The protection and confidentiality of your personal information is important and Monsenso ApS (“Monsenso”) is determined to protect it. Monsenso has, therefore, designed this document in order to be perfect- ly clear about our policy on collecting, using and protecting personal data and other information managed by the Monsenso Services.
Monsenso ApS is a Danish company with registered offices located at Rued Langgaards Vej 7, DK-2300 Copenhagen and is represented by Mr. Thomas Lethenborg.
1. THE IDENTITY OF THE DATA CONTROLLER AND DATA PROCESSOR
Having been given access to Monsenso Services through your Care Provider (any healthcare worker authorised in accordance with applicable healthcare legislation), your Care Provider determines the purposes and means of the processing of your personal information i.e. your Care Provider acts as a data controller. When submitting your personal information using Monsenso Services, Monsenso is obligated to follow the instructions given by your Care Provider (the data controller) and shall process your personal information only for the purposes of providing you with the Monsenso Services i.e. Monsenso acts as a data processor.
2. PROTECTION OF PERSONAL DATA ACCORDING TO LAW
The collection and processing of Personal Data, done when you use the Monsenso Service, are carried out according to the Danish Data Protection Law no. 429 of 31 May 2000, known as “The Act on Processing of Personal Data”. As of 25 May 2018 the General Data Protection Regulation (EU Directive 2016/679 of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) (the “GDPR”) will replace the Danish Data Protection Law, and Monsenso shall comply with the GDPR from then onwards.
Personal Data is processed in Denmark or in another European Community Member State and the processing is governed by Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of data and on the free movement of such data. As of 25 May 2018 the GDPR will replace the Directive 95/46/EC of 24 October 1995.
Personal Data will not be processed in any ‘third country’, which is not a member of the European Economic Area (“EEA”) and which has not implemented agreements entered into with the EEA which contain rules corresponding to those laid down in Directive 95/46/EC.
3. THE PERSONAL DATA THAT MONSENSO COLLECTS
When you interact with us through the Monsenso Services, Monsenso collects different types of Personal Data and other information, as detailed below:
Identity Data: Monsenso collects Personal Data when you create an Account on the Site (any web portal of Monsenso). This data include information about your identity (such as name, address, email, etc.), demographic (such as age, gender, occupation, etc.).
Health Data: Monsenso collects Personal Data about your health when you create an account or use the Monsenso Services. Health data include information such as diagnosis, medication, hospitalisations, etc.
Self-reported Data: When you use the Monsenso Services, Monsenso collects self-reported Personal Data about health, such as data on mood, stress, activity, early warning signs, medication history, etc.
Behavioural Data: The Monsenso App automatically collects behavioural data, including, but not limited to, data on location, phone usage, app usage, call frequency, messaging frequency, voice data, and sensor data (accelerometer, GPS, etc.).
Communication Data: When you use the Monsenso Services, Monsenso collects communication data, such as messages to the clinic, Caregivers (any person appointed by you for your support for instance relatives or a social worker) communities, social media, etc. NOTE that only communication data that originate from within the Monsenso Services is collected.
4. PROTECTING PERSONAL DATA THAT MONSENSO COLLECTS
Monsenso goes to great length to protect the data collected in the Monsenso Services. As such:
• Pseudoanymisation techniques (hashing) on the telephone numbers you call or text are applied.
• The content of any phone conversations are not recorded.
• Statistical analysis on messages and voice data is done on the
mobile phone before transmitted to Monsenso.
• When using the Monsenso App you are only identified using an
anonymous ID and there is no information in the Monsenso App on the smartphone that can identify you directly. Hence, if your smartphone is lost or stolen, no information identifying you is available in the Monsenso App.
5. USE OF PERSONAL DATA AND OTHER INFORMATION
Monsenso uses the Personal Data that you provide in compliance with these privacy rules. Monsenso may therefore use the Personal Data within the context of this document, and in particular without restriction in the following contexts:
Supply of the Service: Monsenso will use your Personal Data in order to provide you with access to and use of the Monsenso Service.
To present your data to you: The data produced are displayed through our services. Data may be indicated as raw data (number of steps, mood score, etc.), or after processing (aggregate score for physical activity, correlations, etc.). Some function or services you may want to use do request specific data processing. As an example, when setting a trigger, Monsenso may use data collected from your self-assessment or automatically collected behavioural data.
To improve Monsenso’s products and services: In order to improve our products and services and ensure the availability of our platform, Monsenso retains a record of operations conducted in log form. Monsenso never work with your data when it identifies you directly unless you have given us your consent, for example in order to resolve a problem that you have pointed out to us.
