FibriCheck - Privacy Policy

1.3.0

2018-5-23

The present Privacy Policy is supplied electronically for the registration of the application and at our website www.fibricheck.com , a paper format is available on request from support@fibricheck.com .

In order to be able to use the Products, you first need to accept and agree to our Privacy Policy. This document explains how we obtain and process your personal data. You cannot use the Products unless you first accept our Privacy Policy.

Please make sure you carefully read the present Privacy Policy, so you fully understand what will happen to your Personal Data. In this connection, please bear in mind the following:

If you have any questions relating to the processing of your Personal Data by us, please contact Qompium NV by e-mail at support@fibricheck.com or by letter sent to Qompium NV, Kempische Steenweg 303/27, 3500 Hasselt (Belgium).

Please note that you are not obliged to install the Application and your refusal to install the Application does not have any impact on the quality treatment by your Physician.

Qompium NV (" Qompium", " we", " us") recognizes and understands the importance of the privacy of its users (" Users", " you") and wants to respect their desire to store and access personal information in a private and secure manner. This Privacy Policy applies to our Application and our Website (collectively the "Products") and describes how Qompium manages, stores and utilizes your Personal Data through its Products.

1. Description of the application

1.1. Qompium provides FibriCheck, a service that determines heart rhythm conditions, with a primarily focus on the detection of atrial fibrillation.

FibriCheck is available on prescription and in the framework of projects;

The Application is available to users in the European countries covered by CE regulation and other countries that also follow CE regulation.

1.2. FibriCheck consists of the FibriCheck Platform, the FibriCheck Mobile Application ` and the FibriCheck Dashboard (each as defined hereinafter and collectively the " Application"). The FibriCheck Platform is the engine of the Application and interacts with and transmits data between the (i) FibriCheck Mobile Application; (ii) the FibriCheck Dashboard and (iii) the Physician Dashboard. In addition, the FibriCheck Platform also analyses and stores data.

The recordings via the FibriCheck Mobile Application are performed by placing the finger of the User on the camera of the mobile device thereby detecting the pulse waveform using the optical light and detector of the mobile device.

The FibriCheck Dashboard is an online tool with the sole intention to display your data. Through the dashboard, your physician can automatically consult the Results (as defined hereinafter) from the FibriCheck Platform.

In the case of projects, the FibriCheck Monitoring Center can automatically consult all Results from the Fibricheck Platform. Please note that this automatic consultation is only possible after you have made the link between yourself and your Physician/the FibriCheck monitoring Centre through correctly scanning the QR code or access code with your mobile device. Correctly scanning the QR code with your mobile device is your sole responsibility. Please note that the automatic forwarding of the results does not imply that you are continuously monitored by your doctor or the FibriCheck Monitoring Center.

Please note: your Physician is responsible for the interpretation of the Results and the follow-up of your medical condition. At the express request of your Physician, Qompium shall be permitted to access and analyse Results. In the event of projects too, the FibriCheck Monitoring Centrum shall view the Results over a limited length of time, but will not intervene in the meantime.

Please note: the automatic possibility to consult the results via the dashboard, does not imply that you are continuously monitored by your Physician or the FibriCheck Monitoring Center.

This information is also set out in our Terms of Use.

2. Definitions

"Account" means your registered account that you have created through the registration process from an official registration channel (e.g. FibriCheck Mobile Application, FibriCheck Dashboard);

"Application" means the (i) FibriCheck Platform; (ii) FibriCheck Mobile Application and (iii) FibriCheck Dashboard;

"FibriCheck Dashboard" means the dashboard made available to the Users, located at app.fibricheck.com;

"FibriCheck Mobile Application" means the mobile application (i) which the User has to download on its mobile device and (ii) is intended to record, display, store and transmit photoplethysmograms (PPG data);

"FibriCheck Platform" means the platform on which the FibriCheck Mobile Application, the FibriCheck Dashboard and the Physician Dashboard are connected and collectively function. Depending on the user profile (User, Physician, ...) different application functions can be made available;

