(Last updated 20th May 2020)
Bit Genoma Digital Solutions SL (Bit Genoma hereinafter), with identification number ESB67166132 and placed at C/Prim 26, 08911 Badalona, Barcelona (Spain) is the responsible for data processing. Bit Genoma acts in representation of Interactive Clinics (we, us, our company hereinafter). Interactive Clinics is born from the association of Bit Genoma Digital Solutions SL, Fundació Universitària del Bages (The University of Manresa) and the University of Newcastle of Australia.
At Interactive Clinics, we believe that technology and data present a groundbreaking opportunity to empower people to take control of their health.
We also acknowledge that using any service embedded in the digital economy will increase your data footprint. At Interactive Clinics, we fully accept the great responsibility that comes with safeguarding your sensitive data, such as information about your health care. We are committed to achieving the highest standards of privacy and security.
We see it as our job to be so clear and transparent that you can truly understand what we do with your data, even though the digital ecosystem of an app is complex, and we interact with it when we rely on a number of other service providers as summarized below.
How and why we process your personal data at Interactive Clinics:
i. As regular user, we will not collect any Protected Health Information (PIH) from you. All the data will be stored on your device for your personal and individual use. It will not be communicated to our servers and we will not have access to this data in any way. The only two exceptions to this are:
- when you introduce a code in the Linked Modules section on the app to share your data with one of Covered Entities with which we have Business Associate agreements; in that case you will get the condition of a “User that participates in a project” and different conditions than this may apply and may need to be consented right before
- to construct the infection spread map (see point iii. below).
In both cases we will advise you that you are about to share your data and which data are you going to share. We will always ask disclosure explicit consent before your data can start to be shared. By accepting these conditions, you do not authorize us to collect or treat any PHI outside this app and we will not do so.
To be clear, this app, under these conditions and as regular user, is like a personal diary. No one other than you will have access to the health information introduced in the app. In that sense, the only way to see your health information is on your device screen.
ii. To provide our services, understand your needs and communicate with you, we collect certain data that allows us to analyze how you interact with our app, detect bugs and fix them. We do use third-party tools to help us with this. But we are careful to only let them process usage data and minimal personal data on Interactive Clinics’ behalf, not data relating to your health, PHI or other personal data. To be clear, these third-party services are not permitted to use the data for any other purpose than to help us run Interactive Clinics. But if you wish to restrict data processing to only the absolute minimum we need in order to provide Interactive Clinics to you (for example, we could then no longer analyze your usage data along with other users’ data, which helps us understand how you interact with the app so that we can improve it), you can email firstname.lastname@example.org.
iii. To deliver an infection spread map, part of the service we provide is processing the health data that you choose to enter in the Interactive Clinics app. Because this data is so sensitive, we do not share it even with our internal third-party service providers. You will benefit of this map at the corresponding Map section inside the app. We will ask your permission to collect this data before collecting it.
iv. To effectively reach new Interactive Clinics users online, we do share a minimal amount of data about our users with advertising networks (but we never share the PHI or other health data you track in the app). The reason is so that you do not see Interactive Clinics ads if you’ve already downloaded or subscribe to Interactive Clinics, and so that we can suggest Interactive Clinics to people who are likely to be interested in it. If you are not comfortable with any data being shared for ad customization, then you can email email@example.com.
To be clear: we are very careful to give extra protection to your sensitive health data. We do not share any of the data you track with advertisers or other third parties for their use, nor do we allow others to advertise their products in our app. This is not our business model. For our principles and promises about how we make money, please see our website.
2. How and why we process your personal data at Interactive Clinics
Data processing is at the center of everything we do at Interactive Clinics, and whenever you use our services —e.g. when you use the Interactive Clinics app or when you go on our website— some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.
Here are the purposes for which we process data and the type of data that is processed to fulfill each purpose:
2.1 To provide our services, understand your needs and communicate with you
When you use the Interactive Clinics app or when you go on our website, Interactive Clinics collects, stores, and uses some personal and non-personal data about how you interact with our services, such as Device Data, Event and usage data and IP-address, and transmits it to some third-party services who process data on Interactive Clinics’ behalf.
