As a user of the Medical Device, you acknowledge that you have already consented to the processing of your personal data, including your health data collected by the Medical Device (hereinafter the “Usage data”), for the purpose of being provided with digital services related to the said device, more specifically to monitor your sleep rhythm and disorders by providing information about your condition in order to optimize the doctor's follow-up and facilitate your patient-doctor relationship.
By downloading and using the APP, you consent to the processing of your personal data, including health data, by BMC Medical (France) SARL (SIREN 952 235 141), as data controller.
We respect your privacy and strive to collect your personal data responsibly and to protect it. To do so, we comply with the applicable laws, in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR), French Law No. 78-17 of January 6, 1978 and subsequent applicable regulations (the "Regulations").
Why we process your personal data and legal basis for processing.
We will only process your personal data for the following purposes:
Enable you to register, subscribe and purchase digital services related to the APP,
Provide youwiththe digital services related to the APP, more specifically to enable you to monitor your sleeping pattern and disorders by providing information on your condition, to facilitate your patient-doctor relationship, and to enable you to adjust the parameters of your Medical Device via the APP,
Enable you to consult your Usage data and share it with anyone you wish, for example your doctor or family members,
Provide maintenance and technical support services,
Any other purpose compatible with the purposes for which your personal data was originally collected.
We also process your personal data to ensure the continuous improvement and development of services related to the APP. Usage data collected for this purpose will be encrypted,
We rely on your explicit consent to the aforementioned data processing on any health data that is classified hereinafter as being a “special category of personal data” under the Regulation.
In accordance with relevant laws and regulations, we may process your personal data without seeking your consent when this is necessary: (1) to perform of legal duties or obligations, (2) to respond to an emergency including a public health emergency, when we are required to do so by governmental health bodies, (3) to maintain the safe and stable operation of the Medical Devices and/or the related digital services, such including the detection and removal of their failures, or (4) in any other circumstances stipulated by laws and administrative regulations.
What data is collected.
The following categories of personal data are collected as being necessary for the proper functioning of the APP:
Your personal data when using the Medical Device:
General categories of personal data: your name, gender,date of birth, height and weight, and your contact information, namely e-mail address /phone number, postal address (non-essential)
Special categories of personal data:
yourdevice’s Usage data, which include all information included in your therapy reports, namely used time, treat pressure, respiratory indices (AHI, AI, HI, CAI) and leak of each day, etc. You can choose to allow the APP to upload these data to the cloud or not in the interface “More”; and
device data, namely product model, serial number, last sync, release version, complete version, product ID, product PIN, and setting changes, parameters adjustments, device logs, length of time the device has run since the last service, total device run time, date and time of when data was last erased, date and time when therapy was last run (essential)
Your Usage data and identification data are used to identify and fix issues in the APP, and to perform statistical analyses and research to improve our services.
Personal data in feedbacks and questions that you submit.
When you submit feedbacks or questions through the APP, you may share your email address, online logs, Medical Device logs and serial number, and any additional information you may submit to us voluntarily.
This information is used to help us resolve the questions or problems for which you contact us. We will respond to you with relevant information regarding your comments. We also use this information to comply with a legal obligation under the laws applicable to medical devices and the provision of health-related services.
Special categories of personal data
How we collect your data
Your personal data is collected when you use the APP and connect your Medical Device to the APP. In accordance with the Regulations, your health data may only be recorded if you have given your free and informed consent and have been informed of your rights.
The APP uses technical cookies that enable the APP's main services to function optimally. These technical cookies cannot be disabled, except by refusing all cookies in your smartphone settings. However, your user experience may be negatively affected.
How we protect your data
Your personal data remains strictly confidential. Your data is disclosed internally within our business only to relevant staff members who need it to perform their duties. In view of the sensitive nature of the personal data collected and the risks involved in processing them, we undertake to take all necessary precautions to protect the security of your personal data and, in particular, to prevent it from being altered, damaged or accessed by unauthorized third parties.
We use a combination of technical and administrative security controls to maintain the security of your data. Although we make every effort to protect your personal data, we cannot guarantee the total security of personal information transmitted to us via the Internet. Please note that there are no "perfect security measures" on the information network. If we confirm that your personal data has been subject to a data breach, data breach notifications will be made.
When using the APP, we recommend that you enable PIN or fingerprint security on your smart device (refer to your smart device user instructions), enable the remote data wipe function on your smart device as this allows you to remotely erase personal data from your smart device if it goes missing (refer to your smart device user instructions), and keep your operating system up-to-date with security patches. Ensure that you always have the APP latest version installed on your smart device.
With whom we share your personal data with.
Your personal data will only be accessible to those persons who need access to it for the purposes indicated above and/or when required by law.
We may share your personal data in a controlled and secured manner, with third-party service providers engaged to provide certain aspects of the service on our behalf as data processors, such as hosting services, maintenance services, assessing compliance risks, analyzing data, and conducting customer relationship management. Contractual guarantees are taken to ensure that such service providers apply adequate security and confidentiality measures. In doing so, we ensure that personal data is adequately protected and processed only in accordance with our instructions. Such service providers may not use your personal data for any other purpose.
Your personal data may be shared with any of our affiliates or subsidiaries, and any companies owned or controlled by BMC Medical (France) SARL. We may share your personal data if some or all of our business is transferred to another entity by way of merger, sale of its assets or otherwise.
Besides, you may decide to share your Usage data with third person by voluntary communicating it to them by email through the APP. You control who share your data with.
Where your data is hosted and processed. Your personal data is stored and processed in compliance with the Regulations.
Your data is hosted in the Europe union by Amazon Web Services, Inc. (AWS), which is a Health Data Host within the meaning of the applicable regulations and is recognized as such by the certification issued by Bureau Veritas Certification France on 13 January 2023.
Our data processors are also located in the European union.
How long we retain your personal data.
We will only retain your personal data for as long as it is necessary for the purposes for which it was collected and processed. Personal data no longer required for the stated purposes will be kept for a maximum of six months from last use of the APP.
Your personal data rights.
In accordance with the Regulations, you have the right to:
Request access to your personal data.
Request information on the recipients of your personal data and on the purposes of data processing,
Request rectification of personal data that may be inaccurate or obsolete,
Request the deletion of your personal data,
Request restrictions on the processing of your personal data,
Object to the processing of your personal data,
Define guidelines for the processing of your personal data after your death,
Exercise your right to data portability.
The processing of your personal data is subject to your consent, which you may withdraw at any time. However, please note that withdrawing your consent does not affect the lawfulness of the processing previously carried out on your data.
You may exercise your rights by contacting our Referent: Gabrielle Pierre-Lenfant by e-mail：email@example.com .
Please note that you have the right to lodge a complaint with the supervisory authority in your country of residence. In France, you should contact the CNIL (Commission Nationale de l’Informatique et des Libertés) either from its website via the online complaint teleservice, or by post by writing to: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Use of the APP by children.
The APP is not intended for, or directed to, children. If a parent or legal guardian becomes aware that their child has provided us with personal data without appropriate consent, please contact us by sending an email firstname.lastname@example.org. If we confirm that a user is a minor and has provided us with his or her personal data, we will delete their information from our databases.
You consent to the processing of your personal data, including your health data, via the APP, for the purposes for which you have provided this data and acknowledge the legitimacy of processing such data. The APP offers the possibility of registering consent(s) or opposition(s) to the processing of personal data.
Applicable law, competent jurisdiction, and Policy update.
If you have any questions or concerns about privacy, please contact us: Official website: https://en.bmc-medical.com Email: email@example.com Tel: +86 400-800-4235