Effective October 5, 2020
VitalSignum Oy, including its affiliates (“VitalSignum”, “we”), is committed to respecting your privacy and complying with applicable data privacy laws and EU regulation 2016/679.
This Privacy Statement (“Statement”) describes how we collect and use personal data about you during VitalSignum’s data processing activities where VitalSignum is the data controller, and what rights you have in relation to such data. Personal data means information about you or another identifiable individual.
We may provide you additional privacy information that are specific to certain areas of VitalSignum’s data processing activities in other notices you may see. If there is a difference between such notices and this Statement, the notices should be considered first.
You are not required to provide the personal data to VitalSignum. If you choose not to provide your personal data to VitalSignum, we may not be able to continue the data processing with you or to respond to queries you have.
1. What Personal Data Does VitalSignum Collect and Process?
VitalSignum collects personal data directly from you as well as from other available sources to the extent relevant and permitted by applicable law. Subject to applicable law and practice, the categories of personal data that are collected and processed in the data processing context include:
- Information you provide: When you create an account in our data processing management system or otherwise interact with us (either directly or through an agency or other third party), we may ask for information such as your name, street address, telephone number, email address, sex, weight, height, age, rest heart rate, aerobic threshold, anaerobic threshold, maximum heart rate, biometric data (ECG, blood pressure, oxygen saturation, etc.) as well as user names and passwords for logging in our data processing management system. We may also maintain records of your consents, preferences and setting in relation to, for example, language, measures to display and preferred ways to be contacted by VitalSignum.
- Technical Information: When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to VitalSignum by the telecommunications operator as a standard part of that communication.
2. What Will VitalSignum Do with Your Personal Data?
VitalSignum may process your personal data for the following purposes. One or more purposes may apply simultaneously.
- Communicating with you: We may use your personal data or any data derived from your data either automatically or manually in our data processing activities to communicate with you, for example, to obtain additional information, to inform you about the status of your account with us.
- Communicating with your health care provider: We nay use your personal data or any data derived from your data either automatically or manually in our data processing activities to communicate with your authorized health care provider, for example providing them the measured health data together with any annotations you may have created and any data analysis results we may have generated based on the data.
- Research activities: We may use or allow third parties to use your data for legitimate research purposes in an anonymized fashion.
- Development of services: We may use your personal data to develop and improve our data processing and resourcing processes, websites and other related services. Where feasible, we use aggregated anonymous information in the development activities.
- Legal and regulatory compliance: We may use your personal data as required by law, regulation, judicial organizations or practice to comply with legal obligations imposed on us.
VitalSignum processes your personal data with your consent to complete any transaction you have requested or authorized. We may also process your personal data to protect the privacy of other subjects; to maintain the security of our data processing related activities, systems, websites and services; and to protect the rights and property of VitalSignum.
3. Does VitalSignum Share Your Personal Data?
VitalSignum will not sell, lease, rent or otherwise disclose your personal data unless otherwise stated below.
- Consent: VitalSignum may share your personal data if you have given your consent for VitalSignum to do so.
- VitalSignum companies and authorized third parties: VitalSignum may share your personal data with other VitalSignum companies or authorized third parties who process personal data for VitalSignum for the purposes described in this Statement. VitalSignum authorized third parties may include, for example, data processing agencies, professional advisors, external legal counsel, and other third-party suppliers. These VitalSignum authorized third parties are not permitted to use your personal data for any other purposes. We require them to act consistently with this Statement and to use appropriate security measures to protect your personal data.
- International transfers of personal data: Our data processing and resourcing activities may make use of resources and servers located in various countries around the world. This means that your personal data may be transferred outside the country to where you are applying to as an applicant, including to countries outside the European Economic Area (EEA). Such other countries do not always have laws providing specific protection for personal data or they have different rules on privacy and data protection. In such cases we use measures to provide adequate protection for your personal data as required by applicable law, for example, by using standard agreements approved by relevant authorities (e.g. the European Commission) and by requiring the use of appropriate technical and organizational information security measures.
- Mandatory disclosures: VitalSignum may be obligated by law to disclose your personal data to certain authorities or other third parties, for example, to government agencies responsible for health care or statistical information or to the police or other law enforcement agencies. VitalSignum may also disclose and use your personal data in accordance with applicable law to defend VitalSignum’s legitimate interests, for example, in civil or criminal legal proceedings.
- Mergers and acquisitions: Where VitalSignum decides to sell, buy, merge or otherwise reorganize its businesses in certain countries, this may involve disclosing personal data to prospective or actual purchasers and their advisers.
4. What Steps Are Taken to Safeguard Personal Data?
Privacy and security are key considerations for VitalSignum. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing personal data to authorized persons having a justified need to access such information.
5. Data Quality
We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data. We will only retain your personal data for as long as necessary to fulfill the purposes outlined in this Statement or otherwise communicated to you, unless a longer period is required by law.
We encourage you to access your personal data through your account from time to time to help us ensure that it is up to date. We may delete your account from our data processing management system within 3 years from the end of the year during which you have last accessed it or updated it. If your data is being used for authorized health care, VitalSignum will retain your personal data for longer periods, in accordance with legal and regulatory requirements.
6. Your Rights
You have the following rights regarding personal data that VitalSignum processes about you:
- Access: You have a right to know what personal data we hold about you and to obtain a copy.
- Data portability: Subject to law, you have a right to obtain in machine readable format the personal data you have provided to VitalSignum.
- Rectification and erasure: You have a right to have incomplete, incorrect, unnecessary or outdated personal data about you updated or deleted.
- Withdraw your consent: You have a right to withdraw your consent for VitalSignum to process your personal data.
- Object: You have a right to request that we stop processing your personal data on grounds relating to your situation.
You may exercise your rights by managing your account and profile in our data processing management system or, if that is not possible, by contacting us. Especially if you withdraw your consent or wish us to delete or stop processing your personal data, we may not be able to continue the data processing process with you.
If you are not satisfied with what we provide when you exercise your rights, you can let us know by contacting us. If you are still dissatisfied, you also have the right to lodge a complaint with a relevant supervisory authority.
7. Who Is the Controller of Your Personal Data?
VitalSignum of Kuortaneenkatu 2, 00510 Helsinki, Finland is the controller of your personal data. You may contact us also by using contact information provided in the applicable VitalSignum websites.
In matters pertaining to VitalSignum’s privacy practices you may also contact us or our Corporate Data Protection Officer at:
Privacy Protection Officer
8. Changes to This Statement
VitalSignum may change this Statement at any time with or without notice. However, if this Statement is changed in a material, adverse way, VitalSignum will post a notice advising of such change at the beginning of this Statement and in the data processing management system for 30 days. We recommend that you re-visit this Statement from time to time to learn of any such changes to this Statement.
I have read the VitalSignum Data processing Privacy Statement and I hereby grant my consent to VitalSignum processing my personal data in accordance with that VitalSignum Data processing Privacy statement. I have the right to withdraw my consent at any time by contacting VitalSignum.