The main reason why we collect this data and use third-party tools is to provide our service to you, which may include sending occasional informational and promotional messages as well as reminders to your smartphone via in-app messages and push notifications. We are thoughtful about what we communicate and how often. You always remain in full control of your communication preferences with Interactive Clinics. You can change the settings in the app or on your device at any time.
The other reason why we process this data is to help us understand your needs and your use of our products, to analyze bugs and fix issues, and to bring you more useful features. In a nutshell, we process this data to provide you with the best and most reliable experience of our services.
Here are the types of data we collect:
Device data This data informs us about the device you use to access our services. We exclusively collect the device model and manufacturer, operative system name and version, the language settings, application version, screen resolution, a randomly generated identifier. None of these data allow you to be personally identified in any way. On our website, we collect information about your browser and browser settings, the operating system you use and the system settings of your browser. This information helps us to fix bugs, tailor our services to our users’ devices and improve our services
Event and usage data When you use the app or when you go to our website, our servers (located in Europe) process data in order to understand your usage of our services—for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as a whole, and to communicate with you about relevant and timely information and promotional content.
IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes, and for regulatory compliance in different countries. To be clear, we do not collect your precise location.
Crash information This data allows us to fix issues related to the operation of the application when they are produced. We collect the error name, description and the position in the source code where the error has been originated. We do not collect any context information that could contain personal data.
This data is necessary for Interactive Clinics to deliver the services you use. The amount we collect is minimized wherever possible to respect your privacy.
Legal basis The legal basis for processing the above data is Art 6 section 1(b) of the European General Data Protection Regulation (GDPR). Interactive Clinics may use this data for the purpose of improving the Interactive Clinics app, the services we provide to you, and to prevent abusive use of our service. In accordance with Art 6, section 1(f) GDPR, we consider that we have a legitimate interest to offer an error-free and functional service.
2.2 To deliver our service of personalized insights as your trusted health companion
Here are the types of data we collect and store when you create an account:
Personal data used for account creation We need some of your personal data, such as a username and email address, age and sex in order to create your Interactive Clinics account.
Health and sensitive data We store data you introduce in the modules of the app: pain level, physical activity, medication adherence, infectious diseases symptoms or hydration level. Also, you can upload your glucose level data in our web application through a csv formatted file. We are constantly developing new features that allows you to collect more data in different ways.
Interactive Clinics app is prepared to connect with some Bluetooth devices. These devices will let you collect some information in automated way:
At present, the devices provided by LifeVit are the only ones that are compatible with Interactive Clinics app. Although we are day by day working to give the best support, we are not currently supporting Bluetooth devices from any other manufacturers.
To read the data from the devices, we use the software libraries offered by these manufacturers in the way they indicated. They are publicly available at:
As we do not manufacture these devices nor the connectivity software, we cannot guarantee the reliability of the information collected in this way. We always recommend to make sure that the information read on the device matches the one read in the Interactive Clinics app. We are not responsible for the damages produced in these devices derived from the connection with Interactive Clinics app.
Although there may be a commercial relationship with the manufacturers of the devices that allows us to offer the devices under advantageous conditions, there is no partner relationship with any of them, nor is there a conflict of interest. Our purpose is always to offer a better service to our users.
Your Bluetooth device could be managed by trying to connect it with Interactive Clinics app if it is done in an inappropriate way. Please read the instructions for use of each Bluetooth device carefully before pairing it with your smartphone.
Interactive Clinics is not a diagnostic tool and we do not emit any kind of diagnostic or recommendations based on the data you introduced or collected using our app. We do our best to offer services that can help you to track your health information and to remember your medication time. But to be clear, there are many factors that are out of our control: the level of battery of your device, the level of memory of your device, who else has access to your device, just to mention some of them. In that sense, we are not responsible for the actions taken based on the data read in the application.
See section 5.1 below with regard to the special data security measures we take to ensure your sensitive health data is protected.
2.3 Communicate with your health professional or personal trainer
Interactive Clinics is a tool that can help to communicate with your personal trainer or health professionals, such as physiotherapists, osteopaths, masseurs among others. In order to share your health data with them, they will be asked to create an account for you in our system and they will provide a 6-digit code to start sharing your health data with them.
