Privacy policy using the ECG247 Smart Sensor System (Heart Monitor)

1 Protection of personal data

AppSens AS is a responsible company that has developed and operates services related to the use of the ECG247 Smart Sensor System (heart
monitor) with associated services.

This privacy policy with terms contains information you are entitled to when collecting information from our digital platform and general information about how we process personal information.

The purpose of the terms is to provide you as a customer with sufficient information about how we process personal information about you
in accordance with the privacy legislation in force at any given time.

Personal information means information that can be linked to a natural person, such as information about name, place of residence, telephone
number and e-mail address. Processing refers to any use of personal data, such as collection, registration, compilation, storage and delivery.

We collect information in the ECG247 APP and using the ECG247 Smart Sensor System. Here, your heart signals are measured as a medical
diagnostic tool, and this data is stored in line with the regulations for health information.

At AppSens, we are committed to processing personal information in a way that makes you feel confident that information about you
is subject to strict confidentiality and high security. We therefore use 2-factor authentication which is the best method to ensure that you log in
correctly in our systems, and that you can verify who you are in 2 different ways. Here, a combination of login, your mobile phone number, and a code you receive via SMS is used. This also ensures that the data communication takes place encrypted so that unauthorized persons will not have access.

2 Consent to the processing of personal data, including health information

By accepting the terms and conditions for creating a profile on AppSens’ digital platform (see section 5), you confirm that you have read,
understood and consent to the content of this document and to our processing of your personal information, including health information. For persons under 16 years of age, the consent of its guardian or guardian is required. If children under the age of 16 have given us personal information by mistake, we will delete the information as soon as we become aware of the situation. Parents can contact us as stated in section 15.

You can at any time withdraw your consent to us storing and processing your personal data, including the health information in the archive for heart rhythm (see section 3). The personal information will then be deleted as specified in section 12 below. Please note that the services we provide and the ECG247 Smart Sensor System can no longer be used if you withdraw your consent to the processing of personal data.

Even if the consent is withdrawn, we will still be able to use collected information that is not personal information. This is information
that cannot be linked to you as a person – either because they have never had such a connection, or because we have removed the connection, so that the information can no longer be traced to you as a person. We call the latter “deidentified information”.

3 Your personal archive for heart rhythm

When you use the ECG247 APP on your mobile phone and accept the terms for it, a personal archive for your heartbeat is automatically created, where you as a user have full control over your stored information. AppSens has established this as a secure service for the storage of health information and this archive meets the requirements given by the privacy regulations GDPR and requirements for the storage of medical information.

You can choose to share your heart rate information with other people such as your regular doctor, and you will always have full control
over who you have shared the information with. You can at any time withdraw such consent to share information with others, this will then mean that the current person will no longer have access to your data.

Consent to the sharing and withdrawal of consent is made through the ECG247 APP.

4 Storage and processing of personal data and deidentified information

AppSens processes personal information that is necessary for you to make use of our services. In addition, we carry out analyses to improve the service offering. Such analyses will be performed using aggregated and deidentified information. This information will not be linked to you as a person.

5 AppSens’ digital platform – more about technical solutions

5.1 Website ECG247.com

By AppSens’ digital platform is meant the website ECG247.com, online store, ECG247’s app with associated storage in your personal archive for heart rhythm, as well as data warehouse and integration platform.

The copyright, other rights and content in AppSens’ digital platform belong to AppSens AS or its subcontractors and partners.

5.2 ECG247 APP

When you download and install the ECG247 App on your mobile phone, a personal profile is created which is linked to your mobile number. This feature uses the Google Firebase software, which is used for 2-factor authentication and login to our services.

To monitor the proper functioning of the ECG247 APP on your mobile phone, the Google Crashlytics software will send us anonymous user data with a report of any errors so that we can correct them.

The ECG247 APP will automatically receive heart rate signals from the ECG247 Smart Sensor and upload this data to your personal heart rate
archive (see section 3). Any observed arrhythmia situations will be downloaded from your personal archive, for viewing in the ECG247 APP. Furthermore, from the ECG247 APP you can indicate that you agree to share your heart rhythm data with other people, such as your regular doctor.

You can also order new electrodes from ECG247 APP and you can buy a cardiology assessment through the online store.

5.3 Personal archive for heart rhythm (see also section 3)

Your personal archive for heart rhythm signals is securely stored in our cloud service, which is based on Microsoft Azure, and with secure data storage in Norway / EU in line with current regulations. This archive will contain personal information such as:

– Mobile number

– Start and end date for an electronic heartbeat registration

– Findings from ECG247 Arrhythmia Detection

– Report on completed heart rhythm registration

– Any report from purchased cardiology assessment

– Overview of who you have shared your heart rate records with

– Used operating system, APP version number and Sensor version number

5.4 ECG 247 Web access to heart rate archive

At ECG247.com you can access your registered ECG measurements and stored test results. These are adapted for assessment by a doctor / health professional and require medical knowledge to use / interpret.

