This TeltoHeart Privacy Policy (hereinafter – TPP) applies to UAB TELTONIKA TELEMEDIC (hereinafter – Company) TeltoHeart which includes:
(i) Teltoheart app a mobile application (including any instalment of them) which the Company are to supply in accordance with the Terms and Conditions as specified at: https://teltonika-telemedic.com/about-us/policies-certificates/terms-conditions-telemedic
(ii) TeltoHeart Smart wearable a smart wearable, (including any instalment of them) which the Company are to supply in accordance with Terms and Conditions as specified at https://teltonika-telemedic.com/about-us/policies-certificates/terms-conditions-telemedic ;
(iii) TeltoCare WEB platform a web platform (in https://Teltocare.com including any instalment of them) which the Company are to supply in accordance with Terms and Conditions as specified at: https://teltonika-telemedic.com/about-us/policies-certificates/terms-conditions-telemedic
(with all the software and firmware of the mentioned systems) (hereinafter – Product and Services).
The TeltoHeart Privacy Policy provides basic information, such as how Company processes personal data of Clients and (or) Wearers, where
“Client or Provider” shall mean he firm or company (and their legal representatives); and the “Wearer” shall mean a person using the Product and (or) Services, how to exercise data subject rights, how to contact the Company.
When Company acts as a processor or Service provider, the privacy statement of Company’s Client who uses the Product and Services applies instead of this TPP, and Company’s processing of such personal information is governed by Company’s agreements with Clients. If You have concerns about personal information that Company process on behalf or Wearer, or wish to exercise your privacy rights regarding such personal information, please, contact the Provider directly.
The TeltoHeart Privacy Policy shall prevail in the event of any conflict with the other policies or statements.
1. Personal information we collect
1.1. Company shall process Clients and (or) Wearers data, as further described below, as necessary to comply with applicable law and concluded contracts (including use of Product and provision of Services) (“Permitted Purposes”).
1.2. Purpose of the data processing: Company shall only process Clients and (or) Wearers data for the Permitted Purposes, which shall include:
1.2.1. processing as necessary to improve the Product and (or) Service functionality as described in this TPP;
1.2.2. processing to diagnose, solve the security matters, improve the system, make the updates, or comply with applicable laws.
1.3. You may provide us with your personal information:
1.3.1. Identification data: name, surname, birth date, gender;
1.3.1.1. Name and surname: When a new client is registered in a system, it is mandatory to provide to Company name and surname. This information is required to create Client’s or Wearer’s account and to personalize experience with our Product and (or) Service.
1.3.1.2. Date of birth: This information is needed for the Client’s or Wearer’s registration process. This information is used to verify age and to comply with applicable laws and regulations.
1.3.1.3. Gender: This information is needed for the Client’s or Wearer’s registration process. This information is used to verify gender and helps to make improvements of Product and (or) Service.
1.3.2. Contacts: contact details – e-mail, phone number, emergency contact phone number:
1.3.2.1. Email: You are required to provide us with a valid e-mail address to register as a client. This e-mail address will be used to communicate with you about your account, orders, and any other important information related to Product. The initial login password will also be sent to the specified e-mail address.
1.3.2.2. Phone number (Optional): If you want direct contact from your service provider or doctor.
1.3.2.3. Emergency contact number (Optional); If you want to inform your family and (or) service provider about accident.
1.3.3. Special categories of personal data:
1.3.3.1. allergies, height, weight in connection with the Product. This information is used to inform your services provider or doctor for better treatment and for improvements of Product and (or) Service.
1.3.3.2. During the use of Product, sensitive information such as heart rate, ECG (electrocardiogram), afib (atrial fibrillation), step count, SpO2 may be automatically collected. This information will be accessible by your healthcare provider who has authorized you to use the TeltoHeart system. This information is used to make diagnosis and improve treatment.
1.4. Device information: IP addresses, usage data, cookies data, online navigation data, location data, browser data. This information is used to improve our services, to personalize your experience, and to provide you with relevant information and updates.
1.5. Company takes privacy seriously and is committed to protecting personal information. Company only collect, use, and disclose of personal information in accordance with Company’s TeltoHeart Privacy Policy and applicable laws and regulations.
