Privacy Policy

Who are we and what are we doing?

Positive+1 is an app that looks to connect users with content, discussion and other users around the topic of HIV. Users don’t have to be living with HIV themselves, they can simply be curious to learn more or may well know or live with someone with HIV and want to learn more.

As the app & website develops, we will add new features and functionality, but all with the aim of connecting those living with, or interested in learning more about, HIV.

Positive+1 is the ‘Data Controller’ of your data and we are register under the Information Commissioner’s Office (ICO) in the UK.

What personal data do we need from you?

In order to get access to P+1 we need some very basic information from you. For example, your name and email address and date of birth.

Additionally, in order to verify users and ensure we create a safe environment for you we will need you to provide a selfie and recent photograph. The selfie is taken within the app and only stored for verification purposes.

What you then choose to share either on your profile or in the wider app is up to you. At no point will we force you to reveal something to other users that you don’t want to. Confidentiality remains a concern for those living with HIV, therefore it remains a top priority and concern for us.

Please note, if you have chosen to sign up to the app with your Apple, Google or Facebook account we will receive this basic information on you from them.

Additionally, our customisation of your app experience requires us to track what you use and share on the app. This is off by default meaning you will need to consent via the pop-up or change your settings in your profile to receive tailored content.

What ‘special types’ of personal data do we need from you?

None, as mentioned above, we don’t ‘need’ any data like that from you. What you choose to share is totally voluntary.

Who will be using your personal data?

Positive+1 is what’s known as the ‘Data Controller’ under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. As the app expands to other countries we will have similar entities in those countries that may be the Data Controller for the Country you are in, or a joint controller with P+1 in the UK. We will update you as we expand!

The Data Protection Officer (DPO) can be contacted at dataprotection@positiveplusone.com.

What will it be used for and what gives us the right to ask for it and use it?

We will be using your data for a number of reasons. We have outlined these in a simple terms as possible below and what our ‘lawful basis’ is for using it.

Styled Table
Data Usage and Legal Basis
Reason for using it What we use The lawful basis for using it
Registration and administering/support of your account Name
Email Address
Anything related to the issue we are resolving
Contract
Administering payments Name
Payment details
Contract
Contacting you with offers and benefits Name
Email address
Consent
Supporting your use of the app (e.g., you posting on topics) Anything you wish to share Consent
Customisation of app content Anything you have chosen to share, including location (not specific, just region & country) Consent
App improvement & development Most of this data is anonymised; however, we keep a record of what resources are accessed, functionality used, etc. This is not associated with your account. Legitimate Interests
IT hosting & Maintenance Anything you have uploaded onto the app Contract
Tax & other legal obligations Name
Payment Details
Legal Obligation (typically tax laws)

If we cannot use your data for providing you with an account or resolving anything to do with your account then we cannot provide you with, or support you with your account. Therefore we will only use the minimum that we need, however if you fail to provide it we cannot support you in the best way possible. Full details of the terms of use of the app can be found at https://www.positiveplusone.com/terms-and-conditions.

Where we need your consent for some of the customisation and marketing resources, we will ask you for this up front when you register and you can change your preferences within the app itself at any time when you are logged in.

Who else might we share your data with?

We use some third parties to help run and technically support our app and infrastructure. Each ‘processor’ (as they are known), is bound by a contract that outlines key Data Protection and Cyber Security controls we expect of them. We also prefer to use suppliers that have certain credentials in place, like ISO27001 accreditation or similar.

We may, as the app & website grows and expands, share some marketing information with interested HIV related third parties, however we will only ever do this with your consent. Our default position is that interested third parties receive anonymous statistics and nothing that can identify individual users.

We do not share your personally identifiable data with any other third parties unless we are legally obliged to do so. Your confidentiality, especially over anything sensitive you have shared, is paramount to you and us and we will inform you where we legally can if this data is ever shared for these reasons.

Will your data be stored in or accessible from countries with no UK-equivalent Privacy Law protections?

Currently our infrastructure is based in Germany and therefore bound by the EU GDPR (as well as our own here in the UK). Given the nature of the data we process we have chosen to use infrastructure within Europe.

We do, however, use some third party software companies to assist us with some functionality of the app. These include:

Google Firebase – hosting & app development
Mixpanel - Analytics metadata if consented

How long will your data be kept?

During your use of the app, we will keep anything you post or share going until it either becomes replaced with something more relevant or until you chose to delete it.

Should you ever leave the app, we will delete your profile within 24 hours of your cancellation. Before we can delete your account, we ask for your password to verify it’s you. Once you confirm your password, you will no longer be able to access your account. All of your posts, clips, and uploaded media will be deleted. Any chat messages you have sent will be anonymised but will remain visible to other users in the chat. Any comments you have made will be anonymised immediately, and then deleted. Any likes you have added to other users’ content will be removed. All of your connections with other users will be removed, as will any links to organisations associated with your account.

Please note, we will need to keep basic details of any payment history related to your account to meet our financial and tax obligations. This will be kept for approximately 7 years from the date of transaction.

As we expand, we will develop a more complex retention schedule as we may need to put in place different retention periods for different countries based on your declared location.

Our use of your data will be subject to the following legal rights:

  • Your Right to be Informed.
  • Your Right to Access your personal data.
  • Your Right for us to Rectify your personal data.
  • Your Right to have your personal data Erased.
  • Your Right to Restrict our processing of your personal data.
  • Your Right to Portability of your personal data.
  • Your Right to Object to how we use your personal data.
  • Your Right to object to Automated decision making and Profiling.

Please note, not all these rights apply ‘absolutely’ across all of your data. Where we use your data for a contract or for a legal obligation, some rights (like the right to erasure) do not apply.

We will make automated decisions or profile you based on your data.

In short, we will only be profiling you for the purposes of customisation of what you see in the app.

The way it works is that depending on what you read, like and share on the app, we will then analyse that data and ensure that what is presented to you is the most relevant to you. For example, if you search for articles on supporting someone living with HIV, then we will make sure you see what content we have on that topic.

We do this by matching tags on the article with tags on key words you search for.

We do not gather in information not in the app, therefore we will never ‘track’ you outside of the app or use anything from other sources.

Additionally, this is all done with your consent. So, if you don’t want the customisation, and just want to see everything we have, then you can do so.

Visit the following links for more information about Privacy Law, our obligations and your Rights:

The ICO Guide to the General Data Protection Regulation 2016
The General Data Protection Regulation 2016

If you have concerns over the way we are asking for or using your personal data, please raise the matter with our Data Protection Officer by emailing dataprotection@positiveplusone.com.

If you still have concerns following our response you have the right to raise the matter with the Information Commissioner’s Office:

Postal Address Information

Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Online Form https://ico.org.uk/concerns/handling/

Phone Number 0303 123 1113

Please note, this privacy notice can be updated on a frequent basis as the app grows and expands what it offers you. We will keep you updated on any key changes.

Version 1.1 February 2024