As a user, you have the full opportunity to log in to ECG247 Web to have full access to your saved heartbeat recordings. When you log in, we use the Google Firebase software, which is used for 2-factor authentication and login to our services. You will then have full access to your personal archive for heart rhythm and can see everything that has been registered about you, possibly divided into several examinations if you have carried out repeated tests.

5.5 Acceptance for sharing deidentified heartbeat records

When you in ECG247 APP accept our terms and conditions, this also includes that you agree that AppSens AS can use your heartbeat registrations for research purposes. This access means that all your data is deidentified in such a way that our researchers cannot trace the information back to you as a person.

For our research, it is important to be able to analyse all recordings of heart rhythm signals with the aim of improving the product and the algorithms used for the detection of abnormal heart rhythms / arrhythmias. At the same time, it also provides opportunities for statistical use of the analyses and results.

5.6 What personal information is processed and why?

The personal information is stored on AppSens’ digital platform. We collect personal information for the following purposes:

– To analyse heart rate records and provide our service to you as a user, we process your heart rate records.

– To manage your customer relationship, basic information is registered, such as name, e-mail address, mobile number and date of birth. Personal profile settings are stored so that we can send you automatic receipts, receipt overview and / or newsletters in line with your wishes.

– Changes in profile are stored as information at customer service upon request from the customer.

– Card data must be stored if you want to have access to receipts and purchase history, as well as any discounts.

– Electronic and technical information, including information about your mobile device and app, IP address, keywords, traffic data, app ID, app version, operating system and phone model are stored, so that we can help you in the best possible way when needed and offer relevant updates.

– Data on network communication is obtained, as all information in ECG247’s app requires network access to retrieve the information in ECG247’s systems. The network access can be a wireless network or a mobile network.

– If you contact our customer service, this contact will be logged in order to provide the best possible help.

To avoid misuse of our services, we will use registered data for control purposes.

Personal information is deidentified before the data is used for analysis of customer behaviour. This is done so that we can improve the user experience and our digital platform.

5.7 Purchase of cardiology assessment

The ECG247 app gives you access to purchase cardiologist reviews of test results. You will also be able to access receipts for your
purchases. When purchasing a cardiologist assessment, you must state:

– E-mail address

– Payment card

– Name

All purchases and payments are handled by the payment intermediary who acts as data processor on behalf of AppSens.

6 ECG247.com, online store and data warehouse

ECG247 APP gives you the opportunity to order a new sensor and electrode patch.

You can also buy ECG247 Smart Sensor and electrode patch directly from our online store without being logged in through the ECG247 APP. You must register the following information:

– Mobile number

– E-mail address

– Postal address

– Payment card

Registration of mobile number is done to provide you with good and efficient customer service. If the mobile phone number is already in our customer register, the purchase will be linked to the existing customer profile.

When paying, you enter card data for debit so that the purchase can be completed. All purchases and payments are handled by the payment intermediary who acts as data processor on behalf of AppSens.

If you create a profile on our digital online store, you will be asked to provide personal information. AppSens will process the personal information so that we can offer you relevant and simple services that are continuously developed, as well as the necessary communication and administration of your customer relationship, in connection with your use of our digital platform. If you have agreed to electronic marketing, you will also receive information with offers and news from AppSens.

6.1 Card payments

Card numbers are not stored beyond what is necessary to ensure efficient handling of any problems with debiting, cancellation of reservation and crediting. It is not possible for AppSens to see your entire card number in any of our systems. Should problems arise with a card payment, our payment managers can find the first 6 and the last 4 digits of your card number (IIN / BIN number) to identify which bank has issued the card so that we can assist in solving the problem.

If you choose card as the payment method, payment information and card information will be shared with our payment provider for card payment. Payment and card details are only used to make a payment.

To make it even easier when you shop, you can choose to store your card information securely with us at checkout. It is important that you log out of your customer account when you have closed the transaction or ensure that unauthorized persons do not have access to the device you are browsing. You are responsible for not sharing your username and password with others.

The information you provide for online payment will only be linked to your customer account. The information is stored in accordance with applicable laws. The purpose is that you will not have to provide the card information every time you make a purchase with us.

6.2 Cookies and cookies

Cookies are small text files that are stored on your device when you download a web page. These are usually used to improve your user experience and remember who you are, so you stay logged in.

The purpose of cookies is to provide the online store with basic functionality, and for analysis, personalization and marketing.

First-party cookies are necessary for the website to work.

Third party cookies are used for analysis, marketing and personalization of the website. You agree to the use of cookies unless you specifically reserve against this. Such a reservation can be made in your browser. Please note that your reservation for all / certain types of cookies may mean that our website does not work optimally.

6.3 Consent to electronic marketing

You must actively consent to the use of personal information in direct marketing. You can withdraw your consent at any time.

7 Location data

The ECG247 app needs access to your location in order to provide a seamless user experience for transferring the data from the ECG247 sensor to the ECG247 app, which is a vital element in the functioning of the App. Access to your location is necessary for this data transfer to function properly, and the information collected regarding your location will not be used for any other purpose. In no circumstances will your location data be used for tracking or advertising. No location data will be stored for later use.

