This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, through your use of the software application XMobiSense (“Application”) for mobile devices, will be processed by us. The Application was created by Orange Telecom for use by non-profit research institutions. The Application is used to further scientific knowledge by gaining insight into patterns and level of mobile phone use in research participants.

For the purpose of the Data Protection Act 1998, the data controller is Imperial College London.

What information does the Application obtain and how is it used?
User Provided Information
At the time of download, you will be asked to respond to a limited number of questions (your Unique ID number (UID) year of birth, Gender, Primary use of phone (i.e. personal vs. work), number of devices used, and if other people regularly use the phone). This information will be used only for verification purposes. This information will be stored on the device and will be transmitted along with the collected data mentioned below.

Automatically Collected Information
The Application will not collect: the content of calls or sms text messages (or the content of messages sent or received on other messaging services, such as WhatsApp), contact data or phone numbers, websites visited.

It will record the following information:

• Your handset IMEI number (a unique handset identifier, which is not your mobile phone number).
• Date and time of call (voice calls)
• Call duration (voice calls)
• Laterality information: phone held in the right or left hand, use of hands free kit and speaker (currently only for voice calls; voice over IP under development)
• Angles and accelerometer data obtained from sensors on the mobile
• Network type and operator
• LAC and CID information: CID is an identification code used to identify the Base Transceiver Station (BTS) or sector of a BTS within a location area code (LAC) (link to urban/rural)
• Received power in the mobile band used and in WiFi (under development)
• Time of sending and receiving SMS
• Quantity of transmitted and received data
• Time of data transmission
• Time of WiFi connection
• The type of mobile and the version of Android iOS installed on the mobile phone

Who will have access to information obtained by the Application?
Your data will be used for research purposes by UK COSMOS study investigators who will have access to your data. Data may be shared with researchers of the international COSMOS consortium or with other university research collaborators. However, no individually-identifying data (such as your name, address, phone number, IMEI etc) will ever be passed onto these research groups. We will not share your information with any other third parties other than for the limited purposes described below.

We may disclose user provided and automatically collected information:
• as required by law, or similar legal process;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• with our trusted service providers contracted to work on our behalf, who do not have an independent use of the information we disclose to them, and who have agreed to adhere to the strict data security rules.What are my opt-out rights?
You may stop all collection of information by the Application at any time by easily uninstalling the Application. You may use the standard uninstall processes available on your mobile device.

Data Retention Policy, Managing Your Information
The data will be stored and used exclusively for scientific research purposes. These data will be kept for a maximum period of five years after the results have been published. If you wish us to delete your data, please contact us at ukcosmos@imperial.ac.uk.

Security
We are vigilant about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorised employees who require access to the data for research purposes, and to third party contractors who need to know that information in order to operate, develop or improve the Application. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Changes
This Privacy Policy may be updated from time to time for any reason. Any changes to the Privacy Policy will be posted on https://www.thecosmosproject.org/ and where appropriate, notified to you.

Your Consent
By using the Application, you are providing consent for us to process your information as set forth in the Privacy Policy. “Processing” means collecting and conducting statistical analyses of the information collected by the Application (see above). The information will be stored on a secure server hosted by Imperial College London. The information will be processed for research purposes only under strict privacy standards.

Liability
The use of the Application is entirely at the user’s own risk. We cannot be held liable for any damages directly or indirectly resulting from the use of this Application. We cannot be held liable for the consequences of any inaccuracies, incorrect information or other imperfections in the Application. No rights may be derived from the information presented.

Access to information
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with that Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Contact us
If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at ukcosmos@imperial.ac.uk.