Privacy Policies

 
 

Privacy Policy for the App

Document History

Date Updated: 15th March, 2019

Date Effective: 15th March, 2019

Version 1: 27th February, 2019

Changes from the 15th of March - ‘Intended Use’ added.

Our story

We wanted to find ways to validate women’s under-recognised illnesses by providing adequate, accessible and individualised healthcare through the use of technology. From years of working in healthcare, to witnessing loved ones struggle to receive proper gynaecological care, we felt obligated to create an innovative solution for an often slow-moving, conservative industry. From this foundation, Endometrix was born.

We want you to know that our first responsibility is towards people who need help, and everything we do is, and will always be to make the world a better place. We have received a lot of love and support during our journey, and we are grateful to everyone who has shown us this love and support. By signing up to Endometrix, you have our honesty, transparency, love and gratitude. Thank you!

Intended Use

The intended use of Endometrix is to collect data to train a machine learning algorithm with the aim of developing predictive indicators for gynaecological conditions like endometriosis. Additionally, Endometrix can also be used to track health related symptoms (physical, emotional) and treatment (medical and/or non-medical) and find relationships between the two.

Note - Endometrix does not intend to replace the advice of healthcare professionals and should not be used a basis to make changes to medical and/or other treatments. We care about you, and we strongly suggest that you involve a healthcare professional when seeking advice.

Transparency

We believe that our first responsibility is towards you and we will always be transparent about the way we work and what kind of data we collect. We hope that you will find this privacy policy clear, honest and transparent.

We put you in charge of your data in compliance with General Data Protection Regulation (EU). To have your data erased, go to ‘Settings’ and then ‘Delete Account’ on the App, or simply email info@endo-metrix.com to request for account deletion.

With your consent

With your consent, we use data to build a better Endometrix - making our service faster, smarter and more useful to you. When you give us your data, you trust us to keep it secure. Any personal or sensitive information we hold about you is protected by strong encryption.

The data you track in Endometrix about your health and activities is considered sensitive personal data. It is only when you give us explicit consent by creating an account on Endometrix that we start storing all your health and sensitive data on our secured servers, alongside the personal data necessary to create an account.

Discover what we know about you

You can see your medical information entered in the ‘onboarding questionnaire’ or through the ‘Tracking’ functions. No medical information is stored on your phone, instead we use secure servers (Microsoft Azure, based in Western Europe) to hold all health data you track.

We need some of your personal data, such as your name, surname and email address, in order to create your Endometrix account.

If you use Facebook or Google to login, we also request your name, surname and email address.

If you have an account with Endometrix, your personal profile data is stored separately from your symptom tracking data and your service settings. This allows us to ensure the highest possible level of privacy for your data. Your password is stored using one-way encryption ("hashing" plus “salting”) and it cannot be read by us.

You can access most of your data via the app. If you would like to find out what information we hold about you, you can make a subject access request by emailing info@endo-metrix.com.

Endometrix does not knowingly collect or use personal data from individuals under the age of 18. By registering to an Endometrix account you are required to confirm that you are at least 18 years old.

Here are the three purposes for which we collect data:

For the purposes of Machine Learning

Our aim is to develop predictive indicators for gynaecological conditions by using the data you provide us with through the ‘on-boarding questionnaire’ and the ‘tracking’ functions on our app. Our plan is to implement machine learning on that data and serve as a diagnostic support tool for gynaecological conditions. Your data has the potential to help other people with gynaecological conditions, and we thank you in advance for registering with Endometrix.

We respect your privacy and want you to know that your data will be anonymised when it is being analysed. By accepting this privacy policy and by using our app, you explicitly agree to the collection and processing of your data. Should you disagree with it, we recommend you stop using our services and delete your account.

To understand your needs and deliver personalized insights

When you use the app, we process data in order to understand your usage of our services—for example, which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as whole, and to analyze bugs and fix issues. We are thoughtful about what we communicate and how often. You always remain in full control of your communication preferences with Endometrix.

