Privacy Notice

Last Revision Date: September 2020

Purpose: This Privacy Notice describes our privacy practices to help you understand what personal data we collect, use, share and transfer and to inform you about the choices you can make regarding your personal data.

Table of contents

  1. Introduction
  2. Who we are (identity of the data controller)​
  3. Legal basis for data processing​
    Patient data
    Our users (clinicians, healthcare, care workers using the service with patients)
    Web submissions
    National data opt-out
    Privacy notice – COVID-19 and how we will use your data
  4. Why do we need your Personal Data?​
  5. Data Protection Officer (DPO)​
  6. Collection and processing of personal data​
  7. Where do we store and process your personal data?
  8. Sharing of information​
  9. Forums guidance
  10. Security measures and storage of personal data​
  11. Cookies
  12. Device and usage data
  13. Log Data​
  14. Disclosure of your Personal Data to third parties​
  15. How long we retain your Personal Data​
  16. Touch ID/Fingerprint/Facial recognition​
  17. Data subject rights​
    The right to be informed​
    The right of access​
    The right to rectification​
    The right to erasure (right to be forgotten)​
    The right to restrict processing​
    The right to data portability​
    The right to object​
  18. How to exercise your rights​
  19. Questions and Complaints​
  20. Changes to this privacy notice​

1. Introduction

Pando regards your privacy and the handling of your personal data with the utmost importance. This Privacy Notice details how we collect, use and securely store any personal data submitted to us through use of our site and the Pando Mobile Application.

There is also an explanation of the various rights you can exercise as a data subject, as well as how you can exercise those rights.

The scope of this Privacy Notice applies to

2. Who we are (identity of the data controller)

For the purposes of this privacy notice, Forward Clinical Ltd (“us”, “we”, or “our”) is the data controller and operates the Pando mobile application (the “Service”) and website.

Our registered office address is: 300 St John Street, London EC1V 4PA.

Our company number is: 10420044

Our ICO registration is: ZA237861

Patient data

Pando act as a data processor when processing patient data (which means that we act under the instructions of data controllers). In this case, these are the organisations providing care, such as a GP practice, hospital, hospice, pharmacy, or care home (providers). They maintain overall responsibility for creating and storing information about patients and their health, such as in a patient record.

Pando provides the service on behalf of your care provider. For example, in the case of a Trust, the Trust is the data controller and Pando is the data processor.

The lawful basis for processing is: 6(1)(e)”…for the performance of a task carried out in the public interest or in the exercise of official authority…”

Patient data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

Our users (clinicians, healthcare, care workers using the service with patients)

GDPR allows six different legal bases for processing data. The Information Governance Alliance, NHS X and NHS Digital has advised healthcare organisations to process patient data for the delivery or administration of care under the following legal bases:

6(1)(e) “…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…”.

9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…”

For the purposes of processing patient data Pando is functioning “in the exercise of official authority vested in the controller”.

If your organisation chooses to gather consent for other reasons, all consent codes found in a patient’s medical record should also be taken into consideration. Always follow the guidance given by your IG team and if you are in any doubt, ask them.

Web submissions

We process your data, (your name and the email address that you enter) and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, based on your explicit consent. If you submit a support query via our website and are a Pando user, we will process that request based on our contract with you as a user of our service.

National Data Opt-out

Information about your health and care helps the NHS to improve your individual care, speed up diagnosis, plan your local services and research new treatments.

In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

The NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments can use your confidential patient information for research and planning. You can choose whether your confidential patient information is used for research and planning.

Type 1 Opt-out: medical records held at your GP practice

You can tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out. This opt-out request can only be recorded by your GP. If you choose a Type 1 opt-out, you should ask your GP for a National Type 1 Data Opt-out Form.

Type 2 Opt-out: information held by NHS Digital

A Type 2 opt-out is an objection that prevents your personal confidential information from being shared outside of NHS Digital that is used for research and planning.

Previously you could tell your GP surgery if you did not want NHS Digital to share confidential patient information that is collected from across the health and care service for purposes other than your individual care. This was called a type 2 opt-out.

From 25 May 2018 the type 2 opt-out has been replaced by the national data opt-out. Type 2 opt-outs that have been recorded previously have been automatically converted to national data opt-outs.

You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.

