Medtrum is committed to protecting and respecting your privacy.
This privacy policy describes the personal data collected or generated (processed) when you use Medtrum Product (includes but not limited to Continuous Glucose Monitoring System, Insulin Pump, EasySense, EasyPatch, EasyTouch, EasyFollow App and EasyView Website) and Services. This policy explains the types of personal data collected, how it is used, shared and protected and your individual rights.
This policy covers Medtrum, its subsidiaries and affiliates. We may review this policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our website and Mobile applications, you are agreeing to be bound by this policy. This policy was last updated and is effective as of May 2022.
Who we are?
We are Medtrum, a company dedicated to simplifying diabetes management. We develop and deliver medical devices that meet the needs of patients with different types of diabetes, create tools to bring convenience to healthcare professionals, and explore the frontiers in artificial pancreas research.
What type of information do we collect from you?
We ask for certain personal information to provide you with the products or services you request. For example, when you interact with our sites, use our apps, create an account, contact our helpline or customer services,
The legal basis for processing your data.• Name, address, telephone number, and delivery address information;
• Login and account information, including passwords;
• Personal data including gender, date of birth;
• Physical features including height, weight;
• Medical and Healthcare data.
The legal basis on which we process your data depends on which of the Medtrum services you use.
The Medical and Healthcare information we process via Medtrum’s devices/apps/sites are collected with your consent and processed as necessary for the purposes of preventative or occupational medicine and the assessment of medical diagnosis.
In order to provide you with more convenient, high-quality and personalized products and/or services and strive to improve your experience, we may collect and use your personal information in the following additional services provided to you. If you do not provide this information, it will not affect your basic service of using our products or services, but you may not be able to obtain the user experience that these additional services bring to you. These additional services include:
Additional services based on cameras: You can use this function to scan QR codes to pair the product after enabling the camera permissions
Additional services for photo/video access and uploading based on albums (photo library/video library): You can use this function to upload your photos/pictures/videos after enabling the album permission to change avatars, share or provide consultation.
With your understanding and consent, the above additional services may require you to enable access to your camera (camera), photo album (photo library) in your device in order to collect the information involved in these permissions and use. You can check the status of the above permissions item by item in your device settings, and decide whether to turn these permissions on or off at any time. Please note that if you enable any permission, you authorize us to collect and use relevant personal information to provide you with corresponding services. Once you disable any permission, it means that you cancel the authorization, and we will no longer continue to collect based on the corresponding permission. and the use of related personal information, it cannot provide you with the services corresponding to this permission. However, your decision to close the permission will not affect the previous collection and use of information based on your authorization.
For the purposes of order processing, fulfilment, accounting and any other internal process, your personal information will be processed in your legitimate interest to ensure delivery and for the purposes of preventative and or occupational medicine and the assessment of medical diagnosis.
How your information is used?
We may use your Personal information to:
• Carry out our obligations arising from any contract entered by you and us;
• Provide the service you have selected;
• Respond to your requests;
• Personalise your access to our websites, for example, by telling you about new features that maybe of interest to you;
• Analytical purposes to improve and develop Medtrum’sprogrammes, products and content;
• Protect someone’s health, safety or welfare;
• Take payment and deliver goods;
• Implement accounting, auditing and other internal functions;
• Seek your views or comments on the services we provide;
• Notify you of any changes to our services;
• Send you communications that may be of interest to you;
• Prevent fraud, abuse, illegal uses and violations of our terms of use;
• Comply with court orders, government requests or applicable laws;
• Process job applications
We will only use your Medical/Healthcare data with your consent for Healthcare purposes. We will only collect and keep insulin pump history (bolus, basal, alarms) and Glucose monitoring history (readings, calibrations, alerts) for you to access. With consent you can share information with others. You have the right not to upload any device data to the Medtrum server, in which case your data will not be accessible to others. Without the data upload the only record of information is on the device itself.
Location services permission is required for Android users to allow for Bluetooth pairing to Medtrum Continuous Glucose Monitoring Device and Insulin Pump. This information will only be used for allowing Bluetooth access. This information will NOT be processed for any other intended purposes.
You have the option to upload device data to the Medtrum server; the data is protected by a user account (e-mail address or mobile number) and a strong password. The data can then be viewed at any time on the Medtrum site through providing the name of the account and the password. Your date will not be shared without your consent and you can choose to stop sharing your data at any time.
Retention periods
We are required under the applicable law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after your last transaction with Medtrum, after which time they will be destroyed. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to share this information. Your health data uploaded by Apps will be kept for 2 years, after which time they will be deleted. You can also log in EasyView Website to delete the health data at any time before 2 years.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as necessary for relevant activities, or for a certain time period set out in any contract you hold with us.