Data improves the performance of our artificial intelligence, which in turn will provide you with a better service. When we use data to learn from, we always remove personal identifiers (such as your name and email) to ensure that your privacy is protected.

We collect device data that informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information.

The amount we collect has been minimized wherever possible to respect your privacy.

By accepting this privacy policy and by using our app, you explicitly agree to the collection and processing of your data. Should you disagree with it, we recommend you stop using our services, or simply uninstall the app.

To advance scientific research about gynaecological health

We want to help advance female health globally. Female health has historically been underserved as a field of research. Endometrix might fill this gap by sharing user data for the purposes of scientific and medical research about gynecological health. We want to make it very clear that we will personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been anonymized following a strict protocol that involves the removal of any information that could be used to identify any specific user. We will also communicate (via email and/or our website and/or our newsletter) to our users when we are doing this and the nature of the collaboration with researchers to be transparent and honest.

Once again, you can withdraw your consent to use of your data for these purposes at any time by deleting your account. If you do this, your data won’t be included in any future research partnerships.

By creating an account with Endometrix you explicitly consent that:

  1. Endometrix may store and process personal data you provide through the usage of the Endometrix app and through the account creation process solely for the purpose of providing Endometrix services to you and to improve Endometrix´s service features. Such Endometrix services may include sending you information and reminders through the Endometrix app, e.g. via push notification or to the email address you provided to Endometrix.

  2. Such personal data you provide to Endometrix through the account creation process for the purpose of providing Endometrix´s service includes personal data you enter into the Endometrix app, such as your account data (e.g. your name and email address), and your health data which may include your symptom.

  3. Endometrix will not transmit any of your personal data to third parties, except if it is required to provide the Endometrix service to you (e.g. technical service providers), unless Endometrix has asked for your explicit consent.

  4. Endometrix may use your health- and symptom track data to create anonymized sets of data for academic and clinical research purposes. Endometrix ´s collaborators will be individually selected through an internal vetting process. This anonymized research data cannot be linked to you as an individual or identify you in any way, and we will be transparent when this happens.

You may withdraw your consent to this use of your data at any time by deleting your Endometrix account.

Your rights

We believe that privacy—including data privacy—is a basic human right. At Endometrix we strive to ensure that your rights are respected.

Here are some key facts about your privacy that we would like you to know:

  1. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.

  2. The security of our servers is routinely verified by services to protect your data from unauthorised access. You can contact us at  info@endo-metrix.com if you have any questions about the security of our services.

  3. We do not retain your data in an identifiable format for longer than necessary to deliver our services.

  4. Endometrix does not engage in any automated decision-making or profiling activities.

As a user of Endometrix, you may exercise your user rights to:

  1. Request information on your personal data processed by Endometrix. Upon your request, this information will be provided to you electronically.

  2. Gain access to your information by requesting a backup of your data in a format that is readable by other companies or organisations (data portability). You can do so by sending us an email at info@endo-metrix.com and providing us your username/email. We will send your data across to you within 30 days.

  3. Correct your personal information and health data in the app settings and in the tracking categories available in the Endometrix app.

  4. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from our newsletter by clicking the link at bottom of the email or by contacting info@endo-metrix.com.

  5. Request the complete deletion of your data. Your data will be deleted within 30 days.

  6. Lodge a complaint with the relevant supervising authority if you believe Endometrix is processing your personal data under violation of applicable data protection regulations.

Endometrix´s recommendations for protecting your data

We believe the biggest threat to the security and privacy of your data is if someone gains access to any of your devices. The data you enter into Endometrix is private and it should stay that way. We have outlined some ways to keep your devices secure below.

Make sure you have a strong password.

Change your password frequently.

Keep your password safe.

Also, set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).

