Privacy Policy

Intercept Health App
Effective date: 19th day of September 2022

Intercept app (the “App”) is operated by National Institute for Prevention and Cardiovascular Health (NIPC). The National Institute for Prevention and Cardiovascular Health is the data controller and can be contacted at:

NIPC, Croí Heart and Stroke Centre, Moyola Lane, Newcastle, Galway. Ireland
info@nipc.ie(+353) 091-893299
www.nipc.ie

Purpose
The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our App of the following:

  1. The personal data we will collect;
  2. Use of collected data;
  3. Who has access to the data collected; and
  4. The rights of App users.

This Privacy Policy applies in addition to the terms and conditions of our App.

GDPR
For users in Ireland, we adhere to the Regulation (European Union) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”).

Consent
By using our App users agree that they consent to:

  1. The conditions set out in this Privacy Policy.

When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.

You can withdraw your consent by: Contacting the NIPC Data Protection Officer, Lizanne Dunleavy, lizanne@croi.ie.

About Intercept

The INTERCEPT app aims to improve secondary prevention in post-acute coronary syndrome patients (ACS).

The intervention includes two components

  1. a mobile app which aims to support and motivate patients to achieve a healthy lifestyle, manage risk factors, and improve adherence with cardio protective medications
  2. a web-based nurse portal, which will support remote monitoring and communication by a specialist cardiovascular nurse.

The objective is to provide a patient centred, package of care that is integrated, structured and seamless to ensure a smooth transition from hospital to home, with evidence-based support to achieve recommended lifestyle, medical and therapeutic goals. A second objective is to improve uptake and adherence with traditional Cardiac Rehabilitation (CR) programmes among these post-acute ACS patients.

Legal Basis for Processing
We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal bases to collect and process the personal data of users in the EU:

  1. Users have provided their consent to the processing of their data for one or more specific purposes;
  2. Processing of user personal data is necessary for us or a third party to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are: Testing a health & wellbeing app; Processing of user personal data is necessary for us to take, at the request of a user, steps before entering a contract or for the performance of a contract to which a user is a party. If a user does not provide the personal data necessary to perform a contract the consequences are as follows: The App can’t be used without inputting information.

Personal Data We Collect
We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

Data Collected Automatically
When you visit and use our App, we may automatically collect and store the following information:

  1. Health & wellbeing data, such as:

Weight, body mass index (BMI), smoking status, LDL cholesterol, blood pressure, Glucose and HbA1c, heart rate,  , medications prescribed, physical activity, steps, accelerometer data, eating habits and mood.

Data Collected in a Non-Automatic Way
We may also collect the following data when you perform certain functions on our App:

  1. First and last name;
  2. Age;
  3. Date of birth;
  4. Sex;
  5. Email address; and
  6. Phone number.

This data may be collected using the following methods:

  1. Creating an account
  2. Using the app
  3. Using  a connected device such as smart watch or blood pressure monitor
  4. Information provided to staff

How We Use Personal Data
Data collected on our App and through connected devices will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our App. We will not use your data beyond what we disclose in this Privacy Policy.

We may use your Personal Information for the following purposes:

  • Operate, maintain, supervise, administer, and enhance our App, and our Software, including monitoring and analysing the effectiveness of content of the Services, aggregate site usage data, and other usage of the Services such as assisting you in completing the registration process.
  • Provide our products and services to you, in a custom and user-friendly way.
  • Provide you with information, or services that you request from us or that may be of interest to you.
  • To provide you notices or about your account.
  • Contact you in response to a request.
  • To notify you about changes to our Services or any products or services we offer or provide through them.
  • Fulfil any other purpose for which you provide consent.
  • Anonymize and aggregate information for analytics and reporting.
  • To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
  • Authenticate use, detect fraudulent use, and otherwise maintain the security of our Website, our App, our Software, and the safety of others.
  • To administer surveys and questionnaires.
  • Any other purpose with your consent

Who We Share Personal Data With

Employees
We may disclose user data to any member of the organisations involved in this research who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy. Employees involved in this research are employed at the National Institute for Prevention and Cardiovascular Health, Saolta University Health Care Group or the University of Galway.

Third Parties
We may share user data with the following third parties:

  1. Citrus Suite, app developer.

We may share the following user data with third parties:

  1. App usage data.

We may share user data with third parties for the following purposes:

  1. App research

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.

Other Disclosures
We will not sell or share your data with other third parties, except in the following cases:

  1. If the law requires it;
  2. If it is required for any legal proceeding;
  3. To prove or protect our legal rights; and
  4. To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our App to another App, please note that we are not responsible for and have no control over their privacy policies and practices.

How Long We Store Personal Data
User data will be stored until the purpose the data was collected for has been achieved.

You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data
The prospective hosting option is fully GDPR compliant, as data is merely transferred and not stored by third parties. All data captured is anonymised, with user anonymity maintained. (unless user has opted in, to share data of their own volition)

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

Your Rights as a User
Individuals located in the EEA have certain rights with respect to their Personal Information. These rights include:

  • Access and Update. You can review and change your Personal Information by notifying us through the Contact Information below of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
  • Restrictions. You have the right to restrict our processing of your Personal Information under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Information is determined to be unlawful, or if we no longer need your Personal Information for processing but we have retained it as permitted by law.
  • Portability. To the extent the Personal Information you provide us is processed based on your consent or that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Information in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Information to another controller, when technically feasible.
  • Withdrawal of Consent. To the extent that our processing of your Personal Information is based on your consent, you may withdraw your consent at any time by contacting us. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Information.
  • Right to be Forgotten. You have the right to request that we delete all of your Personal Information. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect.
  • Complaints. You have the right to lodge a complaint with the applicable supervisory authority in Ireland. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
  • How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements.

Children
We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection officer.

How to Access, Modify, Delete, or Challenge the Data Collected
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, please contact our data protection officer here:

NIPC, Croí Heart and Stroke Centre, Moyola Lane, Newcastle, Galway. Ireland
info@nipc.ie(+353) 091-893299
www.nipc.ie

Additional Clauses

Health Data

Within the Intercept system, all patient specific data will need to form part of the patient’s case notes and be identifiable for this purpose. The patients will also need to be able to identify themselves to ensure full collaboration with the system. Permissions to see personal information will not be given to third parties, however System based issues and analytical data will be accessible to the app developer during the 12-month support stage.

Google Analytics and other technologies we use.

We use Google Analytics and/or similar technologies to analyse app use behaviour, administer the app, track users’ movements, and to collect information about app use. This is done to personalise and enhance your experience with us.

We use Google Analytics for the following purposes:

  • Analytics data – this data is used to track the use and performance of our apps and services
  • Google has their own Privacy Policy which you can review here

Modifications
This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.

Complaints
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Data Protection Commission in Ireland.

Contact Information
If you have any questions, concerns or complaints, you can contact our data protection officer, NIPC, at:

NIPC Data Protection Officer, Lizanne Dunleavy, lizanne@croi.ie
NIPC, Croí Heart and Stroke Centre, Moyola Lane, Newcastle, Galway.
info@nipc.ie(+353) 091-893299
www.nipc.ie