Third Parties
Third party providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and any other associated organisations for the purposes of completing and providing services to you on our behalf. When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own marketing purposes. We will not release your information to third parties beyond Medtrum Service unless you have requested us to do so or we are required to do so by law, for example, by a court order or for the prevention of fraud or other crime. We will not share your health data to third party without your consent.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Your Choices
You have a choice about whether you receive information from us. If you do not want to receive direct marketing information from us, you can make your choices by ticking the relevant boxes situated on our websites and mobile Apps.
We will not contact you for marketing purposes by email/text/phone unless you have given a prior consent.
Your rights regarding your personal data
You can contact Data Protection Officer with any relevant requests at: Privacy@medtrum.com
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: -
• The right to request a copy of your personal data which Medtrum holds about you;
• The right to request that Medtrum corrects any personal data if it is found to be inaccurate or out of date (not including insulin pump history and glucose monitoring history which is unchangeable);
• The right to request your personal data being erased where it is no longer necessary for Medtrum to retain such data;
• The right to withdraw your consent to the processing of your personal data at any time;
• The right to request that Medtrum provides you with your personal data and where possible, transmits that data directly to another data controller, which applies under your consent or is necessary for the performance of a contract with you by automated means;
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction being placed on further processing;
• The right to object to the processing of your data for direct marketing purposes;
We are committed to working with you to obtain a fair resolution of any complaint or concern. If you believe that we have not been able to assist with your complaint or concern, you have the right to lodge a complaint with your applicable Data Protection Authority. See further: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our websites ‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those sites using links from our website.
In addition, if you link to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the privacy policy of that third-party site.
Children
We are concerned to protect the privacy of children, so children aged 16 or under must have a parent/legal guardian's consent before providing us with any personal information.
Profiling
We may also use your personal information to detect and reduce fraud and credit risk.
Security
On our Apps
We use SSL (Secure Socket Layer) server certificates to secure our diabetes management portal which provides encryption for the data being transferred between our server, you and anyone else that you have chosen to share your data with, this security layer helps prevent eavesdropping attacks on the data and any third party access to it.
In order to ensure the confidentiality of your data different types of user have different access levels, you own your healthcare data, you can upload, download or delete it, and you can choose to share it with others which will give them the ability to view or download your data. Each user will need a Medtrum account and a password to access the data. The password strengths are set at a high level.
We use a firewall to filter any malicious access and intrusion detection to perform security checks on all committed data against any system anomalies and malicious codes .
Internal Data Basis
All of our systems are protected by strong passwords, a firewall to filter any malicious access, intrusion detection to detect any system anomalies and malicious codes to perform security checks on all committed data.
Data Transferred outside of Europe
All data transferred outside of Europe complies to the guidelines as set out by the new General Data Protection Regulation. Consistent with the GDPR, European personal information will be limited to the information that is relevant for the purposes of processing. We will not process European personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person. To the extent necessary for those purposes, we will take reasonable steps to ensure that European personal information is reliable for its intended use, accurate, complete, and current. We will adhere to the GDPR for as long as we retain European personal information.
If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
We take reasonable steps to protect all Personal information from loss, misuse, and unauthorised access, disclosure, alteration or destruction. You should however keep in mind that no internet transmission is ever 100% secure or error free. And you should therefore take exceptional care in deciding what information you send to us via email avoiding including any of your personal or healthcare information without encryption, and you should not share your passwords incautiously. If you feel that your interaction with us is no longer secure, please immediately notify us through Privacy@medtrum.com.
Further Processing
If we wish to use your personal data for a new purpose not covered by this Data Protection Notice, we will provide you with a new notice explaining this new purpose prior to commencing any processing of your data. As and whenever necessary, we will seek your prior consent to the new processi.
Changes
We may change this Privacy Policy by posting a new version of this Privacy Policy at http://www.medtrum.com/privacy_policy.html. When we update this Privacy Policy, we will update at the bottom of this page to indicate the date that this Policy was last updated. To the maximum extent permitted by applicable law, any changes will become effective when we post the updated Policy on our websites, and your use of our Products and Services following these changes means that you accept the updated Policy. If you do not agree with any changes, you may terminate your account and may choose not to submit any further Personal Information. Where applicable law requires your consent to a specific change in this Privacy Policy that you have previously consented to, such change will not be applicable to you until you provide your consent.
Contact Us
If you have any questions about this Privacy Policy, please:
(1) send us an email at Privacy@medtrum.com; or
(2) write to us (and include your email address) at the following address:
Medtrum B.V.
ATTN.: Data Protection Officer
Nijverheidsweg 17, 5683 CJ Best
The Netherlands