SelfBack ApS (referred to as “SelfBack”, “we” or “us” in this document), offers a self management platform, in the form of a mobile application, to persons with non-specific low back pain. All persons using SelfBack and its content (referred to as “Services”) are known as “Users”.
If you have any questions in regards to how we protect your personal data, please contact our data protection officer at email@example.com.
1. Data Collection
SelfBack divides the data we get from you into two different categories, that are stored separately.
“Personal data” is data that directly or indirectly, can be used alone or with other information, to identify you as an individual user of SelfBack.
“Health data” is data that describes your health and wellbeing, e.g. Health status, how many steps walked, answers to our questionnaires and goals.
Information You Provide to Us when registering and creating an account
When enrolling into the SelfBack mobile application, you provide us with the following personal and health data, that we collect and store to register your account and to be able to provide you with the most personalized program as possible.
Your mobile Phone number.
Your past and present health status.
Your employment status.
Your Healthcare providers Identification.
Your date of birth.
Your level of education.
Your marital status.
Information collected while using our services
To be able to improve and further personalize your program, we collect and store the personal and health data that is obtained while using the SelfBack mobile application.
These informations are as following examples:
1. Your answers to questions in the SelfBack questionnaires
2. When you last answered or partially answered a questionnaire in SelfBack
3. Reminders sent to you
4. The amount of steps walked
5. Your goals, as entered into the SelfBack mobile application
Health data that we obtain from processing of your provided information:
1. Your answers to the questions in the module SelfBack Baseline questionnaire and weekly questionnaire
2. Development of your wellbeing and pains over time, obtained through the answered questions in SelfBack
3. The scores relating to your wellbeing (Created based on your answers in the SelfBack mobile application).
If we in any way chain together other information in a way that makes you identifiable as an individual user, we will handle that information as personal data.
We only collect the minimum amount of data, which is necessary for us to be able to provide our services to you. This means that we do not collect unnecessary data about you as a person.
2. How we use personal and health data
SelfBack uses the collected data to be able to deliver our products and services to the individual users, to improve our product and services, development of new services and products and to improve and personalize your user experience when interacting with us.
First and foremost we use your personal and health data to deliver our services and maintain as effective an operation of our IT-structure as possible - The data collected is used to deliver the services that we offer.
This includes the operation, maintenance and deliverance of all content and functions of the services we provide you, whereas among other things, the personal and dynamic training program is created. Without your personal and health data, the adjustments to your training program and plan will not work.
We also use personal and health data to conduct our business internally, to develop new products and services, in order to facilitate better treatment for the users.
Additionally we use personal and health data to develop, improve functionalities, services and functions, by better understanding our users and their needs.
To be able to communicate with you and respond to the requests you provide, we utilize your personal data, in regards to product information, technical support and any other form of communication initiated with us.
We also keep and use your personal and health data, as necessary, to comply with legal obligations, resolve conflicts, and enforce our agreements.
3. How we handle personal data
We only share your data with third parties in certain individual cases, specifically with your consent where you have given acceptance herof, and is thereby optional.
Optional sharing of personal and health data with your healthcare provider
Within the SelfBack app, there is an option to choose to share your personal and health data with your healthcare provider. By sharing the personal and health data from the SelfBack mobile application with your healthcare provider, they will be able to follow your progress and thereby optimize your treatment plan accordingly.
It is very important for us that you have the rights and choice over your own data and can share it if you wish. If you want to share your data with a third party other than your personal healthcare provider, you need to contact SelfBack before doing so.
Contact information: firstname.lastname@example.org
Optional sharing for research and academic purposes
You are able to choose to share your health data from the SelfBack mobile app, for academic and research purposes.
This data is pseudonymised, and is not linked to your personal data, meaning that they will only receive data regarding your health profile, without any knowledge or link to your personal data that makes you identifiable as an individual person.
Required by law and special circumstances
We may be forced to disclose your personal and health data in the following cases:
1. It is reasonably necessary to comply with legal preceding(such as a court order, search warrant, etc.) or other legal requirements of any public authority
2. If such a disclosure would potentially reduce our liability in a real potential trial
It is necessary to protect our legal rights or property
3. It is necessary to protect the legal rights, property or other parties’ physical security or for the prevention or discovery of crime and such a disclosure is legitimate.
4. Securing your information
SelfBack is committed to protecting the security of your personal and health data.
