Aidian Connect Privacy Statement

At Aidian, we know you care about your personal privacy and about the terms and conditions that govern how we collect, use, disclose, transfer, and store your information. Because we are dedicated to serving your needs and respecting your preferences, we have adopted the policies and practices described in this Privacy Statement. Our Privacy Statement is located on our homepage and is also available on webpages where personal data are requested.

Updated 4th May 2020

This Privacy Statement is included with the Aidian Connect mobile application (“Aidian Connect”) upon installation and applies to the version of the Aidian Connect is installed with.

Aidian processes your personal data in accordance with applicable data protection laws. Aidian Connect Privacy Statement provides you information about personal data processing activities conducted by Aidian and its affiliated group companies ("Aidian" or "we”). Information may be supplemented by specific privacy statements and additional local documentation. Notice also that e.g. your rights as a data subject may vary from country to country depending on the applicable data protection laws. Our Privacy Statement presents the rights according to the EU's general data protection regulation ("GDPR"). Any mandatory laws or regulations will take precedence in the event that it conflicts and has stricter requirements than this Privacy Statement.

If you have any questions related personal data processing and/or this Privacy Statement, please contact dataprotection@aidian.eu.

1.1. Background and Definitions

The Aidian Connect is intended for use by Aidian’s Customers such as medical centers, hospitals, healthcare organizations or healthcare professionals (“Customer”), to view and share instrument generated results e.g. patient data, to add result management related information, and to help quality control data management (“Result data”) and to train the personnel of the Customer (“Training data”). The Customer is the data controller of the Result data and the Training data. Aidian acts as a data processor in respect of such personal data. Therefore, please read the relevant data controller’s e.g. employer’s privacy notice for more information on your personal data processing.

This Privacy Statement gives you information regarding how we process personal data in our customer relationship management, sales and marketing activities. Aidian is fully committed to protecting your personal data when using or processing them and recognize the importance of correct and lawful treatment of personal data.

Aidian maintains the right to use data derived from the use of the Aidian Connect system, in an anonymized, consolidated and aggregated manner to improve, develop and modify the Aidian Connect system and to market services.

 “Aidian Connect system”: Aidian Connect system consists Aidian Connect mobile and web applications and software services provided by Aidian and needed for its operation.

Aidian Connect installation”: Customer specific area of Aidian Connect system containing the specific Customer’s user, patient, operator and physician data, and to where access is limited only to the specific Customer’s authorized users within limitations stated in this document and Aidian Connect Terms of Use.

1.2 Optional functionality for the Customer

Aidian Connect may be used without utilizing Aidian Connect cloud connection. In that case Aidian has no access, no knowledge nor possibility to have any control to the data stored to the device using Aidian Connect and the Customer is solely responsible of all data.

Aidian Connect connected to Aidian Connect cloud exchanges information between the application and cloud services. It that case Aidian will process the personal data in the connection of the Aidian Connect installation on the behalf of the Customer as a data processor.

1.3 Collection and Use of Personal Data

Personal data is data on individuals that can be used to identify or contact the person.

Aidian Connect system stores personal data from three sources:

  1. Patient test results and Quality Control (QC) results received through either manual or automatic sending from connected healthcare instruments
  2. Personal data you provide directly through the Aidian Connect system, and
  3. Personal data you provide with an intention to form relationship with Aidian and becoming Aidian Connect system customer.

When you are using the Aidian Connect system, you may be asked to provide your personal data, such as your name, mailing address, phone number and email address. Personal data you provide may also be in the form of user-submitted free text comments, physician name lists, or other inputs made through the system.

Aidian functions as a data controller for the personal data provided by the Customer when creating account to Aidian cloud connected services (“Aidian personal data”). Customer controls the personal data generated into the systems while using the Aidian Connect system, such as patient data and operator data. Aidian acts as a data processor role regarding to data generated by the Customer and Aidian will not use that data to its own purposes.

1.4 User Data

The Aidian personal data concerning the Aidian Connect system may be used for the following purposes:

  • To develop and ensure quality of Aidian’s products and services, not limited to Aidian Connect system;
  • When the processing is necessary for compliance with a legal obligation to which Aidian is subject;
  • Market research and product testing;
  • Processing of feedback and other correspondence with the data subject;
  • To detect and correct technical problems and information security problems; and
  • To send notices about changes of our terms of use or policies.
  • Communication with the users of Aidian Connect, such as to guide the users in the usage of the service;
  • As is necessary to operate and run the Aidian Connect and service according to the terms of use of Aidian Connect;
  • For the performance of a possible contract with the user or in order to take steps at the request of the user prior to entering into the contract;
  • To send notices about changes of our terms of use or policies;
  • To detect and prevent fraud or misuse.

