Effective date: January 17th 2018
WHO WE ARE
patientMpower Ltd, with registered office and business address of: The Digital Depot, Thomas Street, Dublin, D08 TCV4, Ireland. The company is incorporated in the Republic of Ireland under company registration number 563516.
WHAT INFORMATION WE COLLECT
Our services and apps may obtain information about you in two ways. The first relates to information that is manually entered by you and the second relates to information that the services and apps collect automatically. Information collected automatically may come from your smartphone and/or connected health device.
The following are examples of information you can voluntarily and manually enter into the apps:
- First and last name
- Email address
- Demographic data e.g. gender, ethnicity, etc.
- Health result data e.g. blood pressure, weight, medication usage, etc.
- Answers to survey questions
- Support requests or correspondence which you send us, including where you request us to check or troubleshoot your service
Examples of information that is automatically collected include:
- Data from your smartphone or connected device sensors e.g. Step count from accelerometer (if enabled), blood pressure readings (if connected)
- Technical information from your smartphone or computer e.g. operating system, device type, features used on our apps, dates and times of interaction with our apps.
- Location information from GPS (only if you decide to opt in and enable certain features/functionality e.g. air quality index)
- Medical data which gets populated automatically if your health provider choses to send you medical results through the patientMpower application
To sign up to our apps you may choose to use your Google account or other social media accounts to complete the sign-up process. If you choose to do this, you are authorising patientMpower to collect, store, and use information that you agreed these sites may share with us through their API. Such information may include name, email address, profile picture, etc.
During the course of using our services or apps, you may have to option to link other third-party services with your account. Examples of these services may include Apple Health, Fitbit, etc. If you choose to do this, you are authorising patientMpower to collect, store, and use information that you agreed these sites may share with us through their API. Such information may include your step count, distance walked, etc.
HOW INFORMATION IS TRANSFERRED AND STORED
The information that we collect from you will be transferred, stored, and processed within the European Economic Area (“EEA”). By using our services and apps, you consent that information may be transferred, stored and processed outside your country of residence (if you currently reside outside the EEA). Your data will be stored for a period as long is deemed reasonably necessary by patientMpower for business and legal purposes.
WHAT WE DO WITH THE INFORMATION
PERSONAL IDENTIFIABLE INFORMATION (PII)
Personal identifiable information (PII) is information that may be used to identify you as an individual. Examples of PII include name and email address. PII may be used to respond to your requests, improve the communications and service you receive, notify you of changes to our services and apps, to seek your views on our services and apps, or for administrative purposes. PII may also be shared with a health provider of your choosing, but this is only done with your explicit consent. We never share PII which identifies you without your authorisation.
DE-IDENTIFIED AND AGGREGATRED INFORMATION
De-identified information refers to information that does not contain PII and does not allow us to identify you. We may use de-identified information to understand, improve, and customize your experience with our services and apps. De-identified information may be shared with third party affiliates, agents or business partners.
Aggregated information refers to de-identified information that is combined with that of other users de-identified information to give an aggregate overview of certain statistics. We may use aggregated information to understand, improve, and customize our users experience with our services and apps. Aggregated information may be shared with third party affiliates, agents or business partners.
Third party affiliates, agents, or business partners – we may engage with other third-party companies or individuals to perform certain business functions on our behalf. Examples may include providing technical assistance, order fulfilment, customer service, and marketing assistance. These third-party organisations will only have access to the de-identified and aggregated information necessary to perform their functions.
BUSINESS TRANSFERS AND LEGAL REQUIREMENTS
As we develop as a business, there is a possibility that we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution or other business-related event, your information may be part of the transferred assets.
If we receive a legal request for access to your information (e.g. from a court order, law enforcement authority, regulatory agency, etc.) we may disclose your information to the extent permitted by law. We may also share your information with legal advisors, consultants, or courts in order to protect and defend our rights and users of our services and apps.
THIRD PARTY ANALYTICS
Third party analytics providers that we work with are as follows:
Google Analytics – https://www.google.com/analytics/terms/gb.html
When you interact with our website (www.info.patientmpower.com) we try to make that experience simple and meaningful. When you visit the website, our web server sends a cookie to the hard disk your computer. Cookies are small text files which are issued to your computer when you visit a website and which store and sometimes track information about your use of the site. For example, cookies are used to personalise web search engines and to store shopping lists of items a user has selected while browsing through a virtual shopping mall. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the site and will last for longer.
- Remember that you have visited us before; this means we can identify the number of unique visitors we receive. This allows us to make sure we have enough capacity for the number of users that we get.
- Collect statistical information about how you use the site (including how long you spend there) and where you have come to the site from. We collect this data so that we can improve the website and learn which parts are most popular with visitors.
- Improve speed site navigation and recognise your access rights on the site.
The site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
HOW WE PROTECT YOUR INFORMATION
We place great importance on the security of all PII associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
patientMpower is designed with stringent security protocols. It uses state-of-the art electronic surveillance and multi-factor access control systems. All data transport between your app and our servers is encrypted.
We use a risk management process based on a HIPAA template. It allows us to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by patientMpower, and also implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with HIPAA standards.
patientMpower collects and processes Electronic Protected Health Information (ePHI). ePHI is defined as ‘Individually identifiable health information transmitted by electronic media and/or maintained in electronic media’. Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify and new risks when we define / develop new features.
However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. If there is a personal data breach, our data protection officer will report it to the competent Supervisory Authority without undue delay (not less than 72 hours after becoming aware of it). If a personal data breach is likely to result in a high risk to your rights and freedom, our Data Protection Officer will communicate the breach to you without delay.
You have a number of legal rights under the EU’s General Data Protection Regulation (GDPR). The following section explains your rights:
- You have a right to request a copy of your personal data
- You have a right to erasure (delete), rectify, restrict, and object to the processing of your personal data
- We are obligated under the GDPR to provide any requested information within one month of receiving a request. However, if a large number of requests are received or requests are complex, the time limit may be extended by a maximum of two further months.
- You have a legal right to access, rectify, erasure and object to the use of your data free of charge. However, a reasonable fee may be charged for “repetitive requests”, ‘manifestly unfounded or excessive requests” or “further copies”.
- You have a right to the rectification of inaccurate personal data.
- You have a right to receive a copy of your personal data in a structured, commonly used, machine readable format that supports re-use. You also have a right to transfer your personal data from one controller to another without hindrance, and to store your personal data for further personal use on a private device.
- If your personal data was shared with a third party, then you have a right to request information about the identities of those third parties.
- You have a right to object to the processing of your personal data for the process of direct marketing, including profiling.
- You have a legal right to not be subject to a decision based solely on automated processing which may significantly affect you, unless it is authorised by law or you explicitly consent and the appropriate safeguards are in place.
- You have a right to complain to the EU’s Data Protection Authority (DPA) if you think your rights have been infringed upon
We do not knowingly collect Information from children under the age of 14 through our apps. Our apps are intended for use by persons 18 years of age and older. If you discover that your child has been using our apps without your consent, or someone has been using the apps on behalf of your child without your consent, please contact us using the information below in the “Contacting Us” section and we will take steps to delete the information from our databases.
Please submit any questions, concerns or comments you have about this policy or any requests concerning your personal data to firstname.lastname@example.org or write to our Data Protection Officer at:
The Digital Depot,