Data Protection Statement
Thank you for choosing to use the iNAP System and the iNAP Lab+
app. In order for you to be able to use the iNAP Lab+ app effectively, we need to collect some personal
data, including personal health data. This page is designed to inform you of
the data that we collect, what we do with the data, and your rights under the
EU General Data Protection Regulation (GDPR). In accordance with Article 6(a) and
Article 9(2)(a) of the GDPR, we will only collect your personal data if you
specifically consent to its collection and processing at the end of this
statement.
We
collect personal information in the iNAP Lab+ app in
order to provide you, and your treating physician with information and analyses
regarding your use of the iNAP System. Your contact
data may also be collected and processed in order to allow your authorized
Somnics distributor to more easily provide you with iNAP
System supplies.
When you
use the iNAP Lab+ app for the first time, you will be
asked to enter certain personally identifiable information,
including but not limited to:
-
Name
-
Contact details (address, telephone no., email)
-
Location
-
Birthdate
-
Weight
-
Height
-
Data of the iNAP console(s) connected to the app
The app
may also collect information regarding your location when you use a mobile
phone to upload data from the app to our server. If there is an error in the app while you are using it
we may also collect data and information (through third party products) on your
phone called Log Data. This Log Data may include information such as your
device Internet Protocol("IP") address, device name, operating system version,
the configuration of the app when utilizing our Service, the time and date of
your use of the Service, and other statistics.
Cookies
Cookies are files with a small amount of data that are commonly
used as anonymous unique identifiers. These are sent to your browser from the
websites that you visit and are stored on your device's internal memory.
This Service does not use these "cookies" explicitly. However, the
app may use third party code and libraries that use "cookies" to collect
information and improve their services. You have the option to either accept or
refuse these cookies and know when a cookie is being sent to your device. If
you choose to refuse our cookies, you may not be able to use some portions of
this Service.
The Controller in charge of data collection
and processing within the meaning of Article 4 of the GDPR is:
Somnics Inc.
5F, No. 22, Sec. 2
Shengyi Road
Zhubei City, Hsinchu County
30261
TAIWAN
The Controller's representative in
the EU within the meaning of Article 27 of the GDPR is:
Somnics GmbH
Stichlingstrasse
1
60327 Frankfurt am Main
GERMANY
Your Rights under the GDPR
As a data subject under the GDPR
you have the following specific rights regarding the collection and processing
of your personal data:
- Right of access (Article 15)
You shall have the right to receive the following information: The
personal data processed by us; the purposes of the processing; the categories
of processed personal data; the recipients or categories of recipients to whom
the personal data have been or will be disclosed; the envisaged period for
which the personal data will be stored, or, if not possible, the criteria used
to determine that period; the existence of the right to request from the
controller rectification or erasure of personal data or restriction of
processing personal data concerning the data subject or to object to such
processing; the right to lodge a complaint with a supervisory authority; where
the personal data are not collected from the data subject, any available
information as to their source; the existence of automated decision-making,
including profiling and at least in those cases, meaningful information about
the logic involved, as well as the significance and envisaged consequences of
such processing for the data subject; the appropriate safeguards pursuant to
Article 46 when personal data is transferred to a third country.
- Right to rectification (Article
16)
You have the right to obtain from the controller without undue
delay the rectification of inaccurate personal data concerning you and/or the
right to have incomplete personal data completed.
- Right to erasure ("right to be
forgotten" - Article 17)
You have the right to obtain from the controller the erasure of
personal data concerning you if:
-
the personal data are no longer necessary in relation to the
purposes for which they were collected or otherwise processed;
-
you withdraw your consent on which the processing is based
according to point (a) of Article 6(1), or point (a) of Article 9(2), and there
is no other legal ground for the processing;
-
you object to the processing pursuant to Article 21(1) and there
are no overriding legitimate grounds for the processing, or you object to the
processing pursuant to Article 21(2);
-
the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in
Union or Member State law to which the controller is subject.
- Right to restriction of
processing (Article 18)
You have the right to obtain from the controller restriction of
processing your personal data where one of the following applies:
-
you contest the accuracy of the personal data, for a period
enabling the controller to verify the accuracy of the personal data;
-
the processing is unlawful and you oppose
the erasure of the personal data and request the restriction of their use
instead;
-
the controller no longer needs the personal data for the purposes
of the processing, but they are required by you for the establishment, exercise
or defence of legal claims;
- you have objected to
processing pursuant to Article 21(1) pending the verification whether the
legitimate grounds of the controller override your grounds.
