PRIVACY POLICY
Effective date: April 8, 2019
Joda Blood Pressure mobile application (the “service”) is provided and operated by UniComs Switzerland GmbH - Sofia Branch (“us”, “we”, “our”).
This privacy policy informs you of our policies regarding the collection and processing of personal data when you use our service.
If you choose to use our service, you agree to the collection and processing of personal data in accordance with this privacy policy. Thus, please read it carefully.
DEFINITIONS
Personal data means any information relating to a natural person (“data subject”), who can be identified, directly or indirectly, from those data.
Data subject is any natural person who is the subject of personal data.
User is the natural person using our service and corresponds to the data subject, who is the subject of personal data if choosing to use the service via a personalized user account.
Data controller means a natural or legal person, who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. For example, service providers such as internet, hosting and other service providers.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Third party means a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor and persons who, under the direct authority of the data controller or data processor, are authorised to process personal data.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Cookies are small pieces of data stored on a user’s device.
DATA CONTROLLER
UniComs Switzerland GmbH - Sofia Branch as the owner, provider and operator of the service is the data controller of your personal data, which you provide to us by using the service.
UniComs Switzerland GmbH - Sofia Branch is a Bulgarian company having its registered address at 118, Bulgaria Bulvd., Abacus business center, 5th floor, Sofia 1618, Bulgaria.
DATA PROCESSORS
To be able to provide our service to you, we work with service providers that host, operate and maintain the technical infrastructure used by the service.
We may share your account information, including your e-mail address and personal data, with such service providers only for the purpose of providing our service to you and delivering service communications to you.
These service providers perform the tasks assigned to them on our behalf acting as data processors. As data processors they are obligated to keep all information confidential and not to disclose or use the information they have access to for other purpose than performing the tasks assigned to them on our behalf.
In case we decide to work with service providers outside the EU or EEA to provide the service to you, we make use of the EU-US Privacy Shield Framework, EU-approved standard contractual data protection clauses and other legal mechanisms to ensure the same level of data protection as according to the General Data Protection Regulation.
THE DATA WE COLLECT FROM YOU AND WHY
You can use our service by either registering and creating a personalized user account or choosing not to register, i.e. using the service as anonymous user and staying anonymous.
If you chose to use the service as anonymous user, without registering and creating a personalized user account, we collect from you following data:
Mandatory data:
- Mobile device information and location information: device-specific information and unique device identifiers such as the type of mobile device you use, your mobile device unique ID, your mobile operating system and GPS position. We do not collect the IP address of your mobile device and all data about your location is aggregated non-personally identifiable information, which guarantees your anonymity.
Non-mandatory data:
- Data regarding your blood pressure and pulse, including regarding irregular or abnormal heart beats and any other data, which you decide to enter into the service.
If you chose to use the service by registering and creating a personalized user account, we collect from you following data:
Mandatory data:
- Mobile device information and location information: device-specific information and unique device identifiers such as the type of mobile device you use, your mobile device unique ID, your mobile operating system and GPS position. We do not collect the IP address of your mobile device and all data about your location is aggregated non-personally identifiable information, which guarantees your anonymity.
- Your e-mail address
Non-mandatory data:
- Data regarding your blood pressure and pulse, including regarding irregular or abnormal heart beats, which you enter into the service.
- Other data which you may decide to enter into the service, such as date of birth, gender, height, weight.
- You may also give the service permission to connect to your mobile device and collect from it data regarding your sleep and how many steps per day you walk.
By any time, you can switch from an anonymous user account to a personalized user account. Your data from your anonymous user account will be linked to your personalized user account.
Your mobile device information and location information is used by us for identification within the service in an anonymized manner and for abuse prevention.
Your e-mail address is used by us for user authentication and identification, notifications and account alerts.
All other data you enter into the service is saved by us on the Joda cloud so that you can access it. It is kept private according to this privacy policy.
We do not use your data for any automatic decision making or profiling and we do not send you marketing messages.
SOURCE OF DATA
Mobile device information and location information is collected from the web browser during use of the service.
All other data and account information is entered by you into the service or provided by you while creating your user account.
LAWFULNESS OF DATA PROCESSING
We collect and process data:
- to be able to provide the service to you as part of the agreement with you, based on your consent to the terms of use of our service and the present privacy policy. you can choose to delete your account and revoke your consent at any time.
- to comply with a legal obligation to which we are subject.
