FibriCheck

Privacy Policy

1.5.0

2021-10-28

The present Privacy Policy is supplied electronically for the registration of the application. A paper format is available on request at support@fibricheck.com

2-minute-read summary

We care about your privacy. That’s a fact.

Just read our privacy policy. Or - seeing as privacy policies are long, boring and full of legalese - read this short summary. It contains all the necessary information and lets you know exactly how we process your Personal Data. .

What is there to know?

First of all, we live and die by our mantra: you always remain the sole owner of your data.

What information do we collect about you?

  • When you start using the FibriCheck App, we will ask you to create an account to allow secure storage of your data. In this respect we collect limited general personal details such as your name and email address, together with demographic information like your age, gender, country.
  • By using our Services, you will provide us with your health data and health related data (such as your measurements). Otherwise we cannot do what we do best: detect cardiac arrhythmias. In case you also complete our medical survey, you will provide us with additional health data and health related data (such as information regarding your medication use, care path, …). Given its sensitive nature, additional technical and organizational measures shall be taken to safeguard your information.
  • We collect information about the device you use to access the FibriCheck App or FibriCheck Dashboard to assure quality.
  • When you have technical issues, questions about our services or feedback, we keep track of your communication with the FibriCheck team.

Why do we collect this information?

  • To assist you in your health journey to timely detect cardiac arrhythmias and prevent unnecessary strokes.
  • To provide customer support.
  • To improve our Services and make sure you can make optimal use of FibriCheck.
  • To contact you and keep you up to date about our Services.
  • To send you questionnaires or invite you to provide a review of your experiences with our service(s). We also may get in touch with you regarding feedback, inquiries, and complaints you made regarding our offered Services.
  • In the event a project is funded by your employer, to provide your employer with insights regarding the health of its employees. In case you gave explicit consent, we will provide the occupational physician of your employer’s Health and Safety department with an analysis of your measurements. Otherwise only aggregated data (meaning anonymized data) shall be shared;
  • If you voluntarily provide us with any issues (such as side effects) regarding your medication use, you explicitly consent to the fact that we will share this Optional Personal Data with the relevant pharmaceutical company as we are required to do so by law.
  • For scientific and research purposes, we will use and/or share only pseudonymized Personal Data or anonymized data.

Who has access to your data?

  • Your Personal Data will never be sold or made available to other parties. Remember our mantra? You always remain the sole owner of your data.
  • Only a select number of people of the trustworthy FibriCheck team has access to your information.
  • We do make use of external suppliers and service providers, such as web hosting services. These parties are legally obliged to ensure your privacy at all times. They can only process data in accordance with our purposes.
  • We will only share your pseudonymized Personal Data (for scientific and research purposes) or anonymized data.

What do you control?

  • It is your data, so you are in control:
    • Want to modify your Personal Data? You can do so yourself in the FibriCheck App.
    • Want to permanently delete your Personal Data? You can do so yourself in the FibriCheck App (see Article 6 for more information).
    • Want to know what information we collect from you? Almost all of the data is visible in your personal dashboard. Or you can request a copy of all the information we collected about you by sending an email to dpo@fibricheck.com.

How we protect your data?

  • A multitude of safety measures have been put in place on both a technical and organizational level.
  • Your data is stored on a secured server within the European Economic Area (EEA).
  • We implemented internal procedures to ensure the confidentiality of our IT-infrastructure and to make sure it is managed responsibly.

Want to know more? Scroll down to read our Privacy Policy in its entirety.

1. Introduction

Qompium (“FibriCheck”, “we”, “us”) cares about the privacy of our users (“Users”, “you”). We are fully committed to protecting and safeguarding the personal data you share with us (‘’Personal Data’’) when you use the FibriCheck services (‘’FibriCheck Services”, “Service’’ as defined in the Terms of Use). In this Privacy Policy, we explain what kind of data we use and how we use it. If you have any questions, do not hesitate to contact us via the contact details listed at the end of this Policy.

We might amend this Privacy Policy from time to time. If we make changes which are relevant to your consent and underlying information, we will always notify you before you use our Service.

In order to use our Service and our App you must be 18 years or older, as specified in in the Terms of Use.

If you do not agree with our processing of Personal Data as described in this Privacy Policy, you cannot continue to use the Service. If you agree with our Privacy Policy, we hereby welcome you to our Service and you’re set to go.

