Our Privacy
Notice ("Privacy Notice") explains our personal data practices,
including the information we process to provide our Services. We understand the
importance of privacy and we will always strive to protect your privacy and
preserve the trust you place in us. We only collect and retain as much
information as is necessary for us to provide you with our service, and
whenever possible we disassociate any personally identifiable information from
the data we retain.
Precordior Ltd. ("Precordior", "we", "us")
recognizes and understands the importance of the privacy of its users
("Users", "you", "them") and wants to respect
their desire to have their personal information stored and accessed in a
private and secure manner. This Privacy notice
applies to all of our Services unless specified
otherwise.
Please read this Privacy Notice (which is also available on CardioSignal's
website: www.cardiosignal.com) carefully so that you fully understand how we
obtain and process your Personal Data.
Controller: Precordior Ltd.
Data Protection Officer of Precordior Ltd
phone +358102021200
Aurakatu 6
20100 Turku
Finland www.precordior.com
support@cardiosignal.com
This Privacy Notice is supplied electronically, the paper format is available
on request at support@cardiosignal.com.
UK GDPR Representative
DataRep
datarequest@datarep.uk
(quoting <CardioSignal> in the subject line)
www.datarep.uk/datarequest
DataRep, 107-111 Fleet Street, London, EC4A 2AB,
United Kingdom
(please ensure that the letter post request is addressed to ‘DataRep’ and not CardioSignal)
http://www.datarep.uk/privacy-policy
Manufacturer
Representative, Republic of India
Grievance Redressal Officer (GRO) and Data Protection Officer (DPO) - For India
Mr. Shankar R. Pai
GenePath Diagnostics India Private Limited
Safire Park Galleria, Pune-Mumbai Road
Wakdewadi, Shivaji Nagar, Pune 411005
Maharashtra, India
Email: contactus@genepathdx.com
Tel: +91 204 856 6661
"Account" or
"User account" means your account registered through the registration
process on the CardioSignal Mobile Application or on
the CardioSignal website;
"Anonymized data" refers to the processing of personal data in a
manner that makes it impossible to identify individuals from them. Anonymized
data is not considered Personal Data under data protection laws;
"Application" means the (I) CardioSignal
Cloud Service and (II) CardioSignal Mobile Application;
"Controller"
("Data Fiduciary" in India) means the natural or legal person, public
authority, agency or other body which, alone or jointly with others, determines
the purposes and means of the processing of personal data;
"CardioSignal Cloud Service" means the
service hosted by Precordior to which the CardioSignal
Mobile Application is connected and with which it collectively functions;
"CardioSignal
Mobile Application" or "App" means the mobile application
(I) which the User has to download to his/her mobile device and (II) which
is intended to record and transmit chest motion data, show Results and manage
the Account;
"Grievance Redressal Officer for the Republic of India (GRO)" means
an officer appointed to redress the complaint for any violation of any person's
personal information or sensitive personal information;
"Our website" means the websites available at www.precordior.com and www.cardiosignal.com;
"Product" means
the Application;
"Personal Data" means any information relating to an identified
or identifiable natural person, such as a name or email address;
"Pseudonymized data" means the processing of personal data in such a
manner that the personal data can no longer be attributed to a specific person
without the use of additional information. Such additional information
must be kept carefully separate from personal data;
"Results" means the results of the analysis by the CardioSignal Cloud Service of the chest motion data
recorded by the User through the CardioSignal Mobile
Application;
"Service desk" means the system Precordior uses to process
customer service requests;
"Service" means
products, customer services, healthcare service, support service, websites
and/or applications and our communications with you;
"Third Parties" means any natural or legal person or entity other
than Precordior or the primary User;
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf
of the controller.
Processing
necessary to perform our contract with you,
·
We process information as necessary to conclude and
perform our contract with you, our Terms of Use. The categories of information
used and why and how they are processed is set out below. (chapter
4)
Your
consent,
·
The
CardioSignal app collects measurement data and shows
analysis results which are classified as data concerning health (GDPR
Art. 9). Therefore, in order to use our Product, we
require that you give your explicit consent to the collection and
processing of your Personal Health Data before you start using the Product.
This explicit consent for processing the data concerning your health is given
in the account creation process. Processing health information is mandatory in order to use the CardioSignal
application and therefore this explicit consent is required.
·
In order to develop our application, understand our
customer base, and provide you with the best possible experience with us, we
also send direct communications with content concerning new features and health.
To send you this information via email, we ask for your separate consent. This
consent is voluntary and does not affect the use of the application.
·
Your
consent might also be requested in relation to the use of website cookies. You
will find additional information on how cookies are used in the Cookie Policy.
·
For a
business contact person, your consent will be requested before providing any
e-mail marketing material to you.
·
We
might also ask for your consent when you participate in our partner campaigns in
connection with registrations for our online or onsite seminars.
