Data security and privacy is important for you to feel safe using ImagineCare to facilitate your self-care.
This personal data policy explains how your personal data is handled on the following occasions:
- When you register to use ImagineCare
- When you use ImagineCare's mobile application with associated measuring devices
- When you contact ImagineCare customer support
Please note that your use of ImagineCare is also subject to the End User License Agreement that you agree to when you create your ImagineCare account on the registration page. The agreement is available at imaginecare.com/eula.
This personal data policy describes:
- Who is responsible for personal data and contact details for this person
- What personal data is collected
- Why and on what legal basis your personal data is processed
- Your consent to treatment
- How your personal data is stored, handled and shared
- Your rights
- What level of security is used to protect your personal data
- Handling in legal proceedings
- How changes to the personal data policy are implemented
- Where to turn in case of complaints
1. Personal data controller and contact details
ImagineCare is a mobile application developed to facilitate self-care by collecting health data. The application also provides the opportunity for digital communication with your healthcare provider via text or video. ImagineCare is owned and distributed by the Swedish company ImagineCare AB (organization number 559081-8356).
ImagineCare AB is responsible for the handling of personal data that you register or enter:
- In the mobile application (ImagineCare App) information about yourself that you enter on the profile page
- Health data that you enter yourself
- Health data view answers to automated questions asked in the question section of the app
- When using measuring devices connected to the mobile application
- Information you provide when you register to use ImagineCare
- When you create your secure ImagineCare account which you provide to support staff and which is then stored in support systems to help you with customer service issues.
ImagineCare AB is not responsible for any personal data that is collected via other websites or applications that you via your healthcare provider get access to via ImagineCare, for example if you receive a link to another website from your healthcare provider in a text message. We therefore ask you to be careful if you leave the application and ask you to read the personal data policies provided on these pages, since we in this case no longer are the ones collecting eventual personal data.
Your care provider is the personal data controller for the personal data that you or your care provider registers when you have contact with each other via the chat or video function in the mobile application. Contact your healthcare provider to learn about the personal data policy that applies to the handling of this personal data. ImagineCare AB is the personal data assistant for the care provider for the processing of personal data that takes place when you and your care provider have contact via chat or video. Data security and privacy are very important to us and we are committed to protecting your personal data in accordance with this policy, the European data protection regulation GDPR (General Data Protection Regulation), and other applicable data protection legislation.
You can always get in touch with us via: telephone on 08- 520 277 35 email at email@example.com
ImagineCare AB has also appointed a Data Protection Officer who is responsible for following up that all personal data is handled in accordance with applicable laws and regulations. You can reach the personal data representative directly at firstname.lastname@example.org.
2. Information collected about you
Here we describe what personal data is collected when you register to use ImagineCare, when you create or update your secure ImagineCare account and when you use the ImagineCare application on your mobile phone or tablet with associated measuring devices. We also describe what personal data is collected during customer service matters.
Data collected during registration and account creation.
When you register to use ImagineCare and create your secure account, the following personal data is always collected:
- First and last name as well as gender
- Date of birth and social security number
- Contact details (phone, email address, home address)
- Which health condition ImagineCare will support self-care for
- Which healthcare provider we will share your personal data with.
This information is needed for us to be able to deliver ImagineCare to you. You can also enter additional information yourself voluntarily, such as how and when you want to be contacted, your health history and additional health information. The information is used to personalize your mobile application and to make it easier for your healthcare provider to provide you with better service.
Data collected when you use the mobile application.
When you use ImagineCare's mobile application, the following personal data is automatically collected:
- Information about the type and version of the operating system you are using
- Which device you use
- Which language and which time settings you have chosen
- At what times you use the application.
This information is used to enable you to log into your secure ImagineCare account, to ensure that you have the correct version of the application and to provide automatic reminders to use the application as an aid in your self-care.
Data that is collected as you enter it yourself in the mobile application
All data that you register yourself in the mobile application will be stored in your secure ImagineCare account. This data is voluntary and is used so that you can measure your health values, to be able to personalize your user experience and so that your healthcare provider can provide you with a more personalized service. Information can be entered on the profile page in the application or via questions displayed in the application.