Below you can find summaries of the information in this Privacy Policy, you can click on the “read more” links in order to find the elaborate version. We hope this makes it easier for you to find the information you are looking for.

1.1 The Personal Data FibriCheck collects

To be able to help you monitor your Heart Health by timely detecting specific cardiac arrhythmias, certain information is necessary for us to be able to provide you with the FibriCheck Services. You can sign up for our service in the FibriCheck application (“the FibriCheck App” or "App") using your email address and adding basic information such as your name, birth date and gender. When you want to use our paid FibriCheck Services, you have to provide our third party payment provider, Stripe, with your payment information. Please note that all payment information will be processed, stored, and secured by our third-party payment provider Stripe. We collect information about the device you use to access our FibriCheck App or our dashboard (the “FibriCheck Dashboard”). The type of information we collect can, for example, include the type of your device, the software you use, location, device language and your IP address. When you perform measurements, we collect your measurement data as well as notification and tags you add to measurements, such as symptoms. In addition to this, we collect the data you provide in the FibriCheck App including other health related information that you insert and the answers to the questionnaire regarding your cardiovascular risk profile. Full details about the use of your data are further described below.

1.2 Why FibriCheck collects your Personal Data

We use your data to assist you in the best possible way. We need certain data in order to provide you with our full Services and assist you with your health journey. We may also use your data for research purposes to improve our FibriCheck Services.). Furthermore, your information may be used for customer service, marketing, communications, and for legal purposes. Please read on for further details.

1.3 FibriCheck and third parties

FibriCheck has third party service providers that help us provide or improve our Service. This includes service providers, payment, business partners or research institutions and advertising partners (‘’Third Parties’’). Read here in more detail how your data is used and exchanged. On no account shall we sell your Personal Data or disclose them in any other manner to Third Parties unless after first having obtained to prior and explicit consent, unless this is necessary for the purposes set out in the present Privacy Policy or unless we are required to do so by law.

Although the majority of the processing of your Personal Data is done within the European Economic Area, for some processing operations however, your Personal Data can be processed by a Third Party outside of the European Economic Area (EER), more specifically to the United States of America (USA). By using the FibriCheck Services and the FibriCheck App, you explicitly agree with the fact that your personal data can be processed outside the EEA, and more in particular to the USA. In accordance with the European Data Protection legislation and its jurisprudence, we have put in place specific measures to ensure a level of protection that is equivalent to the level that exists within the EER.

1.4 Privacy, data security, and data retention

We have implemented various measures and procedures to safeguard your Personal Data, as stipulated by European and Belgian data protection law. We will retain your data as long as we are obliged to under Belgian law relating to health data. You are free to request to have all your data deleted after withdrawing from our Services in compliance with article 7 of the present Privacy Policy. Read more here.

1.5 Personal data of children

The FibriCheck Services can only be used when you have reached the age of eighteen (18) years or when you are older.

1.6 Your rights

At any time you can make a request to review, correct, delete, obtain your data. You are also entitled to withdraw consent for the processing of the Personal Data we hold of you. You can do this by postal mail or email, using the addresses listed below.

When you have concerns about your rights, you also have the right to contact the Belgian Data Protection Authority, or, if you are residing in another country of the EU when using the FibriCheck Services, your national data protection authority. Please read more here.

1.7 Responsible party for the processing

Qompium N.V., located in Hasselt, Belgium, is the owner and operator of the FibriCheck Services and is the controller of the Personal Data processed to be able to offer the FibriCheck Services, including related services. If you have any questions relating to the processing of your Personal Data by us, please contact Qompium’s DPO (Magali Feys – AContrario.Law) by e-mail at dpo@fibricheck.com or by letter sent to Qompium NV, Kempische Steenweg 303/27, 3500 Hasselt (Belgium) to the attention of the DPO.

You can find more information on Qompium, our DPO and CRO (Chief Risk Officer) in Article 10 of this Privacy Policy.

Please find the full explanation on how we process your data below

2. Which Personal Data are collected

2.1 Personal Data collected for the proper functioning of the FibriCheck Services

In order to use the FibriCheck Services and the FibriCheck App you must be 18 years or older.

