Privacy Policy

Privacy Policy – CGM Viewer (www.cgmviewer.com)
Last updated: 07/07/2025

1. Who We Are

GlucoRx Limited ("GlucoRx", "we", "us", "our")
Registered office: Unit 1C, Henley Business Park, 1C Pirbright Road, Normandy, Guildford GU3 2DX, United Kingdom
Contact: [email protected] | +44 (0)1483 755 133

We are the data controller responsible for your personal data on the CGM Viewer platform (www.cgmviewer.com). If you have questions about this Privacy Policy or wish to exercise your rights, please contact us via the details above.

2. What Data We Collect

We collect and process the following personal data:

  • Account Data: Email address required for registration
  • CGM Data (Special Category Health Data): Blood-glucose readings and other associated health metrics provided by your Vixxa CGM device
  • Usage Data: Permissions and consents provided for data sharing
  • Diagnostics: Aggregated and anonymised data used for maintaining platform functionality

We do not collect your name, address, date of birth, location, or payment details.

3. How and Why, We Use Your Data

We process your personal data for the following purposes:

PurposeLawful Basis (UK GDPR)Article 9 Condition (Health Data)
Providing access to your CGM data to authorised Health Care Professionals (HCPs) and GlucoRx Partners after your explicit permissionExplicit Consent (Art 6 (1)(a))Explicit Consent (Art 9 (2)(a))
Maintaining platform security, resolving technical issues, ensuring performanceLegitimate Interests (Art 6 (1)(f))n/a – aggregated anonymised diagnostics
Communication about service updates, improvements, and changesConsent (Art 6 (1)(a))n/a (no health content)

4. Special Category Personal Data

Special category personal data, such as health data from your CGM device, is processed only with your explicit consent.

5. Sharing Your Data

Your data is shared only with your explicit permission:

  • Authorised HCPs and GlucoRx Partners: Can only access your data once explicit permission is granted. Permission can be withdrawn at any time by following the removal process outlined in the original sharing email.
  • AWS London Region: Secure storage of your data within the UK.

We do not sell your data or share it with advertisers, data brokers, or information resellers.

6. International Transfers

Your data is stored in an ISO 27001-certified AWS cloud located in the UK (London region). Any international transfers comply with adequate safeguards, including standard contractual clauses.

7. Data Retention

We retain your personal data only for as long as necessary:

  • CGM data retained until deletion of your account or upon explicit deletion request
  • Aggregated diagnostics data retained for 12 months

8. Security

Robust security measures are implemented, including:

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access, multi-factor authentication (MFA), regular security audits and penetration testing

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion (right to erasure)
  • Restrict or object to processing
  • Export your data (portability)
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We respond within one month.

For unresolved concerns, contact ICO: ico.org.uk | +44 303 123 1113.

10. Changes to This Policy

This Privacy Policy may be periodically updated. Material changes will be communicated via email or prominently displayed on the platform. Regularly check for updates.

11. Contact Us

For questions or concerns:

Data Protection Officer
GlucoRx Limited
Unit 1C, Henley Business Park, 1C Pirbright Road, Normandy, Guildford GU3 2DX
[email protected] | +44 (0)1483 755 133

Thank you for trusting CGM Viewer to securely manage and share your health data.