If you are a participant in a health project using Interactive Clinics as a tool to collect information to follow up your health information, then Interactive Clinics will share your personal information with the facility only under the terms of your consent as given to that facility. When you use Interactive Clinics as part of a health project, we will otherwise treat your personal data with the same care as we do all user data. The facility will be solely responsible for the usage of your personal data, including health data, in the context of their daily work. We consider that Interactive Clinics and our partnered facilities have joint responsibility (“joint controllership”) in this case.
Legal basis The legal basis for the usage of your personal data is Art 9.2.a GDPR. Once again, you can withdraw your consent to the use of your data for scientific purposes at any time by emailing firstname.lastname@example.org. If you do this, your data will be deleted from our servers and the health professional will no longer have access to your data.
2.4 Scientific research
The vision of our founders, Bit Genoma Digital Solutions SL, Universitat de Manresa and The University of Newcastle of Australia, is to provide health professionals and researchers with a best in class tool so they can focus on where they can add value. In concrete, Interactive Clinics is on a mission to build an infection spread map for infectious diseases. We believe that it can help epidemiologists and people around the world to analyze how infectious diseases spread across regions and to take preventive measures. We do it by sharing user data, carefully de-identified to protect your privacy, for the purposes of scientific and medical research about infectious diseases. De-identification means that Interactive Clinics we will not collect any information that could identify you as an individual, such as your username or email address.
Since its inception, Interactive Clinics has successfully collaborated with academic researchers. You can read about our past and ongoing research collaborations here.
We want to make it very clear that we personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been de-identified following a strict protocol that involves the removal or hashing of any information that could be used to identify any specific user.
Finally, because we believe that research should benefit everyone, Interactive Clinics strives to publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.
Legal basis The legal basis for the usage of your personal data for scientific research purposes is with your consent in accordance with Art 9 GDPR. Once again, you can withdraw your consent to the use of your data for scientific purposes at any time by emailing email@example.com. If you do this, your data won’t be included in any future research partnerships.
If you are a participant in a scientific study that is run by a research facility using Interactive Clinics as a tool to collect information for that study, then Interactive Clinics will share your personal information with the research facility only under the terms of your consent as given to that research facility. When you use Interactive Clinics as part of a scientific study, we will otherwise treat your personal data with the same care as we do all user data. The research facility will be solely responsible for the usage of your personal data, including health data, in the context of their scientific study. We consider that Interactive Clinics and our partnered research facilities have joint responsibility (“joint controllership”) in this case.
3. Your consent for processing health and sensitive data
The only way to create an account in Interactive Clinics is through a personal trainer, allied health professional or research facility that has been previously registered in our system. In order to start sharing your data with these entities you will have to agree an explicit disclosure consent. You will also have access to all the documentation provided by this third-party to Interactive Clinics. We sign Business Associate Agreements with these entities that identifies the entity as the solely responsible for the usage of your personal and health data. When your account is created in Interactive Clinics website, sensitive data and data related to your health stored on your device can be also stored and processed on Interactive Clinics servers. This can be achieved by introducing a 6-digit project code on the app. By allowing to create an account with Interactive Clinics you explicitly consent that:
i. Interactive Clinics may store and process personal data you provide through the usage of the Interactive Clinics app and through the account creation process solely for the purpose of providing Interactive Clinics services to you and to improve Interactive Clinics’ service features. Such Interactive Clinics services may include sending you information and reminders through the Interactive Clinics app, e.g. via push notification or to the email address you provided to Interactive Clinics.
ii. Such personal data you provide to Interactive Clinics through the account creation process for the purpose of providing Interactive Clinics’ service includes your health data which may include your pain level, medications you take, your physical activity, body temperature, infectious diseases follow up parameters, hydration level and the ones that can be provided in future app versions.
iii. Interactive Clinics will not transmit any of your personal data to other third parties, except if it is required to provide the Interactive Clinics service to you (e.g. technical service providers), unless Interactive Clinics has asked for your explicit consent.
iv. Interactive Clinics may use the de-identified estimation of the probability of infection to create spread maps. Interactive Clinics’ collaborators are individually selected through an internal vetting process. This de-identified data does not contain any information that would allow the research partner to identify you as an individual.
