Date Updated: 15th March, 2019
Date Effective: 15th March, 2019
Version 1: 27th February, 2019
Changes from the 15th of March - ‘Intended Use’ added.
We wanted to find ways to validate women’s under-recognised illnesses by providing adequate, accessible and individualised healthcare through the use of technology. From years of working in healthcare, to witnessing loved ones struggle to receive proper gynaecological care, we felt obligated to create an innovative solution for an often slow-moving, conservative industry. From this foundation, Endometrix was born.
We want you to know that our first responsibility is towards people who need help, and everything we do is, and will always be to make the world a better place. We have received a lot of love and support during our journey, and we are grateful to everyone who has shown us this love and support. By signing up to Endometrix, you have our honesty, transparency, love and gratitude. Thank you!
The intended use of Endometrix is to collect data to train a machine learning algorithm with the aim of developing predictive indicators for gynaecological conditions like endometriosis. Additionally, Endometrix can also be used to track health related symptoms (physical, emotional) and treatment (medical and/or non-medical) and find relationships between the two.
Note - Endometrix does not intend to replace the advice of healthcare professionals and should not be used a basis to make changes to medical and/or other treatments. We care about you, and we strongly suggest that you involve a healthcare professional when seeking advice.
We put you in charge of your data in compliance with General Data Protection Regulation (EU). To have your data erased, go to ‘Settings’ and then ‘Delete Account’ on the App, or simply email email@example.com to request for account deletion.
With your consent
With your consent, we use data to build a better Endometrix - making our service faster, smarter and more useful to you. When you give us your data, you trust us to keep it secure. Any personal or sensitive information we hold about you is protected by strong encryption.
The data you track in Endometrix about your health and activities is considered sensitive personal data. It is only when you give us explicit consent by creating an account on Endometrix that we start storing all your health and sensitive data on our secured servers, alongside the personal data necessary to create an account.
Discover what we know about you
You can see your medical information entered in the ‘onboarding questionnaire’ or through the ‘Tracking’ functions. No medical information is stored on your phone, instead we use secure servers (Microsoft Azure, based in Western Europe) to hold all health data you track.
We need some of your personal data, such as your name, surname and email address, in order to create your Endometrix account.
If you use Facebook or Google to login, we also request your name, surname and email address.
If you have an account with Endometrix, your personal profile data is stored separately from your symptom tracking data and your service settings. This allows us to ensure the highest possible level of privacy for your data. Your password is stored using one-way encryption ("hashing" plus “salting”) and it cannot be read by us.
You can access most of your data via the app. If you would like to find out what information we hold about you, you can make a subject access request by emailing firstname.lastname@example.org.
Endometrix does not knowingly collect or use personal data from individuals under the age of 18. By registering to an Endometrix account you are required to confirm that you are at least 18 years old.
Here are the three purposes for which we collect data:
For the purposes of Machine Learning
Our aim is to develop predictive indicators for gynaecological conditions by using the data you provide us with through the ‘on-boarding questionnaire’ and the ‘tracking’ functions on our app. Our plan is to implement machine learning on that data and serve as a diagnostic support tool for gynaecological conditions. Your data has the potential to help other people with gynaecological conditions, and we thank you in advance for registering with Endometrix.
To understand your needs and deliver personalized insights
When you use the app, we process data in order to understand your usage of our services—for example, which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as whole, and to analyze bugs and fix issues. We are thoughtful about what we communicate and how often. You always remain in full control of your communication preferences with Endometrix.
Data improves the performance of our artificial intelligence, which in turn will provide you with a better service. When we use data to learn from, we always remove personal identifiers (such as your name and email) to ensure that your privacy is protected.
We collect device data that informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information.
The amount we collect has been minimized wherever possible to respect your privacy.
To advance scientific research about gynaecological health
We want to help advance female health globally. Female health has historically been underserved as a field of research. Endometrix might fill this gap by sharing user data for the purposes of scientific and medical research about gynecological health. We want to make it very clear that we will personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been anonymized following a strict protocol that involves the removal of any information that could be used to identify any specific user. We will also communicate (via email and/or our website and/or our newsletter) to our users when we are doing this and the nature of the collaboration with researchers to be transparent and honest.
Once again, you can withdraw your consent to use of your data for these purposes at any time by deleting your account. If you do this, your data won’t be included in any future research partnerships.
By creating an account with Endometrix you explicitly consent that:
Endometrix may store and process personal data you provide through the usage of the Endometrix app and through the account creation process solely for the purpose of providing Endometrix services to you and to improve Endometrix´s service features. Such Endometrix services may include sending you information and reminders through the Endometrix app, e.g. via push notification or to the email address you provided to Endometrix.
Such personal data you provide to Endometrix through the account creation process for the purpose of providing Endometrix´s service includes personal data you enter into the Endometrix app, such as your account data (e.g. your name and email address), and your health data which may include your symptom.
Endometrix will not transmit any of your personal data to third parties, except if it is required to provide the Endometrix service to you (e.g. technical service providers), unless Endometrix has asked for your explicit consent.
Endometrix may use your health- and symptom track data to create anonymized sets of data for academic and clinical research purposes. Endometrix ´s collaborators will be individually selected through an internal vetting process. This anonymized research data cannot be linked to you as an individual or identify you in any way, and we will be transparent when this happens.
You may withdraw your consent to this use of your data at any time by deleting your Endometrix account.
We believe that privacy—including data privacy—is a basic human right. At Endometrix we strive to ensure that your rights are respected.
Here are some key facts about your privacy that we would like you to know:
Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.
The security of our servers is routinely verified by services to protect your data from unauthorised access. You can contact us at email@example.com if you have any questions about the security of our services.
We do not retain your data in an identifiable format for longer than necessary to deliver our services.
