We have updated our Terms and Conditions. These will go into effect on February 1st 2021. Read them here.
Terms and conditions for your use of the Hedia Application
Your use of the Hedia Diabetes Assistant (the “Application”) is governed by this agreement entered into between you and Hedia ApS CVR 37664618, Fruebjergvej 3, 2100 København Ø (the “Application Provider”).
1.1 Please read the following information carefully. By clicking “Agree” in the Application, you agree to the following terms and conditions:
2.1 Subject to the terms and conditions of this agreement, the Application Provider grants you a free of charge, non-exclusive, non-transferable, revocable license to use the Application for the purpose of receiving suggestions for insulin intake and related use.
2.2 Any use of the Application outside the license specifically granted by the Application Provider constitutes an infringement of the Application Provider’s intellectual property rights and is a material breach of this agreement.
3 Restrictions on License
3.1 Except as otherwise specifically permitted in this agreement, you may not:
(i) modify or create any derivative works of the Application;
(ii) copy the Application except as provided in this agreement or elsewhere by the Application Provider;
(iii) separate the Application, which is licensed as a single service, into its component parts;
(iv) reverse engineer, decompile, or disassemble or otherwise attempt to derive the source code for any software product of the Application (except to the extent applicable laws specifically prohibit such restriction);
(v) redistribute, encumber, sell, rent, lease, sublicense or otherwise transfer rights to the Application. You may NOT transfer the Application under any circumstances; or
(vi) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Application.
4 Safety Information
4.1 Before commencing use of the Application, you should always discuss the use of the Application with your diabetes educator or physician. You should only use the personal settings if you agree with them.
4.2 The suggested rapid-acting insulin dose calculated by the Application is intended only as a guide. If you are in any doubt about the recommended rapid-acting insulin dose, you must follow the advice of your diabetes educator or physician.
4.3 The suggested rapid-acting insulin dose will be invalid if you enter incorrect data or have not recorded any insulin dose which occurred in the preceding 4 hours. The suggested rapid-acting insulin dose is only valid for the person for whom the Application has been personalised.
4.4 Do not rely only on the rapid-acting insulin dose calculation:
(i) When using the Application, you agree that the Application Provider is providing you with medical advice intended only as an indicative recommendation.
(ii) You must confirm that the rapid-acting insulin dose calculated by the Application is in accordance with that recommended by your physician or diabetes educator and you must take action on any signs or symptoms of hypoglycemia.
5.1 Whilst every reasonable attempt has been made by the Application Provider to ensure that the calculated insulin dose is accurate, the Application cannot take account of all the many variables that impact the life of a person with diabetes and on resulting blood glucose levels. The Application Provider does not guarantee the accuracy of the results provided by the Application.
5.2 As the Application is provided free of charge to end-users, the Application is licensed “as is”. The Application Provider expressly does not warrant that the service will meet your requirements or that operation of the service will be uninterrupted or error-free, hereunder that you will have continued access to the Application or any data within the Application at any time.
6 Limitation of Liability
6.1 To the fullest extent permitted by law the Application Provider:
(i) excludes all liability in respect of loss of data, adverse health consequences, or any consequential or incidental loss that you may suffer as a result of using the Application; and
(ii) excludes all representations, warranties or terms (whether express or implied) other than those expressly set out in these terms and conditions.
6.2 The Application Provider’s total aggregate liability for all claims relating to these terms and conditions is limited to the replacement cost of the Application.
6.3 These Terms and Conditions are to be read subject to any legislation which prohibits or restricts the exclusion, restriction or modification of any implied warranties, conditions or obligations. If such legislation applies, to the extent possible, the Application Provider limits its liability in respect of any claim to, at the Application Provider’s option to:
(i) the replacement of the Application; or
(ii) the payment of the replacement cost of the Application.
7 Processing of Personal Data
7.1 User Consent
If you consent, the Application Provider will process the personal data listed in this section to be able to provide its services.