We collect different types of Personal Data, including sensitive health data, about you and store them on your mobile device and/or on our server. In accordance with one of the corner stones of data protection laws, we will only use the data which is needed for the purposes listed below. Meaning that we will at all times apply the necessary data minimalization principles and techniques on the data in accordance with the use-case specific purpose. The data involved are:

  • Contact details such as your name and e-mail address;
  • Demographic data such as date of birth and gender, allowing for a better analysis of the measurements;
  • Information collected during measurements, such as measurement of your heart rhythm itself, average heart rate, the local time and geographic location of the measurement;
  • Notification and tags you add to your measurements, including information such as symptoms and activities;
  • Additional information you voluntary provide us about your health conditions, your physicians, and other health related information (e.g. medicine usage), the care path you follow;
  • Additional profile data provided by you on your account such as a profile picture;
  • Data that identifies your mobile device (smartphone and/or smartwatch) and your usage. The information we store includes notification access, device-specific settings and characteristics, system activity, location details, accelerometer data and gyroscope data, IP address, language settings, app crashes and other device event information, access dates and times of your usage of the app;
  • Customer support information in helpdesk support inquiries;
  • Payment information such as transaction identifiers and summary information that does not include credit card or bank account numbers (we do not collect or store financial account information). Moreover, if you use the “in-app" payment functionality as set up by your app store provider, FibriCheck does not even collect or process any payment or billing information as “in-app” purchases are technically made through the app store provider. The only information FibriCheck processes in that regard is the fact that you have chosen a subscription model and paid the relevant fees in accordance with the chosen subscription model as well as the status of your subscription (such as status of the subscription, start date, renewal date and expiry date);
  • Web behavior information such as information relating to how the Users use our FibriCheck Services (e.g. browser type, domains, page views) collected through cookies and other automated technology (cfr. Section 8 "Cookies").

2.2 Personal information you provide us regarding the health of others

The FibriCheck Services are exclusively meant for your personal use. If you want to help others, please do so by encouraging them to download their own version of the FibriCheck App. This will help them with their health journey and ensures that any health-related messages will be delivered to the right person.

3. For which purposes do we process Personal Data and what is the legal basis?

3.1 Processing Purpose

We use your data to assist you in the best possible way, your data may be used for the following reasons:

Main processing purpose

Health journey: The main reason why we collect your Personal Data is to supply you with our core service(s): assistance with your heart health through the early detection of specific cardiac arrhythmias (including the revision of your measurements by our health care practitioner / doctor/ physician), which can be the cause of serious events such as strokes.

To be able to make use of the FibriCheck Services, you need to create and manage your account and perform a payment. We will send you alerts and notifications to remember you about your heart health. Furthermore, we may also send you email notifications and/or in-app messages relating to the analysis of your measurements.

Additional processing purposes include

  • Customer Support: Our customer service is here to help you and we use your data to do so. Data is also used to diagnosing technical problems and manage technical support and processing inquiries concerning the FibriCheck Services;
  • Communications: When you use the FibriCheck Services, we may send you questionnaires or invite you to provide a review of your experiences with our service(s). We also may get in touch with you regarding feedback, inquiries, and complaints you made regarding our offered Services;
  • Management and improvement: We use your information to manage the FibriCheck Services and to improve the Fibricheck Services continuously.
  • Marketing: In order to keep you informed, we may send you communications relating to our business, by email or other contact details you provided to us.
  • Protection: Protecting against, identify and prevent fraud and other unlawful activity, claims and other liabilities;
  • Legal: Complying with and enforcing any applicable legal obligations with respect to our Terms of Use and Privacy Policy;

We may share your Personal Data as provided by you or collected by us, with our affiliates, parent companies or other related companies for all purposes necessary to ensure the proper functioning and operation of the User accounts and/or the proper functioning of the FibriCheck Services

3.2 Legal Basis

Contractual necessity: In order to fulfill the contract (i.e. Terms of Use) you enter into with us when you start use the FibriCheck Services, we have to process some essential information, including name, email address, date of birth, gender and method of payment (for example: in-app payment, payment through one of our payment providers), and depending on the payment method, potentially payment information.

Legitimate interests: We are committed to improving and growing our FibriCheck Services. Some of your data can help us to improve and promote our FibriCheck Services, other data we may need for administrative, legal purposes or anti-fraud activities.

Consent: For certain promotional and marketing activities, we may ask additional consent. When you wish to withdraw your consent, please contact us via the contact details at the bottom of this Policy or opt-out through the link attached to commecial mailings.