You can change your choice at any time. To find out more or to make your choice visit and/or view the NHS Digital patient Leaflet.

Pando expects its data controllers (GPs, Trusts, Care homes etc), whether solely or jointly with another organisation, to be responsible for ensuring that national data opt-outs are applied in line with the policy. In some cases, this requires the controller to instruct Pando (acting as a data processor under their instruction) to apply the national data opt-out. In line with wider legal requirements as a data processor (Pando) will comply with written instructions from the data controller in relation to the national data opt-out.

The NHS national data opt-out only applies to NHS organisations and sharing your information for research or planning. Because Pando processes data for professionals who give you individual care, this opt-out does not apply to the data they share with us. Pando will not use that data for research.

Privacy Notice – COVID-19 and how we will use your data

This notice describes how we may use your information to protect you and others during the Covid-19 (Coronavirus ) outbreak. It has been added to explain how we will process your data during the pandemic.

In the current emergency it has become even more important to share health and care information quickly across relevant organisations, to deliver care to individuals, support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. The health and social care system is facing significant extra pressures due to the Covid-19 outbreak.

Existing law allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. The Secretary of State requires NHS Digital; NHS England and NHS Improvement; Arm’s Length Bodies local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any arrangements put in place specifically to use or share information during the Covid-19 are temporary and will be limited to the period of the outbreak unless there is another existing legal basis that covers the use and sharing of that data.

During the COVID-19 outbreak many Clinical Commissioning Groups will not process any new requests to opt-out of local data sharing arrangements such as the One London Health and Care Record exemplar, Connecting your Care or The National Data Opt-Out. All opt-out requests currently submitted will be held until the outbreak ceases at which point, the request to opt-out will be processed.

4. Why do we need your Personal Data?

Providing Pando with your personal data is an obligation of using the Service. This is because your personal data is required to confirm your identity as a user, to maintain accurate clinical records for your patients or clients, and to identify you to other users who may need to contact you.

5. Data Protection Officer (DPO)

Pando has duly appointed Claire Robinson as the Data Protection Officer (DPO). Should you need to contact the Pando’s DPO directly, you can do so:


You can write to the DPO at: 300 St John Street, London, EC1V 4PA

6. Collection and processing of personal data

While using our service, we may ask you to provide us with certain personal data that can be used to contact or identify you. This includes:

  • Full name
  • Email address
  • Mobile number
  • Place of work
  • Specialty
  • Role

Whilst using the Service, personal data is generated relating to your professional and/ or clinical activities. This includes user ID/time/date stamps relating to messages or files sent, tasks created and edited, patient profiles created and edited, photos taken. These are obtained by taking any action within the app and form part of the audit trail generated by the Service.

We may also collect information from individuals, users and non-users, who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.

We may use your personal data for providing the Service, including to:

  • Maintain and improve the Service
  • Contact individuals for the purposes of preventing or addressing service, security or technical issues
  • To answer queries from users directly
  • Maintain the service of the platform

With your explicit consent we may use your personal data for sharing, with users and non-user contacts, details of our services and products in the form of marketing.

Calling our helpline

When you call our main helpline (+44 (0) 3300 970 165), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it is not withheld). We hold a log of the phone number, date, time, and duration of the call, but

do not audio record the call itself. We hold this information in our CRM system (HubSpot) in accordance with our data retention schedules.

We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.

We do not audio record any calls, but we might make notes to help us answer your query. Sometimes other staff from Pando may also listen in during your call for training or quality assurance purposes.

We sometimes conduct surveys on our helpline to help us identify trends in the enquiries we receive and improve how we operate If you require a follow up call we will also ask you to provide us with your contact details.

We also hold statistical information about the calls we receive for several years, but this does not contain any personal data.

Social media

We use a third-party provider, Slack, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored according to our retention schedules. It will not be shared with any other organisations by Forward Clinical / Pando but will remain in the public domain on Twitter, Instagram, LinkedIn, Facebook etc.

We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system (HubSpot) as an enquiry, a support request or a complaint. When contacting Forward Clinical / Pando through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.

Live chat

We use a third-party provider, Intercom, to supply and support our live chat service.

If you use our live chat service, we’ll collect the contents of your live chat session and if you choose to provide it your name and email address. Forward Clinical / Pando retains this data in Intercom CRM according to the relevant retention schedules.