1.6. Company may also use cookies and other tracking technologies to collect information about use of Product and Services.
1.7. Please review Company’s TeltoHeart Privacy Policy for more information about how Company collect, use, and disclose personal information and how preferences can be managed.
This TeltoHeart Privacy Policy is a constantly changing document, so Company can change, improve or update it if necessary.
1.8. Company will process Wearer’s personal data based on:
1.8.1. The performance of contract or to enter into the contract and to take actions on Customer’s requests. For example, we’ll need to process your network traffic data as part of making your device “connected” and we’ll need to process payment details for your billing;
1.8.2. Company’s legitimate business interests, for example, fraud prevention, maintaining the security of Company’s network and services, improvement of Product and (or) Services.
1.8.3. Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided; or
1.8.4. Consent you provide where Company does not rely on another legal basis. Consent is always presented to you separately and Wearer can withdraw consent at any time.
1.9. Products and services supplied by your Provider — notice to smart wearable Wearers
1.9.1. If you use a Company Product with an account provided by Provider, such as your work or personal account, that organization can:
1.9.1.1. Control and administer Product and Product account, including controlling privacy-related settings of the Product or Product account;
1.9.1.2. May access and process your (Wearers) data, associated with your (Wearers) Company Product and Product accounts.
1.9.2. If you lose access to your (Wearers) work or personal account, you (Wearer) may lose access to the Products and collected data.
1.9.3. If your Provider provides you with access to Company Products, your use of the Company Products is subject to your Provider’s policies, if any. You should direct your (Wearers) privacy inquiries, including any requests to exercise your (Wearers) data protection rights, to your (Wearers) Provider’s administrator. Company is not responsible for the privacy or security practices of customers, which may differ from those set forth in this TPP.
1.9.4. When you (Wearer) use a Company Product provided by your Provider, Company’s processing of your (Wearer) personal data in connection with that Product is governed by a contract between Company and Provider (Client). Company processes your (Wearers) personal data to provide the Product to your Provider and you (Wearer), and in some cases for Company’s business operations related to providing the Product as described in this TPP.
1.9.5. As mentioned above, if you (Wearer) have questions about Company’s processing of your (Wearers) personal data in connection with providing Product and Services to you, please contact your Provider. If you have questions about Company’s business operations in connection with providing Product and Services to your Provider, please contact Company as described in the How to contact Company section.
Please note, that personal information (including special categories of personal data) shall be used only within the scope of this TPP in regard with the Product and (or) Services, defined in this TPP.
2. How we use personal information
Company shall use the personal information only for the Permitted Purposes, specified in this TPP for:
2.1. creation of account;
2.2. Service delivery and operation;
2.3. Product and Service development;
2.4. marketing and advertisement;
2.5. investigations;
2.6. compliance with legal and regulatory issues;
2.7. automated processing;
2.8. improve the system.
3. How Company shares personal information
3.1. Personal data of Wearers, Providers (Clients) is collected and processed to conclude of fulfil the obligations in regard to use the Product and (or) provision of Services, with whose conditions the Providers and (or) Wearers agreed with.
3.2. The Company may disclose all or part or Wearers and or Providers personal data to the following data recipients: various service providers, companies belonging to the same group as the Company, competent authorities, and other data controllers who gave the right to information under applicable laws and (or) Company’s legitimate interests.
3.3. The Company uses various service providers (e.g. service and cloud rental, IT service, identity verification, audit, accounting, legal, tax consulting services, claims administration, debt collection, analytics, direct marketing, customer service, and other service providers).
3.4. If necessary and on legally justified grounds, Company also may provide your personal data to service providers as well as to various institutions, organizations, and other data controllers who have the right to receive information under applicable legislation and (or) Company’s legitimate interests.
4. Company may share your (Wearers, Providers (Clients)) personal data:
4.1. For research purposes. For research purposes Company may share information with third parties, such as academic institutions, government and non-profit organizations, for research purposes or to publish academic or policy-related materials. Company only shall share information in a way that does not identify any individual;
4.2. With service providers (Amazon web service, Microsoft and their products, or others). Company may employ third party companies and individuals to facilitate Service, to provide the Service on Company’s behalf, to perform Service-related services and/or to assist us in analysing how Company’s Service is used. These third parties have access to your (Wearers, Providers) personal Information only to perform specific tasks on Company behalf and are obligated not to disclose or use your (Wearers) information for any other purpose.