"FibriCheck Monitoring Center" The instance that automatically links you for a limited period of time through the FibriCheck Mobile Application by scanning a generic QR code within a project;

"Physician" means the doctor (or other medical party) from which you obtained the prescription containing your personal QR code to make the automatic link with your Physician via the FibriCheck Mobile Application. Please note that your physician can be the FibriCheck Monitoring Centre (for example if you generated your prescription through the website);

"Physician Dashboard" means the web-based application that is accessible by your Physician/FibriCheck monitoring centre to allow your Physician to review patient information about you, including but not limited to the Results. This application is also connected with the FibriCheck Platform;

"Products" means the Application and the Website;

"Results" means the results of the analysis by the FibriCheck Platform of the photoplethysmograms recorded by the User through the FibriCheck Mobile Application;

"Third Parties" means any natural or legal person or entity other than Qompium;

"Website" means the website available at www.fibricheck.com;

"Personal Data" means all information about an identified or identifiable person;

3. Personal Data for the operation of the Application

3.1. We shall collect different types of Personal Data, including sensitive health data, about the Users of our Products and store them on your mobile device and/or on our server. The data involved are:

3.2. Qompium (i) collects, (ii) uses, (iii) maintains and (iv) may share your Personal Data as provided by you or collected by us, with its affiliates, parent companies or other related companies for all purposes necessary to ensure the proper functioning and operation of the User accounts and/or the proper functioning of the Products. These purposes may include (collectively the "Purpose"):

3.3. Qompium is within its rights to lawfully process the types of Personal Data specified, for these purposes because you have given your consent for us to do so or because this is necessary in the context of the User Agreement. In this respect, the following clarification is apt:

Please note: if you actively supply this information in response to our request, this may be considered as consent. In that case, we will first clearly specify that this relates to optional Personal Data and what the possible consequences, if any, may be if you do not supply this information.

Please note: you can administer cookies yourself through your browser settings and other tools. Your device can give you control over the use of cookies or other technologies when you are using the Products. For instance, you can set your device or browser in such a way that the use of cookies or similar technologies is made undone, deleted, reset or blocked. In that case however, it may be that the Products do not work entirely as they should without cookies or that you are unable to use all the functionalities.

4. Additional processing operations

Alongside the purposes specified in Part 3, Qompium shall be permitted to also process your Personal Data for specific other purposes, as set out below:

5. Who has access to your Personal Data

5.1. The processing of your Personal Data by Qompium within the Application in compliance with the present Privacy Policy is made to occur under the supervision of a qualified health care practitioner. In addition, inside Qompium other persons too have access to your Personal Data, insofar as necessary for our Products. At your request, Qompium can provide you with a list of the people within Qompium who have access to your Personal Data.

5.2. Moreover, Qompium shall be permitted to share specific Personal Data received with Third Parties such as suppliers and service providers, whose services or products we call on to distribute the Products. Examples of these suppliers and service providers include entities who process payments transacted with credit cards or debit cards or that provide analyses and web hosting services or that assist us to enhance the diagnostic competences of the Application, of subsidiaries, holding companies and other affiliated companies of Qompium’s that support Qompium in supplying the Products.

For the operation of the Application (as detailed in Part 1), we shall equally disclose your Personal Data to your Physician or in the event of a project, to the FibriCheck Monitoring Center by providing access to your recordings with the Application and your personal profile via the Physician’s Dashboard.

In compliance with the provisions set out under Parts 3 and 4 of the present Privacy Policy, Qompium shall equally transmit specific Personal Data to other Third Parties. On no account shall be sell your Personal Data or disclose them in any other manner to Third Parties unless after first having obtained to prior and express consent, unless this is necessary for the purposes set out in the present Privacy Policy or unless we are required to do so by law.

