- we collect different kinds of Personal Data, such as contact details as well sensitive health data.
These Personal Data are used to ensure the operation of the Application and, if permitted, for certain other purposes too. In doing so, Third Parties, such as your Physician or our service providers may also be given access to your Personal Data (Parts 3, 4 and 5);
- for each processing operation of your Personal Data by us or at our instruction, we shall put in the place the appropriate security measures to prevent loss, damage or authorised access to your Personal Data (Part 6); and
If you have any questions relating to the processing of your Personal Data by us, please contact Qompium NV by e-mail at email@example.com or by letter sent to Qompium NV, Kempische Steenweg 303/27, 3500 Hasselt (Belgium).
Please note that you are not obliged to install the Application and your refusal to install the Application does not have any impact on the quality treatment by your Physician.
1. Description of the application
1.1. Qompium provides FibriCheck, a service that determines heart rhythm conditions, with a primarily focus on the detection of atrial fibrillation.
FibriCheck is available on prescription and in the framework of projects;
- Available on prescription or recommendation from a doctor.
- In the framework of projects (e.g. screening action funded by the employer, projects with insurance corporations, projects with the media, and so on), FibriCheck can be accessed (whether paid or not) for a limited period of time with a generic access code bound to the project. In that case, the follow-up during the project is performed by the FibriCheck Monitoring Center
The Application is available to users in the European countries covered by CE regulation and other countries that also follow CE regulation.
1.2. FibriCheck consists of the FibriCheck Platform, the FibriCheck Mobile Application ` and the FibriCheck Dashboard (each as defined hereinafter and collectively the ” Application“). The FibriCheck Platform is the engine of the Application and interacts with and transmits data between the (i) FibriCheck Mobile Application; (ii) the FibriCheck Dashboard and (iii) the Physician Dashboard. In addition, the FibriCheck Platform also analyses and stores data.
The recordings via the FibriCheck Mobile Application are performed by placing the finger of the User on the camera of the mobile device thereby detecting the pulse waveform using the optical light and detector of the mobile device.
The FibriCheck Dashboard is an online tool with the sole intention to display your data. Through the dashboard, your physician can automatically consult the Results (as defined hereinafter) from the FibriCheck Platform.
In the case of projects, the FibriCheck Monitoring Center can automatically consult all Results from the Fibricheck Platform. Please note that this automatic consultation is only possible after you have made the link between yourself and your Physician/the FibriCheck monitoring Centre through correctly scanning the QR code or access code with your mobile device. Correctly scanning the QR code with your mobile device is your sole responsibility. Please note that the automatic forwarding of the results does not imply that you are continuously monitored by your doctor or the FibriCheck Monitoring Center.
Please note: your Physician is responsible for the interpretation of the Results and the follow-up of your medical condition. At the express request of your Physician, Qompium shall be permitted to access and analyse Results. In the event of projects too, the FibriCheck Monitoring Centrum shall view the Results over a limited length of time, but will not intervene in the meantime.
Please note: the automatic possibility to consult the results via the dashboard, does not imply that you are continuously monitored by your Physician or the FibriCheck Monitoring Center.
“Account” means your registered account that you have created through the registration process from an official registration channel (e.g. FibriCheck Mobile Application, FibriCheck Dashboard);
“Application” means the (i) FibriCheck Platform; (ii) FibriCheck Mobile Application and (iii) FibriCheck Dashboard;
“FibriCheck Dashboard” means the dashboard made available to the Users, located at app.fibricheck.com;
“FibriCheck Mobile Application” means the mobile application (i) which the User has to download on its mobile device and (ii) is intended to record, display, store and transmit photoplethysmograms (PPG data);
“FibriCheck Platform” means the platform on which the FibriCheck Mobile Application, the FibriCheck Dashboard and the Physician Dashboard are connected and collectively function. Depending on the user profile (User, Physician, …) different application functions can be made available;
“FibriCheck Monitoring Center” The instance that automatically links you for a limited period of time through the FibriCheck Mobile Application by scanning a generic QR code within a project;
“Physician” means the doctor (or other medical party) from which you obtained the prescription containing your personal QR code to make the automatic link with your Physician via the FibriCheck Mobile Application. Please note that your physician can be the FibriCheck Monitoring Centre (for example if you generated your prescription through the website);
“Physician Dashboard” means the web-based application that is accessible by your Physician/FibriCheck monitoring centre to allow your Physician to review patient information about you, including but not limited to the Results. This application is also connected with the FibriCheck Platform;
