Privacy notice

We are pleased that you are interested in the EXOPULSE App. The present document informs you about the processing of personal data connected to the EXOPULSE App. It also provides information on your rights and provides you with means to contact us. We process personal data in line with the General Data Protection Regulation (GDPR).

Controller

Exoneural Network AB
Barks Väg 7
17073 Solna

SWEDEN

info@exopulse.com

exopulse.com

Data protection officer

The Data Protection Officer of EXONEURAL Network AB is:

DP Dock DPO Services GmbH

Wolfgang von Sandersleben

Grüffkamp 10

24159 Kiel

GERMANY

enn@dp-officer.com

Exoneural Network AB is part of Ottobock SE & Co. KGaA. Ottobock has also appointed a Data Privacy Lawyer: Matthias Horn[PK1] 

 

Purposes of the processing and legal basis for the processing

We limit the processing of personal data acquired through the app to purposes directly related to providing and improving the features of the app. We do not sell personal data.

The processing of personal data is based on Article 6(1)(b) GDPR, fulfillment of contract. For the transfer of your personal data, especially health data to a Healthcare professional, the processing of your personal data is based on Article 6(1)(a) (consent). For personal data falling under special categories of personal data, for instance health data, the legal basis is Article 9(2)(a) GDPR (consent). By installing and using the app, you consent to processing of your personal health data. Your health data will only be processed for purposes strictly necessary for using the features of the app.

Personal data

The following personal data is processed by ENN:

1. Usage data:

§  Web access log: IP-Address, device ID and data sent by your browser

§  Linked devices

§  Bluetooth location

§  Error logging

Purposes:

§  The app needs to be able to store and read data on your phone. Otherwise the app cannot even be installed.

§  The app needs to be able to connect to the internet in order to communicate with our servers.

§  The app does not actually access location data. The app needs to be able to communicate with the Molii suit’s control unit via Bluetooth. The access to Bluetooth is linked to the location permission in Android.

Only necessary data for the functioning of the app and its features is being processed.

We will store the personal data provided by you only for the necessary amount of time unless statutory retention periods apply. Web access logs are being deleted after 30 days, error logging is deleted after 90 days.

2. Patient data:

§  Full name, E-Mail, birthdate, Password; purpose: create an account

§  Health data, training program; purpose: usage of the app

§  Linked Health Care Professionals; purpose: connect to Health Care Professional

§  Training program; purpose: provide training program

3. Inquiries by phone, e-mail or via the app

In case you contact us (for example if you have any questions re the app) , we will process the data which you provide during the contact. We will store the personal data provided by you only for the necessary amount of time unless statutory retention periods apply.

Please take into account that particular, unencrypted personal data - for example, if you contact us by e-mail - can be read by third parties. Therefore, for any queries containing information requiring special confidentiality, we recommend using postal services.

 

 

Recipients of the personal data

Exoneural Network works with several third parties in order to assure the functions of the App. Exoneural only works with third parties that demonstrate data protection compliance. Where necessary, Exoneural Network has concluded processing contracts.

Your personal data is being displayed to the Health Care Professional(s) you selected in the app. Purpose is to enable the patient and Health Care Professional to get in contact with each other and to create and review your training plan.

Transfer of personal data to a third country

As mentioned, Exoneural Network works with several third parties in order to assure the functions of the App. Some of these third parties are based outside the European Union / the European Economic Area. Exoneural Network pays particular attention to GDPR compliance, and, in this context, in particular to Article 28 and Chapter V GDPR.

Retention

In principle, we only store your personal data as long as necessary for the functioning of the app and business processes related to it. Your personal data will be stored until the purpose for which it was collected has been achieved and, in particular, no legal retention periods prevent its deletion.

Disclosure

We only pass on your personal data to third parties if:

§  you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,

§  this is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR

§  there is a legal obligation to disclose personal data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or

§  the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary to safeguard legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your personal data.

Your Rights

To enforce your rights, please use the details provided under Controller.

We would like to inform you regarding your data subject rights according to Art. 15, 16, 17, 18, 20, 21 GDPR:

Right to access

You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.

Right to rectification and erasure

You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.

This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).

Restriction of processing

As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.

Data portability

As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – that we transfer those data to a third party.

Right of objection

You have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. This is not the case here.

Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future according to Art. 7 (3) GDPR. The lawfulness of data processing prior to your withdrawal remains unchanged. In case you revoke your consent, your personal data will be deleted unless statutory retention periods apply. The use of the app will no longer be possible. To withdraw your consent, please use the details provided under Controller.

Right to lodge complaint with supervisory authority

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us. This is the following authority:

Integritetsskyddsmyndigheten

Drottninggatan 29, 5th Floor

Box 8114, 104 20 Stockholm, SWEDEN

Tel. +46 8 657 6100

Fax +46 8 652 8652

Email: imy@imy.se

Website: http://www.imy.se/

Automated decision-making, including profiling

Automated decision-making, including profiling, does not take place.

 

 

 [PK1]It is not strictly necessary to mention a lawyer in the privacy notice. Therefore, it would be ok to delete this sentence.