Data protection guideline for PatientAssist
Valid as of: OCTOBER 2017
Healthcare X.0 GmbH („Healthcare“ or „we“) take your personal protection very seriously and we know how important privacy is for our users. For this reason we wish to inform you how we acquire, use, disclose, forward and save information in a transparent manner.
We keep your personal details confidential and in line with mandatory data privacy regulations and this data protection guideline. This data protection guideline provides an overview of our data processing in conjunction with using our PatientAssist („PatientAssist“) service and our websites.
Please note that the data protection guideline applies regardless of the user device (PC or mobile device) on which you use PatientAssist or our website. Please also note that you may not use PatientAssist if you do not consent to data processing as described in this data protection guideline.
In the event we update the data protection guideline and you use PatientAssist afterwards, you will be informed of major changes – either by us publishing advice on using PatientAssist in the app or by sending an email to the email address specified in your user account. By continuing to access our app or using PatientAssist, you consent to new data processing as described in the update. The most recent version of the data protection guideline is available here at all times www.healthcare-xnull.com.
2.1 If not depicted otherwise in this data protection guideline, strictly no personal details are collected, processed or used when PatientAssist is used. Information transferred when PatientAssist is accessed or downloaded is not used by us to identify individual users. When personal details are collected, it is always on a voluntary basis and with your consent.
2.2 Please note that the information described is first saved to your user device. As soon as the device connects to the Internet, the data is sent to us in encrypted format and processed in line with the usage described in this data protection guideline. In this context, we must make reference to the fact that date transmission in the Internet can be fraught with security risks (such as email communication). End-to-end protection of data against third party access is therefore not possible.
2.3 Which data does PatientAssist collect?
Why we collect the information
Your PatientAssist account details (specified by you when creating your user account, such as email address and contact settings)
· To identify you, to be able to create your user account and to enable you to use PatientAssist. We do not use any other personal details for any other purpose (such as name, date of birth and address).
Device information (such as device model, IMEI number and other unique device IDs, MAC address, IP address, operating system version and settings of the device used to access PatientAssist)
· To be able to make PatientAssist available to you.
· To be able to uniquely assign to the account your mobile device and your documents made available
· To be able to provide you support for your account
· To generate anonymous, aggregated statistics on the number of unique devices using PatientAssist
Information provided by yourself: Treatment details (e.g. names and intervals of medication to take, and treatment plans) or readings (such as blood pressure and weight), and details about activities (e.g. sport and physiotherapy)
· To be able to provide you the functions and content of PatientAssist (e.g. creation of a patient file, parts of certain documents)
Details of health condition (name, frequency/nature of symptoms/pain)
· To be able to provide you the functions and content of PatientAssist (e.g. creation of a patient file, parts of certain documents)
Other personal details
· We only use other personal details with your express consent for the purpose specified in the consent or other contexts permitted as part of data privacy
2.4 Shared details
PatientAssist enables you to grant other users (such as doctors) read access to your details.
The sharing of details for other users is with a security code, that you can generate with PatientAssist and send to a contact. When your contact enters your security code, this person can see the details shared.
You can decide yourself whether you want to use this function, and to what extent. There is no obligation on your part to grant another user the ability to share your details. It is purely on a voluntary basis. Please only grant read access to your details to those you trust. You can retract sharing permissions for another user at any time – specifically by changing or disabling your security code required to access the profile. Only you can change the security code.
2.5 Data from other applications and permissions granted
PatientAssist can help you enter any health-related and any other information you enter or have entered using third party applications. Any consent required can be provided over data interfaces such as „Apple Health“. Counted steps taken are typical health-related data from „Apple Health“.
You are able to provide the following applications for the provision of data (individually and separately):
· Calendar: The provision of calendar data enables you to synchronize your calendar with the PatientAssist calendar.
· Camera: The provision of the camera enables you to scan in bar codes and medication.
· Photo & video library: The provision of the photo and video library enables simplified uploading of image and video files.
· Cloud services: The authorization to provide data from Cloud services enables simplified uploading of relevant data into PatientAssist.
· Provision of Push messages: The authorization to provide Push messages enables you to receive Push messages.
· Apple Health app: The authorization of the Apple Health app enables synchronization with PatientAssist of the data collected there.
3. To whom do we pass on your information?
We do not pass on any information to third parties without your consent. We are permitted to pass on your information to the following third parties however.
· Service providers. We are permitted to pass on your information to companies making available services for us or on our behalf. However, these service providers are only permitted to use your information for provision of the relevant services.
