7.1 User Consent
If you consent, the Application Provider will process the personal data listed in this section to be able to provide its services.
We distinguish between information that is necessary data (section 7.1.1) to safely store and protect your information and general data (section 7.1.2) that is voluntary for you to provide. Necessary data is obligatory and necessary to create a user in the Application.
General data will in some cases be required for us to provide specific services, e.g. entry of current blood glucose level or carbs is optional, but it will be needed to make a correct bolus calculation.
In connection with the handling of personal data, we do our utmost to collect and store only the absolutely necessary data in order to provide the expected service and meet the requirements set by regulatory and local authorities.
7.1.1 Necessary data
When setting up your profile you will be asked to provide the following information, which is necessary for us to set up your profile and provide you with access to our services. This includes email address, password (we only save an encrypted version), and user ID (assigned by us).
Device and consent information
To be able to provide our services and comply with regulations for medical devices, we process usage and device information which includes e.g. device ID, operating system, consents, and activity events for changes in settings or medical master information.
7.1.2 General data
Personal master information
Personal master information is entered when you set up your profile. The entered information can be found and changed in your account settings. Personal master information includes e.g. gender, date of birth, country, language, and time zone.
Medical master information
Medical master information is entered while setting up your profile, and they can later be found and changed in your account settings. Medical master information includes e.g. diabetes type, height, weight, injection method (pen/pump), type of insulin (long-acting and fast-acting), and blood glucose targets.
Medical data entries are made in conjunction with our services. Data processing will depend on your use of the product and services but may include e.g. time of entry, food items, carbohydrates, blood glucose readings, insulin dosage, events (e.g. physical activity), and mood.
Usage Data is automatically collected when using the Application. Data may include e.g. services used, application version updates, and activity time stamps.
7.2 Data processing purposes
Your personal data will be processed in compliance with Danish data protection legislation.
Apart from the data processing purposes described in section “Consent“, we also process your personal data beyond this – for the following purposes:
7.2.1 Data processing to provide you with our services
To be able to provide you with our services, we process the medical data and medical master information, you have provided us with, described in section 7.1.
7.2.2 Data processing for product improvement
To continuously improve and further develop our products and services that support self-management in diabetes, we analyze user-dependent data (device and consent information) and general data (personal master information, medical master information, medical data, and usage data), described in section 7.1, and implement the results in new product versions available to you in regular updates.
7.2.3 Data processing for marketing
We would like to send you information or news about our products and services and invitations to surveys and other marketing activities. The newsletters may also contain relevant information and invitations from carefully selected partners. It is optional for you to subscribe to these newsletters, and you can revoke your consent via the “Unsubscribe” link in the newsletter emails or in your user account settings.
Other marketing-related activities
By consenting and subscribing to our newsletter, you consent to receive invitations to other marketing-related activities e.g. surveys and interviews. Participation in these activities is voluntary, and if you choose to participate, consent will be obtained as required. We always explain why we need certain data, how we process it, and how you can revoke your consent.
We may show you offers within the app without processing your personal data. You will also see these non-customized advertisements if you have not provided your consent.
7.2.4 Data processing for other purposes
Medical Device Directives and Regulations
The Application is classified as a medical device, and therefore, we are subject to increased requirements for monitoring the user safety and functionality of our product. Your personal data will be processed in compliance with Danish data protection legislation.
Scientific research and statistics
In Hedia, we wish to contribute to scientific research in diabetes. We would like to invite our users to contribute with their personal data to scientific research projects. In compliance with ethical scientific standards, consents will be obtained for each specific scientific research project. We comply with the General Data Protection Regulation (GDPR), in which our legal basis for processing data for scientific purposes is stated in Article 9 (2) j.
As a user of the Application, it is optional for you to receive invitations to scientific research projects. If at any point you want to change or revoke your consent, you can do so in user account settings.
Enforcement of rights
In cases of suspected abuse of the Application, or to assert, exercise, or defend legal claims, we may have to process personal information and be forced into disclosure due to binding laws or criminal investigation. If this happens, the storage and processing of your data are permitted by law without your consent.
You are always welcome to contact us on firstname.lastname@example.org if you experience problems or want to file a complaint. In such cases, we may have to process the personal information that you have registered in our services to be able to properly respond to your inquiry.
7.2.5 Data Retention
We only store the personal information for as long as is necessary, in relation to the stated purposes above and for the duration of the contract. In exceptional cases, longer storage may be required in order to fulfil post-contractual obligations or to comply with statutory storage obligations or disclosure duties or to assert, exercise, or defend legal claims (limitation periods).
Once personal information is no longer necessary, the data is anonymised. This means that the information cannot be connected to an identifiable data subject.
7.3 Third-party suppliers
We (as a data controller) use third-party suppliers (data processors) to provide products, services, and support, and in some cases, we might need to disclose user data. Third-party suppliers and partners are bound by the agreements signed with the Application Provider, as well as by the GDPR, and only process data according to our instructions.
These suppliers provide us with services globally, including hosting services, customer support, information technology, marketing, research, and surveys.
7.3.1 Data storage for the Application
Personal information is stored on servers in Europe.
Some personal information is managed by a third-party supplier (data processor), which stores and processes personal data on behalf of the company in accordance with these terms and conditions and the applicable legislation on the protection of personal data.
7.3.2 Data transfers from the Application
You have the option to share and transfer your data from our services by generating a report and forwarding it to e.g. your healthcare professionals. If you choose to do so, please note that you are solely responsible for these data transfers.
7.3.3 Links to Third Party Sites
Hedia ApS cannot and has not reviewed all pages of the websites linked to this site and therefore cannot be liable for their content or data-handling policies.
Users link to other websites at their own risk and use such sites according to the terms and conditions of use of such sites.
Hedia ApS provides links to you only as a convenience, and the inclusion of any link does not imply endorsement by Hedia ApS or the website.