8 Is it voluntary to provide the information?

It is voluntary to provide personal information, but to be able to use the ECG247 Smart Sensor System, basic personal data must be registered, cf. section 2.

9 Who is responsible for processing in AppSens AS?

AppSens AS, by the CEO, is responsible for processing in accordance with the Personal Data Act for the company’s processing of personal data. The person responsible for processing means the person who decides the purpose of the processing of personal data and which aids are to be used.

We have also appointed a privacy representative to ensure that our processing of personal data takes place in accordance with current regulations.

10 What is the legal basis?

AppSens AS relates to the Personal Data Act and the Health Register Act. The legal basis for our processing is laid down in the Personal Data Act § 8, the Health Register Act § 5 and the Privacy Ordinance Article 6 no. 1. Your consent to the terms of this declaration is the legal basis for our processing of your personal data, including your health data. For uses other than those stated in this statement, we will obtain specific consents.

11 Is my personal information secure?

You can be assured that information about you is not misused by AppSens AS as the data controller for the personal data we process. All personal information is securely stored and treated confidentially in Norway or within the EU / EEA area according to:

– The Personal Data Act of 14 April 2000 no. 31 with associated regulations.

– The industry standard for information security and privacy in the health and care service.

– Payment Card Industry Data Security Standard (PCI DSS).

We have established rules and routines for the protection of personal data and privacy. To ensure that the processing of information with us takes place in a secure manner, only specially approved persons have access to the information you provide us. The number of employees with such approval is limited. All systems that process customer data are subject to strict access control. We take privacy seriously and conduct and update risk assessments related to privacy.

We are required to store order information in connection with accounting, fee handling and any warranty / return handling. This history is deleted after ten years. We also store the IP address used when ordering for security reasons.

In addition to what follows from section 11 below, your personal information will not be disclosed to third parties, unless you have given us consent for such disclosure to take place.

An overall information security policy sets the framework and guidelines for the information security plan in force at any given time. Our privacy representative is responsible for ongoing follow-up of this. An overview is kept of all systems with critical data, including personal information.

12 Is the information passed on to others?

Subcontractors are used as part of our business. If a subcontractor must process personal data on our behalf, privacy is ensured through data processor agreements.

The data processors are subject to strict conditions on our part and may not use the personal data for any purpose other than to provide the service agreed with us. We take precautions to ensure that the subcontractors act in accordance with this privacy statement, their own data processor agreements and Norwegian privacy legislation.

If it is required by law or there is a suspicion that a crime has been committed in connection with the use of our services, the information we have stored about you may be disclosed to public authorities.

13 How is the information archived and deleted?

We will not store your personal information any longer and to a greater extent than is necessary to fulfil the purposes set out in this privacy statement, unless a longer storage period is required by applicable law. The retention of unidentified information is not subject to such restrictions or requirements.

AppSens has routines for deletion and de-identification. You can also delete your profile or get help with this from our Customer Service by sending an email to: slettbruker@appsens.no. If you choose to delete your profile, your personal information will also be deleted. You will then no longer be able to use the ECG247 Smart Sensor System for detecting heart signals. As a result of the deletion, your receipts will be anonymous, as they were before you created the profile.

14 What are your rights and choices?

You have the right to:

– Find out what information we have registered about you (with the restrictions that follow from current legislation).

– Require that incorrect, unnecessary, incomplete or outdated personal information be corrected, supplemented or removed.

– Withdraw any consent to the processing of personal data that you have given us. Please note, however, that this may mean that we can no longer provide some of our services or benefits to you.

You can exercise your rights by contacting customer service. See ECG247.com for contact information.

AppSens is committed to running a responsible and sustainable business. If you believe that we do not comply with this privacy statement or applicable law, you can complain to AppSens, our privacy representative or possibly to the Data Inspectorate.

The privacy statement with terms will be updated from time to time, e.g. as a result of the services being expanded or changed, and we will notify you if this requires new consent from you. The current version of the terms can be found at ECG247.com In the event of major changes, we will also be able to try to contact you directly through available channels such as e-mails or notifications on our websites and digital services.

15 Our rights

Any right to all of AppSens AS ‘products and solutions etc. is protected by copyright rules. This includes, but is not limited to, the construction and design of the ECG247 Smart Sensor System, algorithms, source codes, app design, etc. Any commercial use of these is prohibited without prior written agreement with AppSens AS, or our subcontractors and partners. This applies to both copying, dissemination and sale of information, images, graphic elements, program codes and technical solutions. You do not have the right to attempt to bypass the security system of AppSens’ digital platform. Violation of this clause may result in liability and criminal liability.

16 How to contact us?

Contact information can be found at ECG247.com

Updated, March 2021

Appsens AS

Senterveien 30

4790 Lillesand

Norway

www.ecg247.com 

Få nyheter fra ECG247!