Biospectal Privacy Policy
EFFECTIVE DATE: June 19, 2024
This Privacy Policy (“Policy”) describes how Biospectal SA (“we,” “us,” or “our”) collects, uses, and discloses information that we obtain about your use of the Biospectal OptiBP™ app (“the App”) that runs on your mobile device.
YOU SHOULD NOT USE OptiBP IF YOU DO NOT AGREE TO THIS PRIVACY POLICY.
This Privacy Policy applies to all personal uses of our app globally.
By using or downloading the App, you understand and explicitly agree that your personal information and personal data, including any personal data about your health that you provide directly to us or that we collect through your use of the App, will be processed by us in accordance with this Privacy Policy and may be transferred to and stored in the United States.
If you are an EEA user (European Economic Area), we store your information in the European Union.
As an internationally operating company, the EU General Data Protection Regulation (“GDPR”) is important to us in addition to the Swiss data protection regulations. We have aligned this Privacy Policy with the stricter standard of the GDPR.
We are controller within the meaning of the GDPR, who determines the purposes and means of processing personal data. All contact addresses can be found at https://www.biospectal.com/about-us/. If you have any questions regarding data protection, please do not hesitate to contact us:
Biospectal, SA
Chemin du Calvaire 7
1005 Lausanne
Switzerland
Our data protection officer can also be reached via email at [email protected]
What types of personal data do we collect?
We collect information and personal data directly from you, from devices and third party services you connect, as well as automatically through your use of our App. When you create a profile to use the App, we collect the information and personal data you provide us, including your name, gender, height, and birthdate. We also collect any additional information you choose to add to your profile, including: weight, body mass index (BMI), whether you are a smoker or non-smoker, medical conditions, information related to medications you are taking, patient ID, and activity levels.When you access our website, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e .g. in the course of a registration or request). When you visit a Biospectal website, that website may contain additional information about how we use your information while you are visiting that website.
- Communication
When you contact Biospectal directly, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide. - For which purposes do we process personal data?
We process your information, including your personal data, for the following purposes:
- When you install and use our App, we collect your device ID. This unique identifier helps us to analyze the effectiveness of our advertising campaigns and understand how users interact with our App.
- When you create a profile to use the App, you provide us your personal data as described in section 1.
- To provide our App to you, to communicate with you about your use of our App, to respond to your inquiries, and for other customer service purposes.
- When you use the App, we process the personal data that is transferred from the App to us, which includes optically obtained Plethysmogram that can be used to estimate your blood pressure (as further described in the Terms of Use).
- To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the App.
- To research and develop new products and features, to the extent permitted by law and, where required, with your consent.
- For marketing, promotional and informational purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving these emails at any time as described below.
- To better understand how users access and use our App, both on an aggregated and individualized basis, in order to improve our App and respond to user desires and preferences, and for other analytical purposes.
- To tailor the content and information that we may send or display to you, to understand if a recorded PPG signal (Photoplethysmography) is your personal data or a guests’ data, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the App.
- To administer surveys and questionnaires.
- To comply with legal and regulatory obligations and responsibilities, as part of our general business operations, and for other business administration purposes.
- Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.
- On which legal basis and for which purposes do we process personal data?
Depending on the purpose of the processing activity (see section 3 above), the processing of your information and personal data will be one of the following:- necessary for the legitimate interests of Biospectal, without unduly affecting your interests or fundamental rights and freedoms (see below);
- necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in sections 2(i)-(iii) (as well as certain of the data disclosures described in section 4);
- required to meet our legal or regulatory responsibilities, including when we conduct the checks to identify you and make the disclosures to authorities, regulators and government bodies referred to in sections 2(10) below;
- in some cases, necessary for the performance of a task carried out in the public interest;
- when we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and
- processed with your consent which we obtain from you from time to time (for instance where required by law), or processed with your explicit consent in the case of special categories of personal data such as your medical information.