It may include information about:
- Your health values (weight, blood pressure, blood sugar)
- Time for measuring answers to questions about how you feel mentally and physically
- Your health goals and preferences
- Past and current health problems
- Other health information such as disability and similar
- Your medications
- Additional contact information relevant to you
- Social information such as things you like or dislike
- Additional information you wish to share such as marital status, education level, etc.
Data collected if you connect measuring devices, Google Fit, HealthKit to the mobile application
Data that arises when you use connected measuring devices yourself and connect these to the application will be stored in your secure ImagineCare account. This data will also be automatically analyzed with our algorithms together with other information that you have entered to be able to predict deteriorations in your health condition and provide you with preventive support in your self-care. What data is collected depends on which measuring devices you connect, but it may include data about:
- Your health values (weight, blood pressure, pulse, sleep, number of steps, etc. depending on the measurement unit)
- Time of measurement
- Which measurement unit is used.
Data collected when you send text messages in the application
When you send secure text messages to your caregiver in the application, the time of the text message and the content of the text message you send are stored. Remember to only send information that you want your caregiver to have access to. You can always access all your text messages in the application. The personal data controller for this information is your healthcare provider.
Information collected when you conduct video calls with your healthcare provider
When you conduct a video call with your healthcare provider, image and audio information will be temporarily stored, but this information will be automatically deleted when the video call ends. All transmission is encrypted. The only information that is saved is the time and duration of the call. The personal data controller for this information is your healthcare provider.
Information collected if your healthcare provider enters it
Your healthcare provider has the option to help you complete your information in your secure ImagineCare account by entering information for you when you have contact via text messages, phone or video calls. The care provider must then inform you of which data will be entered, so that you can consent to this data being saved. If you want to delete or change information that your healthcare provider has entered, you can easily contact our customer service or your healthcare provider. We ask that you also read through your healthcare provider's personal data and patient data policy to inform you about how your healthcare provider processes your personal data.
Data collected when you contact our customer service
When you contact our customer service, for example, to get or replace measuring equipment, access additional services, get help with troubleshooting or in other way request information from us, or communicate with us in other ways, information about you can be stored. We always strive to only store the information necessary to help you with what you want help with and to enable us to troubleshoot and fix any malfunctions in ImagineCare. The information may include the time and manner in which you contact us, description of the matter and the information you sent to us.
Information collected to investigate the use of ImagineCare
We may contact you by e-mail or telephone to investigate how you experience the use of ImagineCare. The purpose may then be to improve the security, service or user experience in ImagineCare. You always have the option of refusing to participate in the evaluation. You can also let us know if you don't want to be contacted again. In this case, we will only process your contact details to be able to contact you (email, telephone or address) and will not do any further processing of your other details. The information you choose to enter during the contact will not be saved together with your other personal data in your ImagineCare account, but will then be saved de-identified and separated from your ImagineCare account and will only be used to make statistics or a similar summary of the data.
Analysis data in case of computer crashes
The ImagineCare application may also collect data through Crashlytics or similar tools/services, which are analysis applications for mobile phones/tablets. It is used to log computer crashes and other events that may occur while using the application. The data collected may include what you were doing at the time of the crash or error code and what searches you performed while using the application and is used to understand why the error occurred and what needs to be done to prevent a recurrence. This data is not stored together with your other personal data contained in your ImagineCare account, but is used solely to improve the application.
ImagineCare may not be used by persons under the age of 18
ImagineCare is not intended for use by persons under the age of 18 or to collect information about persons under the age of 18. If you are under 18, do not use or enter any information into the application. If we become aware that we have collected or received infromation from a child under the age of 18, we will delete the information. If you believe we may have information about a child under the age of 18, please contact us immediatley so we can delete that information.
3. Why and on what legal basis your personal data is processed
ImagineCare is a service that makes it possible to measure and store your own health data to facilitate self-care. Health data is automatically analyzed so that deteriorations in health status can be identified early. In addition, ImagineCare facilitates and personalizes contact with regular care providers.
