent given to handle personal information. If you withdraw consent, this does not affect the lawfulness of how we stored or processed your personal information before consent withdrawal. We will let you know if we are no longer able to provide you with your chosen product or service.

‍

We reserve the right to charge an administrative fee if your request concerning your rights is manifestly unfounded or excessive.

We may also contact you to ask you for further information to help us to confirm your identity, ensure your right to access your personal data or to exercise any other right in relation to your request so we can deal with it promptly.

If you have any questions about your rights to your personal data or wish to exercise your rights in relation to your personal data, please contact us at dpo@peachy.digital

We have appointed a Data Protection Officer, who oversees how we handle your personal information. If you have any questions about our Privacy Policy or how we store your personal information, please contact us at dpo@peachy.digital.

We reserve the right to make changes to this Privacy Policy from time to time. These changes might be necessary because of changes or developments in data protection laws, privacy best practice or the introduction of new technologies. You should check this policy for updates to ensure you are aware of the most recent Privacy Policy.