Explicit consent: Data regarding your health (including health data from applications of Third Parties) is a more sensitive category of data. In order to lawfully process this data for you, we will ask your explicit consent before we can assist you. When you wish to withdraw your consent, please contact us via the contact details at the bottom of this Policy. When you withdraw your consent, we will not be able to provide you with the FibriCheck Services and you should discontinue using the FibriCheck Services.

Furthermore, the law permits us to as yet process Personal Data for the above purposes which, strictly speaking, are not necessary but which are useful with a view to the performance of the User Agreement (" Optional Personal Data"), if you give us your consent to do so. Please note: if you actively supply this information in response to our request, this may be considered as consent. For example: If you voluntarily provide us with additional information regarding your medication use (type of medication, symptoms pertaining to the use of such medication) we are obliged to communicate this Optional Personal Data on to the relevant pharmaceutical company(y)(ies).

It is possible that Qompium will process your Personal Data, without your permission, but on the following grounds:

  • in order to comply with Qompium’s obligations arising from the applicable laws and regulations, for instance when an enforcement authority or other government official, acting pursuant to the law, orders for your Personal Data to be handed over;
  • to lend added weight to, investigate or conduct a possible claim pursued before the courts, e.g. by handover the relevant data to a court of law, a lawyer or a bailiff;
  • to protect vital interests of another person/party. If we require your health data to do so, we shall use the said data only insofar as you are physically or legally incapacitatedto give your consent to this end, except where we are under legal obligation to use your health data.

3.3. Additional secondary processing operations

Alongside the purposes specified in Part 3.1., FibriCheck shall be permitted to also process your Personal Data for specific other purposes, as set out below:

  • to contact you (i) to communicate with you about your participation in and the organization of marketing studies or (ii) to gather testimonials. We have a vested interest in being able to communicate with you in this manner in order to be able to assess the FibriCheck Services and to improve their operation or usage;
  • with a view to the assessment and enhancement of the FibriCheck Services (with the inclusion of the development of additional products and/or services, the improvement of the current services, raising the security, analyzing our FibriCheck Services, quality control and internal business functions such as accounting and auditing). We have a vested interest in being able to assess its our offered services in this manner, with a view to enhancing their operation or usage. Where we also need your health data to do so, we will seek your consent ahead of time;
  • in the event of a project funded by your employer: to relay the analysis of your measurements to the occupational physician of your employer’s Health & Safety department to enable him to follow up on you or to take decisions in respect of the health policy within the employer’s company. To do so, we will seek your explicit consent ahead of time upon the installation of the FibriCheck App on your mobile device or smartwatch. Each processing operation of your measurements by the occupational physician after your data were transmitted to him by us shall be made to take place under the sole processing responsibility of the said occupational physician. For queries regarding the processing of your health measurements by the occupational physician, we will refer you to the said occupational physician. If you do not consent to sharing such health data with your occupational physician, we shall only provide aggregated data (meaning anonymized data that cannot be relinked to you or your identity) to your employer;
  • to share specific health data such as your heart rhythm with applications of Third Parties (e.g. Google Fit and Apple Health). If you connect your FibriCheck account with an application run by a Third Party, you may be asked to share your data with the said application. We do not share your data without your consent;
  • with regard to the date shared via your device,such as location, accelerometer data and gyroscope data: these data are kept on record during the validity period of the subscription period;
  • for direct marketing purposes (information with regard to FibriCheck, her products and/or services). FibriCheck can also transfer some of your Personal Data to her service providers, for direct marketing purposes relating to FibriCheck, her products and/or services. This consent can be revoked at all times (exercising your right to object), for free and without motivation, by clicking the unsubscribe button below every mailing.
  • For scientific and research purposes. In order to support the research on cardiac arrythmias and the corresponding care paths, we may use your data, pseudonymized or anonymized (without us being able to identify you at all) for research purposes. This may include sharing your data with carefully selected third party research institutions. By accepting our Terms of Use and our Privacy Policy and by performing measurements through the FibriCheck App, you agree to the fact that your measurements being processed for the purposes of the provision of the FibriCheck Services and to be used in accordance with Article 89 GDPR and preferably pseudonymized for the purposes of research and testing of the FibriCheck Services. As such, your measurements may be reviewed by our employees or third-party consultants who work for us and who are bound by strict confidentiality. The processing of your Personal Data for scientific and research purposes shall be done based upon legitimate interest. If you no longer wish that FibriCheck uses your Personal Data (including health related data) you can object to this use, we shall only be able to use anonymized data;
  • to commercialise the FibriCheck Services. We will seek your (explicit) consent ahead of time to be allowed to use your Personal Data for this purpose;
  • Communication of the Optional Personal Data to relevant pharmaceutical companies: if you voluntarily provide us with additional information regarding your medication use (type of medication, symptoms pertaining to the use of such medication), you acknowledge the fact and thus (explicitly) consent to the fact that we are obliged to communicate this Optional Personal Data on to the relevant pharmaceutical company(y)(ies);
  • to perform data analyses after your Personal Data have been anonymized and aggregated and to use and share the data resulting from these analyses with Third Parties for commercialization or marketing purposes. By law, Qompium is permitted to anonymize your Personal Data and freely use these anonymized data;
  • with regard to data gathered via cookies and other automated technology
    • to enhance your experience of and with the FibriCheck Services, to raise the security, to measure the usage and efficacy of the FibriCheck Services, to identify and resolve problems;
    • and for marketing purposes and for other aspects of the commercialization of our business.

