Precordior Ltd. ("Precordior", "we", "us") recognizes and understands the importance of the privacy of its users ("Users", "you", "them") and wants to respect their desire to store and access personal information in a private and secure manner. This Privacy Notice applies to our Cardiosignal Application (the "Product") and describes how Precordior manages, stores and utilizes your Personal Data through this Product.
Please read this Privacy Notice carefully (which is also available on CardioSignal website: www.cardiosignal.com) so that you fully understand how we obtain and process your Personal Data.
1. Who collects your data and who can I contact?
This Privacy Notice is supplied electronically, paper format is available on request at email@example.com.
"Account", "User account" means your account registered through the registration process on the Precordior CardioSignal Mobile Application or on the CardioSignal www-service;
"Application" means the (I) Precordior Platform and (II) Precordior CardioSignal Mobile Application;
"Personal Data" means any information relating to an identified or identifiable natural person, such as name or e-mail address;
"Precordior CardioSignal Mobile Application" or "App" means the mobile application (I) which the User has to download to on his/her mobile device and (II) is intended to record and transmit chest motion data, show Results and manage Account;
"Precordior Platform" means the cloud based service to which the Precordior CardioSignal Mobile Application is connected to and with which it collectively functions;
"Product" means the Application;
"Results" means the results of the analysis by the Precordior Platform of the chest motion data recorded by the User through the Precordior CardioSignal Mobile Application;
"Third Parties" means any natural or legal person or entity other than Precordior or the primary User;
"Service desk" means the system Precordior uses to process customer service requests.
3. Legal basis of processing Personal Data
4. What information we collect and why?
We collect several types of information including Personal data from the Users of our Products, and store it on your mobile device and/or our server. Everything we collect and the reason to do so is listed below.
Registration requires only e-mail address. We need this information in order to contact you if necessary. It also acts as an identifier of your account (user name).
Information related to each measurement you make with the CardioSignal Application
Date and time of the measurement and timezone where the measurement was made. This information is collected so that we can show you your measurement history in a chronological order.
User name who made the measurement. This information is collected so that we can link correct measurements with correct User.
Manufacturer, model and operating system version of the phone. This information is collected for quality control purposes. By monitoring this information we ensure correct operation of the Application.
Error code. This information is collected for quality control purposes. Error code indicates that something unexpected happened and the data could not be analyzed. To avoid false alarms, we perform some simple automatic data quality checks and give Results only for data which is of sufficient quality for reliable analysis (assuming you have made the measurement as instructed).
Information related to your health
Raw measurement data. i.e. motion data of your chest. This information is collected so that we can analyze the data and show Results to you. It is stored to allow reanalysis of (anonymized) data for research purposes and for quality assurance.
Analysis Results; average heart rate, whether signs of atrial fibrillation was detected or not and quality assessment of the measurement. This the primary function of the Application. You can retrieve this information from your measurement history.
Hereinafter all the above mentioned data is collectively called "Personal Data".
Only contact information is saved on both your mobile device and server, everything else is stored only on server.
We would like to draw your attention to the fact that Personal Data consisting of patient medical data is also protected by medical secrecy rules.
Contacts to Customer service are stored in Precordior's "Service desk" system. Only our authenticated customer service representatives can see your messages. Messages are stored permanently. Messages and related Personal Data (for example e-mail address) are used solely for the purpose of serving customers, ensuring customer service quality, and developing CardioSignal-service.
5. Sources of Personal Data
All Personal Data which we process originates from the User of the Application as described in previous chapter 4.
6. How do we use your Personal Data?
Precordior (I) collects, (II) uses, (III) maintains and (IV) may share your Personal Data provided by you or collected by us with its affiliates, parent companies or other related companies for all purposes necessary to ensure the proper functioning and operation of the User accounts and/or the proper functioning of the Products. These purposes may include (collectively the "Purpose"):
Creating and managing your Account to use the Application; Providing information and allowing the Users to access to the Products; Diagnosing technical problems and managing technical support and processing inquiries concerning the Products; Contacting the Users by email or push notifications (if they are enabled) to (I) verify your account (II) for information and operational purposes such as account management, instructions, alerts, reminders, customer service, system maintenance and others; Contacting the Users to (I) communicate about, and organize your participation in market research or (II) obtaining testimonials; Commercializing the Application; Performing data analyses (including anonymization and aggregation of Personal Data) and using and sharing the resulting anonymized data to third parties for commercialization purposes; The operation, evaluation and improvement of the Products (including the development of additional products and/or services, enhancing and improving the current Products, analysis of our Products, quality control activities and performing internal business functions such as accounting and auditing);
Precordior is free to access, retain, and disclose Personal Data in the following events:
We may disclose certain information to vendors and service providers who help us provide the Products. Examples of these vendors and service providers include entities that process credit or debit card payments and provide analytics and web hosting services.
