top of page

CEFREF Privacy Policy

CEFREF is an advanced electronic migraine headache diary designed by headache specialists and migraine sufferers to monitor headache and painkiller usage. CEFREF was created to improve management of migraine.

 

CEFREF is not a diagnostic tool and should not be used to diagnose migraine or other types of headaches. If you have any questions or concerns about your diagnosis or symptoms, then consult your doctor.

 

The CEFREF App and website is operated by Ceftronics Limited. (Referred as “Ceftronics”, “CEFREF”, “we”, “our”, “us” in this, Privacy Notice). Ceftronics is a private limited company registered in England and Wales under company number 11968089 and we have our registered office at Suite 2A Blackthorn House St Pauls Square Birmingham West Midlands, B3 1RL.

 

We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB709659. We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal data.

 

What Personal Data do we Collect and When?

 

The type of personal data that we will collect from you, and you voluntarily provide to us on our App or via our website may include some or all of the following:

 

User Authentication Data – this is an email address, encrypted password, and social media profile information if this is used in sign up process.

 

Headache Data – This consists of:

 

  • Headache frequency (the date a headache occurs),

  • Headache severity (1 = mild, 2 = moderate, 3 = severe) and,

  • If painkillers where used (Yes/No)

 

Free Format Text – This is when you chose to use the ‘Add Note’ feature. 

 

Usage Analytics - App usage data, performance metrics, monthly charts showing headache patterns and painkiller usage.

 

In-App Purchases - Transaction information related to your subscription.

 

Device Information - Device type and model, OS version, network info, language preferences.

 

Crash Reporting - App crash details to improve our App.

 

Unique Identifiers –Device IDs, Firebase Instance IDs and App Instance IDs.

 

Why and How We use Your Personal Data

 

We use your personal data to provide the features of the App and our website.

 

When you use our App or website, we will use your personal data to provide the requested product or service. For example, if you make an enquiry on our website, we will use the contact information you give us to communicate with you about the enquiry.

 

When you use our App, we will record and present the information you enter so that you can see your diary and review headache history and generate charts so you can review monthly data and spot headache patterns.

 

We use your personal data to establish you as an CEFREF App user

 

If you download the CEFREF App we will use your personal data to set up your account and provide the features of our App.  

 

If you become a Premium user, we will process your payment data via your App store provider to provide your subscription.

 

To Operate, Improve and Maintain our Business, Products and Services

 

We use the personal data you provide to us to operate our business. For example, when you make a purchase, we use that information for accounting, audits, and other internal functions. We may use personal data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our App.

 

To Protect Our or Others' Rights, Property or Safety

 

We may also use personal data about how you use our website to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests, or applicable law.

 

Using your personal data: the lawful basis and purposes

 

To process your personal data, we rely on certain lawful basis, depending on how you interact with our App, website or services.  

 

If we do process your personal data, we may use one or more of the following lawful basis for processing:

 

Based on your consent, including:

 

  • When you provide Consent to download and install the CEFREF App.

  • When you provide Consent to process your Special Category Personal Data (data concerning health) for the purpose of recording, analysing and structuring headache frequency, headache severity and painkiller usage.

 

You can withdraw your Consent at any time buy deleting your account and data or by contacting our support team.

 

As necessary to perform our contract with you for using the CEFREF App:

 

  • To take steps at your request prior to entering into it

  • To decide whether to enter into it

  • To manage and perform that contract

  • To assess credit risk and

  • To update our records

 

As necessary for our own legitimate interests or those of other persons and organisations, including:

 

  • Governance, accounting, managing, and auditing our business operations

  • For market research, analysis and developing statistics

 

As necessary to comply with a legal obligation, including:

 

  • When you exercise available rights under data protection law

  • For compliance with legal and regulatory requirements and related disclosures

  • For establishment and defence of legal rights

  • To monitor emails, calls, other communications, and activities on your account, product, or service.

  •  

Sharing of Your Personal Data

 

We do not sell your personal data.

 

We may share your personal data with other organisations in the following circumstances:

 

  • If the law or a public authority says we must share the personal data (Government bodies and agencies in the UK, e.g., the Financial Conduct Authority, the Information Commissioner’s Office

  • If we need to share personal data to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk)

  • Payment systems (e.g., Apple, Google Pay) and correspondent banks, who may transfer such personal data to others, as necessary to operate our service.

  • We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.

  • We may also transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, spin-off, dissolution, or liquidation).

 

Third party links

 

​Our App may, from time to time, contain links to and from third party websites. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.

 

Rights under Data Protection Law 

 

The Right to be Informed about our Collection and Use of Personal Data

 

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external App and website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

 

Right to Access Your Personal Data

 

You have the right to access the personal data that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal data to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

 

In most cases all the information we hold about you are contained within the CEFREF App and therefore can accessed as long as you have not deleted the App.

 

If you would like to exercise this right, please contact us as set out below.

 

Right to Rectify Your Personal Data

 

If any of the personal data we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.

 

If you would like to exercise this right, please contact us as set out below.

 

Right to Stop or Limit Our Processing of Your Data

 

You have the right to object to us processing your personal data for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

 

If you would like to exercise this right, please contact us as set out below.

 

Right to Erasure

 

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’.  App users can, under the Data Management section, delete all stored data and delete their account all within the CEFREF App.

 

If you would like to exercise this right, please contact us as set out below.

 

Right to Portability

 

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact us as set out below.

 

Rights in relation to automated decision making and profiling

 

You have rights around automated decision making and profiling. Automated decision making means a decision made solely by automated means, without any human involvement. Profiling means the automated processing of your personal information to evaluate certain things about you. You have the right to information about these kinds of processing, and the right to ask for human intervention or to challenge an automated decision.  The CEFREF App does not carry out any automated decision making or profiling of its users.

 

For more information about your data protection rights

 

The Information Commissioner's Office (ICO) regulates data protection matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as Ceftronics Limited are available publicly.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

 

Third Party Processors, Libraries and Service Providers

 

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

CEFRREF privacy 3.tif

How long we keep Your Information

 

Where you don’t delete the App or its data or uninstall the App we retain your information in line with the following:

 

If you do not have a paid subscription and you do not use the App for a period of one year, then we will treat the account as expired and your personal data will be deleted. If you cancel a paid subscription, then we will treat the account as expired when you cancel, and your personal data will be deleted.

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where the same record has to be kept for more than one purpose and there is a different retention period for each of those purposes, the record is kept for the longer period.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Accounting and Tax Records

 

We must keep accounting and tax records for a minimum of seven years to comply with Companies Act 2006. We are required to retain accounting records which:

 

  • are sufficient to show and explain the company’s transactions;

  • disclose with reasonable accuracy, at any time, the financial position of the company at that time; and

  • enable the directors to ensure that any accounts prepared under this Act comply with the requirements of that Act.

 

Where we store Your Personal Data and International Data Transfers

 

We securely store the personal data we collect about you within the United Kingdom.

 

Data security

 

​All information you provide to us is stored on our secure servers. Any payment transactions carried out by our chosen third-party provider of payment processing services. Where we have given you (or where you have chosen) a password that enables you to access our App or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

 

​Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

 

​When sharing your data with other users of our App using the data sharing functionality of our App, please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users, such as within free form notes in the App.  You can choose whether or not to include your free form notes when sharing your data.

 

​We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

 

Contact Us

 

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by the following means:

 

info@cefref.com

 

Privacy Notice for U.S. Residents

 

Introduction

 

If you reside in the United States, including states such as California, Montana, Colorado, Connecticut, Utah, Virginia, and others with applicable privacy rights, this section provides additional information about how we use and disclose your information and outlines your rights under various state privacy laws.

 

Categories of Personal Information We Collect

 

Consistent with our "What Personal Data Do We Collect and When” section, we collect certain categories and specific pieces of information about individuals that are considered "Personal Information" under various state laws.

 

How We Use and Share Personal Information

 

We collect, use, and share Personal Information for the business and commercial purposes described in the "Why and How We Use Your Personal Data" and "Sharing of Your Personal Data" sections.

 

We do not "sell" your Personal Information, as defined under California law. Due to varying practices among browser providers and the lack of a market standard, we do not respond to Do Not Track signals at this time.

 

Your Privacy Rights

 

As a resident of an applicable U.S. state, you may have certain rights regarding your Personal Information under state privacy laws, including:

 

Right to Access

 

You have the right to request access to the Personal Information we hold about you.

 

Right to Deletion

 

You have the right to request the deletion of your Personal Information, subject to certain exceptions.

 

To exercise your rights, please contact us as using the details in the Contact Us section. We may need to verify your identity, which could involve providing your name and email address. We will not discriminate against you for exercising your privacy rights.

 

Exercising Your Rights

 

If you wish to exercise your rights, or if you are an authorized agent submitting a request on behalf of a resident, please contact us using the details in the Contact Us section. We will use any information you provide solely for the purpose of verifying your identity or your authority to make the request on behalf of another individual.

 

Retention of U.S. Personal Information

 

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Notice, and to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

 

Specific Information for California Residents

 

In addition to the rights mentioned above, California residents have specific rights under the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA). These include the right to:

 

  • Know what Personal Information is being collected about them

  • Know whether their Personal Information is sold or disclosed and to whom

  • Opt-out of the sale of Personal Information

  • Access their Personal Information

  • Equal service and price, even if they exercise their privacy rights

 

For more details, please contact us using the details in the Contact Us section.

 

Additional Information for Residents of Other Applicable States

 

Residents of Virginia, Colorado, Connecticut, Utah, and other states with applicable privacy laws have similar rights regarding their Personal Information. For a comprehensive guide to the privacy laws in your state, you can consult resources such as the US State Privacy Legislation Tracker at http://iapp.org/resources/article/us-state-privacy-legislation-tracker/ (we are not responsible for the content provided by this third-party organization).

 

If you have any questions or need further assistance regarding your privacy rights, please contact us using the details in the Contact Us section.​​

bottom of page