To communicate information to you: Monsenso may use certain data in order to offer surveys, competitions, discount coupons or events in which you are free to participate. The same medium shall also be used to provide you information on our products, such as new features, sales offers from Monsenso or our partners, or to announce new products.
To produce statistics and/or aggregated data analyses: Monsenso firmly believes that data can serve the collective interest. Therefore, statistics and analyses using collected data may be produced. Personal Data will be anonymised through generalisation before data processing to assure your privacy to be protected. Data is used in particular to: (i) improve Monsenso’s products and services through continued research and development; (ii) demonstrate, document, and publish the effectiveness of personal health technology for mental health; (iii) health research into clinical evidence for treatment and care of mental health.
To comply with the law: Monsenso records your data in order to comply to Danish law, such as maintaining a full transaction log.
6. RIGHT TO BE FORGOTTEN
Monsenso allows you to suppress your account directly from our applications. The data, which identify you directly, such as name, email, phone number, etc., will then be deleted from our production servers.
Personal Data may be retained for a period of 3 months after you have suppressed your account within the security backups that Monsenso regularly make.
Non-personal data will be kept by Monsenso in an anonymised manner. Monsenso applies anonymization through randomisation, which according to “Opinion 05/2014 on Anonymization Techniques” from the EU Data Protection Working Party Article 29 chapter, is an anonymization technique that alters the veracity of the data in order to remove the strong link between the data and the individual.
7. RIGHT TO ACCESS YOUR DATA
On written request, you are at any time entitled to receive information regarding our processing of your personal data, e.g. which of your data we have registered, the purpose of processing, the categories of personal data concerned and the recipients to whom the data has been or will be disclosed.
8. RIGHT TO DATA PORTABILITY
You have a right to receive the personal data provided to us in a structured, commonly used and machine readable format and to transfer these data to another data controller if our processing of the data, for instance, is based on your consent or the processing is carried out by automated means.
9. RIGHT TO RECTIFICATION
You have the right to have incorrect personal data about you rectified by us without undue delay. If you become aware that there are errors in the data we have registered about you, we urge you to contact us in writing in order for us to rectify the data.
You can also correct the data you have provided when creating an account via log-in to your user profile.
10. RIGHT TO RESTRICTION
You have a right to restrict our processing of your personal data, e.g. if you contest the accuracy of your personal data.
11. RIGHT TO OBJECT TO YOUR DATA BEING PROCESSED
You may for legitimate reasons object to your Personal Data identifying you being processed by contacting us in writing.
You also have a right not to be the subject of a decision based exclusively on automated processing, including profiling, which has legal effect on you or similarly affects you significantly.
If you object to the processing, Monsenso will no longer process your Personal Data unless we can demonstrate compelling, legitimate reasons for continued processing which precede your interests, rights and freedoms or the processing is necessary to establish, exercise or defend a legal claim.
12. THE RIGHT TO WITHDRAW CONSENT
You are at any time entitled to withdraw your consent to our processing of your personal data. If you withdraw your consent, you must be aware that we under certain circumstances, for example where we have another legal basis for processing your data, are entitled to continue the processing. We will inform you in such cases.
13. THE RIGHT TO COMPLAIN
You are at any time entitled to file a complaint to a supervisory authority about our processing of your personal data. The Danish supervisory authority is the Data Protection Agency (in Danish “Datatilsynet”), Borgergade 28, 5, 1300 København K.
14. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Personal Data will not be sold, leased, transferred, shared, or otherwise accessed by or to any third parties other than to Monsenso who processes the data and sub processors on which Monsenso relies to perform certain aspects of these processing activities.
At your request and consent, Monsenso may pass on Personal Data to Care Providers and to your Caregivers.
Anonymised, aggregated, and statistical data may be transferred or shared with third parties.
Your data are stored on servers located in Denmark or in another European Community Member State. The personal data collected by Monsenso is protected by organisational, physical and logical security measures and are not communicated to unauthorised persons. Remote access to the servers is highly restricted and controlled.
Data in the Monsenso App on your smartphone can be protected by a PIN code.
All data communication between the Monsenso Services is protected by strong encryption. Hence, data traffic via the Internet between the Monsenso App and the Monsenso servers is encrypted.
16. LINKS TO OTHER SERVICES
17. DELETION OF PERSONAL DATA
If you do not use Monsenso Services over a consecutive period of one year, we will automatically delete the information we have registered about you although we for establishment, exercise of defence of legal claims and in case we are obliged hereto according to law store certain personal data for a longer period.
18. CONTACT INFORMATION
Rued Langgaards Vej 7
E-mail: firstname.lastname@example.org Phone: +45 30 25 15 26
© Monsenso 2017