· Other parties if stipulated by law or for the protection of our services. We pass on your information to other parties in the following circumstances:
· To abide by the law or when we are forced to respond to legal proceedings (such as to a search warrant or other judicial ruling)
· To confirm or enforce adherence to the usage guidelines of PatientAssist
· To protect and guarantee the rights, ownership and security of Healthcare, business partners and customers
· Other parties with their consent or on their instruction In addition to data forwarding described in this guideline, we can pass on information about you to third parties when you agree to instructing us accordingly, or when the passing on of data is otherwise permitted or mandatory under data privacy law, such as in the event the structure of Healthcare X.0 GmbH changes (e.g. by changing the legal status or establishing/acquiring/selling subsidiaries or divisions).
4. What are we doing to guarantee the security of your information?
We have introduced appropriate technical and organizational measures to protect personal details we collect in conjunction with PatientAssist. Our security procedures undergo regular checking and are aligned to technological advancements. Please note that while we take appropriate steps to protect your information, be aware that websites, Internet transfers, computer systems and wireless connections are never completely secure. Every time information is forwarded to third parties in the cases outlined in this data protection guideline, we ensure it takes place in line with this data protection guideline and applicable data protection laws.
5. Access to your information
You have the right any time to free of charge information about your saved personal information, its origin, recipients and the purpose of data processing, as well as rights to correct, block and delete this information. For questions on this, as well as other issues surrounding personal information, please contact us using the address in the legal notice or in this data protection guideline. By doing so, no costs over and above the basic transmission costs will be charged.
6. Keeping of information
We only keep information about you for as long as necessary for the purposes for which it was collected, or as permitted or required lawfully or contractually.
7. Third party links and products in our app
PatientAssist can contain links to third party websites and services that are outside of our control. We are neither responsible for the security nor data protection of information sourced from external websites and other services. You are advised to exercise caution and read the data protection declarations for the websites and services of third parties.
8. Analysis tools and similar technologies
8.1 For the analysis of how PatientAssist is used, we collect statistical usage data using the following analysis services. This usage data helps us to improve PatientAssist and can at no time be associated with your person. Under no circumstances are health data sent to external analysis services. Usage data collected are for example crash reports when PatientAssist crashes while being used. You can stop the sending of usage data to external analysis services by disabling it in the user account settings of PatientAssist. Your data are then no longer forwarded. Please note however that some functions of PatientAssist and other services from us might only work with cookies, meaning disabling cookies can negatively impact your usage of PatientAssist or parts of other services.
8.2 Use of our own cookies
This website uses its own cookies to increase the level of user-friendliness. Cookies are small files that save information on your computer, cell phone or other device. They enable the company that set the cookies to recognize you on different websites and devices, and in different services and browser sessions. Cookies have many useful purposes. For example, cookies can remember your login details so you need not enter them every time you log in.
The operating system on your device has setting options for cookies and you can disable them from being set. More detailed information is in the user guide for your device and in the user instructions for your operating system.
Please note however that some functions of the app and other services from us only work with cookies, meaning disabling cookies can negatively impact your usage of PatientAssist or parts of other services.
You can generally prevent cookies being used if you disable the saving of cookies in your browser.
8.4 App Analytics
PatientAssist uses „App Analytics“. The „App Analytics“ analysis service is provided by Apple Inc. Data arising from downloading and using the PatientAssist app for example are processed using this tool. PatientAssist does not receive from Apple Inc. any personal details stored about you. Usage analyses are only run by App Analytics with your prior consent. More information about this is in the Data protection menu on your iOS device. Information generated by this process is not forwarded to third parties.
9. Other information
You can contact us using our email address or contact form. Personal details sent this way are of course only used for the purpose for which they are made available in contacting us. Entry fields on the contact form for details that are not an absolute requirement when contacting us are always without an asterisk (* denotes a mandatory field). This information is used to formalize and improve actioning of your request. Communication of this information is purely on a voluntary basis and with your consent. If this information pertains to communication channels (such as email address and phone number), you also agree to us contacting you as required using these communication channels to respond to your request. You can of course retract this declaration of consent at any time in the future. To carry out this retraction, please contact the address given at the end of this declaration.
10. Newsletter details
If you want to sign up to our newsletter, we require from you an email address as well as information permitting us to check that you are the owner of the email address specified and you agree to receiving the newsletter. No other information is collected. These details are only used for sending the information requested and are not passed on to third parties.
You are able to retract at any time the consent granted to store the details and the email address, and to use them to send the newsletter (such as from the „Unsubscribe” link in the newsletter). Our contact details are also provided below.
11. Contact and company responsible
Healthcare X.0 GmbH
David-Gilly-Strasse 1, 14469 Potsdam, Germany
Represented by CEOs Chris-Gilbert König and Carsten König
Entered in the Commercial Register of the District Court of Potsdam
Commercial Register Number HRB 21168P