We handle your personal data partly to be able to fulfill our agreement with you, but also with your consent to facilitate your self-care. In some cases, we process your personal data to protect vital interests or to fulfill a legal obligation. We process your personal data for the following purposes divided by legal basis for processing:
Your consent to treatment
Personal data processing to fulfill our agreement with you
Personal data processing that takes place with your consent
With your express consent, we can process your personal data for the following purposes. Processing with your consent that is necessary for us to deliver the ImagineCare service to you: We process your health-related personal data so that you can measure and store your health data. We also automatically process the health data you enter or measure by analyzing it in our algorithms. The purpose is to be able to give you notices if your health values are outside of normal values, to be able to give you feedback on how your values change and to be able to adapt your ImagineCare application to your health situation and your preferences.
We automatically process your personal data in order to be able to share this with the healthcare provider from whom you receive ImagineCare when your health values exceed predefined thresholds or when you or your healthcare provider make contact with each other.
Processing with your consent, which is completely voluntary:
If we have your consent, in some cases we also process your personal data de-identified in order to be able to improve the ImagineCare application and to be able to develop new services. This means that we de-identify your data so that it cannot be traced back to you and then compile statistics to better understand how ImagineCare services can be improved. For example, the automatic analyzes or the user experience can be improved for a patient group such as all people with high blood pressure or diabetes. In such cases, your data is always analyzed de-identified. When your personal information is de-identified, we can also aggregate the results at a group level for all patients for whom your provider has provided access to ImagineCare, so that the provider can improve the use of ImagineCare. We never share your personal data with any other actor without your direct consent.
Personal data processing based on balance of interests
As ImagineCare is a medical device, we as a manufacturer have a responsibility to monitor the safety of the parts of ImagineCare that are used to support self-care. We may therefore process the part of your personal data that may be important for health and self-care. The purpose is then to follow up the security of the ImagineCare application in cases where we judge it to be of importance in order to be able to preserve and guarantee the security of you and other users of the platform.
We also process the personal data you provide when you register for and use ImagineCare to anonymously compile statistics on the use of ImagineCare for the healthcare provider who offers ImagineCare to you. It includes information about the number of users, the number of active users and similar statistics at the group level.
Personal data processing that is necessary to protect vital interests
If there is reasonable reason to believe that there is a major threat to your life, safety or health, we may in some cases process your personal data without your consent in order to, for example, contact a healthcare provider, the emergency services , SOS Alarm, the police authority or the fire brigade. We always notify you in cases where we carry out such processing.
Other processing of personal data
If we would like to process your personal data in any way other than what is described in this personal data policy, we need your express consent. In such cases, you will receive an updated personal data policy with an opportunity to accept or decline such processing. This also applies to being able to share sensitive personal data with other individuals or organizations in addition to what is described in this personal data policy. An example of when this could be relevant is if you are asked to participate in a research study. In such cases, you will be given a description of the research project and will then have the opportunity to accept or decline participation.
Withdrawal of consent
In this case, you can notify us at any time that you wish to withdraw your consent. In such case, no further processing of personal data about you will take place and your personal data will be deleted.
5. How your information is stored, managed and shared
Your personal data is only kept for as long as you have an ImagineCare account and for as long as there is a need to keep it to fulfill the purposes for which the data was collected in accordance with this personal data policy. This means that your personal data is stored as long as your secure ImagineCare account is active. When you close your ImagineCare account, we will delete all of your personal data. In order to fulfill the purposes for which the data was collected, your data may be registered, stored, used and shared with, among other things, approved healthcare providers and third-party providers as specified below. We will never share identifiable information without your consent, except for the purposes described below:
We share your information with your approved healthcare providers as part of fulfilling our contractual obligations to you. This means, among other things, that your healthcare provider receives notifications if automatic analyzes of your health values indicate that it may be needed. We also share your personal data with your healthcare provider if you contact the healthcare provider via chat or video. Your healthcare provider will then have access to your health values and the information you have entered into the mobile application in order to facilitate and personalize the contact with you. The healthcare providers that we share your information with are only the healthcare providers that provide ImagineCare to you, or other healthcare providers that you have requested that we share your information with.
We may share information with the emergency services, SOS Alarm, the police authority, the fire brigade or a healthcare provider in situations where there is reasonable reason to believe that there is an immediate threat to your life or safety.
