ConceptoMed AS, registered address Hattvikveien 2, 8373 Ballstad is committed to protecting and respecting your privacy. As the controller of your data, ConceptoMed AS comply the EU General Data Protection Regulations (GDPR).
SalivaCODE™ App is an interactive electronic instruction for use and accessibility option, in addition to the paper-based package insert Instructions For Use that comes with the SalivaPod™.
SalivaCODE™ App is not an app for diagnostics, but merely an interactive instruction manual to properly standardize and perform saliva collection and short-term storage to prepare for a diagnostic analysis as a next step. The SalivaPOD™ does NOT provide or perform any form of analysis of saliva.
SalivaCODE™ App Data processing
When choosing to log into the SalivaCODE App with the two-step authentication step and password, the user registers its own Phone number, Name and Social Security Number (SSN). If relevant, the phone user may also enter the Name and SSN of its children. The name and SSN information are stored locally on the device as long as you are logged in.
If using the SalivaCODE App to register a saliva sample for analysis, the user accepts that the chosen name and SSN is sent encrypted to a cloud-based server and linked to the scanned QR code on the SalivaPOD device. The user also accepts that the linked information can be retrieved by a healthcare worker to identify the sample at a later step in the delivery process towards final analysis.
If the user chooses to link itself to a Cohort QR Code, the user accepts that the presence of one person is listed anonymously onto the control panel of the cohort owner who sent or displayed the Cohort QR Code. SMS messages can be sent anonymously from the Cohort Owner to the registered person’s phone, but no information about name, SSN or phone number is presented to the Cohort Owner.
No clinical result from the analysis is linked to the QR code at any time.
All information and links between Device QR Code and Name/SSN is deleted permanently from the cloud-based server 7 days after the initial registration of the sample.
Camera use in SalivaCODE™ App
The camera only acts as a code scanner. No photos are saved. The scanned code is stored locally on the phone. As a counterfeit procedure, this code is used to verify that you are in possession of a genuine device relating to the specific instructions for use.
This policy establishes how we handle information we learn about external customers, suppliers and third parties when you liaise with ConceptoMed either directly or via our websites. Protecting the privacy and personal data of our customers and visitors is of utmost importance to us. Protecting your privacy and your personal data is an important aspect of the way we create, organise and implement our activities on-line and off-line.
- The Personal Data we collect about you
Personal data collected, used, stored and transferred by us may include:
- Identity Data including forenames, last name or similar identifier
- Contact Data including business address, email address and telephone numbers
- Transaction Data including payments and banking details for products and services you have purchased from us or we from you
- Technical Data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the ConceptoMed websites
- Profile and Usage Data including purchases made by you, feedback and survey responses, and how you use our websites, products and services
- Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences
- How Do We Collect Your Personal Data
Personal data is collected by us using the following methods:
- Direct interactions with ConceptoMed AS in person, by post, phone, email or otherwise
- Interactions with our websites, by using the web enquiry form
- Application for job vacancies via email, post or in person
- How Do We Use Your Personal Data
We use your personal data in the following circumstances for contractual and legitimate business reasons:
- To initially discuss your requirements or job application
- To process and deliver any product or service
- To manage our relationship with you including:
- Customer reviews / surveys
- Notifying you of new products and services which we think will be of interest to you
- To respond to enquiries or complaints
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- Who we Disclose Personal Data to
Your personal data may be shared with third parties for the following purposes:
- External Suppliers – Specialist IT system providers to facilitate the sourcing of products, to provide continuing advice, to inform you about relevant products and services and to request feedback on customer service standards. It may also be necessary to share your personal information with non-affiliated companies who perform support services on our behalf including those that provide professional, legal or accounting advice to ConceptoMed AS
- Regulators – Sharing of information may be necessary to fulfil our legal obligations as a regulated medical devices company or cooperate with law enforcement, legal proceedings or regulatory authorities.
- Others – Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- Marketing Communications
You will also have the choice to opt-in to receiving other related marketing information and related products and services.
You can opt-out of receiving these types of communications at any time by contacting our Compliance team at firstname.lastname@example.org or by clicking on the relevant link in email communications you receive from us.
However, please note that your personal information will not be passed to any third-party organisation for marketing purposes.
- Cookies and Other Technologies
We sometimes collect anonymous information from visits to our site to help us provide better customer service. For example, we keep track of the domains from which people visit and we also measure visitor activity on the ConceptoMed websites, but we do so in ways that keep information anonymous. We use the information that we collect to measure the number of visitors to the different areas of our site, and to help us make the site more useful to visitors. This includes analysing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest. The logs may be preserved indefinitely and used at any time and in any way to prevent security breaches and to ensure the integrity of the data on our servers.
We collect the anonymous information we mentioned above through the use of various technologies, one of which is called “cookies”. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. For example, on a website with a login system (if users register for it), cookies are used to save the visitor’s password so that it does not have to be entered at each new visit.
This anonymous information is used and analysed only at an aggregate level to help us understand trends and patterns. None of this information is reviewed at an individual level. If you do not want any transaction details used in this manner, you can disable your cookies.
- Individual Participation/Access
You can ask us whether we are keeping personal data about you, and you can request to receive a copy of that personal data. Before sending you any personal data, we will ask you to provide proof of your identity. If you are not able to provide proof of identity, we reserve the right to refuse to send you the personal data.
We will make a sincere effort to respond in a one-month period to your request and/or to correct inaccuracies in your personal information. At any time, you may request that we delete or correct your personal information in our logs. For such requests, please contact email@example.com.
We intend to protect the quality and integrity of our personal information. ConceptoMed has implemented technologies and security policies to protect the stored personal data of our users from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. ConceptoMed employees and processors who have access to personal data are obliged to respect the privacy of our visitors and the confidentiality of their personal data.
ConceptoMed will not sell or rent your personal information to anyone.
We will only send personally identifiable information about you to other companies or people when:
- We respond to court orders, or any legitimate request by authorities with which we must comply for legal process; or
- We find that your actions on our websites violate these instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Throughout the ConceptoMed websites, you may find links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy notice of every website you visit.
- Retention Period and Your Rights
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by applicable law.
Your legal rights regarding your personal data are as follows:
You have the right to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. You can also to ask us to delete your personal data where you have successfully objected to the processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to delete the data for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Changes to our Privacy Statement
Any changes we make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Statement.
- Privacy Support
If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact the compliance team by emailing firstname.lastname@example.org or writing to ConceptoMed at the below address. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.
The Compliance Team
8373 Ballstad, Norway