The legitimate interest of
Precordior (e.g. observing Your website usage in order
to ensure efficient and secure use of Our websites, to develop our services, to
provide customized content to make Our services more relevant to You, to
provide marketing material and to collect statistics)
Precordior must receive or collect some
information to operate, provide, improve, understand, customize, support, and
market our Services, including when you install, access, or use our Services.
The types of
information we receive and collect depend on how you use our Services. We
require certain personal data to deliver our Services, and without it we will
not be able to provide our Services to you. For example, you must provide your
email address to create an account to use our Services.
Our Services
might have optional features which, if used by you, require us to collect
additional information to provide such features. You will be notified of such
collection, as appropriate. If you choose not to provide the information needed
to use a feature, you will be unable to use the feature.
Everything we collect and the reasons why we do so are listed below.
Contact information
Registration for the CardioSignal application requires an email address. The
email address is needed to verify the account and in order to
contact you if necessary. The email is used as a username for your account.
Personal identifier
(PID)
In connection with
potential partnership projects, we may need to collect data with your consent,
which requires more accurate identification
so that we or the partner can reliably associate the measurement results with a
specific person. In these cases, the owner of the personal data will be informed of the type of collected data and
the purpose of the data collection. These cases could be, for example, research
projects, cooperation with hospitals, or technology partnerships.
Information on each measurement you make with the CardioSignal
Application
|
Data |
Description |
Reason |
|
Time and time zone |
The date and time when the
measurement was made |
To help with post-market
surveillance, support-related quality control |
|
Device manufacturer |
For example
Apple, Samsung, Huawei, etc. |
To help with post-market
surveillance, support-related quality control |
|
Device model |
For example
iPhone 12 |
To help with post-market
surveillance, support-related quality control |
|
Operating system version |
For example
iOS14 or Android 10 |
To help with post-market
surveillance, support-related quality control |
|
Application version |
For example
2.5.3 |
To help with post-market
surveillance, support-related quality control |
Information related
to your health
|
Data |
Description |
Reason |
|
Sensor data |
Recorded motion sensor
data originating from the kinetic movement reflecting the movement of the
chest. |
This information is
collected so that we can analyze the data and show the Results to you. |
|
Analysis result: ·
Signs of AFib detected/not detected ·
Error code ·
Quality parameters |
Every measurement has a
result and parameters related to the measurement quality. |
This is the primary
function of the Application. |
|
Non-medical analysis
results: ·
Average heart rate (HR) ·
Heart rate variability (HRV) ·
Respiration rate |
Additional physiological
information extracted from the measurement data. |
To provide information
users may find interesting in addition to the actual results related to the
intended use of the application. |
Customer Support And Other Communications
When you contact us for customer support or otherwise communicate with us, you may
provide us with information related to your use of our Services, including
information about your device and any other information you deem helpful, as
well as how to contact you (e.g., a phone number). For example, you may send us
an email with information relating to app performance or other issues.
Customer Relationship Management System (CRM)
When you create an account for the CardioSignal application, the contact information is stored
in Precordior's CRM System.
|
Data |
Description |
Reason |
|
Email address |
Email address. |
Email is used as the
username for the CardioSignal account and as the
contact information. |
|
Time and time zone |
The date and time when
the measurement was made. |
Country-specific activity
monitoring. |
|
Measurement activity |
Last measurement date. |
Evaluate the
functionality of the service. Ability to provide customer support. Tailored
communication for optimal user experience. |
|
Language code |
The language which the
user has selected. |
This is used for using the
preferred language in communication. |
|
Product website activity |
Concerns only customers
participating in campaigns. |
Campaign-specific summary
analytics. |
We may collect information
about your activity on our Services, such as service-related, diagnostic, and
performance information. This includes information about your activity
(including how you use our Services, your Services settings, and the time,
frequency, and duration of your activities and interactions), log files, and
diagnostic, crash, website, and performance logs and reports.
Cookies and analytics
We use cookies and
analytics to operate and provide our Services, including our mobile
application, and to provide our web-based services, improve your experiences,
understand how our Services are being used, and customize them. For example, we
use analytics to develop our mobile application and online services. We may also use cookies to
understand which of our articles are most popular and to show you the most
useful information. Additionally, we may use cookies to remember your choices,
like your language preferences.
All of our web-based services are fully
functional also if you decide to deny all cookies.
Events, surveys, participation
When you
attend an online or on-site event organized by Precordior we collect the
relevant data required to deliver you a good event experience. We may also
collect data to further improve the relevance of our event, but providing such
information is voluntary. We also conduct various surveys or collect
feedback, either in connection with the events or separately. We use the information
only to deliver you the event experience, unless you have explicitly given us
consent to receive information via email in the future.
By default,
personal data collected through online or on-site events, or online or on-site
surveys, will be deleted after one year if there has not been any engagement
during this time.
