Privacy policy
GENERAL INFORMATION
This document describes how Endometrix AB, company registration number 559184-4815 having its registered address at Hälsingegatan 45, 113 31 Stockholm (“Endometrix”, “we” or “us”) collects, uses and processes Personal Data (“Privacy Policy”). This Privacy Policy is applicable when you visit www.endo-metrix.com (the “Website”) and interact with the Website, when you sign up and use the application (the “Application”), which is collectively referred to as the “Services”.
All definitions in this Privacy Policy shall be interpreted in accordance with applicable data protection laws which refers to the General Data Protection Regulation (Regulation no. 2016/679) and the Directive on Privacy and Electronic Communications (Directive 2002/58/EC), as well as the national implementations and related national legislation such as the Patient Data Act (Sw. Patientdatalagen (2008:355)).
DATA PROCESSED
We will process the following personal data:
name;
email address;
IP address;
invoicing data;
health related data; such as your menstrual cycle, sexual health, sexual activity and specific gynaecological symptom data;
information about your use of the Services;
technical data, which may include the URL you are accessing the Website from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information and operating system; and
location data.
Unless you provide us with the personal data above, we are unable to provide you with the Services in its entirety and for its intended purpose. However, if you choose not to provide us with some of your personal data, for example your health related data, you are still able to use the Services with limited functions and take part of general information.
PURPOSES OF PROCESSING
We will process the personal data set out above for the following purposes:
Your name and email address will be processed:
to administer your account, to enable and provide the Service and integration with third party services and to provide, personalise and improve your experience with the Services, and to otherwise provide the Services according to the Terms of Use based on the fulfilment of contract we have with you about the provision of the Services;
to inform and communicate with you in regard to the Services based on the contract we have with you about the provision of the Services.
to send you newsletters by email, including to provide you with marketing of our Services that may be of specific interest to you. This processing is based on your consent;
Your health related data such as your menstrual cycle, sexual health, sexual activity and specific gynaecological symptom data will be processed to provide you with personalized instructions and recommendations to maximise your use of the Services, as well as to improve and develop our Services or new services to help more people. This processing is based on your explicit consent and described further under the Section “Sensitive personal data” below.
Information about your use of the Services, location data and technical data will be processed to improve and develop the Services or new services and to analyse your use of the Services based on our legitimate interest to improve and develop our Service and offer Services that can be of help you and other people.
Information about your use of the Services, location data and technical data will also be processed to ensure the technical functioning of the Services based on the fulfilment of contract we have with you.
We may have to process some personal data for the purposes of fulfilling legal requirements, such as invoicing data that will be stored for at least 7 years. In this case, our legal ground for processing will be a legal requirement by which we are bound.
For processing activities that are based on a legitimate interest, we carefully balanced such legitimate interest with your right to privacy and concluded that our interest outweighs your rights and freedoms and that you are likely to be okay with our processing of your personal data in this way.
SENSITIVE PERSONAL DATA
Some personal data, such as your sexual activity and other health related information, may include special categories of personal data, (also called “sensitive personal data”). Such sensitive personal data is always processed by us on a legal basis of your explicit consent. We will use this data to analyse your use of the Services to provide you personalized instructions and recommendations to maximise your use of the Services, as well as to improve and develop our Services or new services to help more people, provided that you explicitly consent to us processing your personal data for this purpose.
We may also process your sensitive personal data for the purposes set out in the Patient Data Act in regard to the prevention, investigation and treatment of diseases and injuries that you are suffering from within health and medical care. However, we do not have an obligation to keep any medical records and will therefore not process your personal data for this purpose.
DISCLOSURE OF PERSONAL DATA
We may have to share and disclose your personal data to related third parties for the above stated purposes within and outside of the EU/EEA where you may have less legal rights in relation to your personal data.
The services we are currently using are Google Cloud Platform (the server is located in the EU) and EXPO (650 Industries, Inc.)
RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM
We may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.
COOKIES, PIXELS AND OTHER SYSTEM TECHNOLOGIES
We collect information by using technology such as cookies, pixels and tags (on your browser or device). For information about how we use this type of technologies, please see our cookie policy https://endo-metrix.com/cookies.
We also use the Facebook SDK to track app downloads and purchases when we or our partners run ad campaigns. You can read more about Facebook’s platform policies here https://www.facebook.com/about/privacy/ - and the facebook developer policy here - https://developers.facebook.com/policy/
RETENTION
We store your personal data for as long as necessary to perform the Services, unless there is a legal obligation to store the data for longer. The personal data is deleted when it does not longer fulfil the purpose stated in this Privacy Policy. Health related data and information of your use of the Service will be aggregated and anonymised once the purposes have been fulfilled and used for machine learning to develop predictive indicators for specific gynaecological conditions and to advance research with healthcare facilities, research organisations and universities.
CHILDREN
The Services are not directed to persons under the age of thirteen (13). If you are a parent or guardian of a person under the age of 13 and you become aware of that the child has provided personal data to us without your consent, please contact info@endo-metrix.com to exercise your access, rectification, erasure, limiting of processing and objection rights.
YOUR RIGHTS
You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to withdraw your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds, except for direct marketing.
You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to obtain a copy of the personal data that we process relating to you free of charge once (1) every calendar year. For any additional copies requested by you, we may charge a reasonable fee based on administrative costs.
If the processing is based on the legal grounds consent or fulfilment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to another data controllers.
CONTACT INFORMATION
To exercise the aforementioned rights, or if you have any questions regarding our processing of your personal data, please contact us at info@endo-metrix.com. In your email please state your full name and contact information. Note that you should send the request to receive information of the processing of your personal data yourself.
If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Change of Control
If there is a change of control in our business, we may transfer your information to the new owners for them to continue to provide the Services. The new owners shall continue to comply with the commitments we have made in this Privacy Policy.
NOTICE OF CHANGES TO THE PRIVACY POLICY
If we make changes to this Privacy Policy, we will notify you by uploading the new Privacy Policy on https://endo-metrix.com/privacy-policy. If your consent is required due to the changes, we will provide you additional prominent notice as appropriate under the circumstances and, ask for your consent in accordance with applicable law.