Privacy Policy

Our contact details

Name: SALT Labsystem Limited

Address: Unit 2 Westbrook Court, Sharrow Vale Road, Sheffield S11 8YZ

E-mail (Data Protection Officer): support@saltlabsystem.co.uk

We (i.e. SALT Labsystem), are registered as a data controller at the UK Information Commissioner’s Office under number ZB482971. This means we determine how and why your data are processed. You can view our Data Protection Registration Certificate here.

Last update of this Privacy Policy: 04/12/2024.

Who does this Privacy Policy apply to?

If you are a registered product user or a visitor to our website, this Privacy Policy applies to you. Please read it and periodically check for updates. However, be assured that any significant changes will be communicated to you via email.

The type of personal information we collect

We currently collect and process the following information:

  1. Personal identifiers, contacts and characteristics (e.g. name, employer, email address and telephone number) that you provide via the Contact form on our website.

  2. If you are a client as per the terms of our Service Level Agreement – i.e. you are a qualified Speech and Language Therapist registered with the Health and Care Professions Council (HCPC), or the applicable regulatory authority in the relevant jurisdiction – you are responsible for obtaining consent for collecting the personal data, including ‘special category’ or ‘sensitive’ data (e.g. health data), of patients according to your clinic or hospital’s policy. During the course of using the SALT Labsystem software application and Tester Portal, you are required to enter this health data in a pseudonymised format, so as to exclude the most identifiable fields from the data record, e.g. patient names. Data minimisation should also be implemented, i.e. collecting only the information necessary for establishing a clinical history to facilitate interpretation of the assessment reports. We also strongly recommend that you share this Privacy Policy with your patients prior to conducting an assessment.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you. Sometimes data is collected automatically through your use of our software application, Tester Portal, website and other services. For example, we collect information in the following scenarios:

  1. When you contact us via the Contact form on our website: www.salt-labs.co.uk.

  2. When we set up your Account and to provide support thereafter. For example, you submit personal information when you sign up for an Account, or when you contact us for customer support. When you contact us, we might ask for personal information, such as your name, email address, telephone number and employer details. We will only use your personal information for the purpose that you contacted us for.

  3. Information is automatically collected about how you use our services when you use them, e.g. use of the Tester Portal, tests and subtests administered, scores and data management. This information includes:

  • Device information. We may collect device-specific information (such as your hardware model, Operating System version, unique device identifiers and mobile network information, including your phone number).

  • Log information. When you use our services or view our content, we may automatically collect and store certain information in server logs. This may include:

    • Details of how you used our service, such as your selected tests and subtests.

    • Device event information, such as crashes, system activity, hardware settings, language, the date and time of your requests.

    • Location information: if the user provides explicit permission, their location information may be collected as part of the service.

  • Tester Portal, test and subtest information. We collect and store the user’s assessment tasks, activities, or exercises.

  • Local storage. We collect and store information (including personal information) locally on your device using mechanisms such as application data caches or application specific files.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent, e.g. you have given clear consent for us to process your personal data for a specific purpose. You are able to remove your consent at any time. You can do this by contacting us at support@saltlabsystem.co.uk.

(b) We have a contractual obligation, e.g. processing your data is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.

(c) We have a legitimate interest, e.g. processing your data is necessary for our legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect your personal data that overrides those legitimate interests. Our legitimate interests are:

  • Delivering, developing and improving SALT Labsystem products, services and communication.

  • Gaining insights from your activity as a user of the software application and Tester Portal.

  • Enhancing data security.

How and where we store your personal information

We have put measures in place to protect your data, but please be aware that despite our best efforts the internet is not a secure medium and that you provide personal data at your own risk since there is no way to guarantee that data transmission is 100% secure.

Users of the SALT Labsystem software application and Tester Portal are responsible for keeping login details secret and safe, and not sharing these with any third parties that are not part of, or within the purview of, the subscribed hospital, clinic or team. Users must also contact SALT Labsystem (support@saltlabsystem.co.uk) immediately if any unusual activity is detected on their account as soon as they become aware of it.

The personal data we collect is processed at our offices in England and in any data processing facilities operated by the third parties identified below. By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

How long do we store your personal information?

