Heartfelt Technologies - Privacy policy

We take your privacy seriously. This Privacy Notice explains how we handle personal data collected through our website and our related activities, in line with the UK General Data Protection Regulation (UK GDPR).

1. Who we are

We are Heartfelt Technologies Ltd, a medical device company based in Cambridge, UK.

You can contact us about privacy matters at: [email protected].

2. What personal data we collect

We collect personal data in the following ways:

3. How we use your data

We use your personal data to:

4. Legal basis for processing

We process your data on the following bases:

5. Sharing your data

We do not sell your personal data. We may share it with:

Some of these providers may process your data outside the UK/EU. Where transfers occur, we ensure safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or standard contractual clauses approved by the ICO. In particular, Cloudflare may process this data outside the UK/EU (including the United States). We rely on Cloudflare’s approved transfer safeguards, which include participation in the EU-U.S. Data Privacy Framework (with the UK Extension) and Swiss-U.S. DPF, and Standard Contractual Clauses, as applicable.

6. How long we keep your data 7. Data security

We take appropriate technical and organisational measures to protect your data, including encryption, access controls, secure cloud storage, and incident response procedures. Access to personal data is restricted to authorised personnel only.

8. Your rights

Under UK GDPR, you have the right to:

9. Contact us

If you have any questions about this notice or wish to exercise your rights, please contact us at: [email protected].

Our Data protection Officer is Dr Oriane Chausiaux (PhD), you can email her at [email protected]. She works at Heartfelt Technologies Ltd, Platinum Building St John's Innovation Park, Cowley Road, Cambridge, CB4 0DS, United Kingdom.