We distinguish between information that is use-dependent data for us to safely store and protect your information and general data that is voluntary for you to provide. Use-dependent data is obligatory and necessary to create a user in the Application.
General data will in some cases be required for us to provide specific services, e.g. entry of current blood glucose level or carbs is optional, but it will be needed to make a correct bolus calculation.
When setting up your profile you will be asked to provide the following information, which is necessary for us to set up your profile and provide you with access to our services. This includes email address, password (we only save an encrypted version), and user ID (assigned by us).
Device and consent information
To be able to provide our services and comply with regulations for medical devices, we process usage and device information which includes e.g. device ID, operating system, consents, and activity events for changes in settings or medical master information.
Personal master information
Personal master information is entered when you set up your profile. The entered information can be found and changed in your account settings. Personal master information includes e.g. gender, date of birth, country, language, and time zone.
Medical master information
Medical master information is entered while setting up your profile, and they can later be found and changed in your account settings. Medical master information includes e.g. diabetes type, height, weight, injection method (pen/pump), type of insulin (long-acting and fast-acting), and blood glucose targets.
Medical data entries are made in conjunction with our services. Data processing will depend on your use of the product and services but may include e.g. time of entry, food items, carbohydrates, blood glucose readings, insulin dosage, events (e.g. physical activity), and mood.
Usage Data is automatically collected when using the Application. Data may include e.g. services used, application version updates, and activity time stamps.
7.2 Data processing purposes
Your personal data will be processed in compliance with Danish data protection legislation.
Apart from the data processing purposes described in section “Consent“, we also process your personal data beyond this – for the following purposes:
Data processing to provide you with our services
To be able to provide you with our services, we process the medical data and medical master information, you have provided us with, described in section 7.1.
Data processing for product improvement
To continuously improve and further develop our products and services that support self-management in diabetes, we analyze user-dependent data and general data, described in section 7.1, and implement the results in new product versions available to you in regular updates.
Data processing for marketing
We would like to send you information or news about our products and services and invitations to surveys and other marketing activities. The newsletters may also contain relevant information and invitations from carefully selected partners. It is optional for you to subscribe to these newsletters, and you can revoke your consent via the “Unsubscribe” link in the newsletter emails or in your user account settings.
Other marketing-related activities
By consenting and subscribing to our newsletter, you consent to receive invitations to other marketing-related activities e.g. surveys and interviews. Participation in these activities is voluntary, and if you choose to participate, consent will be obtained as required. We always explain why we need certain data, how we process it, and how you can revoke your consent.
We may show you offers within the app without processing your personal data. You will also see these non-customized advertisements if you have not provided your consent.
Data processing for other purposes
Medical Device Directives and Regulations
The Application is classified as a medical device, and therefore, we are subject to increased requirements for monitoring the user safety and functionality of our product. Your personal data will be processed in compliance with Danish data protection legislation.
Scientific research and statistics
In Hedia, we wish to contribute to scientific research in diabetes. In compliance with ethical scientific standards, we use user data in research, statistics, and internal analyses. We comply with the General Data Protection Regulation (GDPR), in which our legal basis for processing data for scientific purposes is stated in Article 9 (2) j.
As a user of the Application, it is optional for you to make your personal data available to scientific research. If at any point you want to change or revoke your consent, you can do so in user account settings.
Enforcement of rights
In cases of suspected abuse of the Application, or to assert, exercise, or defend legal claims, we may have to process personal information and be forced into disclosure due to binding laws or criminal investigation. If this happens, the storage and processing of your data are permitted by law without your consent.
You are always welcome to contact us on firstname.lastname@example.org if you experience problems or want to file a complaint. In such cases, we may have to process the personal information that you have registered in our services to be able to properly respond to your inquiry. You’ll hear from us within 24 hours.