4. Who has access to your Personal Data

4.1. The processing of your Personal Data within the FibriCheck Services in compliance with the present Privacy Policy is made to occur under the supervision of a qualified health care practitioner. In addition, inside Qompium other persons too have access to your Personal Data, insofar as necessary to deliver the FibriCheck Services. At your request, Qompium can provide you with a list of the people within Qompium who have access to your Personal Data.

4.2. Moreover, we shall be permitted to share specific Personal Data received with Third Parties such as suppliers and service providers, whose services or products we call on to distribute our FibriCheck Services:

Entity (including subsidiaries) Explanation
AWS (Amazon) Cloud provider (hosting of data)
MongoDB Database as a service provider whose services run on top of AWS
Crashlytics Crashlytics collects data on the use of the FibriCheck App, especially with regard to system crashes and errors. In doing so, information concerning the device (incl. advertising ID), the installed app version as well as other information is used, which may help us to remedy errors, particularly regarding the user’s hardware and software.
Branch.io Allows for deeplinking into our FibriCheck App to assure a seamless user experience
Firebase Educational, analytic and marketing purposes by sending you push messages
Zendesk Our main customer support tool for handling customer requests.
Active Campaign Email communication tool both informative, educational and marketing messages. To send out these emails, we need to share basic contact information. To be able to send personalized emails, we need to share events.
Survey Monkey / Typeform Occasionally used for sending out surveys to receive feedback and improve our service. To send out these surveys, we need to share basic information such as name and email address.
Stripe Payment processor for paid usage of FibriCheck
Apple or Google If you have used the “in-app” payment method provided by the app store provider, no payment or billing information is being processed by FibriCheck. As such no retention periods can be applicable.

For the operation of the FibriCheck Services, as described in the Terms of Use, we might equally disclose your Personal Data to your Physician or in the event of a project or premium individual usage, to the Expert Review Team by providing access to your measurements with the FibriCheck App and your personal profile.

FibriCheck will pass the e-mail addresses of a limited group of paid users to Facebook. Prior to analysis, the data will be hashed (‘Hashed Data’), meaning the e-mail addresses have been made illegible and converted to a fixed size string of text using a mathematical function. Based on the Hashed Data, Facebook shall perform a look-alike analysis to construct a custom audience. Facebook will not share the Hashed Data with third parties and after completing the look-alike analysis, Facebook will immediately and irrevocably delete the Hashed Data.

In compliance with the provisions set out under Parts 2 and 3 of the present Privacy Policy, we shall equally transmit specific Personal Data to other Third Parties, other than our suppliers or contractors. In no circumstances shall we sell your Personal Data or disclose them in any other manner to Third Parties unless after first having obtained your prior and explicit consent, unless this is necessary for the purposes set out in the present Privacy Policy or unless we are required to do so by law. FibriCheck guarantees a similar level of protection by making contractual obligations opposable to these appointees, who are similar to this privacy policy and guarantee that the medical confidentiality rules regarding your health data are respected at all times. In the event of total or partial reorganization or transfer of FibriCheck's activities whereby FibriCheck reorganizes, transfers, transfers or in the event of FibriCheck being declared bankrupt, your Personal Data may be transferred to new entities or third parties. FibriCheck will inform you in advance of the fact that FibriCheck transfers your Personal Data to a third party;

4.3. In the event of a full or partial merger, or the takeover of Qompium in full or in part, we shall be permitted to relay your Personal Data to a Third Party. In that case, Qompium shall require the said Third Party to use al land any Personal Data only in strict compliance with the present Privacy Policy.