- to protect the vital interests and personal safety of the users of the service or the public.
- to protect our legitimate interests, including to protect against legal liability.
STORAGE AND SAFETY OF DATA
In order to protect you against possible data loss, all data you enter into the service is saved by us on the Joda cloud. The Joda cloud is a private, locked and fully encrypted database, containing all data of the users /both, registered and anonymous users/ of the service and is hosted in a secure environment in the EU.
Your data is protected by encryption both online and offline. So-called data at rest – offline data, stored in the database on the Joda cloud, is encrypted and in case of unauthorized access to it, the data in it cannot be used and linked to a specific user. Data in transit, which runs online between the database and the mobile device of the user where it is unlocked, is also encrypted and transmitted to you in a secure way. Only a breakthrough in both - the software and the database can lead to leak of data in transit.
Once the data in transit is delivered to your mobile device where it is unlocked, the access to it is controlled through your account. Thus, make sure to pick a strong and unpredictable password and to change it regularly to prevent unauthorized access to your data via your account.
RETENTION OF DATA
We retain data as long as necessary to provide the service to you or as required by law to comply with legal obligations to which we are subject and to protect our legitimate interests.
You can request deletion of your account and associated data at any time.
After you close and delete your account, we keep your data in encrypted form for the period of 1 year, to be able to provide it to you upon your request. After expiry of the 1-year period we deem your data as no longer required by you and proceed with its pseudonymisation so that it can no longer be attributed to you as a specific data subject.
DISCLOSURE OF DATA TO THIRD PARTIES AND DISCLOSURE OF DATA TO THIRD PARTIES OUTSIDE THE EU & EEA
We do not share your data with third parties. Data you enter into the service is always private.
Nevertheless, in the event of a search warrant, court order or a legal obligation to which we are subject we may be forced to disclose data to the competent authorities.
Our service gives you the opportunity:
- to export and share your data with third parties, for example with your physicians.
- to synchronize your data with Apple Healthkit if your mobile device uses iOS operating system.
- to synchronize your data with Google Fit if you if your mobile device uses Android operating system.
If you decide to use these options and share your data with third parties, please note that we have no control over and assume no responsibility for the content, privacy policies or practices of any third parties and/or their services, with which you might decide to share your data.
Prior sharing your data with any third parties, please make sure to read carefully their privacy policies first, including Apple Protecting User Privacy and Google Privacy & Terms
COOKIES AND ADVERTS
We do not use cookies to track you.
For your comfort and safe use, we do not allow advertisers to provide adverts to our service and mobile application.
CHILDREN'S PRIVACY
Our service does not address anyone under the age of 13 (a “child”).
We do not knowingly collect personally identifiable information from children. If we become aware that we have collected personal data from children without verification of parental consent, we immediately delete this information from our servers.
If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately to be able to do necessary actions.
CHANGES TO THIS PRIVACY POLICY
We may update our privacy policy from time to time and update the "effective date" at the top of this privacy policy.
We will notify you of any changes via email or notice by our service. Nevertheless, you are advised to review this privacy policy periodically for any changes as all changes to this privacy policy are effective when they are posted publicly.
LINKS TO OTHER SITES
This privacy policy and/or our service may contain links to other sites that are not operated by us. Please note that if you click on a third party link, you will be directed to that third party's site. The use of third party's sites is at your sole risk and we strongly advise you to review the privacy policy of every site you visit first as we have no control over and assume no responsibility for the content & privacy policies of any third party sites.
YOUR RIGHTS
You have the right:
- to request and check the data we have collected from you,
- to request correction of your data,
- to request deletion of your account and associated with it data (so-called “right to be forgotten”).
- to data portability for the information you provide to us and entered into the service. For this purpose, you can request to obtain a copy of your personal data in a commonly used electronic format so that you can manage and move it, including to another data controller and we will provide it to you in machine readable format – JSON.
We will respond to you within 30 days. Please note that we may ask you to verify your identity before responding to you.
If you are not satisfied with our respond, you have the right to lodge a complaint with the Bulgarian Commission for personal data protection or other equivalent local authority.
CONTACT US
You can contact us by e-mail at [email protected] or using our mailing address - 118, Bulgaria Bulvd., Abacus business center, 5th floor, Sofia 1618, Bulgaria.
If you have any questions or suggestions about this privacy policy, do not hesitate to contact us.