Cookie Consent by TermsFeed Generator

PMcardio Privacy Notice

Effective date: April 21, 2021

 

This privacy notice outlines how We collect and process personal data as part of your use of the Application (the “Application”) and provides further information relating to compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR).

Please see also the Terms and Conditions of Use of PMcardio (the “Terms”) and the General Privacy Notice which outlines the general data protection practices and further uses of personal data by POWERFUL MEDICAL available here.

1

Responsibility

We, POWERFUL MEDICAL s. r. o., with registered seat at Bratislavská 81/37, 931 01 Šamorín, ID No. 50 948 431, registered with the commercial register maintained by the District Court Trnava, section Sro, file No. 46781/T (“POWERFUL MEDICAL”, “We” or “Us”) in general process personal data on behalf of a physician or other healthcare professional (the “User”) in order to provide to the User the functionality of the Application. In this regard, We act as a data processor and the User acts as data controller. Please see section 2.2(a) of this Privacy Notice for further detail.

There are additional activities, where We are the data controller. In particular, the use of personal data for administration of the Application, its use and further research. Please see section 2.2(b) to (d) of this Privacy Notice for further detail.

2

Terms of Processing of Personal Data

2.1

How Do We Collect Data

We develop and operate the Application. The Application is an AI-powered assistant, which digitizes ECG recordings, provides comprehensive analyses, reports and recommendations to the User.

Within the Application the User scans ECG recordings of individuals selected by the User (e.g. volunteers, patients) uploads the image to our severs, where our AI algorithms digitize, analyze, and interpret the ECG recording for further analysis. With assistance of a specialist-cardiologist, a treatment recommendation can be provided.

More details about the functionality can be found at powerfulmedical.com/product.

2.2

Processing Particulars

We process personal data for following purposes:

(a)

Operation of the Application, which consists of scanning, digitization, segmentation, reporting and suggesting recommendations.

  • Roles: In relation to this purpose, POWERFUL MEDICAL acts as a processor and the User acts as a controller. As such, the User is accountable for ensuring the provision of appropriate information to the underlying data subject and evidencing the right legal basis (e.g. consent or legal obligation to process personal data).
  • Legal basis: We process personal data on the basis of a data processing agreement concluded between Us and the User under Article 28 of the GDPR.
  • Data subjects: Such individuals as the User determines (e.g. volunteers, patients).
  • Categories of data: data provided by the User, in particular identifier, patient’s birth number, ECG scan, comorbidities, age, sex, height, smoking / alcohol / medication used.
  • Retention period: Minimum duration necessary to achieve purpose of processing of the User. Deletion will be undertaken upon request by the User as the data controller.

(b)

Research and development. Using de-identified data (data which does not allow identification of the underlying individual) for scientific research relating to the development and improvement of artificial intelligence and other technologies used in the Application. This is an essential part of developing cutting edge technologies and supporting the improvement of accuracy and quality of the Application.

  • Roles: POWERFUL MEDICAL acts as a controller.
  • Legal basis: Legitimate interest of the controller under Article 6(1)(f) and Article 9(2)(j) of the GDPR consisting in research of artificial intelligence. The processing is necessary for further development of the Application, its algorithm and software.
  • Data subjects: Individuals whose data has been uploaded by the User.
  • Categories of data: de-identified data (data which does not allow an identification of the underlying individual) such as ECG image, comorbidities, age, sex, height, smoking / alcohol / medication used.
  • Retention period: Data is kept in de-identified form for such time as needed to achieve the purpose.

(c)

Administration of the Application, such as setting up accounts for Users of the Application.

  • Roles: POWERFUL MEDICAL acts as a controller.
  • Legal basis: The processing is necessary for the performance of a contract to which data subject is a party under Article 6(1)(b) of the GDPR.
  • Data subject: The User or its representatives.
  • Categories of data: identification, contact details, workplace, specialization.
  • Retention period: Data is kept until (i) customer’s account in the Application is deleted; (ii) mandatory retention periods are met (e. g. accounting); (iii) other regulatory or legal requirements are met.