“Products” means the Application and the Website;
“Results” means the results of the analysis by the FibriCheck Platform of the photoplethysmograms recorded by the User through the FibriCheck Mobile Application;
“Third Parties” means any natural or legal person or entity other than Qompium;
“Website” means the website available at www.fibricheck.com;
“Personal Data” means all information about an identified or identifiable person;
3. Personal Data for the operation of the Application
3.1. We shall collect different types of Personal Data, including sensitive health data, about the Users of our Products and store them on your mobile device and/or on our server. The data involved are:
- Contact details (e.g. your name, postal address, e-mail address, and mobile or other telephone number, obviously only after you entered it);
- The profile data provided by you on your account such as your name and profile picture;
- Image data such as any images via the camera of your mobile device captured using the Application;
- Information in helpdesk support inquiries;
- Patient demographics such as date of birth and gender;
- Information about your health conditions, and other health related information (e.g. medicine usage);
- Information about your device, such as its model, unique device identifier and operating system version;
- Information shared through your device, such as location, accelerometer data and gyroscope data These data are maintained during the period of the scientific research protocol. We request your permission to access this data in advance;
- Information collected by the Application, such as measurement of your heart rhythm itself, average heart rate, the local time and geographic location of the measurement;
- Notification and tags you add to your measurements, including information such as symptoms and activities;
- Payment information such as transaction identifiers and summary information that does not include credit card or bank account numbers (we do not collect or store financial account information);
- Information from third party devices and services such as heart rate BPM (beats per minute), step count, activity sample, distance, active energy, blood glucose, oxygen saturation, resting energy, sleep analysis, diastolic blood pressure, systolic blood pressure, flights climbed, weight, and workouts. We will request your permission to access health-related information from third-party devices or services, such as Google Fit or Apple Health. The third parties may offer you tools to limit which data that we access. and
- Web behaviour information such as information relating to how the Users use the Products (e.g. browser type, domains, page views) collected through cookies and other automated technology (cfr. Section 6 “Cookies”). (tiny text files that are automatically stored in your browser via mobile application identificators)
3.2. Qompium (i) collects, (ii) uses, (iii) maintains and (iv) may share your Personal Data as provided by you or collected by us, with its affiliates, parent companies or other related companies for all purposes necessary to ensure the proper functioning and operation of the User accounts and/or the proper functioning of the Products. These purposes may include (collectively the “Purpose”):
- Creating and managing your Account to use the Application;
- Providing information and allowing the Users and the Physician access to the Products;
- Diagnosing technical problems and managing technical support and processing inquiries concerning the Products;
- Contacting the Users by phone, email, text message or push notifications (if they are enabled) to (i) verify your account (ii) for information and operational purposes such as account management, instructions, alerts, reminders, customer service, system maintenance and others
- Protecting against, identify and prevent fraud and other unlawful activity, claims and other liabilities;
- Sending out payment orders
- Detection and interpretation of heart rhythm disorders and clinical support
3.3. Qompium is within its rights to lawfully process the types of Personal Data specified, for these purposes because you have given your consent for us to do so or because this is necessary in the context of the User Agreement. In this respect, the following clarification is apt:
- In order to enable us to process your health data (including health data from applications of Third Parties) for the above purposes, by law we are required to seek your express consent ahead of time. Without this consent, you are not allowed to conclude a User Agreement with ourselves and you are unable to use the Application;
- We are free to process all other Personal Data insofar as this is necessary with a view to the performance of the User Agreement you can entered into with ourselves;
- The law permits us to as yet process Personal Data for the above purposes which, strictly speaking, are not necessary but which are useful with a view to the performance of the User Agreement (” optional Personal Data“) if you give us your consent to do so.
Please note: if you actively supply this information in response to our request, this may be considered as consent. In that case, we will first clearly specify that this relates to optional Personal Data and what the possible consequences, if any, may be if you do not supply this information.