Data Security

We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

Changes to this Privacy Policy

Endometrix reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of Endometrix´s services, or advances in technology. Please check this page periodically for changes. If we make a change to this Privacy Policy that, in our sole discretion, is material, we will notify you by posting notice of these changes in this Privacy Policy.

Do not hesitate to reach out to us at info@endo-metrix.com if you have any questions.

Endometrix is made with <3 in Stockholm, Sweden.


Privacy Policy for the Webpage

Date Updated: 11th December, 2018

Date Effective: 11th December, 2018

Previous Version was dated 30th August, 2018.

Dear User,

The information provided at https://endo-metrix.com/ (the “Webpage”), (collectively the “Services”) which is provided by Endometrix AB, company registration number [559184-4815] having its registered address at H2 Health Hub, Hälsingegatan 45, Stockholm 11331, Sweden, (“we” or “us”).

Your privacy is important to us. Under the General Data Protection Regulation (2016/679), we are liable for the processing of personal data for which we decide the purposes and the means of processing. With “personal data” we mean information which is directly or indirectly referable to a natural living person, e.g. name and address but also possibly location data or IP addresses. We may collect the information set out below, which include your personal data.

This document contains a policy statement regarding our collection, use and processing of personal data, with whom we may share such data and your rights in relation to your personal data. When you use the Services, we will process personal data for various purposes. In order to use the Service you must first read and accept this Privacy Policy.


PROCESSED personal DATA

We collect and use personal data to deliver and maintain efficient and secure Services:

  1. Name

  2. Email Address

  3. IP Address;


Please note that we are unable to provide the Services unless you provide the above stated personal data.

When you use the Services, certain information will be collected automatically, including;

  1. Information about your use of the Services;

  2. Content that you post, upload and/or contribute to the Services

  3. Technical data, which may include the URL you are accessing the Webpage from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information and operating system];

If you have connected your user account with us to a social media channel such as Facebook, Instagram, Twitter, Pinterest and/or Linked, we may receive similar information related to your interactions with the Services from such channels. We may use cookies and similar technologies to collect this information. More information regarding our use of cookies is provided below.

PURPOSES OF PROCESSING and legal bases

We will process the information set out above for the following purposes:

  1. To administrate your account, to enable and provide the Services and integration with third party services, and to provide, personalize and improve your experience with the Services, and to otherwise provide the Services according to the terms of use]. The processing of personal data for this purpose is based on [the necessity for the fulfilment of our agreement with you and our legitimate interest to provide you with a customised experience that is tailored to your preferences;

  2. to send you alerts or messages by email or otherwise, including to provide you with marketing of our and our related parties’ products and services] based on [our legitimate interest to send you promotional material about products and services you might be interested in];

  3. To inform you about updates of the Services or the terms of use] based on [our legitimate interest to keep you posted about developments of the Services (such as new features) and the terms you agreed to use the Services under];

  4. To improve and develop the Services or new services and products and to analyse your use of the Services] on the basis of [our legitimate interest of offering you up-to-date Services based on your use of the Services, and to develop new products and services that cater to your preferences];

  5. To ensure the technical functioning of the Services and to prevent use of the Services in breach of the terms of use] to be able to [fulfil our agreement with you and based on our legitimate interest to ensure that our Services are not abused for the protection of ourselves and our other users];

  6. To enforce the terms of use, including to protect our rights, property and safety and also the rights, property and safety of third parties if necessary] on the basis of [our legitimate interest of protecting our business, our Services users and other third parties]; and

  7. To fulfil requirements by law].

For processing activities that are based on a legitimate interest, we carefully balanced such legitimate interest with your right to privacy, and concluded that our interest outweighs your rights and freedoms and that you are likely to be okay with our processing of your personal data in this way.

CONSENT

By clicking the “I accept” button in the user account set up flow at the Webpage, or similar, you agree:] [Alternatively: By creating a user account at our Webpage you agree:

  1. to the processing of personal data as set out in this Privacy Policy;

  2. to receive direct marketing from us or related third parties, e.g. by email or otherwise.

