Effective Date: 03-08-2022
The Untire® app is a registered medical device which helps cancer patients and cancer survivors improve cancer-related fatigue (ICD10 code R53.83 Fatigue) and associated quality of life.
The Untire® app (hereinafter, “Untire”) is brought to you by Tired of Cancer B.V. (hereinafter, “ToC BV”, “we”, “our”), with its registered office in Koningin Wilheminalaan 5, 3527 LA. ToC BV, is a data controller in accordance with the European General Data Protection Regulation (hereinafter, “GDPR”).
We attach great importance to the protection of your data. That is why your personal and sensitive health information is carefully handled, protected and compliant with the relevant legal caveats. We are certified for our high standard of Information Security (ISO 27001: 2013).
If you have any questions about your data or the protection of your privacy, please contact us at firstname.lastname@example.org.
Purpose of processing
When you use Untire, ToC BV collects, stores and uses personal, non-personal and sensitive health data (hereinafter, “data”). We collect this data for the following purposes:
– to provide our services in accordance with our user agreement (Terms or EULA)
– for communication purposes
– for contractual purposes
– for quality purposes and statistics
– to improve our services
– to scientifically evaluate our services
What is the basis for processing your personal data?
ToC BV will only process your data if this is permitted based on one of the bases in the GDPR. We rely on the following bases:
– Consent – Art. 6 § 1 lit. a GDPR
– Contract – Art. 6 § 1 lit. b GDPR
– Legal obligations – Art. 6 § 1 lit. c GDPR
– Our legitimate interest – Art. 6 § 1 lit. f GDPR
For some services you can give optional consent. This consent can be withdrawn at any time via the app settings.
Personal data collection at downloading
Certain information is processed automatically when you download Untire from the App or Playstore, including your:
- E-mail address
- Customer number of your account
- The time of download
- Individual device identification number
The processing of this data takes place exclusively via the respective app or play store, whereby Apple or Google are responsible for the processing in this case. This processing is therefore beyond our control.
Data when using Untire
All data that we collect with Untire is necessary for ToC BV to be able to offer the services you use (except for optional consent). The amount of data we collect is minimized as much as possible to protect your privacy. You are the only one who has access to your personal data.
- account details; We need some of your personal information, such as your email address (username), password and PIN code, to create your Untire account.
- e-mail address; Your email address will also be used to communicate with you through your account. For example, a welcome email or a password change.
- Personal Information
- Name; we will ask you for your first name or a pseudonym so that we can use it for communication purposes to personalize Untire.
- Device information
We collect information about your mobile phone, namely model, name and identifiers, device settings, application identifier and crash information.
- Event and usage data
When you use Untire, we process data to understand how you use our app, for example, which page in Untire you open or which button you have used. We collect this information and use it as aggregated data to better understand which features are most relevant or useful to our users overall.
- Location and language information
We use the regional settings of your chosen app or Playstore in combination with your phone’s country and language settings to determine your location and language settings. We use the location for country-specific requirements, for example, legal framework conditions and requirements.
- Health and sensitive data
- Health data app; we store health data, including your measurements, your energy input and your reflection steps.
For several components, you can give permission without obligation. You can always withdraw this permission via the app settings.
We occasionally send e-mails to remind, motivate and inform you to (continue to) use Untire.
- Push notifications
We occasionally send push notifications to remind, motivate, inform you to (continue to) use Untire.
- Service improvement
We collect additional data in order to further improve our services. For this specific data we request additional consent. All of this data will be processed anonymously.
You can use the App offline, after downloading the specific content. When online again the App will synchronize your data with the server. That means your own input such as journals and measurements as well as the content of the App are stored both locally on your device as on the ToC server.
How do we process your data?
Security & Compliance
We do our very best to protect ToC BV and the App from unauthorized access, disclosure or destruction of data held by us.
- We are in compliance with (ISO 27001: 2013). This standard sets specific requirements for the security measures and prescribes how safety risks should be assessed and dealt with.
- We have implemented the appropriate technical and organizational measures and procedures in such a way that ensures the protection of your rights, and always in accordance with applicable data protection law.