- Right to be informed (Article
19)
If you have asserted the right of rectification, erasure or
restriction of processing against the controller, the controller is obliged to
communicate to each recipient to whom the personal date has been disclosed any
rectification or erasure of personal data or restriction of processing, unless
this proves impossible or involves disproportionate effort. You have the right
to be informed about those recipients.
- Right to data portability (Article
20)
You shall have the right to receive the personal data concerning
you, which you have provided to the controller, in a structured, commonly used
and machine-readable format or to require that those data be transmitted to
another controller, where technically feasible.
- Right to withdraw a given
consent (Article 7(3))
You have the right to withdraw your consent for the processing of
personal data at any time with effect for the future. In the event of
withdrawal, we will immediately erase the data concerned, unless further
processing can be based on a legal basis for processing without consent. The
withdrawal of consent shall not affect the lawfulness of processing based on
consent before its withdrawal.
- Right to lodge a complaint (Article
77)
Without prejudice to any other administrative or judicial remedy,
you have the right to lodge a complaint with a supervisory authority, in
particular in the Member State of your habitual residence, place of work or
place of the alleged infringement if you consider that the processing of
personal data relating to you infringes the GDPR.
TRANSFER OF DATA TO THIRD
COUNTRIES
The app uses third-party services that may collect information
used to identify you. We use these service providers for the following reasons:
We want to inform you that these third parties have access to some or all of your personal information stored in the app.
The reason is to perform the tasks assigned to them on our behalf. However,
they are obligated by contract with the controller not to disclose or use the
information for any other purpose.
In accordance with Article 49 of the GDPR, we herewith
inform you that the controller intends to transfer collected personal data for
the purposes of storage and processing to a recipient or recipients in a third
country outside of the European Union that is not subject to an adequacy
decision by the EU Commission and does not guarantee the same level of data
protection as the European Union. While the controller will use its best
efforts to ensure adequate data protection for your personal data, as a result
of this transfer, there is a possibility that you may not be able to fully
exercise your rights under the GDPR as outlined above. By consenting to this
Data Protection Statement, you specifically also consent to the transfer of
your data to such third country.
Here are links to the privacy policies of third-party service
providers used by the app:
CONTACT INFORMATION AND SUPERVISORY
AUTHORITY
Complaints and requests in connection with the
protection of your personal data should be directed to:
Somnics GmbH
Data Protection Officer
Stichlingstrasse 1
60327 Frankfurt am Main
GERMANY
Tel.: +49-69-2400 3626
Fax: +49-69-2400 3627
E-mail: it.support@somnics.com
The supervisory authority responsible for the
controller's representative in the EU is:
Der Hessische
Datenschutzbeauftragte
Gustav-Stresemann-Ring 1,
D-65189 Wiesbaden
Postfach 31 63
65021 Wiesbaden
GERMANY
Tel.: +49-611/1408-0
Fax: +49-611/1408-900
E-Mail: poststelle@datenschutz.hessen.de
STORAGE DURATION OF PERSONAL
DATA
Personal data collected and processed in
connection with the iNAP Lab+ app will be stored
until you revoke your consent. If there are legal storage periods for data that
is processed within the framework of legal or similar obligations on the basis
of Article 6(1)(b) of the GDPR, this data will be routinely deleted after
expiry of the storage periods if it is no longer necessary for the fulfillment
of the contract or the initiation of the contract and/or if the controller no
longer has a justified interest in further storage.
Unless otherwise stated in the information
contained in this declaration on specific processing situations, stored
personal data will be deleted if it is no longer necessary for the purposes for
which it was collected or otherwise processed.
Links to Other Sites
The app may contain links to other sites. If you click on a
third-party link, you will be directed to that site. Note that these external
sites are not operated by us. Therefore, we strongly advise you to review the privacy
policy of these websites. We have no control over and assume no responsibility
for the content, privacy policies, or practices of any third-party sites or
services.
Editing and Deleting Data.
By logging into your account and using your account info, you can change and delete your personal information.
For instance, you can edit or delete the profile data you provide and delete your account if you wish.
If you choose to delete your account, please note that all of your information and records will be deleted immediately, like the data recorded by your iNAP device and other data stored in our cloud systems.
CONSENT TO COLLECTION AND
PROCESSING OF PERSONAL DATA
I consent to the collection of my personal data, including
personal health information, as outlined above, in connection with the use of
the iNAP Lab+ app. I understand my rights under the
GDPR, and consent specifically to the transfer of my personal data to third
countries outside the EU for the purposes outlined above.