1.5 Patient, Operator and Physician Data

The personal data included in the patient and QC test results collected from connected healthcare instruments and attached comments and other additional information made through the Aidian Connect system by users is processed by Aidian Connect in ways that are required to enable the Intended use of the Aidian Connect application as described in the Aidian Connect Terms of Use.

The Aidian Connect system receives, processes, stores in encrypted form, and displays patient test result related personal data and provides access to it to authorized users of the system. In addition, Aidian Connect may allow authorized users to share or export patient test result related personal data out of the system and its encrypted storage using various manual and automated means within constraints set in the Terms of Use.

1.6 Legal Basis of Processing Personal Data

The legal basis of processing of the Aidian personal data in Aidian’s registers is the performance of a contract with the user or the Customer, consent of the user or steps taken at the request of the user prior to entering into a contract with him or her. We may also process your data based on the legitimate interests of Aidian. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.

1.7 Legitimate Interests

We may process your personal information for our legitimate business interests, e.g. fraud prevention/direct marketing/network and information systems security/data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.

“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service or products and the best and most secure experience on our websites, services or applications. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you.

1.8 Personal Data We Collect

Aidian Connect collects personal data for the above-mentioned purposes. Personal data collected includes both Aidian Connect’s Customers and operators and any other individuals whose personal data is stored in the Aidian Connect system. Some of the data is collected directly from you when you use Aidian Connect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide a feature in the application, you may not be able to use the application of that feature.

The data Aidian Connect collects depends on the context of your interactions with Aidian Connect, the choices you make, including your configuration of the application. The data we process may include the following:

  • Customer data: Name and address of the Customer and/or user, decision makers and contacts, contact details, customer licenses to the system. This Aidian personal data in Aidian’s registers is controlled by Aidian and subjected to Aidian Connect Privacy Statement.
  • Operator information: Customer QuikRead go operators and Aidian Connect user identification. Operator information is controlled by the Customer and subjected to Customer’s policies.
  • Patient results: Patient identification and demographic information, incl. health data. Patient results are controlled by the Customer and subjected to Customer’s policies.
  • Traffic data: Traffic data may be collected by Aidian Connect. Traffic data means the information identifiable to the user of Aidian Connect and which is processed in certain services and communication networks in order to transfer, share or offer messages or data. Please see the section “Traffic data” below for more information on how we process Traffic data.

1.9 Other data we collect that is not considered Personal data

Aidian Connect may also collect the following data which is not considered personal data:

  • Quality control results: Instrument and material quality control test result data unless the Customer chooses not to share this data. This covers all data from tests recognized by the system as Quality control data, except operator identification. Sharing quality control result data is optional.
  • Material data: Aggregate amounts of tests done by test type, batch information (lot) from tests, QC-material identifier.
  • Instrument data: Customer instrument serial numbers, software and hardware version, instrument generated error messages and amount of tests/instrument.
  • Aggregated operator data: The amount of operators involved to Aidian Connect system functions.

Aidian reserves the right, subject to legal exceptions, to process data collected by Aidian Connect that is not considered personal data.

1.10 Traffic Data

Traffic data may be collected by Aidian Connect. Traffic data means the information identifiable to the user of Aidian Connect and which is processed in certain services and communication networks in order to transfer, share or offer messages. The Traffic data is processed in the following circumstances and in other circumstances allowed by law.

  1. The Traffic data is processed to the extent required for the provision and usage of services and taking care of information security. For this purpose, the following types of Traffic data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.
  2. The Traffic data is processed for technical development of the service. For this purpose the following types of Traffic data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.
  3. The Traffic data is processed automatically for statistical analysis, because otherwise the analysis cannot be conducted without unreasonable effort. An individual person cannot be identified based on this analysis data.
  4. The Traffic data is processed in order to solve unauthorized use of the fee-based services, communication network or communication services forming part of the service.
  5. The Traffic data is processed, if it is necessary to detect, prevent or correct a technical error or fault occurred in the transmission of communications.

1.11 Disclosure to Third Parties

Data can be transferred or disclosed to following third parties for the following purposes:

  • Aidian can provide the data to Aidian’s subcontractors, who process the data for the purposes set out under section “Collection and Use of Personal Data”; these subcontractors may include data management, cloud service and training platform providers, media and marketing companies and IT companies helping Aidian to develop its marketing techniques;
  • Personal data can be disclosed if it is necessary to comply with laws and regulations or to enforce Aidian’s legitimate interests, such as to detect, defend against or repair fraud, misuse or security problems;
  • If ownership or control of Aidian or all or any part of our products, services or assets changes, we may disclose your personal data to any new owner, successor or assignee.

