Privacy notice

We are pleased that you are interested in the EXOPULSE HCP App. The present document informs you about the processing of personal data connected to the EXOPULSE HCP App. It also provides information on your rights and provides you with means to contact us. We process personal data in line with the General Data Protection Regulation (GDPR).

Controller

Exoneural Network AB
Barks väg 7
17073 Solna

SWEDEN

info@exopulse.com

exopulse.com

Data protection officer

The Data Protection Officer of EXONEURAL Network AB is:

DP Dock DPO Services GmbH

Wolfgang von Sandersleben

Grüffkamp 10

24159 Kiel

GERMANY

enn@dp-officer.com

Exoneural Network AB is part of Ottobock SE & Co. KGaA. Ottobock has also appointed a Data Privacy Lawyer: Matthias Horn[PK1] 

Purposes of the processing and legal basis for the processing

We limit the processing of personal data acquired through the app to purposes directly related to providing and improving the features of the app. We do not sell personal data.

The processing of personal data is based on Article 6(1)(b) GDPR, fulfillment of the contract. For personal data falling under special categories of personal data, for instance health data, the legal basis is Article 9(2)(a) GDPR (consent).

Personal data

The following personal data is processed by ENN:

1. Usage data:

§  Web Access log: IP-Address, device ID and data sent by your browser

§  Linked devices

§  Camera use

§  Error logging

§  Created training plans, login times, access to reports

 

Purposes:

§  The app needs to be able to store and read data on your phone. Otherwise the app cannot even be installed.

§  The app needs to be able to connect to the internet in order to communicate with our servers.

§  The app needs to use the camera to scan a QR code when connecting to a Patient.

Only necessary data for the functioning of the app and its features is being processed.

We will store the personal data provided by you only for the necessary amount of time unless statutory retention periods apply. Web access logs are being deleted after 30 days, error logging is deleted after 90 days.

2. Personal data of you as a health care professional:

§  Full name, E-Mail, password; purpose: create an account

§  Organization, address, country; purpose: patient can select their personal health care professional

§  Mobile number, landline number; purpose: contact for troubleshooting issues

§  Avatar, photo (optional): providing a photo for your patients is optional

Your personal data (Full name, organization, address, country, optional avatar photo) is being displayed to patients so that the patients may select and contact the right Health Care Professional.

3. Inquiries by phone, e-mail or via the app

In case you contact us (for example if you have any questions re the app), we will process the data which you provided during the contact. We will store the personal data provided by you only for the necessary amount of time unless statutory retention periods apply.

Please take into account that particular, unencrypted personal data - for example, if you contact us by e-mail - can be read by third parties. Therefore, for any queries containing information requiring special confidentiality, we recommend using postal services.

Recipients of the personal data

Exoneural Network works with several third parties in order to assure the functions of the App. Exoneural only works with third parties that demonstrate data protection compliance. Where necessary, Exoneural Network has concluded processing contracts.

Your personal data (Full name, organization, address, country, optional avatar photo) is being displayed to patients so that the patients may select and contact the right Health Care Professional.

Transfer of personal data to a third country

As mentioned, Exoneural Network works with several third parties in order to assure the functions of the App. Some of these third parties are based outside the European Union / the European Economic Area. Exoneural Network pays particular attention to GDPR compliance, and, in this context, in particular to Article 28 and Chapter V GDPR.

Retention

In principle, we only store your personal data as long as necessary for the functioning of the app and business processes related to it. Your personal data will be stored until the purpose for which it was collected has been achieved and, in particular, no legal retention periods prevent its deletion.

Disclosure

We only pass on your personal data to third parties if:

§  you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,

 

§  this is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR

§  there is a legal obligation to disclose personal data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or

§  the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary to safeguard legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your personal data.

Your Rights

To enforce your rights, please use the details provided under Controller.

We would like to inform you regarding your data subject rights according to Art. 15, 16, 17, 18, 20, 21 GDPR:

Right to access

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

Right to rectification and erasure

You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

Restriction of processing

As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.

Data portability

As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – that we transfer this data to a third party.

Right of objection

You have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. This is not the case here.

Withdrawal of consent

In case you consented to the processing– of your data, you have the right to revoke this consent at any time with effect for the future, according to Art. 7 (3) GDPR. The lawfulness of data processing prior to your withdrawal remains unchanged. In case you revoke your consent, your personal data will be deleted unless statutory retention periods apply. The use of the app will no longer be possible. To withdraw your consent, please use the details provided under Controller.

Right to lodge complaint with supervisory authority

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. This is the following authority:

Integritetsskyddsmyndigheten

Drottninggatan 29
5th Floor
Box 8114

104 20 Stockholm

Tel. +46 8 657 6100

Fax +46 8 652 8652

Email: imy@imy.se

Website: http://www.imy.se/

Automated decision-making, including profiling

Automated decision-making, including profiling, does not take place.

 

 [PK1]It is not strictly necessary to mention a lawyer in the privacy notice. Therefore, it would be ok to delete this sentence.