SelfBack ApS (referred to as “SelfBack”, “we” or “us” in this document), offers a self management platform, in the form of a mobile application, to persons with non-specific low back pain. All persons using SelfBack and its content (referred to as “Services”) are known as “Users”.
SelBack’s privacy policy describes how we collect, use, protect and share information about you as an individual. We recommend that you read our privacy policy in full.
If you have any questions in regards to how we protect your personal data, please contact our data protection officer at gdpr@selfback.dk.
BY USING OUR MOBILE APPLICATION, YOU ARE ACCEPTING AND CONSENTING TO THE COLLECTION, USE AND TRANSMITTAL OF YOUR PERSONAL DATA FOR PROCESSING AS DESCRIBED IN THIS PRIVACY POLICY
By using our Services you are considered to have read and accepted the Privacy Policy, together with our Terms and Conditions. Should you not agree with any part of these Policies and Terms, you should not use our Services and should immediately terminate your use of SelfBack.
1. Data Collection:
SelfBack divides the data we get from you into two different categories, that are stored separately.
“Personal data” is data that directly or indirectly, can be used alone or with other information, to identify you as an individual user of SelfBack.
“Health data” is data that describes your health and wellbeing, e.g. Health status, how many steps walked, answers to our questionnaires and goals.
Information You Provide to Us when registering and creating an account
When enrolling into the SelfBack mobile application, you provide us with the following personal and health data, that we collect and store to register your account and to be able to provide you with the most personalized program as possible.
Your mobile Phone number.
Your past and present health status.
Your employment status.
Your Healthcare providers Identification.
Your date of birth.
Your gender.
Information collected while using our services
To be able to improve and further personalize your program, we collect and store the personal and health data that is obtained while using the SelfBack mobile application.
These informations are as following examples:
1. Your answers to questions in the SelfBack questionnaires
2. When you last answered or partially answered a questionnaire in SelfBack
3. Reminders sent to you
4. The amount of steps walked
5. Your goals, as entered into the SelfBack mobile application
Health data that we obtain from processing of your provided information.
1. Your answers to the questions in the module SelfBack Baseline questionnaire and weekly questionnaire
2. Development of your wellbeing and pains over time, obtained through the answered questions in SelfBack
3. The scores relating to your wellbeing (Created based on your answers in the SelfBack mobile application).
If we in any way chain together other information in a way that makes you identifiable as an individual user, we will handle that information as personal data.
We only collect the minimum amount of data, which is necessary for us to be able to provide our services to you.
This means that we do not collect unnecessary data about you as a person.
2. How we use personal and health data
SelfBack uses the collected data to be able to deliver our products and services to the individual users, to improve our product and services, development of new services and products and to improve and personalize your user experience when interacting with us.
First and foremost we use your personal and health data to deliver our services and maintain as effective an operation of our IT-structure as possible - The data collected is used to deliver the services that we offer.
This includes the operation, maintenance and deliverance of all content and functions of the services we provide you, whereas among other things, the personal and dynamic training program is created. Without your personal and health data, the adjustments to your training program and plan will not work.
We also use personal and health data to conduct our business internally, to develop new products and services, in order to facilitate better treatment for the users.
Additionally we use personal and health data to develop, improve functionalities, services and functions, by better understanding our users and their needs.
To be able to communicate with you and respond to the requests you provide, we utilize your personal data, in regards to product information, technical support and any other form of communication initiated with us.
All communication initiated by us, will go through the SelfBack mobile application, this being responses in our support function or messages regarding the performance of services, such as updates to our Privacy Policy and Terms and Conditions.
We also keep and use your personal and health data, as necessary, to comply with legal obligations, resolve conflicts, and enforce our agreements.
3. How we handle personal data:
SelfBack will only disclose your personal and health data with your knowledge and as stated in this Privacy Policy or as indicated at the time of collection. We only share your data with third parties in certain individual cases, specifically with your consent where you have given acceptance herof, and is thereby optional.
Your personal data may be disclosed as described in this Privacy Policy and as described in the following ways:
Optional sharing of personal and health data with your healthcare provider
Within the SelfBack app, there is an option to choose to share your personal and health data with your healthcare provider. By sharing the personal and health data from the SelfBack mobile application with your healthcare provider, they will be able to follow your progress and thereby optimize your treatment plan accordingly.