- Examples of the ‘legitimate interests ‘ referred to above are:
- pursuing certain of the purposes in sections 2(5)-(7);
- exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property;
- when we make the disclosures referred to in section 5 below, providing products and services and assuring a consistently high service standard, and keeping our customers, employees and other stakeholders satisfied; and
- meeting our accountability and regulatory requirements around the world, in each case provided such interests are not overridden by your privacy interests.
- Who has access to personal data and with whom are they shared?
We may share your information, including without limitation personal data, as follows:- Biospectal Third-Party Partners. With your consent, we may share information from the App with other third-party partners, including your personal information and data collected from your devices.
- Your Healthcare Providers Or Family. With your consent, we may share your information, including information collected from your connected devices, with your healthcare providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
- Clinical Trial Studies. With your consent, physicians and staff of clinical trial programs may use the App as a means of collecting data for the trial study. If the App is used as part of a clinical trial study, we will use and share information about the clinical trial collected through the Service in accordance with our agreement with the clinical trial program and any privacy notices provided to you as part of the clinical trial program.
- Other Health-focused Mobile Apps. With your consent, we may share your profile information and data collected from your connected devices with other health-focused mobile applications installed on your mobile device to help you track your health and wellness information. If you share your information with these apps, your personal information, including your health information, will be used in accordance with privacy policies for those separate apps, not this Privacy Policy.
- Aggregate and De-Identified Information. We may share aggregate or de-identified information with third parties for regulatory compliance purposes, when required. This information cannot be used to identify any individual. Its purpose is solely to fulfill the legal reporting requirements for medical devices.
- Health Researchers. We may share data collected through the App with healthcare researchers and other research organizations, including de-identified profile information and data collected from your connected devices. For example, we may share information such as your gender, height, weight, information about medications you have provided, and data from your connected devices, but we will not share your name or other information that could identify you.
- Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.
- Service Providers. We may share your information with third-party vendors, service providers, contractors or agents who perform service functions needed by us to run the business, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this Policy and any other appropriate confidentiality and security measures.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.
- In Response to Legal Process. We may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
- In response to a regulatory or legal obligation: If required from time to time, we disclose personal data to public and judicial authorities, regulators or governmental bodies and in proceedings, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.
- To Protect Us and Others. We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which Biospectal is involved.
- Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our App. We use these tools to help us improve our App, performance, and user experiences.
- International transfers of personal data
- The Recipients referred to in section 5 above can be located outside Switzerland. In those cases, except where the relevant country has been determined by the EU or Switzerland to provide an adequate level of protection, Biospectal puts in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules.
- You may request additional information in this respect and obtain a copy of the relevant safeguard by contacting us at the address at the end of this notice. Where Biospectal transfers personal data to service providers, we rely on the standard contractual clauses approved by the European Commission or Switzerland.
- How long do we store your data?
- We will only retain your information, including without limitation personal data, for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
- How do we safeguard your data?
- We implement appropriate technical and organizational measures to safeguard your information against unauthorized or unlawful access, accidental loss, destruction, damage, alteration, or disclosure. These measures include encryption, access controls, and regular security risk assessments.
- Cookies
- Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings, or you can opt-out of targeted advertising through cookies by visiting networkadvertising.org/choices or aboutads.info/choices. Because there is not yet a common understanding of how to interpret Do Not Track signals, we are unable to respond to Do Not Track requests from browsers, however we are monitoring for updates and will revisit this policy once a common standard is established.
- Third-Party Links
- Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
- Security of My Personal Information
- We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
- You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
- What Choices Do I Have Regarding Promotional and Informational Emails
- When you create a profile to use the App, you provide us your personal data as described in section 1.
- To provide our App to you, to communicate with you about your use of our App, to respond to your inquiries, and for other customer service purposes.
- When you use the App, we process the personal data that is transferred from the App to us, which includes optically obtained Plethysmogram that can be used to estimate your blood pressure (as further described in the Terms of Service).
- Users Under 18
- Our services are not designed for users under 18. If we discover that a user under 18 has provided us with personal information, we will delete such information from our systems.
