1.3 “Services”,as used herein, are defined as the administrative, technical, and physical functionality related to our home exercise web application Rokoko CARE. A “Health Professional”, as used herein, is defined as an organization, entity or person that provides health care services to an END-USER and who can allocate training exercises and programs as well as access Personal Data of the END-USERS that have expressly given their consent thereto, including monitoring and logging exercises and receiving Patient-Reported Outcome Measure (“PROM”) data. An “END-USER”, as used herein, is defined asthe actual ultimate user of the Services as a private person, or the individual, private person being processed in the System. An END-USER is never a Health Professional. A “Customer”, as used herein, shall mean such organization, entity or person using the Services as a Health Professional or END-USER. When a Health Professional provides END-USER access to the System, both the Health Professional and END-USER are Customers. When an END-USER uses the System without the involvement of a Health Professional, such END-USER is the (only) Customer.
2. WHAT DATA WE COLLECT
2.1 We collect/process several types of information from and about users of our Website and/or Services, including (i) “Personal Data,” which the EU General Data Protection Regulation 2016/1679 (GDPR) defines as any information relating to an identified or identifiable data subject; (ii) information or data that is about you, but in a form that does not, on its own, permit direct association with you (e.g., sex, age, language preference, occupation, or the like); and (iii) information or data about your interaction with (or use of) Our Website or Services, which may include your Internet connection, the equipment you use to access our Website or Services, and details relating to your use of our Website or Services.
Some data will be collected automatically by our Website or our Services, other data will only be collected if you voluntarily submit it, for example, when signing up for an account.
Depending upon your use of our Website and our Services, we may collect some or all the following data: Name Date of birth Age Gender Weight, height, or other body characteristics Business/company name Contact information such as e-mail addresses and telephone numbers Company identification number Demographic information such as post code, preferences and interests Activity information collected from, but not limited to, wearable sensors or through a video processing applicationExercise/training frequency, duration, etc.Training/exercise compliance dataPatient-Reported Outcome Measure (“PROM”) dataInternet Protocol (IP) addresses Device or mobile IDs and/or device model and type Browser information, operating system information, and/or language preferences The location and the preceding and succeeding websites you have visited, including which pages/part/icons on the Website you interacted with Applications you click on and how often The pages of Our Website you visit, and how long you spend on each page
2.3 As an END-USER you can obtain and reuse your Personal Data for your own purposes across different accounts.
2.4 To use the Services, you need to create an account. When an account is created, we will collect certain information that can be used to identify you as a Customer. We will only use such information for the purposes of providing the Services.
2.5 You agree that we may collect, use, and save statistical, technical, and other non-identifying information gathered by your use of the Services, and that we may use this information to improve our Services or to provide customized services or technologies to you or our partners. We will not disclose this information to any third party in a form that personally identifies you as an individual.
3. HOW WE USE YOUR DATA
3.1 We use your data to provide the best possible Services to you. This includes:Providing and managing your accountProviding and managing your access to our Website and ServicesPersonalising and tailoring your experience on our Website and ServicesSupplying our Services to youPersonalising and tailoring our Services to youResponding to communications from youSupplying you with e-mails that you have subscribed to Market researchAnalysing your use of our Website and Services to enable us to continually improve our Website and our Services and your user experience.
4. HOW WE COLLECT YOUR DATA Information you provide to us directly: We collect/process information received directly from you when you provide it to us, as well as data that is generated through performance of exercises or by other use of our Services, which may include information you provide to us: (i) through e-mail, messages, chat rooms, surveys, blogs, or our Website or Services; (ii) offline when you contact us in writing or by telephone, including when you contact customer support; (iii) at the time of registering and/or subscribing to use our Website or Services; or (iv) when you report a problem with our Website or Services, including when you contact our technical support.
4.1.1 Different forms on Our Website (e.g. registration form) may also collect your name, e-mail, phone number, company name (if applicable), country, area, zip code, address, password or other data to help you with your experience. Provision of such contact information is voluntary, unless the relevant forms specify that this data is necessary for use of Our Website and/or the Services.
