PRIVACY POLICY
Privacy Policy describes the information we collect, how we collect the information, the reasons we collect information, and how we share or use the information we collect. This Privacy Policy also describes the choices you have with the information we collect, including how you can manage, update, or request to delete information. By using our Platform, App or Stand you are agreeing to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, you may contact us at any time.
GeniusCare is not a medical group or health care provider. We provide our users with tools for the efficient conduct of the physiotherapy process from the side of therapy management, assignment of training and control of its execution in medical facilities. The healthcare providers who are our clients are responsible for providing you with a Notice of Privacy Practices describing its collection and use of your health information.
1. Terms and Definitions
App- “GeniusCare” mobile application.
Personal information- means individually identifiable information, i.e. information that identifies an individual or may with reasonable efforts cause the identification of an individual.
Platform- Our website and webplatform for healthcare providers, PTs and medics.
Privacy Policy- This privacy policy.
Products- Every product We provide including GeniusCare App, Webplatform, The Stand and more.
Services- Any services provided through our Platform, App or Stand including home workout application that we offer through our mobile App and on-site workout in medical units with our Stand.
This Privacy Policy describes the types of information we may collect from you when:
-
You visit or use our Platform, Website and/or App;
-
We communicate in e-mail, text message, and other electronic messages between you and us; and
-
We communicate in person, such as on the phone or through a visit.
2. Personal Information
2. Personal Information
We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):
-
Personal Information that you provide when registering for our Services, including by creating a user account and by filling in forms, as well as through use of our Services, whether as a medic and/or a patient;
-
Personal Information that you provide us to process your payment for the Services insofar as payment is due;
-
Personal Information that you provide us when participating in surveys, questionnaires or quizzes produced by the GeniusCare;
-
Personal Information that you provide to us through our contact form or our company email address, in order for us to contact you; please do not provide more Personal Information than is required for us to contact you.
-
Personal Information that you provide to us when we speak to you in meetings or by telephone.
This may include:
-
your full name, your email address, your phone number, your address, your gender, your age;
-
your user profile, which may include, user ID’s, pictures, health status and/or other medical information, age, sex;
-
your biometric information such as body metrics, exercise data and history, exercise statistics, range of motion;
3. How we collect data
-
From mobile device.
-
When You Contact Us. When you contact GeniusCare directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
-
Cookies. We may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Platform or Services through your computer or mobile device.
-
A “cookie” is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. Some of the cookies we use are "session" cookies, meaning that they are automatically deleted from your hard drive after you close your browser at the end of your session. Session cookies are used to optimize performance of the Website and to limit the amount of redundant data that is downloaded during a single session. We also may use "persistent" cookies, which remain on your computer or device unless deleted by you (or by your browser settings). We may use persistent cookies for various purposes, such as statistical analysis of performance to ensure the ongoing quality of our Platform and/or the Services. We and third parties may use session and persistent cookies for analytics and advertising purposes, as described herein. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access or use certain parts of our Platform or the Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
4. Collected data
In connection with the registration and creation of a user account in the App, We collect the following Data from you (hereinafter: "User Data"):
-
First name,
-
Gender,
-
Email-Address,
-
Telephone number,
-
Password,
-
Activation code,
-
Activation e-mail,
-
Health insurance und
-
Answers to medical history questions.
We process your User Data to:
-
Create a personal user account for you;
-
Determine whether the use of the App is medically indicated for you;
-
To check whether your Data is complete, including telephone or electronic contact for any queries,
-
If necessary, the processing of data for queries with you by telephone or email,
-
Provide you with the Portal, Services, mobile app and associated features
In the following, We will describe how We process your Data in connection with using the App and the associated features:
-
Categories of data
In connection with using the App and the associated features, We collect the following Data from you (hereinafter: "Application Data"):
-
Profile and status data,
-
Therapy units completed,
-
Enrolled courses,
-
Medical questionnaires,
-
Therapy development metrics,
-
E-mail address,
-
Push tokens, and
-
Training weekdays.
-
Purposes of data processing
We process your Application Data to provide the App and associated features, in particular:
-
Provision and reminder to do your therapy units,
-
Provision of information on your therapy units by e-mail or push notification as well as a PDF export for the user and the attending physician,
-
Visualization of the progress of your therapy,
-
Adaptation of your personal therapy units,
-
Reminder of health check appointments to ensure the App is used safely and as intended, and
-
Provision of information, e.g. on security-relevant updates and events.
Collection of device data for the technical provision of the App:
In the following, We will describe how We process your Data when collecting device data for the technical provision of the App:
-
Categories of data
In connection with using the App, GeniusCare server automatically collects the following Data from you (hereinafter: "Technical Data"):
-
App and operating system version, and
-
Anonymized IP address (last octet(s) masked).