Voluntary health
survey
A health survey can be accessed from the CardioSignal
application. The risk is automatically calculated when the user completes the
questionnaire, and the result is based on known risk factors used by physicians
and general statistics. It does not involve any health assessment conducted by
a real physician.
What is collected?
The questionnaire collects the following information:
·
Year
of birth, weight, height, sex category
·
Sleep
apnea, diabetes mellitus, heart failure, hypertension, prior stroke, and
coronary artery disease
·
Consent
to use the survey data for medical studies
The questions of the health
survey are based on known risk factors of stroke and atrial fibrillation.
Why is this information collected?
This information is collected to calculate your risk of atrial fibrillation and
strokes and to give a personal recommendation for the use of the CardioSignal app.
How is the data used?
Answering the health survey is voluntary. The data collected in the health
survey are confidential and will be stored in the CardioSignal system for analysis. All your data will be
handled anonymously. Precordior can use the data for improving the CardioSignal service, for providing a more personalized
user experience, and for statistical analysis. Precordior will not disclose
your Personal Health Data to Third Parties.
Hereinafter all of
the above-mentioned, from “contact information” to “voluntary health survey”
data, is collectively called "Personal Data".
We would like to draw your attention to the fact that Personal Data consisting
of patient medical data are also protected by medical secrecy rules.
Other data
The application also collects other data that are used for personalizing the CardioSignal Mobile Application's user experience.
|
Data |
Description |
Reason |
|
Language code |
The language which the
user has selected. |
This is used for using
the preferred language in the application and other possible communication. |
|
Approved Terms of Use |
Information on which
Terms of Use version the user has approved. |
The user cannot use the
application without approving the Terms of Use. If the Terms of Use are
updated, then this information must match the latest version. |
|
Latest measurement
information |
Information on when the
previous measurement was taken and the result. |
This information is used
for personalizing the CardioSignal Mobile
Application and for the assessment of your Personal Data's retention period. |
|
User modifiable options |
User modifies the
application settings and selections. |
This information is used
for personalizing the CardioSignal mobile
application. |
All Personal Data that we
process originate from the user of the application as described in section 4
above.
We may also collect device data automatically from your devices that
interact with our Product in accordance with the access rights given with your
consent.
In the case of
collaborative projects with hospitals or other collaboration, it is possible
that we receive personal data from these parties. For example, a list of
individuals collected by the hospital to whom they wish to provide access to
the program through partnership.
Precordior
(I) collects, (II) uses, (III) maintains and (IV) may share your Personal
Data provided by you or collected by us with its affiliates, parent companies
or other related companies for all purposes necessary to ensure the proper
functioning and operation of the User accounts and/or the proper functioning of
the Products. These purposes (collectively the "Purpose") may include:
Creating and managing your Account to use the Application; Providing
information and allowing the Users to access the Products; Diagnosing technical
problems and managing technical support and processing inquiries concerning the
Products; Contacting the Users by email or push notifications (if they are
enabled) to (I) verify your account (II) for information and operational
purposes such as account management, instructions, alerts, reminders, customer
service, system maintenance and others; Contacting the Users to
(I) communicate about and organize your participation in market or other
research or (II) obtain testimonials; Commercializing the Application;
Performing data analyses (including anonymization and aggregation of Personal
Data) and using and sharing the resulting anonymized data with Third Parties
for commercialization purposes; The operation, evaluation and improvement of
the Products (including the development of additional products and/or services,
enhancing and improving the current Products, analysis of our Products, quality
control activities and performing internal business functions such as
accounting and auditing);
Protecting against, identifying and preventing fraud and other unlawful
activity, claims and other liabilities; Complying with and enforcing any
applicable legal obligations with respect to our Terms of Use and Privacy
Notice.
Precordior is free to access, retain, and disclose Personal Data in the
following events:
In order to be in compliance with any applicable legislation or regulations; If
a law enforcement authority or other government official requests it; To
enforce the Precordior Terms of Use or Privacy Notice; For the investigation of
any suspected or actual fraudulent or illegal activity; and To protect your or
our safety and/or rights.
We may disclose certain information to vendors and service providers who help
us provide the Products. Examples of these vendors and service providers
include entities that provide analytics and web hosting services.
Technical processing and transmission of the Products, including your Personal
Data, may involve (I) transmissions over various networks; and (II)
modifications to conform and adapt to the technical requirements of connecting
networks, or devices.
Precordior shall take
appropriate administrative, technical (e.g. the application uses encrypted data
transmissions) and organizational measures against unauthorized or unlawful
processing of any Personal Data or the accidental loss, destruction or damage,
access, disclosure or use of Personal Data.