4.1.2 When using our Services, you may be required to provide billing information. This information is required by us to verify your identity, and invoice you (if applicable).
4.1.3 Please keep in mind that if you directly disclose Personal Data, or Personal Data is generated, through the System, such data may be collected and read by your Health Professional or other persons to whom you have given your consent to receive your Personal Data.
4.2Information we collect automatically: We collect some information about you automatically when you visit our Website or use our Services, like your IP address and web browser type and version. We also collect information when you navigate through our Website and Services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our Website and Services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).
The technologies we use for automatic data collection may include cookies.The following cookies are automatically downloaded on any device used to access our Website and Services:Type of cookiesService namePurpose [insert][insert][insert]
4.3 Information we collect through Health Professionals: We collaborate with Health Professionals who use our Services for the provision of online or virtual training/physiotherapy treatment to END-USERS. We process data received from Health Professionals through the use of our Services, which may include the names, contact information, photos and health status information associated with our END-USERS.
Where we collect Personal Data, we will only process it: - to perform a contract with you, or where we have legitimate interests to process the Personal Data and they’re not overridden by your rights, or - in accordance with a legal obligation, or where we have your consent
4.5 If we don’t collect your Personal Data, we may be unable to provide you with all our Services, and some functions and features on our Website may not be available to you.
5. HOW WE SHARE YOUR DATA There will be times when we need to share your Personal Data with third parties. We will only disclose your Personal Data to:
- other companies in our group of companies - third party service providers and partners who assist and enable us to use the Personal Data to, for example, support delivery of or provide functionality on the Website or Services, or to market or promote our services to you
regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
an actual or potential buyer (and its agents, banks and advisors) in connection with an actual or proposed purchase, investment, merger or acquisition of any part of our business
other people where we have your consent.We may compile statistics about the use of our Website and Services including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers.
6. INTERNATIONAL DATA TRANSFERS
6. 1 Your Personal Data may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard that in the EEA. Where we disclose Personal Data to a third party in another country, we put safeguards in place to ensure your Personal Data remains protected.
7. PROTECTION MEASURES
7.1 Security is enforced by a strict security policy and does not permit entities to be accessed or manipulated across organizations. Within the organization, security is role based and users can be given administrative roles on a unit/department level.
7.2 The System is always accessed over SSL, safeguarding the information being exchanged between the client and the server. We only store a hash of the user’s password, and when authenticating through our regular interface, salt, hashing, and a short-lived challenge is used to ensure that message replay cannot be used to illegitimately gain access.
7.3 External services are required to use the SSL enabled endpoints to ensure transport security. The system provides integrity by ensuring that users are not able to insert or edit entities they are not authorized for. Actions are logged.
7.4 Safety measures and procedures against external attacks are put in place.
RETENTION OF PERSONAL DATA We retain Personal Information that you provide us, as long as we consider it necessary. We will be contacting you about the Services from time to time, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request. If you provide information to Health Professionals as part of their use of the Services, such Health Professionals decide how long to retain the Personal Data they collect from you, and they should be contacted for requests on deletion. If you terminate your use of the Services, then we will provide you with access to all information stored for you by the Services. After termination, we may, unless legally prohibited, delete all your information, including your Personal Data, from the Services.
YOUR RIGHTS You have rights to:know what Personal Data we hold about you, and to make sure it’s correct and up to daterequest a copy of your Personal Data, or ask us to restrict processing your Personal Data or delete itobject to our continued processing of your Personal Datarequest from us rectification or erasure of Personal Data the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawalthe right to lodge a complaint with a supervisory authority.Asking us to stop processing your Personal Data or Personal Information or deleting your Personal Data will likely mean that you will no longer be able to use our Services, or at least those aspects of the Services that require the processing of the types of Personal Data you have asked us to delete. Where you request us to rectify or erase your Personal Data or restrict any processing of such Personal Data, we may notify third parties to whom such data/information has been disclosed of such request. Such third party may have the right to retain and continue to process such Personal Data in its own rights.While we will not sell your Personal Data (or any other data you provide us) to third parties, we reserve the right to share any data that has been anonymized. You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymized data collected or created by us.