Privacy Policy

PRIVACY POLICY.

Through this privacy policy, and in compliance with the provisions of Regulation (EU) 2016/679 of April 27, 2016, on data protection and Organic Law 3/2018, of December 5, on data protection and guarantee of digital rights, from the INCA brand (brand of the Consortium, formed by Doole Health S.L .; Fight against Infections Foundation; Germans Trias i Pujol Research Institute; Health Sciences Studies at the Open University of Catalonia, and Norwegian Centre for E-health Research); and designated as the data controller, Doole Health SL (hereinafter Doole), informs users about the conditions of personal data processing.

1. DEFINITIONS

Application: It is the website under the INCA brand.

Personal data: Any information relating to an identified or identifiable natural person. Any person shall be considered an identifiable person when their identity can be determined, directly or indirectly, in particular by an identifier, such as a name, identification number, location data, an online identifier, or one or more elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Data collection: Any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission by communication, dissemination, or any other form of making available, alignment or combination, restriction, erasure, or destruction.

Usage data: Automatically collected data, whether generated by the use of the Application or the application’s infrastructure itself (e.g., the duration of a site visit).

Cookies: Small files stored on your device (computer or mobile device).

Data controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for their nomination may be provided for by Union or Member State law.

Data processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

III.- INFORMATION COMMON TO ALL FORMS OF PROCESSING

1.- Identification

Doole with VAT number B67450478 and registered office at Ctra. del Canyet s/n, Germans Trias i Pujol Hospital – Badalona (Barcelona) is registered in the Barcelona Mercantile Register in Volume 46958, Folio 152, General Section, Entry 1, Sheet 536446 Province B.

2.- Rights

To exercise the rights of access, rectification, erasure, opposition, restriction of processing, data portability, not to be subject to automated individual decisions, and revocation, you can contact the postal address where the company is domiciled, or you can send an email to info@doolehealth.com with the subject «data protection matter.»

3.- Customer service, inquiries, and complaints.

For any inquiries or complaints, please contact info@doolehealth.com.

The competent body to resolve conflicts arising from the application of this policy is the Spanish Data Protection Authority, located at Calle Jorge Juan n. 6 in Madrid.

III.- INFORMATION WHEN DOOLE ACTS AS DATA CONTROLLER

When you directly contact INCA to request information or hire its services, it is necessary to provide all the data requested through the contact forms. In this case, Doole will be considered the data controller.

1.- Purpose of processing

INCA will use the data provided by you and those generated during the contractual relationship to provide the services you request and, in some cases, to send you commercial information about our brand.

The data obtained can be used for clinical studies. In this case, the dissociation and anonymization of the data will be carried out beforehand.

2.- Types of collected data: identification, contact, economic, health, and technical information collected by the cookies we use and the system.

3.- Storage: Data will be kept as long as the legal relationship with INCA is maintained and, once finished, for the period established by laws, which in some cases may be up to 15 years.

4.- Automated individual decisions: Not taken.

5.- Recipients of this information are: the personnel authorized by the company’s management, the contracted providers that support us, and the public administration within the scope of their competencies.

6.- External systems: Used for data storage. All external data storage services are within the European Union.

7.- Legal basis for processing: Compliance with contractual and legal obligations and information management applying the rules established in the General Data Protection Regulation.

IV.- INFORMATION WHEN DOOLE ACTS AS DATA PROCESSOR.

When you use our mobile application as a patient of a health center that is a client of the INCA consortium, we have the status of data processor, with the health center being the data controller. In these cases:

1.- Purpose of processing.

Doole on behalf of the INCA consortium will use the data you enter in the application and the data generated in the application for:

  • maintaining the application;
  • notifying you of changes we make;
  • providing customer support;
  • providing valuable information for us to improve the application;
  • monitoring the use of the application;
  • detecting, preventing, and addressing technical issues;
  • generally complying with contractual and legal obligations arising from the relationship with the healthcare center.

To use the application, you must provide contact information for your health or healthcare provider. By accepting these clauses, you authorize this data processing.

Clinical studies: In this case, dissociation and prior anonymization of the data will be carried out.

2.- Types of collected data:

Personal data: When using our application, we may ask you to provide certain personal identification information that will be used to identify you. Personal information may include: email address; first and last name; phone number or ID/NIE, health data.

Usage data: When accessing the application via a mobile device, we may automatically collect certain information, including, but not limited to, the unique identifier of your mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers, and other diagnostic data (hereinafter, «Usage Data»).

Tracking data and cookies: We use cookies and similar tracking technologies to track the activity of our application and retain certain information.

Cookies are files with a small amount of data that may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies, such as beacons, tags, and scripts, are also used to collect and track information and to improve and analyze our application. You can indicate in your browser to reject all cookies or to notify you when a cookie is sent. However, if you do not accept cookies, you may not be able to use some sections of our application. Access our cookie policy.

3.- Storage: Data will be kept while maintaining the legal relationship with INCA and, once finished, during the prescription period established by laws, which can be up to 15 years.

4.- Automated individual decisions: Not taken.

5.- The recipients of this information are: your healthcare or healthcare service provider, the personnel authorized by the company’s management, contracted providers who support us with whom a confidentiality agreement has been signed, and the public administration when requesting data within the scope of their competencies.

6.- External systems: Used for data storage. All external data storage services are within the European Union.

7.- Legal basis for processing: Compliance with legal and contractual obligations and information management applying the rules established in the General Data Protection Regulation.

8.- Relationship between the INCA consortium and its clients

In compliance with articles 28 of the GDPR and 33 and provisions of the LOPDGDD, there is a data processor contract signed between INCA and its providers with all the requirements contained in these regulations.

9.- Security

INCA applies the security measures defined in article 32 of the GDPR, has the mandatory security document, and has established all technical means at its disposal to prevent loss, misuse, alteration, unauthorized access, and theft of the data provided.

The security of your data is important to us, but please remember that no computer security measure is impregnable.

V.- EFFECTIVE DATE AND VALIDITY OF THIS POLICY.

This policy will take effect upon its publication on our website. We may update our Privacy Policy from time to time. We will notify you of any changes by publishing the new Privacy Policy on this page. We will inform you by email and/or with a prominent notice on our Application before the change takes effect and update the effective date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to be aware of any changes. Changes to this Privacy Policy are effective when published on this page.