Endometrix does not engage in any automated decision-making or profiling activities.
As a user of Endometrix, you may exercise your user rights to:
Request information on your personal data processed by Endometrix. Upon your request, this information will be provided to you electronically.
Gain access to your information by requesting a backup of your data in a format that is readable by other companies or organisations (data portability). You can do so by sending us an email at firstname.lastname@example.org and providing us your username/email. We will send your data across to you within 30 days.
Correct your personal information and health data in the app settings and in the tracking categories available in the Endometrix app.
Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from our newsletter by clicking the link at bottom of the email or by contacting email@example.com.
Request the complete deletion of your data. Your data will be deleted within 30 days.
Lodge a complaint with the relevant supervising authority if you believe Endometrix is processing your personal data under violation of applicable data protection regulations.
Endometrix´s recommendations for protecting your data
We believe the biggest threat to the security and privacy of your data is if someone gains access to any of your devices. The data you enter into Endometrix is private and it should stay that way. We have outlined some ways to keep your devices secure below.
Make sure you have a strong password.
Change your password frequently.
Keep your password safe.
Also, set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).
We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.
Do not hesitate to reach out to us at firstname.lastname@example.org if you have any questions.
Endometrix is made with <3 in Stockholm, Sweden.
Date Updated: 11th December, 2018
Date Effective: 11th December, 2018
Previous Version was dated 30th August, 2018.
The information provided at https://endo-metrix.com/ (the “Webpage”), (collectively the “Services”) which is provided by Endometrix AB, company registration number [559184-4815] having its registered address at H2 Health Hub, Hälsingegatan 45, Stockholm 11331, Sweden, (“we” or “us”).
Your privacy is important to us. Under the General Data Protection Regulation (2016/679), we are liable for the processing of personal data for which we decide the purposes and the means of processing. With “personal data” we mean information which is directly or indirectly referable to a natural living person, e.g. name and address but also possibly location data or IP addresses. We may collect the information set out below, which include your personal data.
PROCESSED personal DATA
We collect and use personal data to deliver and maintain efficient and secure Services:
Please note that we are unable to provide the Services unless you provide the above stated personal data.
When you use the Services, certain information will be collected automatically, including;
Information about your use of the Services;
Content that you post, upload and/or contribute to the Services
Technical data, which may include the URL you are accessing the Webpage from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information and operating system];
PURPOSES OF PROCESSING and legal bases
We will process the information set out above for the following purposes:
to send you alerts or messages by email or otherwise, including to provide you with marketing of our and our related parties’ products and services] based on [our legitimate interest to send you promotional material about products and services you might be interested in];
To improve and develop the Services or new services and products and to analyse your use of the Services] on the basis of [our legitimate interest of offering you up-to-date Services based on your use of the Services, and to develop new products and services that cater to your preferences];
To fulfil requirements by law].
For processing activities that are based on a legitimate interest, we carefully balanced such legitimate interest with your right to privacy, and concluded that our interest outweighs your rights and freedoms and that you are likely to be okay with our processing of your personal data in this way.
By clicking the “I accept” button in the user account set up flow at the Webpage, or similar, you agree:] [Alternatively: By creating a user account at our Webpage you agree:
to receive direct marketing from us or related third parties, e.g. by email or otherwise.
You have the right to refuse your personal data being used for direct marketing and you may at any time recall your prior consent.
Retention of personal data
We store your personal data for as long as necessary to perform the Services, unless there is a legal obligation to store the data for longer.
DISCLOSURE OF PERSONAL DATA
We will not share and disclose your personal data to our partners and suppliers and related third parties for the above stated purposes within and outside the EU/EEA where you may have less legal rights in relation to your personal data.
COOKIES, PIXELS AND OTHER SYSTEM TECHNOLOGIES
When you call up a webpage of ours on which a social plug-in (like button) is implemented, your browser will then establish a direct link to one of our social media channels (“Social Plug-in”) and will then transmit the following data to the Social Plug-in directly:
date and time of your visit;
the Internet address/URL of the site that you are currently visiting;
your IP address;
your operating system;
your user code if you are a registered user of Social Plug-in and if applicable your surname and first name; and
if you click on the plug-in, of course the information that you have used this specific plug-in.
We explicitly make reference to the fact that we ourselves do not have any influence on the scope of the data which Social Plug-in collects with the help of the plug-in and that with regard to data protection we have to rely on the data usage guideline of Social Plug-in. Please inform yourself further on Social Plug-in specifically about the purpose and scope of the data collection and your rights in this regard and the setting options to protect your privacy using the data usage guidelines.
However, it is of course possible to prevent the placing of cookies by settings in your browser. In addition, it is also possible to block the social plug-ins of Social Plug-in with add-ons for your browser.
RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations, if we have a good faith belief that the applicable law require us to do so.
This may include responding to legal requests from jurisdictions outside of the European Union or the European Economic Area where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
SOME OTHER THINGS YOU NEED TO KNOW
Links to other webpages
Change of Control
Notice of changes
Your Privacy Rights under EU law
You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal, and we may continue processing your personal data based on other legal grounds, except for direct marketing.
You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to obtain a copy of the personal data that we process relating to you free of charge once (1) every calendar year. For any additional copies requested by you, we may charge a reasonable fee based on administrative costs.
If the processing is based on the legal grounds consent or fulfilment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to another data controllers.
To exercise the aforementioned rights, or if you have any questions about our sharing practices, your rights under EU law, or wish to have your personal information removed, please contact us at the following address: email@example.com or Endometrix AB, located at H2 Health Hub, Hälsingegatan 45, Stockholm 11331, Sweden. In order to ensure that you receive a swift response, please state your full name and, if applicable, your address, user name and the email address used for registration. Note that you should sign the request to receive information of the processing of your personal data yourself.
If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.