Emailing us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.

Purpose and lawful basis for processing

Article 6(1)(b) GDPR provides a lawful basis for the processing of personal data to the extent that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.

7. Where do we store and process your personal data?

The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in London, UK. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR). A full list of our third-party sub-processors and details of their privacy policies can be found here.

Where we process data on behalf of the UK NHS service, we ensure that data will always be stored and processed on the Cloud Servers of Amazon Web Services within the London Cluster and will not leave the EEA.

Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.

Please contact our Data Protection Officer if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA –

Processors and sub-processors

Infrastructure processors

Customer feedback, engagement and analytics

Customer Support

8. Sharing of information

We do not share your information with anyone outside Pando without your express permission to do so.

Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales or other commercial uses without your prior express consent.

We may disclose information to third-parties where it is necessary, such as where there is an overriding legal obligation, where permitted under Data Protection Legislation or for the purposes of the prevention and/or detection of fraud or crime.

9. Forums guidance

The forums feature in Pando is for clinicians and health workers who need to disseminate information quickly and have a point of reference especially during the COVID-19 pandemic.

Forums are a fixed point of contact for staff at health and social care organisations. The structure is similar to ‘teams,’ as per the existing functionality in the Pando App. The key difference is that users can will search for the forum (e.g. COVID-19 updates) and automatically join.

Stay safe, stay legal

Remember that anyone can read your posts, so please check that you do not include sensitive personally identifying information about either your patients or yourself. Forums are not the place to share confidential information.

You must respect privacy and confidentiality and follow the guidance of your Information Governance teams and NHS England at all times.

Report any post that you consider to be factually inaccurate, misleading or abusive (see respect below) to

Respect each other

Pando forums are a place for:

  • Co-ordinating and disseminating information encouraging.
  • Supporting each other.
  • Offering advice and suggestions.
  • Posting relevant information.

To achieve this, we ask that users: be respectful – You must not post materials or topics which are insulting, offensive, abusive, vulgar, hateful, harassing, obscene, profane, lewd or physically threatening. We ask that everyone who posts makes the effort to respect all other views and does not attempt to force any personal views onto others. We expect those who post to accept others’ comments in the way that they are meant, as in support and information sharing.

To make the Forums easy to read and use, we ask that users:
  • Write clearly when you compose a message – Review your message before you post.
  • Don’t use ALL CAPS – It is shouting and makes the message harder to read.
  • Don’t post off-topic messages – keep the message relevant to the forum.
  • Remember that spamming and advertising is strictly prohibited – Any and all advertising, chain letters, pyramid schemes, solicitation, spamming and trolling is inappropriate and unacceptable on any of our forum areas.
Contacting a moderator

If you need to contact us with a forums query please email

Data Protection

If you have a concern about data protection please email

10. Security measures and storage of personal data

Where you communicate with us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information that you transmit as no data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.

11. Cookies

Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server.

Please refer to Pando’s cookie declaration for information about the cookies we use.

Change your consent

12. Device and Usage Data

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you.

As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and Apps and to guarantee their security and continued proper functioning.

In addition, we gather certain information automatically as part of your use of the cloud products and services. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, as well as to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities and for the security of Pando generally (in addition to the security of our products and services). Some of the device and usage data collected within the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers (where we act as a Processor).

Cookies, web beacons and other tracking technologies on our website and in email communications

We use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.

When you visit our websites, we or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. To change your cookie settings and preferences for the site you are visiting, click the Cookie Preferences link. You can also control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our websites and services.

We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. All our communications include easy instructions about how to unsubscribe or you can email our Data protection Officer and invoke your right to be forgotten.