4.3. For mergers and acquisitions. If Company is involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, Company may share your (Wearers) personal information with that company and its advisors before and after the transaction date;
4.4. Within group of companies. Company may share your (Wearers) personal information with Company’s group of companies for everyday business purposes, including for marketing purposes, for improving and developing our offerings, and for personalizing your experience;
4.5. For legal reasons. Company may share your (Wearers) personal information with third parties for legal reasons without your (Wearers) consent, and as permitted by law, including: (i) when Company reasonably believe disclosure is required in order to comply with a subpoena, court order, or other applicable law, regulation or legal process; (ii) to protect the rights, property, or safety of Company or group of companies, our customers or others; (iii) to protect or defend against attacks; (iv) to enforce, remedy, or apply Company’s Terms and Conditions or other agreements; (v) to prevent fraud, cybersecurity attacks or illegal activity; (vi) for debt collection;
4.6. External auditors. Company has an obligation to perform internal and (or) external Product, Service audits as required by applicable legislation, or inner procedures;
4.7. Advertising and analytics. Company may use advertising networks and other providers to display advertising or to manage advertising. Company’s advertising partners may place cookies on unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests and determine the effectiveness of such advertisements.
5. International data transfer
5.1. Company and Provider and independent data controllers with whom you share personal data are usually located in European Union member states or store data entrusted to us in European Union countries.
5.2. However, Company has cases where carefully selected service providers (e.g., Google, etc.) and controllers (e.g., operators of social networking platforms, etc.) process personal data outside the EEA.
5.3. Company have cases where carefully selected service providers (e.g., Google, Microsoft, etc.) and controllers (e.g., operators of social networking platforms LinkedIn, Facebook, etc.) process personal data outside the EEA. In such cases, Company carefully follows the practices and guidelines of supervisory authorities regarding the transfer of personal data outside the EEA and carefully assess the conditions under which the data is transferred and may continue to be processed and stored after the transfer outside the EEA. Also, to ensure an adequate level of data security and to guarantee the lawful transfer of data, where possible, Company sign the standard contractual terms approved by the European Commission (Article 46(2)(c) GDPR) for data transfers outside the EEA or ensure that this is done otherwise, in accordance GDPR norms.
5.4. If you would like to receive more information about how we ensure the security of your personal data when transferring it outside the EEA, don't hesitate to contact Company using the contact details provided in Chapter 9 of this TPP – How to contact Company.
6. Your personal information rights and choices
6.1. You have certain rights granted to you over your personal data under data protection laws. Company will honour the requests you make related to your (Wearers) rights as the law requires – this means in some cases, there may be legal or other official reasons that we may not be able to fulfil the specific request you make related to your rights.
6.2. What rights may be available to you?
6.2.1. Information and access. You may have a right to know what personal data Company hold about you and be given information about how Company process or have processed it. You may also have the right to obtain confirmation from Company that Company process your personal data, and if so, to request access to or a copy of such personal data. To the extent permitted by law, Company may charge a reasonable fee based on administrative costs for copies of your personal data requested by you.
6.2.2. Correction: You may have the right to request Company to correct inaccurate personal data Company holds about you. You may also have the right to have incomplete personal data completed.
6.2.3. Erasure. You may have the right to request company to erase some or all of your personal data.
6.2.4. Restriction. You may have the right to ask us to restrict further processing your personal data.
6.2.5. Objection. You may have the right to object that we process some or all of the personal data we hold about you.
6.2.6. Data portability. You may have a right to request to receive your personal data in a structured, commonly used and machine-readable format, or, where feasible, to have us transfer your personal data directly to another organization.
6.2.7. The right to withdraw consent. You may have the right to withdraw your consent to the processing of your personal data where we rely solely on your consent for processing such data. Your withdrawal will not affect the lawfulness of Company processing based on your consent before your withdrawal, and you can always give us your consent again in the future.