4.4. The technical processing and the transfer of our service, with the inclusion of your Personal Data may (i) entail transfers via multiple networks; and (ii) involve changes in order for us to adapt to and align ourselves with technical requirements of networks or devices which we connect to.

5. Security

5.1. We shall take appropriate administrative, technical and organizational measures against unauthorized or unlawful processing of any Personal Data or its accidental loss, destruction or damage, access, disclosure or use. Upon written request, we can provide you with a list of people of us that may have access to your Personal Data. These people have entered into confidentiality agreements prior to having been granted access to your Personal Data.

We shall equally ensure a safe, user-controlled environment for the services to be used. We shall keep your Personal Data safe on our Servers which are situated inside the European Economic Area (AWS – Frankfurt – Germany).

Although the majority of the processing of your Personal Data is done within the European Economic Area, for some processing operations however, your Personal Data can be processed by a Third Party outside of the European Economic Area (EER), more specifically in the United States of America (USA). By using the FibriCheck Services and the FibriCheck App you, you explicitly agree with the fact that your personal data can be processed outside the EEA, and more in particular to the USA. In accordance with the European Data Protection legislation and its jurisprudence, we have put in place specific measures to ensure a level of protection that is equivalent to the level that exists within the EER. In our contracts with our US Suppliers, we have included the relevant clauses as approved by the European Commission to create an equivalent level of protection and we have taken appropriate additional safeguards in line with the Schrems II decision.

In the event the security of your Personal Data should be breached, in specific cases we are required by law to notify the Users concerned, if the breach could have an impact on their privacy.

5.2. You too are responsible to uphold your privacy and security, for instance by not authorizing Third Parties to use your individual account on the FibriCheck App or on the FibriCheck Dashboard. We request that all Users assume their responsibility in protecting all login data and to immediately notify us of any unauthorized use of your individual Account.

5.3. As stated, we may call on the services of specific Third Party service providers (as outlined under Part 4). In any event, such Third Party service providers are under obligation to treat your Personal Data in compliance with the present Privacy Policy.

We do not authorize the said Third Party service providers to disclose or use your Personal Data, unless this is strictly necessary to provide specific services under our supervision or in order to be compliant with applicable laws and regulations. We endeavor to solely provide such Third Party service providers with the Personal Data the required to serve their specific role.

However we decline all and any liability for any loss or damage, whether direct or indirect, which might arise from the misuse of your Personal Data by such Third Party service providers.

5.4. As stated, Qompium may also relay your Personal Data to specific Third Parties (as detailed in Part 4), including your Physician. After your Personal Data were transmitted, the receiving Third Party is responsible to put in place the relevant administrative, technical and organizational measures against the unauthorized and unlawful processing of Personal Data or against the unintentional loss, accidental destruction or damage, access to or disclosure of the involuntary use thereof.

If specific content or services of Third Parties may be made available to you via the FibriCheck Services, please bear in mind that such linked content or services may come with their own Privacy Policy, for which we cannot be held liable. We are no way checking or supporting the privacy practices of such Third Parties.

6. Your Rights concerning your personal data

To exercise your aforesaid rights or to ask any other questions you may have in respect of this Privacy Policy, please contact our DPO (Magali Feys – AContrario.Law) by e-mail at dpo@fibricheck.com or by letter sent to Privacy, Qompium NV, Kempische Steenweg 303 Bus 27, B-3500 Hasselt, for the attention of the DPO.

Please include a copy of your identity card or other proof of your identity with your request. We will undertake the necessary action without undue delay and communicate to you on the action put in place (or the absence of any such action) within 30 days.

  • General right of notification and information: if you would have any questions with regard to the processing or your Personal Data, you can send these questions to our DPO. Another example of a situation where you want to notify our DPO is in the case you have become aware of the fact that a person younger than 18 years old is using the FibriCheck Services and/or the FibriCheck App.