5.3. In the event of a full or partial merger, or the takeover of Qompium in full or in part, we shall be permitted to relay your Personal Data to a Third Party. In that case, Qompium shall require the said Third Party to use al land any Personal Data only in strict compliance with the present Privacy Policy.

5.4. The technical processing and the transfer of the Products, with the inclusion of your Personal Data may (i) entail transfers via multiple networks; and (ii) involve changes in order for us to adapt to and align ourselves with technical requirements of networks or devices which we connect to.

6. Security

6.1. Qompium shall take appropriate administrative, technical and organisational measures against unauthorised or unlawful processing of any Personal Data or its accidental loss, destruction or damage, access, disclosure or use. Upon written request, Qompium can provide you with a list of people of Qompium that may have access to your Personal Data. These people have entered into confidentiality agreements prior to having been granted access to your Personal Data.

Qompium shall equally ensure a safe, user-controlled environment for the Products to be used. We shall keep your Personal Data safe on our Servers which are situated inside the European Economic Area (AWS – Frankfurt – Germany).

For some processing operations however, your Personal Data shall be allowed to be processed by a Third Party outside of the European Economic Area (EER). In that case, we shall put in place specific measures to ensure a level of protection that is equivalent to the level that exists within the EER. For now, this solely applies to SurveyMonkey (which has servers in the U.S.) for surveys on the usage of our Products. In our contracts with SurveyMonkey, we have included the relevant clauses as approved by the European Commission to create an equivalent level of protection.

In the event the security of your Personal Data should be breached, in specific cases Qompium is required by law to notify the Users concerned, if the breach could have an impact on their privacy.

6.2. You too are responsible to uphold your privacy and security, for instance by not authorising Third Parties to use your individual Account on the FibriCheck Mobile Application or on the FibriCheck Dashboard. Qompium requests that all Users assume their responsibility in protecting all login data and to immediately notify Qompium of any unauthorised use of your individual Account.

6.3. As stated, Qompium may call on the services of specific third party service providers (as outlined under Part 5). In any event, such third party service providers are under obligation to treat your Personal Data in compliance with the present Privacy Policy.

We do not authorise the said third party service providers to disclose or use your Personal Data, unless this is strictly necessary to provide specific services under our supervision or in order to be compliant with applicable laws and regulations. We endeavour to solely provide such third party service providers with the Personal Data the required to serve their specific role.

However Qompium declines all and any liability for any loss or damage, whether direct or indirect, which might arise from the misuse of your Personal Data by such third party service providers.

6.4. As stated, Qompium may also relay your Personal Data to specific Third Parties (as detailed in Part 5), including your Physician. After your Personal Data were transmitted, the receiving Third Party is responsible to put in place the relevant administrative, technical and organisational measures against the unauthorised and unlawful processing of Personal Data or against the unintentional loss, accidental destruction or damage, access to or disclosure of the involuntary use thereof.

If specific content or services of Third Parties may be made available to you via the Products, please bear in mind that such linked content or services may come with their own Privacy Policy, for which Qompium cannot be held liable. Qompium in no way checks or supports the privacy practices of such Third Parties.

6.5. Some Third Parties, such as Google Analytics, may use cookies to gather information about your activities on/involving our Products with a view to gaining a better understanding of the performance of our Products and to continue to improve them. Please consult the website of the Third Party concerned for further information on their use of cookies. If the said website allows such cookies or when you gain access to other websites of the Products by using the links, the operators of these other websites use cookies in compliance with their own cookie policy, which may differ from ours.

7. Your Rights concerning your personal data

To exercise your aforesaid rights or to ask any other questions you may have in respect of this Privacy Policy, please contact us by e-mail at dpo@fibricheck.com  or by letter sent to Privacy, Qompium NV, Kempische Steenweg 303 Bus 27, B-3500 Hasselt, for the attention of Bieke Van Gorp. Please include a copy of your identity card or other proof of your identity with your request. Qompium will undertake the necessary action without undue delay and communicate to you on the action put in place (or the absence of any such action) within 30 days.

