Privacy Policy
Effective Date: 03-08-2022
The Untire® app is a registered medical device which helps cancer patients and cancer survivors improve cancer-related fatigue (ICD10 code R53.83 Fatigue) and associated quality of life.
The Untire® app (hereinafter, “Untire”) is brought to you by Tired of Cancer B.V. (hereinafter, “ToC BV”, “we”, “our”), with its registered office in Koningin Wilheminalaan 5, 3527 LA. ToC BV, is a data controller in accordance with the European General Data Protection Regulation (hereinafter, “GDPR”).
In this Privacy Policy, we explain what personal data we collect from you and how we use it when you use the Untire app. We also explain why we process this data, the so-called legal grounds for processing, what interest we have and what rights you subsequently have.
We attach great importance to the protection of your data. That is why your personal and sensitive health information is carefully handled, protected and compliant with the relevant legal caveats. We are certified for our high standard of Information Security (ISO 27001: 2013).
By using Untire, and by agreeing to the terms of use and privacy policy, you unequivocally authorize ToC BV to record and process your personal information and sensitive health data in accordance with the purposes stated in this Privacy Policy. We encourage you to read this privacy policy carefully so that you are aware of what kind of personal data we collect and why we process it.
If you have any questions about your data or the protection of your privacy, please contact us at support@untire.com.
Purpose of processing
When you use Untire, ToC BV collects, stores and uses personal, non-personal and sensitive health data (hereinafter, “data”). We collect this data for the following purposes:
– to provide our services in accordance with our user agreement (Terms or EULA)
– for communication purposes
– for contractual purposes
– for quality purposes and statistics
– to improve our services
– to scientifically evaluate our services
What is the basis for processing your personal data?
ToC BV will only process your data if this is permitted based on one of the bases in the GDPR. We rely on the following bases:
– Consent – Art. 6 § 1 lit. a GDPR
– Contract – Art. 6 § 1 lit. b GDPR
– Legal obligations – Art. 6 § 1 lit. c GDPR
– Our legitimate interest – Art. 6 § 1 lit. f GDPR
Consent
By using Untire, and you check the boxes in the Terms of Use and Privacy Policy, you are giving your unequivocal consent to the above-mentioned purposes. If you do not agree with the collection and processing of your data, we encourage you to withdraw your consent by stopping using Untire, deleting your account in the app and uninstalling Untire. When deleting your account all your personal data will be deleted.
For some services you can give optional consent. This consent can be withdrawn at any time via the app settings.
Data collection
Through this privacy policy, ToC BV aims to be fully transparent. Therefore, we give you an overview of the information we collect:
Personal data collection at downloading
Certain information is processed automatically when you download Untire from the App or Playstore, including your:
- Username
- E-mail address
- Customer number of your account
- The time of download
- Individual device identification number
The processing of this data takes place exclusively via the respective app or play store, whereby Apple or Google are responsible for the processing in this case. This processing is therefore beyond our control.
Data when using Untire
All data that we collect with Untire is necessary for ToC BV to be able to offer the services you use (except for optional consent). The amount of data we collect is minimized as much as possible to protect your privacy. You are the only one who has access to your personal data.
- Account
- account details; We need some of your personal information, such as your email address (username), password and PIN code, to create your Untire account.
- e-mail address; Your email address will also be used to communicate with you through your account. For example, a welcome email or a password change.
- Personal Information
- Name; we will ask you for your first name or a pseudonym so that we can use it for communication purposes to personalize Untire.
- Device information
We collect information about your mobile phone, namely model, name and identifiers, device settings, application identifier and crash information.
- Event and usage data
When you use Untire, we process data to understand how you use our app, for example, which page in Untire you open or which button you have used. We collect this information and use it as aggregated data to better understand which features are most relevant or useful to our users overall.
- Location and language information
We use the regional settings of your chosen app or Playstore in combination with your phone’s country and language settings to determine your location and language settings. We use the location for country-specific requirements, for example, legal framework conditions and requirements.
- Health and sensitive data
- Health data app; we store health data, including your measurements, your energy input and your reflection steps.
Optional services
For several components, you can give permission without obligation. You can always withdraw this permission via the app settings.
We occasionally send e-mails to remind, motivate and inform you to (continue to) use Untire.
- Push notifications
We occasionally send push notifications to remind, motivate, inform you to (continue to) use Untire.
- Service improvement
We collect additional data in order to further improve our services. For this specific data we request additional consent. All of this data will be processed anonymously.
Local storage
You can use the App offline, after downloading the specific content. When online again the App will synchronize your data with the server. That means your own input such as journals and measurements as well as the content of the App are stored both locally on your device as on the ToC server.
Data Processing
How do we process your data?
Security & Compliance
We do our very best to protect ToC BV and the App from unauthorized access, disclosure or destruction of data held by us.
- We are in compliance with (ISO 27001: 2013). This standard sets specific requirements for the security measures and prescribes how safety risks should be assessed and dealt with.
- We have implemented the appropriate technical and organizational measures and procedures in such a way that ensures the protection of your rights, and always in accordance with applicable data protection law.
- In case of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data, ToC BV will inform you of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.