- Your California Privacy Rights
- This Privacy Policy complies with the California Consumer Privacy Act (CCPA), which requires that we provide California residents with notice that you have the right to:
- opt-out of the sale of personal information,
- know about personal information collected, disclosed or sold,
- to request deletion of personal information, and
- to be treated without discrimination should you exercise these rights.
- This Privacy Policy complies with the California Consumer Privacy Act (CCPA), which requires that we provide California residents with notice that you have the right to:
- More Information
- More information regarding the: sources from which we collect personal information can be found above in the section titled “The Information We Collect About You”; business and commercial purposes for which we collect your personal information can be found above in the section titled “How We Use Your Information”; categories of recipients with whom personal information is shared or sold can be found in the section above titles “How We Share Your Information.”We do not sell any personal information collected from your use of the Biospectal App. We do use cookies on our website that collect and share information collected from your browser for behavioral targeting which is a “sale” under the CCPA. We will not do this if you click the “Do Not Sell My Personal Information” link on the website. In addition you can opt out of all collection of your data for behavioral advertising by visiting networkadvertising.org/choices or aboutads.info/choices.To make a request under the California Consumer Privacy Act, or for any questions or concerns about our Privacy Policy or practices, please contact us at [email protected].
GDPR – Rights For EEA Users and Biospectal’s Capabilities for Worldwide Users
- Personal Information Rights
Individuals located in the European Economic Area (EEA) have certain rights in respect of your personal information. Biospectal will provide the capabilities to exercise these certain rights to all our worldwide users, including:- the right of access to your personal data;
- the right to correct or rectify any inaccurate personal data;
- the right to restrict or oppose processing of personal data;
- the right to erase your personal data; and
- the right to personal data portability.
- We rely on your consent as a lawful basis processing personal data for the following purposes:
- initial collection of personal data through the App;
- providing you with marketing or promotional communications. You may opt out of such communications at any time by clicking the “unsubscribe” link found within Biospectal email updates and changing your contact preferences.
- We process personal data in order to perform our contract with you.
- Additionally, we process personal data based on our contractual obligations to provide you the App as described in the section 3, including:
- To enable the App to function as expected;
- To communicate with you in response to customer service inquiries, to deliver non-promotional, service-related emails, or to administer surveys and questionnaires; and
- To tailor your experience based on your general region. For example, we process Clinical Interpretation Service requests from EEA-based users through an EEA-based Clinical Interpretation Service partner.
- In some cases, Biospectal may process personal information pursuant to a legal obligation or to protect your vital interests or those of another person.
- For EEA users only per GDPR requirements, you can turn off cloud storage by going to settings and toggling the switch to “off”. If you do turn off this functionality none of your PPG data will be stored on the cloud; Biospectal will be unable to retrieve this data and will not send out reports, for example, monthly reports under premium services.
- This Privacy Policy May Not Apply to All EEA Users. This Privacy Policy does not apply to EEA users using the App under direction from a physician and where the physician and the patient have an agreement between them covering the use of the App; in such a case the physician or his/her institution controls data collected from/by the App, and the physician’s or his/her institution’s privacy policy will apply, not this Privacy Policy.
- How May I Exercise My Individual Rights?
Biospectal users whose data is governed by this Privacy Policy located worldwide may access and update their personal information as follows:- Account holders may access and update personal information through their account settings in the Biospectal App;
- Account holders may exercise their rights to data deletion and data portability by contacting Biospectal’s Data Protection Officer at [email protected].
- Biospectal does not retain any personal data or information from users who do not create Biospectal profiles.
- Please note that Biospectal may request additional information from you to verify your identity before we disclose any personal or account information.
- Contact Us
If you have questions about our privacy practices, please contact us at [email protected]Biospectal SA
Attn. PrivacyChemin du Calvaire 7
1005 Lausanne
Switzerland
If you are an EEA customer and are unable to reach Biospectal at the contact information provided above regarding your issue, you have the right to contact your local Data Protection Authority.
- Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.