We will archive and stop actively using any personal identifiable information about you within six months from the last time you subscribed to SALT Labsystem’s products and services. We will delete your personal data from our archives no later than six years from the last time you used SALT Labsystem’s products and services, or as agreed with you in a separate contract. We commit to keeping this retention schedule under review, particularly for longer data retention timescales, and we will endeavour to delete any data that it is no longer necessary for us to hold.

If you suspect that the security of your personal information has been breached, please contact us immediately at support@saltlabsystem.co.uk.

Protection of personal information from misuse

Special emphasis is placed on the confidentiality of personal information and compliance with the UK GDPR. Personal information stored on the SALT Labsystem platform will only be processed according to the guidelines listed here. The connections between client’s web-end (Tester Portal) and server, on the one hand, as well as client’s front-end application and server, on the other hand, are made exclusively via encrypted SSL connections. To ensure the accuracy and security of personal information, and to prevent unauthorised access or misuse, modern safeguard procedures are used. These include:

  • Use of form-based authentication.

  • Data transfer via an SSL-encrypted connection.

  • Securing the server through firewall systems.

  • Access to the servers is limited to authorised SALT Labsystem personnel.

The Tester Portal is secured by its own user administration, which ensures that only the data managed by a specific user can be viewed by that user.

Protection of electronic data against loss or alteration

To protect data from loss, damage, unauthorised access and misuse, the SALT Labsystem Tester Portal is hosted in a data centre and uses a fail-safe data link. Organisational measures include:

  • Continuous monitoring of operation and access.

  • Remote support during business hours.

  • Access to the data centre is granted to authorised personnel only.

  • The databases are continuously backed up.

Test protection

The SALT Labsystem software application and Tester Portal must only be used by qualified Speech and Language Therapists registered with the Health and Care Professions Council (HCPC), or the applicable regulatory authority in the relevant jurisdiction, to test patients and to store patient data. Please note that test protection is included in data protection and neither the items within a test nor the results should be made public. Professional testing procedures should be used when administering tests, as explained in our test manuals. Tests should be administered under controlled conditions, which includes verification of the identity of the test-taker, supervision of the test procedure (by a trusted representative if the test is being held remotely) and prevention of unauthorised aids and communication.

If you have any concerns or questions, please contact us at support@saltlabsystem.co.uk.

Third parties who process your personal information

As a technology business, we partner with certain carefully chosen third parties to help us host our application, communicate with clients, power our emails, etc. When we do this, sometimes it is necessary for us to share your data with them to enable these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy. Please note that we do not make automated decisions or do profiling based on the data we hold. We will not contact you for marketing purposes, nor do we share any of your information with third parties, except those listed below.

Here are the details of our main third-party service providers, the data they collect or we share with them, why they need the data and where it is stored/processed:

  1. Amazon Web Services (AWS), Inc. (https://aws.amazon.com/privacy/). Data collected or shared: data that identifies you, data on how you use SALT Labsystem, test results and scores. AWS is a web hosting provider. We use AWS (via hosting services provided by Switchstance Limited: https://switchstance.agency) to store results and other data that you generate by using the service securely in the cloud. This data is processed in the EU.

  2. Stripe, Inc. (https://stripe.com/en-gb/legal/privacy-shield-policy). Data collected or shared: contact details, financial information, cookies. We use this service to process payments for us. This data is processed in the EU and the US.

Our use of Cookies

Our website uses Squarespace as our hosting platform. You can view details of the cookies it uses in our Cookie Policy.

Your data protection rights

Under data protection law, you have rights including:

Your right of access. You have the right to ask us for copies of your personal information. We will review your request and respond to you within one month. We will not be able to provide you with this information if doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We will let you know if this is the case.

Your right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances, for example, if it is no longer necessary for us to hold the data for the purposes of your use of SALT Labsystem’s products and services.

Your right to restriction of processing. You have the right to ask us to restrict the processing of your personal information, in certain circumstances.

Your right to object to processing. You have the right to object to the processing of your personal information, in certain circumstances, e.g. temporarily if you ask us to rectify inaccurate personal information.

Your right to data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances and in certain formats; e.g. if practicable and provided that the transmission does not adversely affect the rights and freedoms of others.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at support@saltlabsystem.co.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at support@saltlabsystem.co.uk.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk