Get access
Effective date: June 29, 2023

PMcardio Privacy Notice

This privacy notice outlines how We collect and process personal data as part of your use of the  Application and PMcardio Web Platform (the “Services”) and provides further information relating to compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).

Please see also the Terms and Conditions of PMcardio (the “T&C”) and the General Privacy Notice which outlines the general data protection practices and further uses of personal data by POWERFUL MEDICAL available here.

Capitalised terms have the meaning defined in T&C, unless this Privacy Notice provides otherwise.

  1. Responsibility
    1. We, POWERFUL MEDICAL s. r. o., with registered seat at Bratislavská 81/37, 931 01 Šamorín, ID No. 50 948 431, registered with the commercial register maintained by the District Court Trnava, section Sro, file No. 46781/T (“POWERFUL MEDICAL”, “We” or “Us”) in general process personal data on behalf of the Customer in order to provide to the Customer the Services. In this regard, We act as a data processor and the Customer acts as data controller. Please see section 2.2(a) of this Privacy Notice for further detail. 
    2. There are additional activities, where We are the data controller. In particular, the use of personal data for administration of the Application, its use and further research. Please see section 2.2(b) to (d) of this Privacy Notice for further detail.
  2. Terms of Processing of Personal Data
    1. How Do We Collect Data
      1. We develop and operate the Application. The Application is an AI-powered assistant, which digitizes ECG recordings, provides comprehensive analyses, reports and recommendations to the User. The Application and access to the Application is managed via PMcardio Web Platform. 
      2. Within the Application the User scans ECG recordings of individuals selected by the User (patients) uploads the image to our severs, where our AI algorithms digitize, analyze, and interpret the ECG recording for further analysis. Based on the ECG analysis, disease-specific patient history questions are generated. Upon answering the User is provided with a patient management recommendation.
      3. More details about the functionality can be found here.
    2. Processing Particulars
      We process personal data for the following purposes:
      1. Operation of the Application and PMcardio Web Platform – ECG digitization / ECG interpretation consisting of segmentation, analysis and diagnosis; patient management recommendation). 
        • Roles: In relation to this purpose, POWERFUL MEDICAL acts as a processor and the Customer acts as a controller. As such, the Customer is accountable for ensuring the provision of appropriate information to the underlying data subject and evidencing the right legal basis (e.g. consent or legal obligation to process personal data). 
        • Legal basis: We process personal data on the basis of a data processing agreement concluded between Us and the Customer under Article 28 of the GDPR. The applicable contract is the T&C which also contains data processing addendum. 
        • Data subjects: Such individuals as the Customer determines – User´s patients, Users and Institution Admins. 
        • Categories of data: Name, surname and contact details of Users and Institution Admins, as well as data provided by the User relating to patients, in particular ECG image, sex, age, patient’s personal number (optional), and futher data required to determine patient management recommendations. 
        • Retention period: Personal data will be retained in line with Customer’s instructions as the data controller. Deletion will be undertaken upon request by the Customer as the data controller. 
      2. Research to further improve the existing technologies – using provided ECG and related health data to improve the used technologies. All of the used data is de-identified and does not allow for identification of the patent. 
        • Roles: POWERFUL MEDICAL acts as a controller. 
        • Legal basis: Legitimate interest of the controller under Article 6(1)(f) and Article 9(2)(j) of the GDPR consisting in research of artificial intelligence. The processing is necessary for further development of the Application, its algorithm and software. 
        • Data subjects: Individuals whose data has been uploaded by the User. 
        • Categories of data: de-identified data of patients (data which does not allow an identification of the underlying individual) such as ECG image, sex, age, and further data required to determine patient management recommendations. 
        • Retention period: Data is kept in de-identified form for such time as needed to achieve the purpose. 
      3. Administration of the Application and PMcardio Web Platform – setting up User and Institution Admin account, verifying the status as healthcare professional, overall system administration, compliance with regulatory requirements, defense against legal claims.
        • Roles: POWERFUL MEDICAL acts as a controller. 
        • Legal basis: The processing is necessary for the performance of a contract to which the data subject is a party under Article 6(1)(b) of the GDPR, or processing is necessary for the pupose of legitimate interest under Article 6(1)(f) of the GDPR of the controller consisting in performance of contractual obligations, regulatory requirements and defense against legal claims. The applicable contract is the T&C which is concluded between Us and the Customer.
        • Data subjects: The Customer, User and Institution Admin. 
        • Categories of data: identification, contact details, workplace,  occupation, profile picture, billing and transactional information. 
        • Retention period: Data is kept until (i) Customer’s account in the Application or PMcardio Web Platform is deleted; (ii) mandatory retention periods are satisfied (e. g. accounting); (iii) in case of other regulatory, legal requirements or litigation, kept until resolution of such requirements or litigation.
      4. Medical device vigilance – Protecting and improving safeguards for patients, Users and others by preventing the likelihood of recurrence of incidents. 
        • Roles: POWERFUL MEDICAL acts as a controller. 
        • Legal basis: In accordance with Article 6(1)(c) of the GDPR, processing is necessary for compliance with a legal obligations (EU MDR 2017/745) to which POWERFUL MEDICAL is a subject. 
        • Data subjects: Users, patients. 
        • Categories of data: data of patients such as ECG image, sex, age, and futher data required to determine patient management recommendations; name, surname and occupation of Users.
        • Retention period: Data is retained during period stipulated by law, which is 10 years.
    3. Transfer to Third Countries
      1. We store and process personal data within the European Economic Area (the “EEA”) or within countries recognized by the European Commission as providing adequate level of protection of personal data. We may, however, transfer personal data to countries outside the EEA in the following circumstances:
        1. If the User resides, is based or operates the Application from a country outside of the EEA, the Personal Data from such use will be transferred to the EEA and back to the User;
        2. In the limited circumstances where We use subprocessors who are located outside of the EEA; and
        3. If We share personal data to other recipients strictly as necessary and in accordance with the T&C or the Privacy Notice.
      2. Any transfer of personal data outside of the EEA is undertaken in compliance with the GDPR, in particular Chapter V of the GDPR and subject to the conclusion of Standard Contractual Clauses.
      3. If you reside, are based or operate the Application from a country outside of the EEA, the Personal Data from such use will be transferred to the EEA. 
    4. Recipients
      1. We will not provide personal data to any third party other than (i) as necessary to perform activities outlined in the T&C, including our suppliers acting as subprocessors, who provide services to us, such as authentication, customer support; (ii) in accordance with the documented instructions of the Customer; (iii) within entities affiliated to Us by common control, management or ownership, (iv) as part of a merger, acquisition, investment by a third party or change of corporate structure of Powerful Medical, or (v) as required to comply with the GDPR or other laws to which We are subject, in which case We shall (to the extent permitted by law) inform the Customer of that legal requirement before processing personal data. 
    5. No Automated Decision-Making System, Profiling
      1. The Application accesses algorithms in the backend, which then process and evaluate the ECG scan and other relevant data. Although this process is automated and We will provide the User with a resulting analysis of the data, no decision made by the automated decision-making system will have a legal impact on the data subject. Any and all decisions about or related to the data subject must be made by the User personally.
    6. Obligation to Provide Personal Data
      1. Provision of any personal data is not an obligation and the data subject may freely refuse. However, failure to provide personal data would result in the impossibility to use the Application and benefit from it.
    7. Retention
      1. The Company will retain data for as long as identified in section 2.2 “Processing Particulars”. After such time, or where relevant upon request, we will delete the relevant data without undue delay. Please note that although the secure and complete erasure from our back-ups may not be immediate, we will ensure that it is done as soon as technically feasible. 
  3. Rights of Data Subjects
    • As a data subject, you have a number of rights listed below. Please note the following important information:
    • Where We act as a processor (Section 2.2(a) above), any request shall be addressed to the User – as a controller, they are responsible to respond to any requests. We will provide our assistance to ensure your rights are fulfilled. 
    • For any de-identified information (Section 2.2(b) above), We will not hold any directly identifiable data and it will be technically impossible to link the data to any individual. We may therefore not be in a position to identify you as a data subject about whom We would hold personal data. 
    • Data subjects have the following rights (subject to the rules contained in the GDPR and other applicable legislation):
    • Right to access: Data subjects have the right to request a copy of their personal data. 
    • Right to rectification: Data subjects have the right to request to correct any inaccurate information.
    • Right to erasure: Data subjects have the right to request erasure of their personal data, under certain conditions.
    • Right to restrict processing: Data subjects have the right to request restriction of processing of their personal data, under certain conditions.
    • Right to object to processing: Data subjects have the right to object to processing of their personal data, under certain conditions. This applies in particular for processing under Section 2.2(b) and 2.2(c).
    • Right to portability: Data subjects have the right to request transfer of their personal data to another organization, or directly to them, under certain conditions. 
    • Right to file a complaint with the relevant authority: Data subjects have the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovak Republic, statny.dozor@pdp.gov.sk; or, for data subjects located in the United Kingdom, with the Information Commissioner’s Office of the United Kingdom.