The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:

Type of CookiesDescriptionManage Settings
Required CookiesRequired cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Because required cookies are essential to operate the websites and the Pando desktop web App, there is no option to opt out of these cookies.
Functional CookiesFunctional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyse site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to‌partners/ .
Google Analytics uses cookies to help us analyse how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. This information is used by us to improve our websites.
Pando may also utilise HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it.
You can choose to opt out of functional cookies. To change your cookie settings and preferences, click the Cookie Preferences link
To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.
To learn how to control functional cookies via your individual browser settings, click here.
To learn how to manage privacy and storage settings for Flash cookies, click here.
Targeting or Advertising cookiesTargeting or advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct specific marketing to them. Some examples include: cookies used for re-marketing, or interest-based advertising.
We sometimes use cookies delivered by us or by third parties to show you ads for our products that we think may interest you on devices you use and to track the performance of our advertisements. For example, these cookies collect and remember information such as which browsers have visited our websites.
Pando also contracts with third-party advertising networks that collect IP addresses and other information from web beacons on our websites, from emails and on third-party websites. Advertising networks follow your online activities over time and across different websites or other online services by collecting device and usage data through automated means, including through the use of cookies. These technologies may recognise you across the different devices you use, such as a desktop or laptop computer, smartphone or tablet. Third parties use this information to provide advertisements about products and services tailored to your interests. You may see their advertisements on other websites or mobile applications on any of your devices. This process also helps us manage and track the effectiveness of our marketing efforts.
You can choose to opt out of targeting and advertising cookies. To change your cookie settings and preferences, click the Cookie Preferences link

13. Log Data

When you access the Service by or through a mobile device (such as a smartphone or a tablet), we may collect certain data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use and other statistics (“Log Data”).

14. Disclosure of your Personal Data to third parties

We disclose your Personal Data to various recipients to improve our Service, including.

  • to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers;
  • to comply with any applicable law or regulation, a summons, search warrant, court regulatory order, or another statutory requirement.

15. How long we retain your Personal Data

We will not retain your Personal Data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We will only retain your personal data for as long as it is required to fulfil the original purpose for which it was collected, including the purposes of satisfying any legal, accounting, or reporting requirements.

If you ask us to delete your data then we may not be able to provide you with all of the services offered from this website.

16. Touch ID/Fingerprint/Facial recognition

Users may choose to use Fingerprint/Facial recognition/Touch ID as part of the Service. This data is not collected, stored or processed in any manner by Pando. We advise that users should review the privacy notice relating to their device and its operating system before setting up any fingerprint or facial recognition systems.

17. Data subject rights

Under the General Data Protection Regulation (GDPR), data subjects whose data is processed by Pando are entitled to exercise certain rights against their personal data. These rights are designed to put Data Subjects in the driving seat when it comes to how their personal data is handled by organisations.

The right to be informed

Pando is obliged to ensure that any communications regarding our data processing activities between ourselves and any Data Subjects is provided is a clear and transparent manner. This is provided by this Privacy Notice.

The right of access

You are entitled to request a copy of the all personal data currently held about you as well as the following information about your data:

  1. The purpose of processing;
  2. The categories of personal data concerned;
  3. The recipients to whom the personal data has been disclosed;
  4. The retention/envisioned retention period for that personal data;
  5. The source of the personal data if it has been collected from a third-party.
The right to rectification

If you believe the personal data we hold about you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with ’the right to restrict processing ‘to ensure that any inaccurate or incomplete data is not processed until corrected.

The right to erasure (right to be forgotten)

You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:

  1. The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
  2. The data subject withdraws consent and no other legal ground for processing exists;
  3. The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
  4. The personal data has been unlawfully processed;
  5. The personal data has to be erased for compliance with an overriding legal obligation;
  6. The personal data has been collected in relation to the offer of information society services.
The right to restrict processing

As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:

  1. The accuracy of the personal data is contested;
  2. Processing of the personal data is unlawful;
  3. Personal data is no longer needed for processing, but is still required as part of a legal process;
  4. The right to object has been successfully exercised and processing is temporarily halted pending a decision on the status of the processing.
The right to data portability

You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:

  1. The processing was on the basis of consent
  2. The processing is by automated means
  3. The processing if for the fulfilment of a contractual obligation
The right to object

You may exercise the right to object in instances where:

  1. Processing is based on either the performance of a public task or legitimate interest;
  2. Processing is for direct marketing purposes;
  3. Processing is for the purposes of scientific or historical research;
  4. Processing involves automated decision-making, including profiling.

18. How to exercise your rights

You may request to exercise any of the above rights, free of charge by contacting:

Any data subject request will be responded to within one month, however we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will inform you if an administrative charge is being applied before fulfilling your request, so you can decide whether or not to proceed. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.

19. Questions and Complaints

Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you. 

Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).

20. Changes to this privacy notice

We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by email.