4. Additional processing operations
Alongside the purposes specified in Part 3, Qompium shall be permitted to also process your Personal Data for specific other purposes, as set out below:
- to contact you (i) to communicate with you about your participation in and the organisation of marketing studies or (ii) to gather testimonials. Qompium has a vested interest in being able to communicate with you in this manner in order to be able to assess its Products and services and to improve their operation or usage;
- with a view to the assessment and enhancement of the Products (with the inclusion of the development of additional products and/or services, the improvement of the current Products, raising the Products’ security, analysing our Products, quality control and internal business functions such as accounting and auditing). Qompium has a vested interest in being able to assess its Products and services in this manner, with a view to enhancing their operation or usage. Where we also need your health data to do so, Qompium will seek your consent ahead of time;
- in the event of a project funded by your employer: to relay your Results to the occupational physician of your employer’s Health & Safety department to enable him to follow up on you or to take decisions in respect of the health policy within the employer’s company. To do so, Qompium will seek your consent ahead of time upon the installation of the Application on your mobile device. Each processing operation of your Results by the occupational physician after your data were transmitted to him by us shall be made to take place under the sole processing responsibility of the said occupational physician. For queries regarding the processing of your Results by the occupational physician, we will refer you to the said occupational physician
- to share specific health data such as your heart rhythm with applications of Third Parties (e.g. Google Fit and Apple Health). If you connect your FibriCheck account with an application run by a Third Party, you may be asked to share your data with the said application. We do not share your data without your consent;
- with regard to the date shared via your device, such as location, accelerometer data and gyroscope data: these data are kept on record during the validity period of the prescription for scientific purposes. We will seek your consent ahead of time to gain access to these data;
- to commercialise the Application. We will seek your consent ahead of time to be allowed to use your Personal Data for this purpose;
- to perform data analyses after your Personal Data have been anonymised and aggregated and to use and share the data resulting from these analyses with Third Parties for commercialisation or marketing purposes. By law, Qompium is permitted to anonymise your Personal Data and freely use these anonymised data;
- with regard to data gathered via cookies and other automated technology:
- to enhance your experience of and with the Products, to raise the Product’s security, to measure the usage and efficacy of the Products, to identify and resolve problems;
- and for marketing purposes and for other aspects of the commercialisation of our business.
In respect of this information, Qompium will seek your consent ahead of time;
- in order to comply with Qompium’s obligations arising from the applicable laws and regulations, for instance when an enforcement authority or other government official, acting pursuant to the law, orders for your Personal Data to be handed over;
- to lend added weight to, instigate or conduct a possible claim pursued before the courts, e.g. by handover the relevant data to a court of law, a lawyer or a bailiff;
- to protect vital interests of the vital interests of another person/party. If we require your health data to do so, we shall use the said data only insofar as you are physically or legally incapacitated to give your consent to this end, except where we are under legal obligation to use your health data.
5. Who has access to your Personal Data
5.2. Moreover, Qompium shall be permitted to share specific Personal Data received with Third Parties such as suppliers and service providers, whose services or products we call on to distribute the Products. Examples of these suppliers and service providers include entities who process payments transacted with credit cards or debit cards or that provide analyses and web hosting services or that assist us to enhance the diagnostic competences of the Application, of subsidiaries, holding companies and other affiliated companies of Qompium’s that support Qompium in supplying the Products.
For the operation of the Application (as detailed in Part 1), we shall equally disclose your Personal Data to your Physician or in the event of a project, to the FibriCheck Monitoring Center by providing access to your recordings with the Application and your personal profile via the Physician’s Dashboard.
5.4. The technical processing and the transfer of the Products, with the inclusion of your Personal Data may (i) entail transfers via multiple networks; and (ii) involve changes in order for us to adapt to and align ourselves with technical requirements of networks or devices which we connect to.
6.1. Qompium shall take appropriate administrative, technical and organisational measures against unauthorised or unlawful processing of any Personal Data or its accidental loss, destruction or damage, access, disclosure or use. Upon written request, Qompium can provide you with a list of people of Qompium that may have access to your Personal Data. These people have entered into confidentiality agreements prior to having been granted access to your Personal Data.
Qompium shall equally ensure a safe, user-controlled environment for the Products to be used. We shall keep your Personal Data safe on our Servers which are situated inside the European Economic Area (AWS – Frankfurt – Germany).
For some processing operations however, your Personal Data shall be allowed to be processed by a Third Party outside of the European Economic Area (EER). In that case, we shall put in place specific measures to ensure a level of protection that is equivalent to the level that exists within the EER. For now, this solely applies to SurveyMonkey (which has servers in the U.S.) for surveys on the usage of our Products. In our contracts with SurveyMonkey, we have included the relevant clauses as approved by the European Commission to create an equivalent level of protection.
In the event the security of your Personal Data should be breached, in specific cases Qompium is required by law to notify the Users concerned, if the breach could have an impact on their privacy.
