European General Data Protection Regulation
Even though the work of Vitalverse does not take place in the European Union, we apply the European Union’s “General Data Protection Regulation” (GDPR) to our processing of your personal data, even if you do not live in Europe.
We process two kinds of information about you:
Sensitive personal data
This is information about you, your health and your symptoms if unwell, as well as data shared by your phone such as your IP address and location.
We process this data in order that:
- We can better understand symptoms of COVID-19
- We can track the spread of COVID-19
- We can advance scientific research into the links between patient’s health and their response to infection by COVID-19
- In the future we may use this data to help the CDC support sick individuals
Our legal basis for processing it is that you consented to our doing so. If you do not consent (or withdraw your consent), we cannot allow you to use the app.
We share this data with people doing health research, for example, people working in:
- Health charities
- Other research institutions
A full list of institutions we have shared data with can be found at the bottom of this page. An anonymous code is used to replace your personal details when we share this with researchers.
Sometimes, when we share data with researchers we export it to countries, which have very different kinds of rules on data protection that may not protect your data in the same way as, or as well as, under GDPR. We are permitted to do this, because you consent to our doing it.
Because of the nature of the research we carry out, we are unable to set any particular time limit on the storage of your sensitive personal data, but we will keep it under regular review and ensure that it is not kept longer than is necessary.If you wish us to stop processing your sensitive personal data, you may withdraw your consent at any time by emailing us at firstname.lastname@example.org. When you withdraw your consent, we will delete all sensitive personal data we hold about you.
If you wish us to stop processing your sensitive personal data, you may withdraw your consent at any time by emailing us at email@example.com. When you withdraw your consent, we will delete all sensitive personal data we hold about you.
Other personal data
We also process your contact information for the following purposes:
- Asking you for feedback on the app or conducting other forms of survey.
- Keeping in touch with you about the app and its performance.
- Sending you information about new versions of the app or similar apps we may have in the future.
We will not send any emails not meant individually for you (for example marketing emails) if you do not want us to do so. Every such email will include a link you can click to opt-out from receiving them. We will not sell your contact information to third-parties.
Our legal basis for processing this information is our legitimate interest in developing, marketing and running the app.
We keep your contact information for 6 years after the last communication with us, or the last use of the app, for liability purposes, then we delete it.
Third party processors for both kinds of information
We use third parties to process some of your personal data on our behalf. When we allow them access to your data, we do not permit them to use it for their own purposes. We have in place with each processor, a contract that requires them only to process the data on our instructions and to take proper care in using it. They are not permitted to keep the data after our relationship with them has ended.
These processors include:
- Amazon Web Services
- Google Analytics
- Google G-Suite
Under the GDPR you have a number of important rights free of charge. In summary, those include rights to:
- Access your personal information
- Require us to correct any mistakes in your information which we hold
- Require the erasure of personal information concerning you in certain situations
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
If you would like to exercise any of those rights, please email, call or write to our data protection officer using the contact details given below.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
Data Protection Officer: firstname.lastname@example.org