Storing & Transfer of data
- Your data will be stored encrypted on your phone and on our secure servers that is accessible by you as a user only. This enables us to provide you our services and enables you to have an online backup and to synchronise your data between devices.
- Your data is hosted by True BV, Keienbergweg 100, 1101 GH Amsterdam. True is in compliance with ISO 27001, ISO 9001, NEN 7510 and has prepared ISAE 3402 type I and II reports. All standards have the aim to secure your data.
- Our servers run a day incremental backup and a weekly full backup, allowing us to keep your data safe in case of an unforeseen event in which your data has been lost, deleted, corrupted, etc.
- Your data is transferred from your device to our server using HTTPS and TLS for encryption. This means that all information that is sent remains confidential and is not legible by third parties.
- We will automatically delete your account (when available) and personal data after a year of not using the App. You will receive, 1 month prior to the deletion, a request to take action (to preserve your account) or not (so we delete your account).
Sharing & Third parties
- Untire does NOT automatically share your data with third parties, except the following contracted third parties or situation:
- Storage, and backup services are outsourced to True BV.
- Pushnotifications are outsourced to Kumulos Ltd. Push notifications can be enabled by optional consent.
- Email services are outsourced to Spotler BV. E-mail messages can be enabled by optional consent.
- Only when you explicitly give permission for sharing, ToC can share some information in specific situations. This will be thoroughly explained per situation whether you agree and what information is involved.
- Untire does NOT sell your data with third parties, nor will we allow third parties to use your data for their own purposes.
- Your data is not being processed for any purpose other than what has been indicated clearly to you in this privacy policy. Processing is necessary for the administration of our business and for the provision of our services to you. Contracted third parties, as processors, get the task of processing the data for agreed purposes only and it is forbidden for them to process data for any other purposes.
- ToC BV, as the controller, will ensure at all times that contracted third party service providers will be bound by an appropriate agreement in accordance with applicable data protection law, and ensuring at all times that your data will remain protected in accordance with at least the same standards as under the present privacy policy.
- ToC BV will disclosure information in good faith to meet applicable laws, regulations, legal process or enforceable government request. If ToC BV is involved in a merger or acquisition, we will continue to ensure the confidentiality of your personal information and give users a notice before personal information is transferred or becomes subject to a different privacy policy.
Data transfer to third countries
ToC BV does not transfer your personal data to third countries.
Your rights
You are the owner of your own data. Always.
You can always approach us to exercise your rights, whereby in some cases you may do so independently as set out below. Keep in mind we need to do a form of identification. We aim to respond within one month in case you contact us. If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see https://ec.europa.eu/info/law/law-topic/data-protection_en).
Right to rectification
You can always review and modify your Name and E-mail address by using the App settings. It is not possible to modify your Login, due to technical complications. The only option is to delete your Personal Data (see hereunder).
You can always review and modify your entries such as your measurements, goals, the vase and (diary) notes through the Untire app. You can only change your measurements, goals and the vase once every 7 days. This is because it is part of the therapeutic programme.
Right to be forgotten
You may delete your personal data at any time by using the in-App function “Forget me”. After consent, we will delete all personal data. This process cannot be made undone. After deletion, you can remove the app from your device.
Please note that uninstalling the app does not delete your data.
Right of access and data portability
You can download your personal data from the App at any time, so you are in control of your own data. You could reuse it somewhere else.
We offer the possibility to download your data as readable format in PDF and as machine-readable format in .CSV and through so called FHIR profiles.
Right to restriction of data processing
If you are of the opinion that your data is possibly incorrect, the processing is unlawful, we no longer need your data or you wish to object, please send us an e-mail to support@untire.me.
Right to a human perspective on decisions
Untire does not use automated decision-making and profiling.
Right to object (but also questions, feedback or complaints)
If you have any feedback, questions, complaints or objections regarding your rights and personal data, please contact us at support@untire.com.
Your responsibility
Keeping your data safe is not just the sole task of ToC BV. Security is a matter of all involved parties, and that includes you. It is in your own best interest to ensure that your information is processed in a safe, responsible and legitimate manner, so keep the following in mind:
- Keep your phone secured with a screenlock and password.
- Secure Untire by creating an account and make use of a PIN-code or fingerprint authentication to login easily and securely.
- Make sure your devices and software are always up to date.
- About your password: the more complex, the better. And of course, make it unique.
- If you backup your device using a third party service, like iCloud, be aware that you will transfer all personal data stored on your device to the third party. If that’s the case, ToC BV refers to the third party’s privacy policy and we encourage you to review it to keep your information safe.
- The Untire app is only for adults aged 18 and above. If you are aware of a child (18-) accessing the app and providing personal data without parental consent, please report this via support@untire.me.
Contact information
Tired of Cancer BV
Koningin Wilhelminalaan 5
3527 LA Utrecht – Utrecht
Nederland
Info@tiredofcancerapp.com
Privacy officer
Name: A. Aukes Msc.
E-Mail: support@untire.me
Address:
Koningin Wilhelminalaan 5
3527 LA Utrecht – Utrecht
The Netherlands
End Note
We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of ToC BV services or advances in technology. Such amendments shall become effective two weeks after a new version of the App has been published. Changes to the privacy policy will be available on this page and if the changes are significant, ToC BV will provide a more noticeable notice and ask for consent again.