You have the right to refuse your personal data being used for direct marketing and you may at any time recall your prior consent.

Retention of personal data

We store your personal data for as long as necessary to perform the Services, unless there is a legal obligation to store the data for longer.

DISCLOSURE OF PERSONAL DATA

We will not share and disclose your personal data to our partners and suppliers and related third parties for the above stated purposes within and outside the EU/EEA where you may have less legal rights in relation to your personal data.

You understand and agree that the privacy policy of third parties will govern all use of information provided to third parties in accordance with this Privacy Policy.

COOKIES, PIXELS AND OTHER SYSTEM TECHNOLOGIES

We collect information through technology like cookies, pixels and local storage (like on your browser or device). For information about how we use system technologies and analytic tools and how you can prevent the use of cookies, please see our Cookie Policy (available here https://endo-metrix.com/cookies/ .  

Social Plug-ins

When you call up a webpage of ours on which a social plug-in (like button) is implemented, your browser will then establish a direct link to one of our social media channels (“Social Plug-in”) and will then transmit the following data to the Social Plug-in directly:

  1. date and time of your visit;

  2. the Internet address/URL of the site that you are currently visiting;

  3. your IP address;

  4. your browser;

  5. your operating system;

  6. your user code if you are a registered user of Social Plug-in and if applicable your surname and first name; and

  7. if you click on the plug-in, of course the information that you have used this specific plug-in.

We explicitly make reference to the fact that we ourselves do not have any influence on the scope of the data which Social Plug-in collects with the help of the plug-in and that with regard to data protection we have to rely on the data usage guideline of Social Plug-in. Please inform yourself further on Social Plug-in specifically about the purpose and scope of the data collection and your rights in this regard and the setting options to protect your privacy using the data usage guidelines.

However, it is of course possible to prevent the placing of cookies by settings in your browser. In addition, it is also possible to block the social plug-ins of Social Plug-in with add-ons for your browser.

RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM

We may access, preserve and share your information in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations, if we have a good faith belief that the applicable law require us to do so.

This may include responding to legal requests from jurisdictions outside of the European Union or the European Economic Area where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.

Information that we receive about you on the Webpage using our Services, may be accessed, preserved and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our terms of use or policies, or otherwise to prevent harm.

SOME OTHER THINGS YOU NEED TO KNOW

Links to other webpages

You should be aware that when you are on our Webpage you may be directed to other sites where the personal information collected is outside of our control. The privacy policy of the new site will govern the information obtained from you on that site.

Change of Control

If the ownership of our business changes, we may transfer your information to the new owners so they can continue the Services. The new owner will still have to honour the commitments we have made in this Privacy Policy.

Notice of changes

If we make changes to this Privacy Policy we will notify you by publication here [insert hyperlink to the page on your webpage where these policies are posted]. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.

Your Privacy Rights under EU law

You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds, except for direct marketing.

You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to obtain a copy of the personal data that we process relating to you free of charge once (1) every calendar year. For any additional copies requested by you, we may charge a reasonable fee based on administrative costs.

If the processing is based on the legal grounds consent or fulfilment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to another data controllers.

To exercise the aforementioned rights, or if you have any questions about our sharing practices, your rights under EU law, or wish to have your personal information removed, please contact us at the following address: info@endo-metrix.com or Endometrix AB, located at H2 Health Hub, Hälsingegatan 45, Stockholm 11331, Sweden. In order to ensure that you receive a swift response, please state your full name and, if applicable, your address, user name and the email address used for registration. Note that you should sign the request to receive information of the processing of your personal data yourself.

If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Notice of changes to the Privacy Policy

If we make changes to this Privacy Policy we will notify you by having a revision history on our webpage. If your consent is required due to the changes, we will provide you additional prominent notice as appropriate under the circumstances and, ask for your consent in accordance with applicable law.