Legal

Privacy Policy

SANNO Ltd. · Last updated: May 2025

Contents

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Sharing
International Transfers
Data Retention
Your Rights
Security
Cookies
Children
Changes to This Policy
Contact and Complaints

1. Who We Are

SANNO Ltd. ("SANNO", "we", "us", or "our") is a company registered in the United Kingdom. We operate the SANNO Health platform, a software-as-a-service product for healthcare practitioners, clinics, and researchers.

For the purposes of the General Data Protection Regulation (GDPR) and UK GDPR, SANNO Ltd. is the data controller in respect of personal data processed through this website and Platform, except where we act as a data processor on behalf of practitioner users.

You can contact our data protection team at: hello@sanno.health

2. Data We Collect

We collect and process the following categories of personal data:

Account and registration data

Name, email address, professional title, country, phone number, and clinic or institution name, collected when you register for the Platform or sign up for our newsletter.

Usage and technical data

IP address, browser type, device identifiers, pages visited, time spent on the Platform, and similar technical data collected automatically when you access our services.

Communication data

Records of communications you have with us, including support requests and emails.

Patient data (processed on behalf of practitioners)

Where practitioners upload patient health data to the Platform, SANNO processes this data as a data processor. The practitioner remains the data controller and is responsible for ensuring they have a lawful basis to share patient data with SANNO.

3. How We Use Your Data

We use your personal data for the following purposes:

To provide, maintain, and improve the Platform and our services.
To manage your account and communicate with you about your subscription.
To send you product updates, educational content, and marketing communications where you have given consent or where we have a legitimate interest to do so.
To process payments and manage billing.
To ensure the security and integrity of the Platform.
To comply with legal obligations applicable to us.
To conduct anonymised analytics and improve our product features.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance: processing necessary to provide you with the services you have contracted for.
Legitimate interests: processing necessary for our legitimate business interests, such as security, fraud prevention, and product improvement, where these interests are not overridden by your rights.
Consent: where you have given us specific consent, such as for marketing communications.
Legal obligation: where we are required to process data to comply with applicable laws.

We do not sell your personal data. We may share your data with:

Service providers: third-party companies that help us deliver the Platform (for example, cloud hosting, payment processing, and email services), acting under data processing agreements.
Professional advisers: lawyers, auditors, and insurers where necessary.
Regulatory authorities: where required by law or to protect our legal rights.
Successors: in the event of a merger, acquisition, or sale of assets, where we will notify you in advance.

6. International Transfers

The Platform is hosted within the European Union. Where we transfer personal data to third-party service providers located outside the EEA or UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Account data is retained for the duration of your subscription and for a period of up to 3 years thereafter, unless a longer retention period is required by law. Patient data is retained in accordance with the data processing agreement with the relevant practitioner.

8. Your Rights

Under GDPR and UK GDPR, you have the following rights in relation to your personal data:

Right of access: to obtain a copy of the personal data we hold about you.
Right to rectification: to have inaccurate data corrected.
Right to erasure: to request deletion of your data in certain circumstances.
Right to restriction: to restrict processing of your data in certain circumstances.
Right to data portability: to receive your data in a structured, machine-readable format.
Right to object: to object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making: not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at hello@sanno.health. We will respond within one month.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and Cyber Essentials certification.

While we take security seriously, no method of transmission over the internet is completely secure. You should take steps to protect your own account credentials.

10. Cookies

We use cookies and similar tracking technologies on our website. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

11. Children

The Platform is intended for use by healthcare professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Platform. The date at the top of this page indicates when this Policy was last updated. Your continued use of the Platform after any update constitutes acceptance of the revised Policy.

13. Contact and Complaints

If you have any questions, concerns, or complaints about how we handle your personal data, please contact us at:

SANNO Ltd.
Email: hello@sanno.health

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.