Privacy policy

RheumaBuddy APP  

The purposes of the processing 

The purpose of the collection is to provide our service, the RheumaBuddy app (“the system”), to you for free and generate revenue through research and development done by public institutions and private companies.  
 
The system is an app that helps you gain greater control of your arthritis by getting a better overview of your symptoms. The system is also a tool to help you document the development in your disease in-between rheumatologist visits and prepare for your next consultation. In an online community for users of the system, users can discuss, connect, seek advice or offer to help peers. More features are added on a regular basis.  
 
No individual person’s data will be used as we and our partners are purely interested in general insights based on data analysis. In this way, your use of the system helps improve treatment for others. When we share your personal data, we make sure it is as anonymized as possible without making the personal data useless. This means it will in most cases be very hard to identify you.  
Moreover, we continually improve the system by analyzing your use and the content you provide. The purpose also includes support services should you have trouble with the system.   
 
To provide the service we also send you messages and notifications via e-mail, SMS, MMS, and in the app with offers to use new functions or provide new personal data. You can change your settings for notifications in the system (opt-in or opt-out), but some of the functions might not deliver you full value without notifications enabled. You are always welcome to contact us for enquiries about your account by contacting us at support@rheumabuddy.com

As part of the service, some functions of the system offer you the possibility to share personal data with e.g., other users, your doctor, health authorities, and researchers. Sharing your personal data will only take place if you choose to activate or use the different functions in the system. 

 

The lawful basis for the processing 

As we are located in the EU, the General Data Protection Regulation (GDPR) applies to the collection of personal data irrespective of where the data subject is located. 
The basis for our collection and processing are:  

  • Article 9(2a) of the General Data Protection Regulation (explicit consent for special categories of personal data) and  

  • Article 6(1a) of the General Data Protection Regulation (consent) 

 

The categories of personal data collected 

As we are a service for tracking your health condition, a partner in research and development projects and an online community, we collect the personal data you continually provide using the system.    
 
Collected personal data could include your name, address, private e-mail and telephone number, birth date and close family relations. We also collect personal data related to your condition e.g., your physical activity, your medicine, and your diet.    
 
Moreover, we also collect technical data from the devices you are using, for instance via Apple Health and Google Fit, if you have accepted this explicitly. 
 
Collected data is only shared with data processors and is not sent or shared with other parties.  

 

The recipients or categories of recipients of the personal data 

Recipients of personal data might include but is not in all cases limited to: healthcare professionals, researchers, public authorities (hospitals, clinics, etc.) and pharmaceutical companies and other users.  
 
Finally, we disclose personal data to our IT service providers (data processors).  

The details of transfers of the personal data to any third countries or international organizations. 
No personal data collected in the EU is transferred outside the EU/EEA 

The retention periods for the personal data. 
When a user requests an account deletion by contacting us support@rheumabuddy.com, a deletion and anonymization process is activated. 
 
The process includes assessing if we are obligated to store some or all the personal data for a longer period of time according to the GDPR and the applicable local laws. If we are not obligated to store the personal data and we have no other lawful grounds for further processing, we delete or anonymize the personal data. If the user is inactive for 24 months, the deletion and anonymization process is activated. 

 

The source of the personal data 

The personal data have been obtained during the onboarding process in the system and your continued use. 

  

The details of whether individuals are under a statutory or contractual obligation to provide the personal data 

If you do not provide us with the personal data, we need to fulfil the purposes, we are unable to provide the system for free. If you do not wish to provide us with the personal data, we need to fulfil the purposes, we might not be able to provide you with the full services or functions of the system 

 

The details of the existence of automated decision-making, including profiling 

We do not base any automated decision-making, including profiling, referred to in Article 22(1) and (4) of the General Data Protection Regulation on personal data from users. Thus, no decision is based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects concerning the user. 

 

The rights available to individuals in respect of the processing 

As we are bound by the GDPR due to our location you have the following rights:  

  • Your right of withdrawal: if you wish to withdraw your consent, please request the deletion of your account at support@rheumabuddy.com – At any time you can withdraw your consent by turning off functions in the system or by deleting your account.  

  • Your right of access - You have the right to ask us for copies of your personal information. 

  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. 

  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances. 

  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. 

 
The rights are limited in scope and application. Moreover, the rights are applied on a case-by-case basis to each data subject request.  
 
Please be aware, that in some instances we are joint controller with one or more parties regarding your personal data. This might be where you have consented to giving us access to personal data you have shared or registered with a third party, e.g., Apple Health. If your request concerns personal data that is covered by a joint controllership, we might refer you to the third party for further resolving of your request.  
 
You are not required to pay any charge for exercising your rights.   
If you make a request, we must provide information on action taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In that case, we will inform of any such extension within one month of receipt of the request, together with the reasons for the delay.  
 
Please contact us if you wish to make a request. When you make the request please specify your request as best you can. This will help us process your request more quickly. 

The right to lodge a complaint with a supervisory authority 

You can lodge a complaint with your local Supervisory Authority in the EU:  
https://edpb.europa.eu/about-edpb/board/members_en 
 
If you live outside the EU, please contact the Danish Data Protection Agency (check current coordinates on the website listed above).  
 
Denmark  
 
Datatilsynet  
Carl Jacobsens Vej 35  
2500 Valby  
Tel. +45 33 1932 00  
email: dt@datatilsynet.dk 

Website: http://www.datatilsynet.dk 

Before you do, we hope you will contact us, the data controller, directly to give us a chance to solve the matter. 

The name and contact details of the organization (data controller) ", 

Daman P/S  
Strandgade 4A  
1401 Copenhagen K  
Denmark  
Business reg. no.: 33591489  
 
+45 29 70 18 00    
contact@damandigital.com 

 

Changes 

We may change the privacy notice from time to time including if we change the purpose of the processing. If we do, we will inform you in the app or via e-mail. The applicable privacy notice will be available in the app at all time. 

Change Log   

Precisions added under the following paragraphs: "Purposes of the processing" and "The rights available to individuals in respect of the processing" 


 
Version  1.1  
August 2021