- In case of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data, ToC BV will inform you of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.
Storing & Transfer of data
- Your data will be stored encrypted on your phone and on our secure servers that is accessible by you as a user only. This enables us to provide you our services and enables you to have an online backup and to synchronise your data between devices.
- Your data is hosted by True BV, Keienbergweg 100, 1101 GH Amsterdam. True is in compliance with ISO 27001, ISO 9001, NEN 7510 and has prepared ISAE 3402 type I and II reports. All standards have the aim to secure your data.
- Our servers run a day incremental backup and a weekly full backup, allowing us to keep your data safe in case of an unforeseen event in which your data has been lost, deleted, corrupted, etc.
- Your data is transferred from your device to our server using HTTPS and TLS for encryption. This means that all information that is sent remains confidential and is not legible by third parties.
- We will automatically delete your account (when available) and personal data after a year of not using the App. You will receive, 1 month prior to the deletion, a request to take action (to preserve your account) or not (so we delete your account).
Sharing & Third parties
- Untire does NOT automatically share your data with third parties, except the following contracted third parties or situation:
- Storage, and backup services are outsourced to True BV.
- Pushnotifications are outsourced to Kumulos Ltd. Push notifications can be enabled by optional consent.
- Email services are outsourced to Spotler BV. E-mail messages can be enabled by optional consent.
- Only when you explicitly give permission for sharing, ToC can share some information in specific situations. This will be thoroughly explained per situation whether you agree and what information is involved.
- Untire does NOT sell your data with third parties, nor will we allow third parties to use your data for their own purposes.
Data transfer to third countries
ToC BV does not transfer your personal data to third countries.
You are the owner of your own data. Always.
You can always approach us to exercise your rights, whereby in some cases you may do so independently as set out below. Keep in mind we need to do a form of identification. We aim to respond within one month in case you contact us. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see https://ec.europa.eu/info/law/law-topic/data-protection_en).
Right to rectification
You can always review and modify your Name and E-mail address by using the App settings. It is not possible to modify your Login, due to technical complications. The only option is to delete your Personal Data (see hereunder).
You can always review and modify your entries such as your measurements, goals, the vase and (diary) notes through the Untire app. You can only change your measurements, goals and the vase once every 7 days. This is because it is part of the therapeutic programme.
Right to be forgotten
You may delete your personal data at any time by using the in-App function “Forget me”. After consent, we will delete all personal data. This process cannot be made undone. After deletion, you can remove the app from your device.
Please note that uninstalling the app does not delete your data.
Right of access and data portability
You can download your personal data from the App at any time, so you are in control of your own data. You could reuse it somewhere else.
We offer the possibility to download your data as readable format in PDF and as machine-readable format in .CSV and through so called FHIR profiles.
Right to restriction of data processing
If you are of the opinion that your data is possibly incorrect, the processing is unlawful, we no longer need your data or you wish to object, please send us an e-mail to email@example.com.
Right to a human perspective on decisions
Untire does not use automated decision-making and profiling.
Right to object (but also questions, feedback or complaints)
If you have any feedback, questions, complaints or objections regarding your rights and personal data, please contact us at firstname.lastname@example.org.
Keeping your data safe is not just the sole task of ToC BV. Security is a matter of all involved parties, and that includes you. It is in your own best interest to ensure that your information is processed in a safe, responsible and legitimate manner, so keep the following in mind:
- Keep your phone secured with a screenlock and password.
- Secure Untire by creating an account and make use of a PIN-code or fingerprint authentication to login easily and securely.
- Make sure your devices and software are always up to date.
- About your password: the more complex, the better. And of course, make it unique.
- The Untire app is only for adults aged 18 and above. If you are aware of a child (18-) accessing the app and providing personal data without parental consent, please report this via email@example.com.
Tired of Cancer BV
Koningin Wilhelminalaan 5
3527 LA Utrecht – Utrecht
Name: A. Aukes Msc.
Koningin Wilhelminalaan 5
3527 LA Utrecht – Utrecht