Privacy Notice

Last Revision Date: 1st July 2025


Purpose: We take our responsibilities as custodians of your data very seriously. This privacy policy explains what personal information we collect, how we use it and your rights with regards to this data.


Contents

  1. Introduction

  2. Who are we?

  3. What types of information do we collect?

  4. How do we collect information?

  5. Cookies

  6. How we use your personal data (legal basis for processing)

  7. Legitimate interests

  8. Your data, your rights, your choices

  9. Sharing and disclosing your personal information

  10. Safeguarding Measures

  11. Transfers outside the UK/EU

  12. How long we keep your data

  13. Special Categories Data

Last Revision Date: June 2024


Purpose: We take our responsibilities as custodians of your data very seriously. This privacy policy explains what personal information we collect, how we use it and your rights with regards to this data.


Contents

  1. Introduction

  2. Who are we?

  3. What types of information do we collect?

  4. Cookies

  5. How we use your personal data (legal basis for processing)

  6. Your data, your rights, your choices

  7. Sharing and disclosing your personal information

  8. Safeguarding Measures

  9. Transfers outside the UK/EU

  10. Legitimate Interests Assessment

  11. How long we keep your data

  12. Special Categories Data

  13. National Data Opt-out

  14. Lodging a Complaint

  15. Subject Access Requests

Introduction

This Privacy Notice explains how we collect, use, and protect your personal data when you use our website and the Lifelight Application. 


We are a ‘data controller’ in certain circumstances – e.g. personal data submitted to us through our website. For patient data, Xim is what is known as the ‘data processor’ and not the ‘data controller.’ The healthcare organisation is the data controller for patient data. 

Who are we?

Xim’s registered office is: The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP 


We are a company registered in England and Wales under company number: 3699022 
Our Information Commissioner’s Office (ICO) Registration number is: ZA24174 


We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.  


The individual responsible for data protection is Claire Robinson who can be contacted at: The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP. 

What types of information do we collect?

Xim Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We collect information that you give us to process your enquiry and to better understand how our services are used. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. 


Examples of the types of personal data that we collect are:

  • Name

  • Personal Email

  • Business Email

  • Mobile Telephone Number

  • Technical information from usage of our Apps 


We do NOT collect:

  • Still images

  • Video

  • Audio / sound 


The data uploaded from your device and used to predict your vital signs contains only signals generated from light reflected by specific regions of your face during the time taken for the measurement, as well as your biometric data (age, sex, height). 


Separate privacy notices will apply to clinical trials in accordance with the respective trial protocol. 

What types of information do we collect?

Xim Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We collect information that you give us to process your enquiry and to better understand how our services are used. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. 


Examples of the types of personal data that we collect are:

  • Name

  • Personal Email

  • Business Email

  • Mobile Telephone Number

  • Technical information from usage of our Apps 


We do NOT collect:

  • Still images

  • Video

  • Audio / sound 


The data uploaded from your device and used to predict your vital signs contains only signals generated from light reflected by specific regions of your face during the time taken for the measurement, as well as your biometric data (age, sex, height). 


Separate privacy notices will apply to clinical trials in accordance with the respective trial protocol. 

How do we collect your information?

We collect your information when you provide it to us through the website contact form or when you communicate with us in other ways. Whenever you subscribe to our newsletter or fill out a form, we may also collect and process data to carry out any services you use. We will also process data to answer support requests. 

Cookies

Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server. Please refer to Lifelight’s cookie declaration for information about the cookies we use.


Change your consent here.

How we use your personal data (legal basis for processing)

Xim Limited will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. 


As a data controller, we process your personal data on the following lawful bases: 


  • Legal obligation – where we are required to retain data for accounting, tax, or regulatory purposes. 


  • Legitimate interests – to provide our products, services, and support to customers and prospective customers, and to ensure the security and functionality of our website and systems. 


  • Recognised legitimate interests under the Data Protection and Digital Information Act – where applicable, for activities such as service improvement, analytics, or customer engagement, provided your rights and freedoms are not overridden. 

How we use your personal data (legal basis for processing)

Xim Limited will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. 


As a data controller, we process your personal data on the following lawful bases: 


  • Legal obligation – where we are required to retain data for accounting, tax, or regulatory purposes. 


  • Legitimate interests – to provide our products, services, and support to customers and prospective customers, and to ensure the security and functionality of our website and systems. 


  • Recognised legitimate interests under the Data Protection and Digital Information Act – where applicable, for activities such as service improvement, analytics, or customer engagement, provided your rights and freedoms are not overridden. 

How we use your personal data (legal basis for processing)

Xim Limited will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. 