-
Purposes of data processing
We process your Technical Data to:
-
Enable an uninterrupted and safe operation of the App, and
-
Obtain information about security-relevant events as well as to provide updates.
5. How do we use the data:
-
Rehabilitation progress monitoring, adjusting tranings and plans and single exercises;
-
Operate, maintain, supervise, administer, and enhance our Platform or the Services, including monitoring and analyzing the effectiveness of content on the Platform, aggregate site usage data, and other usage of the Platform and/or the Services such as assisting you in completing the registration process.
-
Provide our Products and Services to you, in a custom and user-friendly way.
-
Provide you with information, Products, or Services that you request from us or that may be of interest to you.
-
Promote and market our Platform and/or the Services to you. For example, we may use your Personal Information, such as your e-mail address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving these e-mails at any time as described below.
-
Contact you in response to a request.
-
To notify you about changes to our Platform and/or the Services or any Products we offer or provide through them.
-
Fulfill any other purpose for which you provide it.
-
Anonymize and aggregate information for analytics and reporting.
-
To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
-
Authenticate use, detect fraudulent use, and otherwise maintain the security of our Platform and the safety of others.
-
To administer surveys and questionnaires.
-
To provide you information about goods and services that may be of interest to you, including through newsletters.
-
Any other purpose with your consent.
6. How do we share your Personal information
We do not sell, rent or lease your Personal Information.
We may share Personal Information with affiliates, service providers and other third parties, as necessary for them to perform functions on our behalf, aimed at fulfilling the purposes for collecting and processing the information, such as cloud vendors, billing providers, subcontractors providing us processing services, etc., provided that any such third party will commit to protect your privacy under the Applicable Laws and in accordance with this Policy.
We may share Personal Information with third parties in certain circumstances or for certain purposes, including:
-
Our business purposes. We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security advisors. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
-
Your healthcare providers or family. With your consent, we may share your information, including information collected from your use of our
Platform, with your health care providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
-
Other health-focused mobile apps. With your consent, we may share your profile information and data collected from your connected devices with other health-focused mobile applications installed on your mobile device to help you track your health and wellness information. If you share your information with these apps, your Personal Information, including your health information, will be used in accordance with privacy policies for those separate apps, not this Privacy Policy.
-
With your consent. We may share your Personal Information if you request or direct us to do so.
-
Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
-
Business Transfer. We may share your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
-
To improve our Platform. We may use your Personal Information for internal testing, research, analysis, and product development, including to develop and improve our website/application, and to develop, improve, or demonstrate our products and services.
7. Your rights
-
The right to access– you have the right to request a review of your Personal Information held by us.
-
The right to rectification– you have the right to request that we correct any Personal Information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
-
The right to erasure– under certain conditions, you may be entitled to require that we delete or “block” your Personal Information (e.g. if the continued processing of a specific information is not justified or if the lawful basis for processing is consent).
-
The right to restrict processing– in certain circumstances, you have the right to request that we restrict the processing of your Personal Information.
-
The right to object to processing– where that lawful basis for processing your Personal Information is our “legitimate interests”, those lawful bases are not absolute, and you may have a right to object to such processing.
-
The right to data portability– under certain conditions, you have the right to request that we transfer the Personal Information that we have collected about you to another organization, or directly to you.
-
Right to withdraw consent: if the processing of your Personal Information is based on your consent, you have the right to withdraw your consent to such processing at any time.
-
The right to to lodge a complaint with the supervisory authority for data protection if they believe that the processing of their personal data violates the provisions of the GDPR.
8. Automated Decision-Making and Profiling
As part of our operations, we may engage in automated decision-making and profiling based on your personal data. This involves using software and algorithms to process your data and make decisions without human intervention. Automated decision-making and profiling can help us enhance our services, personalize your experience, and improve operational efficiency. However, we are committed to ensuring that these processes are fair, transparent, and respect your rights under the GDPR.
Types of Automated Decisions and Profiling:
-
Service Personalization: We may use automated processes to analyze your preferences, behavior, and interactions with our platform to offer personalized content, recommendations, and services.
-
Risk Assessment: Automated systems may assess risks associated with transactions, such as detecting fraudulent activities or ensuring compliance with regulatory requirements.
-
Marketing and Advertising: We may use profiling to tailor marketing messages and advertisements to your interests and preferences based on your activity and interactions with our services.
Logic and Consequences:
-
The algorithms we use analyze various data points to identify patterns and make predictions. For example, we may analyze your usage data to recommend specific exercises or rehabilitation plans.
