HCC Patient
Processing of personal data
Valid from 23rd May, 2022
Version 1.1
The present privacy policy describes how Empowered Health (“Empowered”, “we” or “us”), organisation number 559093-0722 and located at address Bytaregatan 22, 222 21 Lund, processes your personal data in this mobile app (“The Application”) and related technical systems (“The Systems”).
We urge you to read the present privacy policy carefully before using the Application, in order to better understand how we process your personal data. Your consent to the processing of your personal data is a condition of using some features of the Application.
Your privacy is important to us, and we take it extremely seriously. We protect your personal data, and ensure that any processing of it by us is performed in a correct and legal manner. In the present privacy policy, we explain what types of personal data we may process, and for what purpose we process such data. We also explain what choices and what rights you have in relation to any processing.
Please note that the present privacy policy concerns processing of personal data for which Empowered is data controller. This also means that you should address any questions or points of view to us, or if you want to exercise any of your rights relating to our processing of your personal data.
Throughout the present information text, the term “processing“ is used, which covers all actions involving personal data, including and without any restriction, the collection, processing, storage, sharing, access, use, transfer, and erasure of personal data.
“Applicable data protection” may refer to current legislation, provisions, and regulations, including regulations announced by competent regulatory authorities, relating to the protection of natural persons’ basic rights and liberties, and in particular the right to protection of their Personal Data in the event of the processing of personal data, as applicable in the present case, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (“GDPR”), as well as legislation, provisions, and regulations that supplement GDPR.
“Personal data” is considered to be any information that refers to an identifiable or identified natural person.
How does the application work?
The purpose of the HCC Patient app is to help you, the patient, to report medicine intake, vital signs, symptoms and side-effects. By means of the Application, you receive information and on-hand help that you may benefit from as well as information on side effect management. The gathering of information supports you in your discussions with your care provider. The schematic use of the Application is represented as follows:
You register medicines prescribed by your care provider
Your report intake of medicine
You report vital signs, symptoms and side effects
You have access to information about your disease and side effect management
You have access to a report compiling all the data you have inputted into the application
Using and responding to questions in the Application is done on a voluntary basis.
Where do we collect personal data from?
We collect personal data from:
yourself, via your responses in the Application, e.g. when transmitting vital signs and other health data, when responding to questionnaires, in the event of a support request (UDID, device type, operating system, etc.).
any connected smart devices or Medtech
When and why do we process personal data?
Administration of user accounts in the Application
We process your personal data to be able to set up and manage your user account in the Application. This involves you identifying yourself at login and the collection of health data for example.
Categories of personal data
Name
Email
Log-in details
Legal basis
Processing is necessary in order to ensure that you are provided with the Application (section 6.1 e and 9.2 h of GDPR) (see user terms and conditions for the Application).
Compliance with digital healthcare plans, symptoms and side effect reporting
We process your personal data when you have registered your care plan in the Application and when you report adherence to the care plan. We also process your personal data when you register any potential symptoms, adverse events or side-effects of the treatment. Processing occurs for us to be able to see your compliance and development on account of your participation in the treatment program or the digital healthcare plan.
Categories of personal data
Objective measurement data from smart devices or Medtech
From your given responses to questions, e.g. on experienced health development
Email
Communication between you and us via the Application
Legal basis
Processing is necessary to ensure that you are provided with the Application (section 6.1 e and 9.2 h of GDPR) (see user terms and conditions for the Application).
Patient overview and other processing of personal data by authorised personnel
How long do we keep your personal data (screening)?
Aggregate personal data that can no longer be attributed to a particular individual is kept until further notice. Data relating to your user account is kept as long as your account is active (i.e. 1 year after your last activity in the Application) while individual responses and other health data is kept in the Application until (i) we cease to provide the Application to you or (ii) until you request closure of your account in the Application. Please note Application is not a medical record.
Transfer and disclosure of personal data
We strive to protect and restrict access to your personal data. Only people who have a special need, bearing in mind their employment background at Empowered, are given access to your personal data.
Security
We ensure that access to your personal data is sufficiently protected by means of appropriate security measures, while considering circumstances and the latest developments, implementation costs and the type, scope, and purpose of the processing, together with any risks. To honour this commitment, we have also implemented appropriate technical, physical, and organisational measures to protect your personal data against unauthorised or unintentional destruction, modification or disclosure, misuse, damage, theft or loss due to accidents or unauthorised access. Personal data is stored only in the EU/EEA.
YOUR RIGHTS
Rights in relation to your personal data
In connection with our processing of your personal data, you are entitled, under certain conditions, to exercise the following rights:
Access
You can request a confirmation as to whether your personal data is processed or not and, if processed, you can request access to your personal data and other information such as the purpose of the processing. You are also entitled to receive a copy of any personal data that is processed. If such a request is submitted electronically, you will subsequently receive such information in an electronic format that is commonly used, unless you have requested otherwise.
Rectification
If you discover that personal data relating to you is inaccurate, incomplete or incorrect, you are entitled to have your personal data rectified.
Object to specific processing
You can object to any processing of your personal data that is based on legitimate interest or general interest. If Empowered cannot show an overriding reason to continue the processing, which outweighs your interests, or if the processing is not necessary in order to establish, exercise, and defend legal claims, we are then obliged to cease any such processing.
Erasure
You can have your personal data erased in certain circumstances, for example when the personal data is no longer needed to achieve the purpose for which the personal data was collected.
Restriction of processing
You can request that we restrict the processing of your personal data to only include storage of your personal data under specific circumstances, for example when such processing is illegal, but you do not want your personal data to be erased.
Withdraw consent
You are always entitled to withdraw your consent to processing of personal data, to the extent that the processing is based on your consent. You are entitled to withdraw consent at any time without any negative impact on your medical treatment in such cases.
Data portability
You are entitled to receive a machine-readable copy of your personal data, which is processed on the basis of your consent, or when such processing is necessary to fulfil an agreement with you, and when you receive such personal data (data portability), and to request that such information is transferred to another data controller, with any legal restrictions that may apply (e.g. Patient Data Act).
Complaints to regulatory authorities
Do not hesitate to contact us if you have any questions or a complaint about the processing of your personal data. You are always entitled however to submit a complaint regarding the processing of your personal data to the Swedish Authority for Privacy Protection (www.imy.se).
Contact us
If you have any questions relating to the processing of your personal data, or if you want to exercise any of your rights in accordance with applicable data legislation, please contact Empowered using the contact details below.
Data controller
dpo@empowered.healthBytaregatan 22
222 21 Lund
Sverige
Org nr. 559093-0722
© 2022 Empowered Health