(d)

Analysis of User interaction with the Application.

  • Roles: POWERFUL MEDICAL acts as a controller.
  • Legal basis: Legitimate interest of the controller under Article 6(1)(f) of the GDPR consisting in the development and improvement of the Application.
  • Data subject: The User or its representatives.
  • Categories of data: data regarding length of User actions (e.g. duration from report request to successful report generation, duration of image creation, upload speeds based on device type), User interaction with objects within the Application (e.g. repeated attempts after occurrence of issues, the use of search, sharing or other functionalities); behavior flow (e.g. sequence of actions taken by the User, repetitions of User actions).
  • Retention period: Data is kept for such time as needed to achieve the purpose.

2.3

Transfer to Third Countries and Recipients

If the User selects the specialized cardiologist consultation functionality within the Application, the Personal Data as outlined in Section 2.2(a) above will be shared with another User who is a specialized cardiologist. If the User selects to use the chat service functionality, the Personal Data as outlined in Section 2.2(a) above will be shared with another User who can be any medical professional of User’s choice (e.g. nurse, paramedic, general practitioner, specialist, etc.).

Personal data is not transferred outside of European Economic Area (EEA), with the exception of countries recognized by the European Commission as providing adequate protection. A full list of such countries is accessible here.

If you reside, are based or operate the Application from a country outside of the EEA, the Personal Data from such use will be transferred to the EEA.

We will not provide Personal Data to any third party other than (i) as necessary to perform activities outlined in the Terms, including our suppliers who provide services to us; (ii) in accordance with the documented instructions of the User; (iii) within entities affiliated to Us by common control, management or ownership, (iv) as part of a merger, acquisition or other investment by a third party into Powerful Medical, or (v) as required to comply with the GDPR or other laws to which We are subject, in which case We shall (to the extent permitted by law) inform the User of that legal requirement before processing personal data.

2.4

No automated decision-making system, profiling

The system consists of the Application, which accesses algorithms in the backend, which then process and evaluate the ECG scan and other relevant data. Although this process is automated and We will provide the User with a resulting analysis of the data, no decision made by the automated decision-making system will have a legal impact on the data subject. Any and all decisions about or related to the data subject must be made by the User personally.

2.5

Obligation to provide personal data

Provision of any personal data is not an obligation and the data subject may freely refuse. However, failure to provide personal data would result in the impossibility to use the Application and benefit from it.

2.6

Retention

The Company will retain data for as long as identified in section 2.2 “Processing Particulars”. After such time, or where relevant upon request, we will delete the relevant data without undue delay. Please note that although the secure and complete erasure from our back-ups may not be immediate, we will ensure that it is done as soon as technically feasible.

3

Rights of data subjects

As a data subject, you have a number of rights listed below. Please note the following important information:

  • Where We act as a processor (Section 2.2(a) above), any request shall be addressed to the User – as a controller, they are responsible to respond to any requests. We will provide our assistance to ensure your rights are fulfilled.
  • For any de-identified information (Section 2.2(b) above), We will not hold any directly identifiable data and it will be technically impossible to link the data to any individual. We may therefore not be in a position to identify you as a data subject about whom We would hold personal data.

Data subjects have the following rights (subject to the rules contained in the GDPR and other applicable legislation):

  • Right to access: Data subjects have the right to request a copy of their personal data.
  • Right to rectification: Data subjects have the right to request to correct any inaccurate information.
  • Right to erasure: Data subject have the right to request erasure of their personal data, under certain conditions.
  • Right to restrict processing: Data subjects have the right to request restriction of processing of their personal data, under certain conditions.
  • Right to object to processing: Data subjects have the right to object to processing of their personal data, under certain conditions. This applies in particular for processing under Section 2.2(b) and (d).
  • Right to portability: Data subjects have the right to request transfer of their personal data to another organization, or directly to them, under certain conditions.
  • Right to file a complaint with the relevant authority: Data subjects have the right to file a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovak Republic, statny.dozor@pdp.gov.sk.

In order to exercise their rights, data subjects can contact our Data Protection Officer at dpo@powerfulmedical.com.