  • Right of access: If you are concerned or have any questions about your Personal Data, you have the right to request access to the Personal Data which we hold or process about you. We will then provide you with information about the data that are being processed and on the source of those data.

  • Right of rectification and right of erasure: you have the right to request not to be subjected to decision-making that is based on automated processing of your Personal Data, including profiling, without human intervention, if such decision-making could have legal implications for you or which could have a significant effect on you in a similar manner.

    Please note that you can change your account information in the FibriCheck App or FibriCheck Dashboard at any time on the "settings" pages.

    To have your data deleted, simply go to the “Settings” tab in the FibriCheck app. Please be aware that deletion is final and irreversible.

  • Right to transferability: you may also request us at all times to directly transfer the Personal Data about you which are processed by way of automated processes pursuant to your consent or in performance of the User Agreement, in machine-readable form to a different data processing controller (e.g. a physician). However, this only applies to Personal Data supplied by you or which we obtained through observation (e.g. via the sensor of your mobile device), not to data we have developed in-house (e.g. analyses by Qompium of the Personal Data obtained).

  • Right not to be subject to individual decision-making: you have the right to request not to be subjected to decision-making that is based on automated processing of your Personal Data, including profiling, without human intervention, if such decision-making could have legal implications for you or which could have a significant effect on you in a similar manner.

    In theory, we shall perform profiling by establishing a health profile. However, no fully automated individual decisions are arrived at on the basis thereof. If you have any questions relating to specific automated processing operations by us, please feel free to contact us for more details at any time.

  • Right to withdraw your consent: you are free to withdraw your consent for the processing of your Personal Data by us when the legal basis for processing your Personal Data is based on (explicit) consent (as detailed in Part 3) at any time by definitively removing the FibriCheck App and/or by notifying us in writing for which processing activity/activities you wish to withdraw your consent (by sending an e-mail to dpo@fibricheck.com (as set forth above). In response, FibriCheck shall immediately cease all processing of your Personal Data for purposes for which you have withdrawn your consent. However, the withdrawal shall have no impact on the validity of the processing operations which Qompium previously performed with your Personal Data

  • Right to object against specific processing operations without your consent: for some processing operations, we do not require your express consent. This relates to processing operations on the grounds of our vested interests (e.g. contacting you to invite you to take part in a marketing study). Nonetheless, you may request us in specific cases, and at all times in the event of direct marketing, to cease using your Personal Data for these purposes.

  • Right to erasure: furthermore, you are within your rights to request for your Personal Data held by us to be erased if:

    • you withdraw your consent and no further legal grounds exist for us to be permitted to process your Personal Data; or
    • you are of the opinion that your Personal Data do not fully serve or they are irrelevant with a view to the purpose of the processing of the Personal Data; or
    • the said Personal Data are kept on record for longer than permitted; or
    • your Personal Data are processed in a general unlawful sense.

    You can exercise your right to be forgotten yourself and delete your Personal Data at any time in the settings of the FibriCheck App. You will be requested to confirm that you truly want to delete all your Personal Data and we might need to verify whether there are any outstanding obligations towards FibriCheck. Please note that all your Personal Data will be deleted and you will automatically be logged-out from the FibriCheck App.

    Personal Data that might potentially be present in previous back-ups will be deleted permanently when back-ups are overwritten.

  • Right to restricted processing: if you are of the opinion that the Personal Data about you as processed by Qompium are:

    • inaccurate; or
    • are being processed unlawful; or
    • are no longer relevant with a view to the purpose of the processing.

    However, if the patient does not wish for these Personal Data to be erased by us, you can also ask us to process these Personal Data on a restricted basis for the time being. This means we still keep your Personal Data on record, but other than that, we shall only process your Personal Data subject to your consent or as part of a claim pursued before the courts or if the processing is necessary to protect the rights or other parties or for imperative reasons of public interest;

  • Right to complain: you have the right to submit a complaint with a supervisory authority (for Belgium: the Data Protection Authority, or if you are residing in another country of the EU when using the FibriCheck Services, your national data protection authority, see the list here) if you believe that your Personal Data are not being processed by FibriCheck in compliance with the applicable privacy laws and regulations. In that case, we would kindly ask you to contact us first to enable us to try and rectify the problem.