7.3 Third-party suppliers
We (as a data controller) use third-party suppliers (data processors) to provide products, services, and support, and in some cases, we might need to disclose user data. Third-party suppliers and partners are bound by the agreements signed with the Application Provider, as well as by the GDPR, and only process data according to our instructions.
These suppliers provide us with services globally, including hosting services, customer support, information technology, marketing, research, and surveys.
Data transfers from the Application
You have the option to share and transfer your data from our services by generating a report and forwarding it to e.g. your healthcare professionals. If you choose to do so, please note that you are solely responsible for these data transfers.
7.4 Encryption and anonymization
We use a combination of technical, administrative, and physical controls to maintain the security of your data. Each data transfer is encrypted during transfer in the application.
We may also use other processes for encryption of user data for the purpose of data security. This is dependent on the type, scope and purpose of the relevant data processing. For example, a data processor does not receive any user data that is not directly required for completing their tasks.
7.5 Data Transfer (EU and other countries)
We (data controller) work together with partners (data processors) who are primarily based in or whose servers are located in the European Union (EU) or European Economic Area (EEA). Data transmission within the EU and EEA is under the GDPR, which applies to all member states.
In some circumstances, we appoint third-party suppliers (data processors) who are located in or who have servers outside the EU, such as data hosting services in the USA.
However, even in these cases, your personal data is subject to a high protection level in line with the GDPR – either through an EU adequacy decision, or through certain standard contractual clauses approved by the EU, which the contractual relationships with our contracted data processors are based on, or through comparable legal instruments permitted under the GDPR.
In any case, all third-party suppliers are subject to the obligations in these terms and conditions.
In addition, we ensure that our partners have additional security standards in place, such as individual security measures and data protection provisions or certifications under the GDPR.
7.6 Your Rights
Revocation of consent
Based on your consent, we may process your user data. You may revoke this consent at any time.
However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.
Information, correction, and restriction
As a user, you have the right to request information on the processing of your personal data. To do so, please contact us at any time at email@example.com. You’ll hear from us within 24 hours.
Your right to information also covers information on the processing purposes, data and recipient categories, storage time, the origin of your data, and your rights under the data protection regulations.
Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data by yourself in the Application under your account settings. You have the right to restrict data processing for the duration of any investigation review that you have requested.
Deletion (“right to be forgotten”)
As a user, you have the right to request the deletion of your personal data. To do so, please contact us at any time at firstname.lastname@example.org. You’ll hear from us within 24 hours.
Ability to transfer data
As a user, you have the right to request that we provide an overview of your personal data to another responsible party if this is technically feasible.
7.7 Processing personal data as part of our complaint handling
If a complaint is related to our service, we reserve the right to view the user’s entries and settings in our database. This is done as part of the complaint investigation process and to improve the troubleshooting.
Should you feel that we are not protecting your data protection right adequately, please feel free to contact us at any time at email@example.com. We will make sure to handle your request immediately, and you’ll hear from us within 24 hours.
You can always file a complaint about the processing of your personal data to the Danish Data Protection Agency through their website, if you believe that the processing of your personal data is not in compliance with the data protection regulations.
8 Changes and updates to our Terms & Conditions
As technology and processes, as well as data protection legislation, can change over time, we have to undertake changes to this agreement from time to time.
We will inform you of changes whilst granting an appropriate advance notice period and if necessary, obtaining new consents. Either via our website or other means which we find appropriate.
Any change to this agreement will be effective 30 calendar days after we have notified you of such changes.
9 Complaints and feedback
9.1 You are always welcome to provide suggestions or feedback to us on firstname.lastname@example.org.
9.2 As a consumer, you can under certain conditions file a complaint with the Consumer Complaints Board (in Danish “Forbrugerklagenævnet”) by contacting Forbrugerklagenævnet, Konkurrence- og Forbrugerstyrelsen, Carl Jacobsens Vej 35, 2500 Valby or through the website.
9.3 In order to file a complaint, you can also use the EU’s online dispute resolution platform.