Privacy Policy

At Vital Beats ApS (”Vital Beats”/”we”/”us”/”our”) data protection and confidentiality is a high priority.

This privacy notice applies for our app “Vital Beats” or “the App” and sets out the guidelines for Vital Beats’ processing of your personal data and provides you with the information you have the right to receive according to applicable data protection law.
The App is a medical device made available through the App Store and Google Play Store and is provided by Vital Beats. The App is developed for use in the treatment of heart patients who have a pacemaker.


The App is CE marked. Before using the App, please read this Privacy Notice (together with the Terms and Conditions).


1. DATA CONTROLLER AND CONTACT INFORMATION

The data controller for your personal data is:
Vital Beats ApS
Address: Store Strandstræde Allé 19b, 1., DK-1255 Copenhagen, Denmark
VAT: 36080124
Email: [email protected]
Tel.: +45 93 56 52 54
DPO: Jonas Moll


2. TYPES OF PERSONAL DATA

The categories of personal data we collect can include the following:

  • Your health data (e.g. medicine, heart rhythm, data from your implant, medical history and diagnoses)

  • Personal identification number

  • Your name

  • Your email address

  • Your phone number

  • Your address

  • Your profile photo in the App

  • Date of birth

  • Gender

  • Age

  • Weight

  • Height

  • Your IP address

  • Your MAC address

  • Communication with you

  • Username

  • Your password and pin code to the App

  • Data on your next of kin

Your personal data is collected in one or more of the following cases:

  • When you download the App

  • When you use the App

  • When you contact us via customer service

  • Inquiries to us via email, telephone or regular mail

  • From the hospital(s) where you receive treatment. This will only be done with your prior consent

  • From the manufacturer of your pacemaker


3. USE OF PERSONAL DATA

The personal data may be collected and used for the following purposes:

  • To optimise your treatment

  • To facilitate easier and more efficient communication between you and the hospital(s) where you are receiving treatment

  • To develop our products and services

  • To enter into a contract with you about the use of the App

  • To create a profile

  • Transfer to the hospital(s) where you are receiving treatment for a more effective and optimal basis for making clinical decisions regarding your treatment

  • Advanced data analysis to improve yours and other patients’ treatment

  • Support and general communication

  • Compliance with applicable legislation, including the Act on Medical Devices

  • For the establishment, exercise or defense of legal claims

  • Distribution of service announcements and contact for the purpose of participation in future studies

  • Anonymisation of data and transfer of anonymised data

  • Enforcement of Vital Beats’ terms and conditions


4. BASIS FOR PROCESSING YOUR PERSONAL DATA

Our legal bases for the processing of your personal data for the above purposes are:

  • To enter into a contract with you, including creating a profile via the App using your regular personal data (the GDPR art. 6 (1) (b))

  • Processing of you health data, including to be able to provide you with treatment via the App and disclose data to the hospital(s) where you are receiving treatment, is based on the Danish Data Protection Act § 7 (3) cf. the GDPR art. 9 (2) (h) and GDPR art. 6 (1) (e), according to which health data may take place if processing is necessary for preventive disease control.

  • Processing of your personal identification number, including to be able to provide you with treatment via the App, is based on the Danish Data Protection Act § 11 (2), 4 cf. the GDPR art. 9 (2) (h), according to which health data may take place if processing is necessary for preventive disease control.

  • Consent to send you service announcements via the App, to contact you regarding possible future studies and to develop our products and services, based on the processing of your health data and regular personal data (GDPR art. 9 (2) (a)) and GDPR art. 6 (1) (a)).

  • Legitimate interest in being able to establish, exercise or defence legal claims (the GDPR art. 6 (1) (f) and the GDPR art. 9 (2) (f))

  • Legitimate interest in being able to enforce our terms and conditions (the GDPR art. 6 (1) (f))

  • Legitimate interest in being able to perform customer service and reply to your inquiries (the GDPR art. 6 (1) (f))

  • Our legal obligation as data controller, including to be able to comply with legislation on the use of medical devices (Danish Data Protection Act § 7 (3) cf. the GDPR art. 9 (2) (h) and GDPR art. 6 (1) (c))


5. DISCLOSURE TO OTHER DATA CONTROLLERS AND TRANSFER TO DATA PROCESSORS

To fulfil the above purposes, we may provide access to your personal data for third parties who, on the basis of a contractual relationship with Vital Beats provide relevant services, e.g. IT providers, researchers and student in research collaborations. Such service providers will only process personal data in accordance with our instructions pursuant to the data processor agreements entered into.

Your personal data is transferred to the hospital(s) where you are receiving treatment. Aside from this, it is a general rule that your personal data is not disclosed to a third party without your permission. However, under certain circumstances and in accordance with applicable law, we may need to disclose your personal data to:

  • Police

  • Lawyers

  • Auditors

  • Courts

  • Public authorities

Your personal data is not transferred to data controllers or data processors located in countries outside the EU/EEA.

6. DELETION OF PERSONAL DATA

We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above. However, certain statutory rules, including the Danish Limitation Act, the Bookkeeping Act and Act on Medical Devices, may give us the duty or the right to store for a longer period. As a general rule, we will delete your personal data as soon as possible, but no later than 5 years after you have deleted the App or no later than 5 years after the collaboration with the hospital(s), where you are receiving treatment, ends. The data can also be processed and stored for a longer period if they are anonymised.

7. SECURITY

We have implemented security measures to ensure that our internal procedures meet the established security standards and applicable legal requirements. We strive to protect the quality and the integrity of your personal data. We have internal rules on information security that contains instructions and measures to protect your data from being destroyed, lost or altered, against unauthorised disclosure, and unauthorised access to and knowledge of them. The App is subject to the necessary encryption. Your data can be accessed with your user ID and your password. 

8. YOUR RIGHTS

  • You have the right to access the personal data we process about you

  • You have the right to object to our collection and further processing of your personal data

  • You have the right to have your personal data rectified and deleted, with certain statutory exceptions, including the Bookkeeping Act and the Limitation Act

  • You have the right to request us to restrict the processing of your personal data

  • Under certain circumstances you may also request to receive a copy of your personal data as well as the transmission of your personal data to another data controller (data portability)

  • You may, at all times, withdraw any consent you may have given. We will then delete your data, unless we can continue the processing on another basis. However, please note that withdrawing your consent will mean that we will no longer be able to offer you the App’s services, as consent to the processing of your health data is a precondition.

9. QUESTIONS OR COMPLAINTS

If you have any questions in relation to this privacy notice or if you wish to make a complaint in connection to our processing of your personal data, please contact us:

Telephone: +45 93 56 52 54
Email: [email protected]
DPO: Jonas Moll

If your complaint is not resolved by us and you wish to proceed with the case, you can send your compliant to the Danish Data Protection Agency. Contact information for the Danish Data Protection Agency can be found here.

10. CHANGES TO THE PRIVACY NOTICE

We reserve the right to make changes to this Privacy Notice from time to time. When updated, the date at the top of the privacy notice will be updated accordingly. The, at all times, applicable privacy notice will be available via the App and at our website. In the event of significant changes, you will be notified via email or via the App.