Precordior is committed to protecting the privacy of all of its Users' Personal
Data and providing a secure, user-controlled environment for the use of the
Products in accordance with Regulation (EU) 2016/679, the European Union's
General Data Protection Regulation ("GDPR"). At the same time, you
also share responsibility for maintaining privacy and security, for example, by
not allowing any Third Party to use your personal account on the CardioSignal Mobile Application. Precordior requires all
Users to be responsible for safeguarding any authentication information and to
immediately notify Precordior of any unauthorized use of your personal Account.
We do not disclose data
from the register to external parties except in the following special
situations or, in the event of a full or partial merger with or acquisition of
all or part of Precordior, we may transfer or disclose your Personal Data to a
Third Party. In such an event, Precordior shall obligate this Third Party to
use any Personal Data strictly in line with this Privacy Notice.
Other than as set out in this Privacy Notice, we shall not sell or otherwise
disclose your identifiable Personal Data to Third Parties unless this is
necessary for the purposes set out in this Privacy Notice or unless we are
required to do so by law.
We may share Personal Data with Third-Party service providers who help us to
provide, understand, commercialize and improve our Products. We do not
authorize these Third-Party service providers to use or disclose your Personal
Data except as strictly necessary to perform any services under our supervision
or to comply with applicable legislation. We seek to provide any such Third-Party
service provider with only the Personal Data they need to perform their
specific function.
In certain cases, we may share Personal Data with Third-Party partners,
research studies or collaboration projects. In these cases, you will be
informed at the time of collection of your Personal Data, for example, if a
collaborating hospital offers medical assistance based on your analysis
results.
In any event, such Third-Party providers shall be obliged to treat your
Personal Data in accordance with data privacy regulation. However, Precordior
cannot be held liable for any damages, whether direct or indirect, that may
result from the misuse of your Personal Data by such Third Parties.
Precordior has the right to use the collected anonymized data for commercial
purposes. Anonymizing data removes the possibility of linking your
pseudonymized data to any identifiable information such as your email address
so that it is no longer possible to identify who the data belongs to.
Precordior satisfies the
requirements of GDPR chapter III Rights of the data subject. These are
summarized below.
Right to be informed. You
have the right to be informed about the collection and use of your Personal
Data. This right is fulfilled by providing you with the information in this
Privacy Notice. Right of access. If you are concerned or have any questions
about your Personal Data, you have the right to request access to the Personal
Data which we hold or process on you. We will then provide you with information
about the data that are being processed and on the source of those data.
Right of rectification and right of erasure, see also section 10. You have the
right to request that we correct, erase or block any
Personal Data or inaccuracies therein free of charge. You also have the right
to receive your data in a structured, commonly used
and machine-readable format, and have the right to transmit those data to
another controller without hindrance from us, when the processing is based on
your consent.
Right to withdraw consent and object to data processing. Without prejudice to
the termination provisions of the Terms of Use, you may withdraw at any time
your consent to the processing of your Personal Data by Precordior by removing
the Application and notifying us in writing thereof. Withdrawal of consent does
not affect the processing before the withdrawal. Upon receipt of this
notification, Precordior shall promptly stop any processing of your Personal
Data. You may also ask us to stop using your Personal Data for direct marketing
purposes.
You have the right to object to or to demand restriction of the processing of
your data and to lodge a complaint with the supervisory authority of your place
of residence.
On grounds relating to your particular situation, you also have the right to
object to other processing activities when the legal basis of the processing is
a legitimate interest. In connection with your request, you shall identify the
specific situation based on which you object to the processing. We can refuse
the request of objection only on legal grounds.
To exercise your above-mentioned rights or if you have any other questions
concerning this Privacy Notice, please contact us by email at
support@cardiosignal.com or by writing to Precordior Ltd., Aurakatu 6, 20100 Turku, Finland.
Precordior will delete your
account after one year of inactivity. Your Personal Data are always anonymized
when an account is deleted. You can request
all your personal data and account deletion at any time from
support@cardiosignal.com. By doing so you can no longer access your data, and
the username is removed from the database so that the identification of
data is no longer possible. Upon notification, we may retain and continue
to use and disclose your Personal Data to Third Parties exclusively on an
anonymized basis.
Our application or website
may contain links to services we do not own or control, including social media
websites, AppStore rating, or other similar services hosted by third-party
providers. We are not responsible for the privacy practices of any Third
Parties who do not act as our Third-Party service providers, or for linked
content.
This Privacy Notice does not apply to these third-party websites or
applications accessible from or referenced on our services.
Occasionally, we may change
or update this Privacy Notice to allow us to use or share your previously
collected Personal Data for other purposes. If Precordior were to use your
Personal Data in a manner materially different from that stated at the time of its
collection, we will provide you with a notice on our website and in our CardioSignal Mobile Application indicating that the Privacy
Notice has been changed or updated and request that you renew your consent(s)
to the updated or changed Privacy Notice.
This document was updated 01.07.2022