6.2.8. Right to complain. If you believe that Company have infringed your rights, you have a right to make a complaint to a supervisory body. If you are domiciled in the EU and you think your privacy rights were breached, you may lodge a complaint with the data protection authority of the country of your domicile. You may find the list and contact details of EU data protection authorities here: (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm), or contact Company at [email protected] so that Company can try to resolve the issue.
6.3. Company will aim to respond to your request within 1 (one) calendar month or the specific timeframe required by the laws applicable to personal data about you. We will ask you to verify your identity if we need to, and to provide information that help Company to understand your request better. If Company do are unable to comply with your request, whether in whole or in part, Company will explain why.
6.4. Remember that your rights are not absolute, and Company have the right to refuse to fulfill your request with a reasoned written answer under the conditions and grounds provided by legal acts. Taking into account the complexity and number of requests, Company has the right to extend the period of 1 (one) calendar month by another 2 (two) months, informing you about this before the end of the first month and indicating the reasons for such an extension.
6.5. Company will provide the information to you free of charge, but if the requests are manifestly unreasonable or disproportionate, in particular, due to repetitive content, Company may charge a reasonable fee to cover administrative costs or refuse to act on your request.
7. Data Retention
7.1. At the end of the set term for processing and storing your data, Company shall delete your data or reliably and irreversibly depersonalize them as soon as possible, within a reasonable period of time necessary to perform such an action. Your personal data may be stored longer than specified in this TPP only when:
7.1.1. your data is necessary for the proper administration of debt, damage (e.g., you failed to fulfill your financial and/or property obligations or caused damage to the Company or other persons);
7.1.2. for the investigation of a dispute, complaint, to ensure our or third parties' legal interests; - it is necessary for the Company to be able to defend itself against existing or threatened demands, claims, or lawsuits in order to exercise its rights;
7.1.3. there are reasonable suspicions of violations, illegal acts, for which there is or may be an investigation; - the data is necessary to ensure the security, integrity, and resilience of information systems (e.g., after noticing suspicious actions in the Account, Mobile App, Website, etc.);
7.1.4. there are other grounds provided for in legal acts.
7.2. You can stop all collection of personal information by the App easily by uninstalling the App. You may use the standard uninstall processes as may be available as part of your (Wearer) device or via the mobile application marketplace or network. Note that, even if you delete the App, the data will still remain on our secure server/ database. Company does not automatically delete the data when you delete the App because we are not notified by Apple or Google when a user deletes the Application. If you would like that data deleted, please make sure that you delete that data from your device before you delete the App.
7.3. Company will retain provided data for as long as you use the App and for a reasonable time thereafter. Company will retain automatically collected information and thereafter may store it in aggregate. Company may use this aggregated data in research studies on medical diseases. Company will only use the automatically aggregated data, not any personally identifiable information. If you’d like Company to delete user provided data that you have provided via the App, please for Wearer – contact the Provider, and Provider - contact Company at contacts specified in Chapter 9 “How to contact the Company” and we will respond within 1 (one) month. Please note that some or all of the user provided data may be required for the App to function properly. Taking into account the complexity and number of requests, Company has the right to extend the period of 1 (one) month by another 2 (two) months, informing you about this before the end of the first month and indicating the reasons for such an extension.
8. Changes to TPP
8.1. From time-to-time Company may change or update our TeltoHeart Privacy Policy (TPP). Company rezerve the right to make changes or updates at any time. If Company shall make material changes to the way Company process your personal information, Company will notify you by posting a notice in your TeltoCare account at https://Teltocare.com or on a Teltoheart mobile application by sending you a notification; or by other means consistent with applicable law.
8.2. You can see when this TeltoHeart Privacy Policy (TPP) was last updated by checking the “last updated” date at the top of this TeltoHeart Privacy Policy. Please review this TeltoHeart Privacy Policy periodically to stay informed about how Company protects your (Wearer) privacy.
9. How to contact Company
9.1. If you have any privacy-related questions, complaints, or issues, and want to contact Company’s Data Protection Officer (DPO), please send an email to [email protected] . When submitting a request, please identify yourself and specify your request.
9.2. You can also contact us by writing to this address:
UAB TELTONIKA TELEMEDIC
Ukmergės g. 120-1, LT-08126 Vilnius, Lietuva