It is very important for us that you have the rights and choice over your own data and can share it if you wish. If you want to share your data with a third party other than your personal healthcare provider, you need to contact SelfBack before doing so. Contact information: gdpr@selfback.dk
Optional sharing for research and academic purposes
You are able to choose to share your health data from the SelfBack mobile app, for academic and research purposes.
This data is pseudonymised, and is not linked to your personal data, meaning that they will only receive data regarding your health profile, without any knowledge or link to your personal data that makes you identifiable as an individual person.
Required by law and special circumstances
We may be forced to disclose your personal and health data in the following cases:
1. It is reasonably necessary to comply with legal preceding(such as a court order, search warrant, etc.) or other legal requirements of any public authority
2. If such a disclosure would potentially reduce our liability in a real potential trial
It is necessary to protect our legal rights or property
3. It is necessary to protect the legal rights, property or other parties’ physical security or for the prevention or discovery of crime and such a disclosure is legitimate.
4. Securing your information:
SelfBack is committed to protecting the security of your personal and health data.
To protect our information from unauthorized access, loss and theft, we have put in various measures of protection.
Your health data and your personal data are stored on two different databases, where we use encryption (hmac sha256) for the link between the data.
When transmitting your data to and from our app, we use encryption as well (HTTPS/SSL).
In case of a data breach, where your personal data has been, accidentally or unlawfully destructed, lost, altered, had unauthorized disclosure of, or has been accessed, measures have been put in place to inform the necessary parties. The data protection officer at SelfBack, will, where feasible, no later than 72 hours after having become aware of it, notify the personal data breach to the Data Protection Authorities. If the data breach poses a high risk to you as an individual who is affected, then you will be contacted directly as well.
5. Storing data:
SelfBack stores your personal and health data as long as you have an account with us.
SelfBack is hosted on servers located within the EU/EEA and thus your personal data is processed within the EU/EEA.
We have ensured that your data when stored is encrypted as well by encryption at rest, meaning that when your data is stored at the harddrive at our hosts servers, they are encrypted and thereby secured from unauthorized access.
Your personal and health data is generally deleted when you actively delete it in the app or if you are passive for more than 2 years.
When you withdraw your consent, we anonymise your answers and cases, so they cannot be traced back to you, but can be used in statistics and cases.
Support cases are deleted one year after it has been resolved or one year after the relationship between your Healthcare provider and us has ended (whichever comes first).
6. Your rights:
You have certain rights in regards to your data that we process.
To exercise any of your rights as listed below, reach out to us at gdpr@selfback.dk. Your rights are not absolute and may have to be balanced with the rights of others, as well as the rights that are subject to some exceptions as a matter of law.
You have the rights to get inaccurate personal og health data corrected:
If you are under the impression that the personal or health data that SelfBack processes, regarding yourself, are inaccurate or incomplete, you have the rights to have them corrected
You have the rights to request deletion of your personal data:
When you do not want us to process you personal, you have the rights to delete your personal data by yourself or ask us to delete your personal data
You have the rights to withdraw your consent:
Where the processing of your personal and health data is based on your consent, you have the right to withdraw your consent at any given time.
This can be done in the app or by sending an email to gdpr@selfback.dk
A withdrawal of consent will imply that we can no longer provide our services to you, since processing of your personal and health data is necessary for our services to function.
You have the rights to complain to a supervisory authority:
If you wish to complain about our processing of your personal and health data, you have the right to reach out to a supervisory authority.
If you have any questions regarding your right, then you are able to contact us at gdpr@selfback.dk
We will respond to your request as soon as possible and at the latest within one month of receiving the request from you.
7. Children:
SelfBack does not knowingly collect personal data from children under the age of 16.
If we become aware of the fact that a child under the age of 16 has provided us with personal data without the parents’ consent, we will remove the information and delete the child’s account as soon as possible.
8. How to contact us:
If you have any questions, concerns or comments regarding the way we handle your personal data, then please contact us by sending an email to gdpr@selfback.dk
9. Updates to Privacy Policy:
This Policy is reviewed continuously to make sure that it is up to date.
We may update this Privacy Policy without notice. You can see when this Policy was last modified by checking the effective date and we advise you to review this Privacy Policy periodically to be sure that you understand our privacy practices.
If a change to the content of this Privacy Policy occurs, you will be notified within the SelfBack mobile application.