As a data controller, we process your personal data on the following lawful bases: 


  • Legal obligation – where we are required to retain data for accounting, tax, or regulatory purposes. 


  • Legitimate interests – to provide our products, services, and support to customers and prospective customers, and to ensure the security and functionality of our website and systems. 


  • Recognised legitimate interests under the Data Protection and Digital Information Act – where applicable, for activities such as service improvement, analytics, or customer engagement, provided your rights and freedoms are not overridden. 

Legitimate interests

We have a legitimate interest in improving our services. We may collect behavioural information to understand how our app is used, support product improvement, audit purposes, and incident resolution. 

Legitimate interests

We have a legitimate interest in improving our services. We may collect behavioural information to understand how our app is used, support product improvement, audit purposes, and incident resolution. 

Legitimate interests

We have a legitimate interest in improving our services. We may collect behavioural information to understand how our app is used, support product improvement, audit purposes, and incident resolution. 

Your data, your rights, your choices

You have the following rights under data protection law: 


  • The right to be informed 

  • The right of access 

  • The right to rectification 

  • The right to erasure (“the right to be forgotten”) 

  • The right to restrict processing 

  • The right to object to processing 

  • The right to data portability 

  • The right to withdraw consent at any time 

  • The right to be informed about automated decision-making and profiling 

  • The right to lodge a complaint with us. Please contact us in the first instance. 

    • If it is unresolved, you have the right to escalate your concern to the Information Commissioner’s Office (ICO) 

    • If you are dissatisfied with the ICO’s response, you have the right to appeal to the Information Rights Tribunal within 28 days 


To exercise any of these rights, please email: dpo@lifelight.ai 

Or write to: Xim Limited, The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP. 

Your data, your rights, your choices

You have the following rights under data protection law: 


  • The right to be informed 

  • The right of access 

  • The right to rectification 

  • The right to erasure (“the right to be forgotten”) 

  • The right to restrict processing 

  • The right to object to processing 

  • The right to data portability 

  • The right to withdraw consent at any time 

  • The right to be informed about automated decision-making and profiling 

  • The right to lodge a complaint with us. Please contact us in the first instance. 

    • If it is unresolved, you have the right to escalate your concern to the Information Commissioner’s Office (ICO) 

    • If you are dissatisfied with the ICO’s response, you have the right to appeal to the Information Rights Tribunal within 28 days 


To exercise any of these rights, please email: dpo@lifelight.ai 

Or write to: Xim Limited, The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP. 

Your data, your rights, your choices

You have the following rights under data protection law: 


  • The right to be informed 

  • The right of access 

  • The right to rectification 

  • The right to erasure (“the right to be forgotten”) 

  • The right to restrict processing 

  • The right to object to processing 

  • The right to data portability 

  • The right to withdraw consent at any time 

  • The right to be informed about automated decision-making and profiling 

  • The right to lodge a complaint with us. Please contact us in the first instance. 

    • If it is unresolved, you have the right to escalate your concern to the Information Commissioner’s Office (ICO) 

    • If you are dissatisfied with the ICO’s response, you have the right to appeal to the Information Rights Tribunal within 28 days 


To exercise any of these rights, please email: dpo@lifelight.ai 

Or write to: Xim Limited, The University of Southampton Science Park, 2 Venture Road, Chilworth, Southampton, Hampshire SO16 7NP. 

Sharing and disclosing your personal information

We do not sell your information. We may share it with service providers acting on our behalf (e.g. IT support, Royal Mail), or where required by law or regulation (e.g. with the ICO or other regulators). 


If Xim Limited is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred to the acquiring organisation as part of that transaction. We will ensure that the receiving party agrees to handle your data in a manner consistent with this Privacy Notice and applicable data protection laws. 

Safeguarding Measures

We apply security controls and best practices including SSL, encryption, access restrictions, and firewalls to protect your personal data. 

Transfers outside the UK/EU

We only transfer your data outside the UK/EEA where adequate safeguards are in place. 

How Long We Keep Your Data

We retain data only as long as necessary. We are required to retain some personal data for 6 years for tax purposes. For marketing, we retain data until you withdraw consent. 

Special Categories Data (including patient data)

Where we process special category data on behalf of healthcare providers (such as NHS Trusts), we do so under a data processing agreement. The controller typically relies on Article 6(1)(e) – public task – and Article 9(2)(h) – healthcare purposes. Xim, as processor, follows the controller’s lawful basis and instructions, and does not independently determine the lawful basis. Similarly, controllers are responsible for applying the national data opt-out. Where instructed by a controller, Xim complies with their direction. 

Product images shown on our website are for illustrative purposes only and not an exact representation of the product.

Lifelight is compatible with a range of validated mobile devices. Please contact us for a complete list.