    Belgian Data Protection Authority

    Drukpersstraat 35, 1000 Brussels,

    Tel +32 (0)2 274 48 00, Fax +32 (0)2 274 48 35

    e-mail: contact@apd-gba.be

7. Data retention and deletion

We may retain information regarding you and your use of the Services, including Personal Data, for as long as reasonably needed to provide you with the Services and the uses described in this Privacy Policy. That said, you can have your data deleted by just going to the “Settings” tab in the FibriCheck App (see Article 6).

Category of Personal Data Type of Personal Data Retention Period
Category 1 Your user details, contact information and identification data ● During the contractual relationship and for the subsequent 2 years
● 30 years after non-use of the application by users using the application for a medical treatment, unless the user exercises its right to be forgotten
● With regard to the statute of limitation and unless specifically otherwise agreed in a relevant data processing agreement with the controller (in the event FibriCheck acts as a processor), we shall keep your Personal Data in a GDPR-compliant pseudonymized manner for the relevant doctor and/or physician to have access.
Category 2 Your demographic information ● During the contractual relationship and for the subsequent 2 years
● 30 years after non-use of the application by users using the application for a medical treatment, unless the user exercises its right to be forgotten
● With regard to the statute of limitation and unless specifically otherwise agreed in a relevant data processing agreement with the controller (in the event FibriCheck acts as a processor), we shall keep your Personal Data in a GDPR-compliant pseudonymized manner for the relevant doctor and/or physician to have access.
Category 3 Your health data or health related data ● During the contractual relationship and for the subsequent 2 years, if you use the FibriCheck App outside a medical treatment, unless you exercise its right to be forgotten.
● 30 years after non-use of the application by users using the application for a medical treatment, unless the user exercises its right to be forgotten
● With regard to the statute of limitation and unless specifically otherwise agreed in a relevant data processing agreement with the controller (in the event FibriCheck acts as a processor), we shall keep your Personal Data in a GDPR-compliant pseudonymized manner for the relevant doctor and/or physician to have access.
Category 4 Your payment information During the contractual relationship and for the subsequent 7 years due to tax regulations. As mentioned above, if you have chosen in-app payment or your operating system only supports in-app payment, FibriCheck does not process any payment information.
Category 5 Information regarding your device During the contractual relationship and for the subsequent 2 years.
Category 6 Your usage of our Services During the contractual relationship and for the subsequent 2 years.

Please note that we retain your Personal Data even if you temporarily stop using the FibriCheck Services until you permanently delete your Personal Data as explained in 6. Upon notification, we may retain and continue to use and disclosure your Personal Data to Third Parties exclusively on a fully anonymized basis.

8. Cookies

Cookies are tiny text files that are automatically stored in your browser via mobile application identificators.

You can administer cookies yourself through your browser settings and other tools. Your device can give you control over the use of cookies or other technologies when you are using the FibriCheck Services. For instance, you can set your device or browser in such a way that the use of cookies or similar technologies is made undone, deleted, reset or blocked. In that case however, it may be that the FibriCheck Services do not work entirely as they should without cookies or that you are unable to use all the functionalities.

Some Third Parties, such as Google Analytics, may use cookies to gather information about your activities on/involving our FibriCheck Services with a view to gaining a better understanding of the performance of our FibriCheck Services and to continue to improve them. Please consult the website of the Third Party concerned for further information on their use of cookies. If the said website allows such cookies or when you gain access to other websites of the FibriCheck Services by using the links, the operators of these other websites use cookies in compliance with their own cookie policy, which may differ from ours.

9. Updates or changes to our Privacy Policy

Occasionally, we may change or update this Privacy Policy to allow us to use or share your previously collected Personal Data for other purposes. If Qompium would use your Personal Data in a manner materially different from that stated at the time of the collection, we will notifying you indicating that the Privacy Policy has been changed or updated and request you to agree with the updated or amended Privacy Policy.

10. Controller

More contact information with regard to Qompium acting as the Controller, our DPO and our CRO, you can find here.

Controller:
Qompium NV
Kempische Steenweg 303/27
3500 Hasselt
Belgium
www.fibricheck.com

DPO - Data Protection Officer:
Magali Feys – Attorney at Law
AContrario.Law
Ter Poelen 2
9080 Lochristi
E: dpo@fibricheck.com

CRO - Chief Risk Officer
Jo van der Auwera
Kempische Steenweg 303/27
3500 Hasselt
Belgium
E: jo.vanderauwera@fibricheck.com