Technical processing and transmission of the Products, including your Personal Data, may involve (I) transmissions over various networks; and (II) modifications to conform and adapt to technical requirements of connecting networks, or devices.
7. Is my Personal Data Secure?
Precordior shall take appropriate administrative, technical (e.g. Application uses encrypted data transmissions) and organizational measures against unauthorized or unlawful processing of any Personal Data or its accidental loss, destruction or damage, access, disclosure or use. Upon written request, Precordior can provide you with a list of people of Precordior that may have access to your Personal Data. These people have entered into confidentiality agreements prior to having been granted access to your Personal Data.
In the event of and following discovery or notification of a breach of the security of the Personal Data, or access by an unauthorized person, Precordior is required by law to notify the User if the breach is likely to affect your privacy.
Precordior is committed to protecting the privacy of all of its Users Personal Data and providing a secure, user-controlled environment for the use of the Products in accordance with Regulation (EU) 2016/679, the European Union's General Data Protection Regulation ("GDPR"). At the same time, you also share responsibility for maintaining privacy and security for example, by not allowing any third party to use your personal account on the Precordior CardioSignal Mobile Application. Precordior requires all Users to be responsible for safeguarding any authentication information and to immediately notify Precordior of any unauthorized use of your personal Account.
8. Disclosures and Transfers to Third Parties
We don’t disclose data from the register to external parties except in the event of full or partial merger with, or acquisition of all or part of Precordior, we may transfer or disclose your Personal Data to a Third Party. In such event, Precordior shall impose this Third Party to use any Personal Data strictly consistent with this Privacy Notice.
Other than as set out in this Privacy Notice, we shall not sell or otherwise disclose your identifiable Personal Data to Third Parties unless this is necessary for the purposes set out in this Privacy Notice or unless we are required to do so by law.
We may also share Personal Data with Third Party service providers who help us to provide, understand, commercialize and improve our Products. We do not authorize these Third Party service providers to use or disclose your Personal Data except as strictly necessary to perform any services under our supervision or to comply with applicable legislation. We seek to provide any such Third Party service provider with only the Personal Data they need to perform their specific function.
In any event, such Third Party service providers shall be obliged to treat your Personal Data in accordance with this Privacy Notice. However, Precordior cannot be held liable for any damages, whether direct or indirect, that may result from the misuse of your Personal Data by such Third Party service providers.
Precordior holds the right to use the collected fully anonymized data for commercial purposes. In fully anonymized data no personal details are left. In practice, your user name is removed from the database so that the identification of data is no more possible.
We shall store your Personal Data on our servers located in the European Economic Area (such as the used cloud service provider Amazon Web Services (AWS) - Frankfurt - Germany or AWS - Ireland). Precordior or its subcontractors do not transfer your Personal Data outside EU and/or European Economic area.
9. Your rights
Right of access. If you are concerned or have any questions about your Personal Data, you have the right to request access to the Personal Data which we hold or process about you. We will then provide you with information about the data that are being processed and on the source of those data.
Right of rectification and right of erasure, see also chapter 10. You have the right to request us free of charge to correct, erase or block any inaccuracies in your Personal Data if such Personal Data would be incomplete, inaccurate or processed unlawfully.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
To exercise your above mentioned rights or any other questions concerning this Privacy Notice, please contact us by e-mail at firstname.lastname@example.org or by writing to Precordior Ltd., Aurakatu 6, 20100 Turku, Finland.
10. Data retention and deletion
We may retain information regarding you and your use of the Products, including Personal Data, for as long as reasonably needed to provide you with the Products and the uses described in this Privacy Notice.
According to GDPR, sensitive data must be immediately destroyed when there is no longer any justification for processing. This applies to "Information related to your health" mentioned in chapter 4. Precordior will store your personal data one year from the termination of the latest contract. After this your Personal Data is fully anonymized. You can also delete your Account from the App (settings) by yourself at any time. By doing so you can no more access your data and the user name is removed from the database so that the identification of data is no more possible. Upon notification, we may retain and continue to use and disclosure your Personal Data to Third Parties exclusively on a fully anonymized basis.
11. Third Party websites or applications
Certain content or services provided by Third Parties may be made available to you through the Products. Such linked content or services may have their own privacy notices for which Precordior cannot be held responsible. Precordior does not in any way review or endorse the privacy practices of such Third Parties.
12. Updates or changes to our Privacy Notice
Occasionally, we may change or update this Privacy Notice to allow us to use or share your previously collected Personal Data for other purposes. If Precordior would use your Personal Data in a manner materially different from that stated at the time of the collection, we will provide you with a notice on our Website and in our Precordior CardioSignal Mobile Application indicating that the Privacy Notice has been changed or updated and request you to renew your explicit consent with the updated or changed Privacy Notice.
This document was updated