1.12 Where We Store and Process Personal Data

The personal data collected may be processed in your country of residence or transferred to another country where Aidian, its affiliates, subcontractors or other recipients of personal data are located, both inside and outside the European Economic Area (EEA). This means that your personal data may be processed or stored in a country that has less stringent data protection standards than those of the European Union. We will ensure that your personal data will be treated in accordance with this Privacy Statement at all times even if it is being transferred outside the EEA. The personal data transferred outside the EEA is protected by the adequacy decision made by the EU Commission or by appropriate contractual arrangements (either by the signing of the Standard Contractual Clauses by the controller and the recipient(s) or by the recipient’s self-certification under the EU – US Privacy Shield). For more information, please contact Aidian.

1.13 Protection of Personal Data

To help protect the privacy of personal data stored in the application, Aidian Connect implements technical safeguards such as encryption and user authentication. We update and test our security technology on an ongoing basis. Aidian Connect restricts access to the personal data stored in the application to users who are authorized to access it by the Customer. It is the responsibility of the Customer and operator to implement and enforce adequate physical and administrative safeguards to prevent unauthorized access to terminals or mobile devices that have the Aidian Connect installed.

1.14 Retention of Personal Data

We will retain Aidian personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. For example, when answering your questions submitted, we will retain your information until we have processed your question and answered to you.

The Customer is aware that Aidian Connect is not intended to be used for storage of permanent records and that the Customer is obliged to define the retention periods for its own personal data registers.

1.15 Third-Party Sites and Services

Aidian Connect may include links to third party websites and services. Aidian is not liable for processing of personal data on those websites or services.

Some parts of certain services may require specific terms for processing of personal data. You are informed of those third party terms and your consent is asked in connection with your use of such parts.

By allowing the creation of a user account and login by using the third party service, Aidian does not assume liability for the third party service or any aspect of the same.

1.16 Your Rights as a Data Subject

Your rights related to the Aidian personal data in Aidian’s registers:

1.16.1 Right of Access and Right to Data Portability

Subject to legal exceptions, you have the right of access, after having supplied sufficient search criteria, to the Aidian personal data on yourself in Aidian’s registers, or to a notice that the registers contain no such data.

If the basis for processing of your personal data is consent or the fulfilment of a contract between Aidian and you, and in case the personal data is processed by automated means, then you have the right to data portability, i.e. the right to have your data, which you have provided to Aidian, to be transferred to you in a structured and machine readable format, to the extent possible.

If you wish to have access to your personal data, you can make a request to this effect by a personally signed or otherwise comparably verified document and by verifying your identity by attaching a copy of an official identification document.

AIDIAN CONTACT INFORMATION:

Aidian Oy (Business ID 1855216-1)

Address: Data Protection, Koivu-Mankkaan tie 6B, 02200 Espoo, Finland

Data Protection Officer: dataprotection@aidian.eu

1.16.2 Right to Withdraw Consent / Right to Object to Processing

In case the legal basis for processing the personal data is consent, you have the right to withdraw the consent.

In case the legal basis for processing the personal data is the legitimate interests of Aidian, you have the right to object to processing on grounds relating to your particular situation. You always have the right to object to processing of your personal data for direct marketing purposes.

In case you wish to use your above-mentioned rights, you can make a request to this effect by a personally signed or otherwise comparably verified document in writing to Aidian’s postal or e-mail address referred to above. Please note that withdrawal of your consent does not render the processing of personal data performed prior to such withdrawal unlawful.

1.16.3 Rectification, Restriction of Processing and Erasure

Aidian as the data controller shall, on its own initiative or at your request, without undue delay rectify, erase or supplement Aidian personal data contained in Aidian’s registers if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. Aidian shall also prevent the dissemination of such data, if this could compromise the protection of your privacy.

You have the right to obtain from Aidian restriction of processing, in case you have contested the accuracy of the processed personal data, if you have claimed that the processing is unlawful and you have opposed the erasure of the personal data and have requested the restriction of their use instead; if Aidian no longer needs the personal data for the purposes of the processing, but the personal data is required by you for the establishment, exercise or defense of legal claims; or if you have objected to processing pursuant to the GDPR pending the verification whether the legitimate grounds of Aidian or a third party override your interests or rights and freedoms. Where processing has been restricted based on the above grounds at your request, you will be informed by Aidian before the restriction of processing is lifted.

If Aidian refuses your request of the rectification of an error, you will be informed of this in writing. The notice shall also mention the reasons for the refusal. In this event, you may bring the matter to the attention of the competent Data Protection Authority.

Aidian shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Requests for rectification shall be made to Aidian’s address provided above.

1.16.4 Right to lodge a complaint with a supervisory authority

If you consider that the processing of personal data relating to you infringes the data protection regulation, you have the right to lodge a complaint with a competent supervisory authority. You may lodge your complaint in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

1.17 Questions Regarding the Privacy Statement and Updates

If you have any questions about our Privacy Statement, or any concern about privacy at Aidian, please contact us by e-mail at dataprotection@aidian.eu.

We may update or revise this Privacy Statement at any time. When required by applicable laws Aidian may contact you in order to provide information about updates or changes that may have effects on you.