To individuals approved by you
We can, if we have your consent, share your personal data with individuals. This may apply to relatives, care providers other than those who provide ImagineCare to you, or other individuals whom you want to have access to the personal data you have saved in ImagineCare. We only share such information when we have your direct consent.
Third Party Providers
We may provide information to our approved third-party service providers (subcontractors) if it is necessary for us to deliver the ImagineCare service to you. The following suppliers are relevant within the EU/EEA:
Our operating partners:
Our operating partner handles your information for the following purpose:
- Create secure accounts
- Manage the servers used for the application and the registration page to store your data encrypted
- To be able to automatically analyze your health data
- To be able to provide communication services such as telephone, chat and video calls
These service providers will only have access to the part of your data that is necessary to provide the services you have requested. When they access your information, we apply reasonable contractual and technical safeguards to limit the provider's use of the information they access. All these service providers are approved by us and have committed to handling your personal data in accordance with the Data Protection Regulation GDPR.
If it is necessary to deliver the service, additional subcontractors may be relevant in the future. We continuously update our data protection policy with current subcontractors. If you have further questions about our third-party providers, please contact us in accordance with item 1.
Transfer in event of sale or change of control
6. Your rights
If you wish to exert any of your rights, simply contact us by e-mail, telephone or mail according to the contact information provided in paragraph 1 of this document. We may need to ensure that it is really you who is contacting you, and you may therefore be asked for additional identification before we carry out your request. If you request information, this will primarily be delivered in a commonly used electronic format.
How you can get access to all your personal data
You always have access to most of the personal data you entered yourself in the ImagineCare application. If you want to receive all the data that is stored about you, you have the right to get this free of charge. You then receive it in a structured and machine-readable format that is considered the industry standard. You also have the right to have the data transferred to another personal data controller when it is technically possible.
How you can correct and delete your personal data
You always have the right at any time to request that we correct, supplement or delete personal data that is incorrect, incomplete or misleading. We can also do this on our own initiative. You also have the right in certain cases to have your personal data deleted, for example if it is no longer necessary for the purpose for which it was collected. You can also access and update certain personal data by logging into your account and going to the profile section of your ImagineCare application. You can also if you want to close your account and then we will no longer store your personal data.
Right to limitation of processing
You also have the right, under certain circumstances, to request that we limit our processing of your personal data, e.g. if you believe that the information is not correct.
7. Security level for protection of your personal data
Your privacy and security is very important to us. We therefore use the physical, technical and administrative security measures and safeguards that meet industry standards to protect your personal data in the best possible way. For example, your data is always stored encrypted and all data transmission via chat or video in the application is also encrypted. However, because the Internet is not a 100% secure environment, we cannot fully guarantee the security of the information you transmit to us. There is also no absolute guarantee that information will not be accessed, disclosed, altered or destroyed through a breach of any of our physical or technical safeguards.
It is very important that you protect your login information and never share it in any way. Please also remember that regular e-mails and regular mail you otherwise send to us are not encrypted, as are regular telephone calls, and we strongly recommend that you do not communicate any confidential information in these ways.
8. How your personal data is handled in the event of legal proceedings
If we receive an order from a court, authority or similar to comply with applicable laws and regulations, we may process and share your personal data, if it is necessary to comply with applicable laws, regulations, legal processes or enforceable authority decisions. Examples of such handling could be if we or the care provider become the subject of an audit by an authority such as the National Board of Health and Welfare or the Medical Products Agency. In such cases, we will do everything we can to ensure that the handling takes place in accordance with applicable laws and regulations and that your personal data is handled correctly.
9. Changes to the personal data policy
We are constantly working to improve the services we offer you. We may therefore need to update this personal data policy. If the changes involve a change, we will contact you via the email you have registered in your ImagineCare account. By continuing to use ImagineCare, you then approve the updates that are made. If you then do not agree to the changes, you have the option to terminate your ImagineCare account.
10. Comments or complaints
If you have questions, comments or complaints, do not hesitate to contact us via the contact channels described in item 1. You always have the right to object to the processing that we do of your personal data. You also have the right to submit any complaints directly to the Data Protection Authority. You also have the option of contacting our data protection officer via email@example.com.