4. Your rights
We believe that privacy—including data privacy—is a basic human right. At Interactive Clinics we strive to ensure that your rights are respected.
Here are some key facts about your privacy that we would like you to know:
i. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.
ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at firstname.lastname@example.org if you have any questions about the security of our services.
iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.
iv. Interactive Clinics does not engage in any automated decision-making or profiling activities.
As a user of Interactive Clinics’ services and website, you may exercise your user rights to:
i. Request information on your personal data processed by Interactive Clinics. Upon your request, this information will be provided to you electronically. You can contact us to request your information at email@example.com.
ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organizations (data portability).
iii. Correct your personal information and health data.
iv. Withdraw your consent from ongoing data processing at any time by deleting your account and deleting the app on your device.
v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to firstname.lastname@example.org. Your data will be deleted within 30 days.
vi. Lodge a complaint with the relevant supervising authority if you believe Interactive Clinics is processing your personal data in violation of applicable data protection regulations.
5. Data Security
We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.
5.1 How Interactive Clinics stores your personal data
When you create an account with Interactive Clinics, your personal profile data is stored separately from your health data and your service settings. This allows us to ensure the highest possible level of privacy for your health information. When you create an Interactive Clinics password, it is stored using one-way encryption (“hashing” plus “salting”) and cannot be read by us. Note that if you use a third-party login service, Interactive Clinics does not receive your original password.
Note: Interactive Clinics automatically detects your region through an IP detection system. We use it to determine where to process and store your personal data. When the detected region is Australia, we use servers located in Australia. For the rest of the world, we use servers located in the European Union.
Your data is transmitted between your device and Interactive Clinics’ servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.
5.2 Interactive Clinics’ recommendations for protecting your data
We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices without your consent. The data you enter into Interactive Clinics is private and it should stay that way (unless you actively choose to share it). We have outlined some ways to keep your devices secure below.
Protect your Interactive Clinics account: Activate a unique PIN code for the Interactive Clinics app. Do not share it with anyone and do not write it anywhere where someone could gain access. If you share your device with others, activating a unique PIN code will ensure you are the only person who can access your Interactive Clinics data on the device.
Protect your device:
i. Activate a PIN for your device. This automatically encrypts your Interactive Clinics data and prevents any person from using your device without your permission.
ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. Please read more about this in our data security blog entry.
6. Data transfer outside the EU and to third-party applications
6.1 Data transfer outside of Europe
Any personal data collected from you may only be transferred to countries outside the European Union / the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.
6.2 Apple Health (iOS)
Interactive Clinics will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the Interactive Clinics app when you first enter into physical activity module and can be revoked by you at any time. If you have given your approval, Interactive Clinics may interact with the Health app on your iOS device and read and/or write information between the Interactive Clinics app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.
You can choose if and to what extent your personal data is exchanged between Interactive Clinics and Health by granting or revoking the relevant permissions in Health app settings. Please refer to the Privacy Information of Apple Health for further information.
7. Cookies and app data analysis
The Interactive Clinics app and our website also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved experience.
Information on your usage of our website or of the Interactive Clinics app may be collected and processed by Interactive Clinics, or a third-party engaged by Interactive Clinics using a unique identification number assigned to you. Information about your usage will be deleted when this information is no longer required for the purpose collected, and will always be de-identified before sharing with third parties besides those mentioned under Section 7.2 and 7.3.
7.1 Your consent for Interactive Clinics tracking and analysis
You may withdraw your consent to non-essential tracking and analysis at any time. When visiting our website, you can decline the use of non-essential cookies in the pop-up notification. In the Interactive Clinics app, you can go to Settings > Data Privacy settings and adjust your preferences.
For the purpose of tracking the performance of our services and to improve Interactive Clinics, we use the following third-party services:
7.2 Google Analytics
Our website and mobile applications use Google Analytics, a web and mobile analysis service operated by Google Inc. (“Google”).
When using our apps, Google Analytics uses data stored on your device to allow for analysis of your visits to Interactive Clinics application and interactions with it in order to personalize your experience and improve our services. Information produced in this way will be transferred to and stored on a on a randomly selected public cloud located in the US, EU or Asia, operated by Google.