6.2. You too are responsible to uphold your privacy and security, for instance by not authorising Third Parties to use your individual Account on the FibriCheck Mobile Application or on the FibriCheck Dashboard. Qompium requests that all Users assume their responsibility in protecting all login data and to immediately notify Qompium of any unauthorised use of your individual Account.
We do not authorise the said third party service providers to disclose or use your Personal Data, unless this is strictly necessary to provide specific services under our supervision or in order to be compliant with applicable laws and regulations. We endeavour to solely provide such third party service providers with the Personal Data the required to serve their specific role.
However Qompium declines all and any liability for any loss or damage, whether direct or indirect, which might arise from the misuse of your Personal Data by such third party service providers.
6.4. As stated, Qompium may also relay your Personal Data to specific Third Parties (as detailed in Part 5), including your Physician. After your Personal Data were transmitted, the receiving Third Party is responsible to put in place the relevant administrative, technical and organisational measures against the unauthorised and unlawful processing of Personal Data or against the unintentional loss, accidental destruction or damage, access to or disclosure of the involuntary use thereof.
7. Your Rights concerning your personal data
Right of access: If you are concerned or have any questions about your Personal Data, you have the right to request access to the Personal Data which we hold or process about you. We will then provide you with information about the data that are being processed and on the source of those data.
Right of rectification and right of erasure: You have the right to request us free of charge to correct, erase or block any inaccuracies in your Personal Data if such Personal Data would be incomplete, inaccurate or processed unlawfully.
Please note that you can change your account information in the Application at any time on the “settings” pages.
Right to transferability: you may also request Qompium at all times to directly transfer the Personal Data about you which are processed by way of automated processes pursuant to your consent or in performance of the User Agreement, in machine-readable form to a different data processing controller (e.g. a physician). However, this only applies to Personal Data supplied by you or which we obtained through observation (e.g. via the sensor of your mobile device), not to data we have developed in-house (e.g. analyses by Qompium of the Personal Data obtained).
Right not to be subject to individual decision-making: you have the right to request not to be subjected to decision-making that is based on automated processing of your Personal Data, including profiling, without human intervention, if such decision-making could have legal implications for you or which could have a significant effect on you in a similar manner.
In theory, Qompium shall perform profiling by establishing a health profile. However, no fully automated individual decisions are arrived at on the basis thereof. If you have any questions relating to specific automated processing operations by Qompium, please feel free to contact us for more details at any time.
Right to withdraw your consent: you are free to withdraw your consent for the processing of your Personal Data by Qompium for one or several purposes (as detailed in Parts 3 and 4) at any time by definitively removing your Application and/or by notifying us thereof in writing by e-mail sent to firstname.lastname@example.org. In response, Qompium shall immediately cease all processing of your Personal Data for purposes for which you have withdrawn your consent. However, the withdrawal shall have no impact on the validity of the processing operations which Qompium previously performed with your Personal Data.
Right to object against specific processing operations without your consent: for some processing operations, Qompium does not require your express consent. This relates to processing operations on the grounds of Qompium’s vested interests (e.g. contacting you to invite you to take part in a marketing study). Nonetheless, you may request us in specific cases, and at all times in the event of direct marketing, to cease using your Personal Data for these purposes.
Right to erasure: furthermore, you are within your rights to request for your Personal Data held by Qompium to be erased if:
- you withdraw your consent and no further legal grounds exist for Qompium to be permitted to process your Personal Data; or
- you are of the opinion that your Personal Data do not fully serve or they are irrelevant with a view to the purpose of the processing of the Personal Data; or
- the said Personal Data are kept on record for longer than permitted; or
- your Personal Data are processed in a general unlawful sense.
Right to restricted processing: if you are of the opinion that:
- the Personal Data about you as processed by Qompium are inaccurate;
- or are being processed unlawful;
- or are no longer relevant with a view to the purpose of the processing;
However, if the Patient does not wish for these Personal Data to be erased by Qompium, you can also ask us to process these Personal Data on a restricted basis for the time being.
This means we still keep your Personal Data on record, but other than that, we shall only process your Personal Data subject to your consent or as part of a claim pursued before the courts or if the processing is necessary to protect the rights or other parties or for imperative reasons of public interest;
Right to complain: you have the right to submit a complaint with a supervisory authority (for Belgium: the Data Protection Authority) if you believe that your Personal Data are not being processed by Qompium in compliance with the applicable privacy laws and regulations. In that case, we would kindly ask you to contact us first to enable us to try and rectify the problem.
8. Data retention and deletion
Kempische Steenweg 303/27