App Privacy Policy

I. General Provisions

This Privacy Policy describes rules and methods of gathering, processing, storing and usage of information acquired by BritenetMed Ltd. via the mobile application MoodMon (hereinafter referred to as the Application).

The controller and administrator of all information gathered via the Application is BritenetMed Ltd. company with its registered office in Warsaw at Aleje Jerozolimskie 44, 00-024 Warszawa, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Commercial Division, under KRS number: 0000792629, NIP: 5272897461 (hereinafter referred to as the Data Controller).

‍

II. Dictionary

GDPR – regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), pursuant to which DELTA processes the Users' Personal Data

Personal Data – under the GDPR, any information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

MoodMon Application (the Application) – is a medical tool supporting monitoring of patients diagnosed with Bipolar Disorder or Recurrent Depressive Disorder. It can be used only by patients registered by their doctor in the monitoring system with written consent of the patient. Upon signing the consent patient is provided with the user (patient number) and password (access key) to log into the Application. Patient remains anonymous in the Application and the monitoring system. The link between patient number and his/her identification data remains known to his/her doctor only. Data collected by the Application is used by the monitoring system to detect behavioral changes indicating possible relapse of the disease episode. The ultimate goal of the monitoring system is to provide the physician with information allowing early detection of relapse symptoms in patients with Bipolar or Recurrent Depressive Disorder.

The User – any natural person anonymously registered in the monitoring system and using the Application.

‍

III. Anonymity of the User

The Application can be downloaded free from Google Play by any person. However, only person registered by their physician can access and use the Application.

Access to the Application is granted only after correct logging with Patient Number and Access Key provided by the physician. Patient number and access key are randomly generated by the monitoring system for each registered patient. No information enabling patient identification is provided during the registration. Patient (the User) remains anonymous in the Application and in the monitoring system: only the patient number is used to group and analyze any information gathered via the Application.

Personal data facilitating identification of the User remains in possession of the registering physician and is neither controlled nor administered by the Data Controller.

‍

IV. Information collected by the Application

The Data Controller does not collect personal data of the User.

The Application gathers following information related to the User behavior:

• Data on the number and length of telephone calls and text messages without information on telephone numbers, caller/receiver identification, or the content of the calls or messages.
• Data on phone usage time and number of activations without information on the activity type.
• Physical activity data: time spent actively and the activity type if the information is available.
• Sleep data: amount of time spent in bed, including effective sleep time.
• A sample of the user's voice taken while answering non-personal questions randomly selected from a previously prepared set of questions.

Collected information is used to train artificial intelligence modules monitoring behavior of the User indicating a change in the course of Bipolar Disorder or Recurrent Depressive Disorder.

Additionally, the Application gathers data on the functioning of the Application, which may be used by the Controller to improve the quality of the services provided, in particular in the event of an error in the Application. This data will relate to the Application error, including the state of the User's mobile device at the time the error occurred.

Information collected by the Application does not allow to identify the User.

‍

V. Purposes, basis, and period of processing of information collected

The Data Controller processes collected information for the following purposes:

• To continuously train Artificial Intelligence models residing in the monitoring system
• To provide the patient and the physician with the information about possible symptoms of the relapse for any monitored User
• To provide the scientific community with anonymous data on the behavioral patterns in patients with Bipolar Disorder or Recurrent Depressive Disorder.

All the information is collected in the frame of the clinical research authorized by respective Authorities.

All the information is collected with the User consent provided by signing of the Informed Consent Form in presence of the physician registering the patient in the monitoring system. The User can withdraw his/her consent to further collect the information via the Application. In such cases the User is set to inactive in the monitoring system.

In accordance with the law, anonymous data collected with the User consent in the frame of a clinical research is property of the Data Controller, who is the Sponsor of the above-mentioned clinical research. This data can be processed, transferred to third parties, and published without further authorization of the User.

There is no time limit for retention of anonymous information collected in the frame of a clinical research.

‍

VI. Security

The primary goal of the Controller is to provide the Users with privacy protection at the level corresponding to the requirements set out in generally applicable laws.

Data Controller has implemented appropriate security measures (organizational and technical) to protect all information collected via the Application against loss, misuse, unlawful processing, or modification. Data Controller shall ensure that appropriate technical and organizational measures are in place to ensure the security of the data processed, in particular to prevent access by unauthorized third parties or their processing in violation of the generally applicable legislation, to prevent loss, damage, or destruction of data.

Being aware of the importance of protecting the collected information, the Data Controller uses, among other precautions:

• information encryption with HTTPS using a 2048-bit RSA encryption key during transmission,
• hardware, network, and system security features, such as firewalls, licensed hardware and network anti-virus software, controlled access via a secure VPN, and other IT security solutions,
• electronic and physical mechanisms for controlling access to buildings and premises where collected information is processed (among others: magnetic and electronic keys, security locks, alarm system),
• other safeguards aimed at protecting the information collected.

‍

VII. Rights and obligations of the Data Controller

The Data Controller undertakes to protect any information disclosed by Users in accordance with security protection and confidentiality standards. Access to the information collected is limited to the Controller's authorized employees.

Data Controller may entrust the processing of collected information to another entity on the basis of an agreement concluded with it, pursuant to Article 28 of GDPR. These entities may process the information only to the extent and for the purpose provided for in the agreement on entrusting the information, ensuring an appropriate level of security.

‍

VIII. Rights and obligations of the User

The User has the right to revoke his/her consent at any time, by submitting an appropriate request to the Controller

The Controller reserves the right to make changes to the Privacy Policy, of which the User will be informed via the Application. If the User does not agree to the changes, he/she shall permanently remove the Application from his/her mobile device.

‍

IX. Final provisions

Data processed by the Controller may be transferred to authorized state authorities, based on applicable laws.

Information contained in system logs in connection with general principles of Internet connection are used by the Controller solely for technical and statistical purposes.

If you have any questions or comments regarding the Controller's Privacy Policy, please send them to the following e-mail address: kontakt.britenet-med.britenet.com.pl

This Privacy Policy can be found in the Application (on the profile screen) and at the Controller's office.