The following data is used by Google Analytics:
- Client ID: a unique, randomly generated string that gets stored in the device, so subsequent visits to the application can be associated with the same user.
The following Cookies are used by Google Analytics:
|Cookie Name||Value (example)||Purpose||Expiration|
|_ga||2.1326744211.152311160746-5||This cookie is written to the browser upon the first visit. It is included in each page view request and used to distinguish unique users on the website.||2 years|
|_gid||2.1687193234.152311160746-1||This cookie is used to group the user behavior for each user.||24 hours|
|_gat_gtag_UA_property-id||1||This cookie is used to throttle the rate at which requests are sent to Google Analytics so as to increase the efficiency of network calls.||1 minute|
Google analyzes this information to offer reports to Interactive Clinics on mobile applications usage, website usage and online usage of associated services. Under the terms of Google’s analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. By opting in via the cookie banner on Interactive Clinics’ website, or by accepting these conditions on Interactive Clinics app, you consent to data being used and processed by Google as described above. You can withdraw consent for this use of your data at any time. Please note that this withdrawal only applies to future activities.
7.3 App Center Analytics
Interactive Clinics uses a data analysis service operated by App Center Analytics. This service helps us understand more about our app users and their behavior when using Interactive Clinics app. This includes devices, location, activity and engagement. This will allow us to answer questions such as:
- What are the main devices being used?
- Can we remove support for an old OS version?
- Should we translate my app into a new language?
- Are our users adopting our latest version?
By using our service, you explicitly consent to the use and processing of your data collected by App Center Analytics as described above.
8. Communications, Surveys and newsletter activities
Interactive Clinics uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications, in-app messages and emails for questions related with the security of your account, to initiate Telehealth video calls, to deliver health content and to send occasional promotional materials that may be of interest to you.
You consent to push notifications when you activate Interactive Clinics’ push notifications on your device settings. You can withdraw your consent at any time. You can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message, and you can disable notifications sent by Interactive Clinics in your device settings.
Interactive Clinics may communicate with you via email if you have contacted Interactive Clinics for questions or support requests in connection with our services or the Interactive Clinics app. For certain support requests, Interactive Clinics will have to access and process your personal data, including your health data for the purpose of answering your request. You explicitly provide your consent for the processing of your personal data, including your health data for answering your support request.
In order to provide these services, Interactive Clinics may share information such as your email address to third-party providers for the sole purpose of carrying out such newsletter services, surveys or notifications. These providers are Typeform S.L. (“Typeform“), seated in Barcelona, Spain, which may process information from survey forms filled out by you
The privacy policies of these services can be found on their respective websites. U.S. based companies are compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met or guarantee a sufficient level of data protection by agreeing to EU Standard contractual clauses with Interactive Clinics
9. Young users
Interactive Clinics does not knowingly collect or use personal data from children under the age of 14. By registering to a Interactive Clinics account you are required to confirm that you are at least 14 years old, or that your parents have agreed that you can use the Interactive Clinics app.
If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country (this is commonly between 14 and 16 years old, depending on the country you live in) or if you have the consent of your parent or legal guardian. If you are a parent and learn that your child is using Interactive Clinics without your permission or if you have any specific question about data privacy at Interactive Clinics, do not hesitate to get in touch with us at email@example.com.
If Interactive Clinics gains actual knowledge that information has been collected from children under the age of thirteen in the United States contrary to the Children’s Online Privacy Protection Act of 1998 and the regulation thereunder, Interactive Clinics will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including health and sensitive data of the user, from our servers.
11. Responsibility for Data Processing
Interactive Clinics is made in Barcelona, Spain, and the way we handle data meets the high standards set by Spanish and European legal requirements (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights). Interactive Clinics is made by Interactive Clinics SLBit Genoma Digital Solutions SL, Prim 26, 08911 Badalona, Barcelona. Further contact information can be found here. Interactive Clinics has an appointed data protection officer. Please do not hesitate to reach out to firstname.lastname@example.org if you have any questions.
12. Prevailing Language