-
The outcomes of these automated processes may influence the content and recommendations you see on our platform, the marketing messages you receive, or the assessment of your eligibility for certain services.
Your Rights:
-
Right to Object: You have the right to object to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you. You can request human intervention, express your point of view, and contest the decision.
-
Right to Explanation: You have the right to request an explanation of the logic involved in automated decision-making processes and the potential consequences for you.
-
Right to Restriction: You can request the restriction of automated processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or the lawfulness of the processing.
We strive to implement appropriate safeguards to protect your rights, freedoms, and legitimate interests. Our goal is to ensure that automated decision-making and profiling are conducted in a fair, transparent, and accountable manner.
9. Data Security
There are always risks associated with providing Personal Information, whether in person, by phone or via the internet or other technologies, and no system or technology is completely safe or “tamper”/”hacker” proof. We take the safeguarding of your Personal Information very seriously, and use a variety of industry standard systems, applications and procedures to protect the information from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Platform, and the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of the Platform and Services and protection of your privacy.
You should take steps to protect against unauthorized access to your password and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. In addition, you should take steps to protect against unauthorized access to Personal Information stored on your premises as well as defining limited access rights to such information on a need to know basis.
10. Data Retention
We retain different types of information for different periods, depending on the purposes for processing the data.
-
We may retain Personal Information for as long as necessary in order to support our legitimate business purposes, for example, for storing data, for documentation, for improving the Platform and/or the Services, for cyber-security management purposes, legal proceedings and tax issues.
-
We may store aggregated non-personal Information without time limit.
-
In any case, as long as you use the GeniusCare Platform, Mobile app or the Stand, we will store information about you, unless we are legally required to delete it, or if you exercise your rights to delete the information.
11. Legal Basis for Data Processing
We process personal data on the following legal bases as required by the GDPR:
-
Consent: We may process your personal data based on your explicit consent. This applies, for example, when you voluntarily provide information for certain purposes, such as subscribing to newsletters or participating in surveys.
-
Contractual Necessity: We process personal data to perform our contractual obligations to you or to take steps at your request prior to entering into a contract. This includes processing necessary for providing our services, managing user accounts, and handling customer support requests.
-
Legal Obligation: We process personal data when it is necessary to comply with our legal obligations, such as maintaining records for tax, accounting, and regulatory purposes, or responding to lawful requests from public authorities.
-
Legitimate Interests: We process personal data when it is necessary for the purposes of our legitimate interests, provided that these interests are not overridden by your fundamental rights and freedoms. This includes processing for improving our services, securing our platform, preventing fraud, conducting analytics, and direct marketing.
-
Vital Interests: In certain cases, we may process personal data to protect your vital interests or those of another person, for example, in emergency situations where the processing of personal data is necessary for medical reasons.
-
Public Task: We may process personal data when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
By providing these legal bases, we ensure that our processing of personal data is in compliance with GDPR requirements.
12. Transfer of Personal Data to Third Countries
In some cases, we may transfer your personal data to countries outside the European Union (EU) or the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your personal data and to comply with the requirements of the GDPR.
-
Adequacy Decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
-
Standard Contractual Clauses (SCCs): In the absence of an adequacy decision, we use standard contractual clauses approved by the European Commission, which provide appropriate safeguards for the protection of personal data. These clauses contractually oblige the recipient to protect your data to the same standard as required within the EU.
-
Binding Corporate Rules (BCRs): For transfers within a corporate group, we may use binding corporate rules, which are internal policies approved by data protection authorities that ensure adequate protection of personal data within the group.
-
Derogations for Specific Situations: In specific situations, we may transfer your personal data to third countries based on specific derogations provided by the GDPR, such as when the transfer is necessary for the performance of a contract between you and us, or with your explicit consent.
-
Additional Safeguards: We may implement additional safeguards such as encryption, anonymization, or pseudonymization of personal data to ensure its protection during transfer.
We will always inform you about the transfer of your personal data to third countries and the specific safeguards that are in place to protect your data. Our goal is to ensure that your personal data receives the same level of protection as within the EU.
13. Changes to this Policy
We may change the terms of this Policy from time to time by posting notice on the Platform and Services. However, we will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances.
If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.
Your continued use of the Platform and Services following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the GeniusCare Platform, Services and Products.
14. Controller, contact data, and management
The data protection controller within the meaning of Article 4 (7) GDPR is:
GeniusCare sp. Z o.o.
Sierakowskiego 52 / 23, 91-321 Łódź, Polska
e-mail: f.baranski@geniuscare.pl