In order to exercise their rights, data subjects can contact our Data Protection Officer at dpo@powerfulmedical.com.

Ready to get started?

Get access

Powerful Medical is redefining the landscape of medical diagnostics with its AI-driven solutions. The company’s certified PMcardio platform revolutionizes the way cardiovascular diseases are detected, offering rapid and accurate diagnostics that pave the way for timely and effective treatment.

Products

Company

Resources

Legal

Envelope Linkedin-in Instagram Facebook-f

© Powerful Medical 2024

Privacy

&

Cookies

Legal

PMcardio is CE-marked as class IIb medial device under EU MDR and only certified for marketing in the European Union and the United Kingdom. PMcardio technology has not yet been cleared by the US Food and Drug Administration (FDA) for marketing in the USA. Not all modules of the PMcardio platform may be available in your region.

 

Prior to use, reference the Instructions for Use, for more detailed information on Indications, Contraindications, Warnings, Precautions and Adverse Events.

PMcardio is CE-marked as class IIb medial device under EU MDR and only certified for marketing in the European Union and the United Kingdom. PMcardio technology has not yet been cleared by the US Food and Drug Administration (FDA) for marketing in the USA. Not all modules of the PMcardio platform may be available in your region. Prior to use, reference the Instructions for Use, for more detailed information on Indications, Contraindications, Warnings, Precautions and Adverse Events.

Sign up