To protect our information from unauthorized access, loss and theft, we have put in various measures of protection.
Your health data and your personal data are stored on two different databases, where we use encryption (hmac sha256) for the link between the data.
When transmitting your data to and from our app, we use encryption as well (HTTPS/SSL).
In case of a data breach, where your personal data has been, accidentally or unlawfully destructed, lost, altered, had unauthorized disclosure of, or has been accessed, measures have been put in place to inform the necessary parties. The data protection officer at SelfBack, will, where feasible, no later than 72 hours after having become aware of it, notify the personal data breach to the Data Protection Authorities. If the data breach poses a high risk to you as an individual who is affected, then you will be contacted directly as well.
5. Storing data
SelfBack stores your personal and health data as long as you have an account with us.
SelfBack is hosted on servers located within the EU/EEA and thus your personal data is processed within the EU/EEA.
We have ensured that your data when stored is encrypted as well by encryption at rest, meaning that when your data is stored at the harddrive at our hosts servers, they are encrypted and thereby secured from unauthorized access.
Your personal and health data is generally deleted when you actively delete it in the app or if you are passive for more than two years.
When you withdraw your consent, we anonymise your answers and cases, so they cannot be traced back to you, but can be used in statistics and cases.
Support cases are deleted one year after it has been resolved or one year after the relationship between your Healthcare provider and us has ended (whichever comes first).
6. Your rights
You have certain rights in regards to your data that We process.
To exercise any of your rights as listed below, reach out to us at email@example.com.
Your rights are not absolute and may have to be balanced with the rights of others, as well as the rights that are subject to some exceptions as a matter of law.
You have the right to access your Personal Data and Health Data:
At any given time before you or SelfBack deletes your information, you have the right to access your Personal Data and Health Data.
You have the right to have incorrect Personal Data and Health Data corrected:
If you believe that the Personal Data or Health Data SelfBack has collected about you are incorrect or incomplete, you have the right to have them corrected.
You have the right to request that your data be deleted:
When you no longer want us to process your Personal Data, you have the right to delete your Personal Data yourself or ask Us to delete data.
You have rights to restrict the processing of your personal data:
When you have a special reason to restrict our processing of your personal data, you can request it, for example while accessing your rectification of inaccurate data.
You have the right to object to the processing of your personal data:
You have the right to object to us using your personal data where our justification is based on our legitimate interests. We will need to stop processing until we can determine that we have compelling legitimate grounds that override your interests, rights and freedoms, or that we need to continue to use it to establish, exercise or defend legal claims.
You have right to portability of your personal data:
If you wish to, move, copy or transfer your personal data, you have the right to receive the personal data about you in a structured, machine-readable format.
You havethe right to withdraw your consent:
The places where to processing of your Personal Data and Health Data is based on your consent, you have the right to withdraw your consent at any given time. This can be done in the App or by sending an email to firstname.lastname@example.org. Withdrawal of consent will mean that you will no longer be able to receive our Service, since the processing of your Personal Data and Health Data is necessary for the functionality of our Services.
You have the right to complain to the supervisory authorities:
If you wish to complain about our processing of your Personal Data and Health Data, you have the right to contact the supervisory authorities; in this case it will bethe Danish Data Protection Authority.
If you do not wish to be subject to the automated decision-making, (which you have the right to opt-out of) based solely on automated processing, SelfBack will not function and you will therefore not be able to use the SelfBack App. The automated decision-making process results in the individualized program and isthe core feature of the app, and therefore it is necessary to use only automated decision-making.
Since all your data that we collect and process is part of the creation of the individualized programs in SelfBack- app, you will not be able to opt out of any data processing of the data you provide to us if you wish to use the SelfBack app.
If you have questions regarding your right, you are able to contact the Data Security Officer for SelfBack at email@example.com We will answer your request as soon as possible and at the latest within one month of receiving the request from you.
SelfBack does not knowingly collect personal data from children under the age of 16.
If we become aware of the fact that a child under the age of 16 has provided us with personal data without the parents’ consent, we will remove the information and delete the child’s account as soon as possible.
8. How to contact us
If you have any questions, concerns or comments regarding the way we handle your personal data, then please contact us by sending an email to firstname.lastname@example.org
We strive to respond to your inquiry as quickly as possible and within one month of receiving your inquiry.
This Policy is reviewed continuously to make sure that it is up to date.