Right of access: If you are concerned or have any questions about your Personal Data, you have the right to request access to the Personal Data which we hold or process about you. We will then provide you with information about the data that are being processed and on the source of those data.

Right of rectification and right of erasure: You have the right to request us free of charge to correct, erase or block any inaccuracies in your Personal Data if such Personal Data would be incomplete, inaccurate or processed unlawfully.

Please note that you can change your account information in the Application at any time on the "settings" pages.

Right to transferability: you may also request Qompium at all times to directly transfer the Personal Data about you which are processed by way of automated processes pursuant to your consent or in performance of the User Agreement, in machine-readable form to a different data processing controller (e.g. a physician). However, this only applies to Personal Data supplied by you or which we obtained through observation (e.g. via the sensor of your mobile device), not to data we have developed in-house (e.g. analyses by Qompium of the Personal Data obtained).

Right not to be subject to individual decision-making: you have the right to request not to be subjected to decision-making that is based on automated processing of your Personal Data, including profiling, without human intervention, if such decision-making could have legal implications for you or which could have a significant effect on you in a similar manner.

In theory, Qompium shall perform profiling by establishing a health profile. However, no fully automated individual decisions are arrived at on the basis thereof. If you have any questions relating to specific automated processing operations by Qompium, please feel free to contact us for more details at any time.

Right to withdraw your consent: you are free to withdraw your consent for the processing of your Personal Data by Qompium for one or several purposes (as detailed in Parts 3 and 4) at any time by definitively removing your Application and/or by notifying us thereof in writing by e-mail sent to support@fibricheck.com. In response, Qompium shall immediately cease all processing of your Personal Data for purposes for which you have withdrawn your consent. However, the withdrawal shall have no impact on the validity of the processing operations which Qompium previously performed with your Personal Data.

Right to object against specific processing operations without your consent: for some processing operations, Qompium does not require your express consent. This relates to processing operations on the grounds of Qompium’s vested interests (e.g. contacting you to invite you to take part in a marketing study). Nonetheless, you may request us in specific cases, and at all times in the event of direct marketing, to cease using your Personal Data for these purposes.

Right to erasure: furthermore, you are within your rights to request for your Personal Data held by Qompium to be erased if:

Right to restricted processing: if you are of the opinion that:

However, if the Patient does not wish for these Personal Data to be erased by Qompium, you can also ask us to process these Personal Data on a restricted basis for the time being.
This means we still keep your Personal Data on record, but other than that, we shall only process your Personal Data subject to your consent or as part of a claim pursued before the courts or if the processing is necessary to protect the rights or other parties or for imperative reasons of public interest;

Right to complain: you have the right to submit a complaint with a supervisory authority (for Belgium: the Data Protection Authority) if you believe that your Personal Data are not being processed by Qompium in compliance with the applicable privacy laws and regulations. In that case, we would kindly ask you to contact us first to enable us to try and rectify the problem.

8. Data retention and deletion

We may retain information regarding you and your use of the Products, including Personal Data, for as long as reasonably needed to provide you with the Products and the uses described in this Privacy Policy.Please note that we retain your Personal Data even if you temporarily stop using the Application until you permanently delete the Application on your mobile device and notify us thereof. Upon notification, we may retain and continue to use and disclosure your Personal Data to Third Parties exclusively on a fully anonymized basis.

9. Updates or changes to our Privacy Policy

Occasionally, we may change or update this Privacy Policy to allow us to use or share your previously collected Personal Data for other purposes. If Qompium would use your Personal Data in a manner materially different from that stated at the time of the collection, we will provide you with a notice on our Website and in our FibriCheck Mobile Application indicating that the Privacy Policy has been changed or updated and request you to agree with the updated or amended Privacy Policy.

Controller

Qompium NV
Kempische Steenweg 303/27
3500 Hasselt
Belgium
www.fibricheck.com