1. CONTACT DETAILS FOR THE PERSONAL DATA CONTROLLER
Elsa Science AB
Company Reg No. 559105-5479
℅ Ocean observations Box 7302
103 90 Stockholm
Data protection officer: Pelle Almquist
2. WHAT INFORMATION DO WE COLLECT ABOUT YOU?
Whenever you create an account with Elsa, we collect basic personal data about you such as your name, date of birth and email address. Sensitive data collected via the app includes details on your diagnoses and medications, depending on the questions that Elsa asks. We also collect other data that you share with us through your use of the service; for example, data that you provide by uploading and/or contributing content and information. If you respond to questions and log your habits, then the following types of personal data will also be collected and processed: pain, tiredness, medication, well-being, exercise, diet, smoking, weight, treatment targets and any other notes that you may provide to us through your use of the App. If you allow Elsa to collect sensitive data via Apple HealthKit and/or Google Fit, then data about your daily activity and movement will also be processed.
3. THE PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
Use and provision of the service
Elsa processes the personal data that it collects on you in order to provide you with the service, to administer your account and in order to communicate with you regarding your use of the service. Such processing concerns basic personal data and is necessary in order for Elsa to fulfil its agreement regarding the service with you (see terms of service). Sensitive personal data is processed following collection of your express consent for this.
Development of the service
Elsa analyses your use of the service in order to improve the service for users and to develop new products and services. Such processing is only undertaken if a balancing test indicates that Elsa’s interest in developing and improving the service and new products outweighs the data subject’s interest in protecting their data.
In order for Elsa to be able to contribute to research, personal data may also be processed for research purposes in order to help further understand how different habits can affect disease activity and symptoms, etc. Personal details will only be processed for research purposes following the collection of your express consent for this.
Personal details may be processed for marketing purposes in order to market the service and other services or products, either within or outside of the service itself, including functions and content in the service and other products and services that are provided via the service. Such processing is only undertaken if a balancing test shows that Elsa’s interest in marketing outweighs the data subject’s right to have their privacy protected. Note that you are entitled to object to Elsa’s processing of your personal details for marketing purposes at any time (see more information in the section entitled "Your Rights").
Elsa may anonymise your personal data so that it can no longer be connected back to you. Anonymisation occurs automatically without any kind of human input. The anonymised information is then aggregated together with anonymised information from other users – this is called aggregated information. The aggregated information is then used to improve the service by drawing various different conclusions. Information is only anonymised if a balancing test shows that Elsa’s interest in anonymising and using the anonymised information outweighs the data subject’s right to have their privacy protected. The aggregated information may even be used for research purposes in order to study how habits can affect disease activity and conditions (read more in the research section above).
4. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
Elsa stores your personal data for as long as you have a user account for the service. When you close your account, Elsa will then delete the sensitive data that you have submitted through your use of the service. If you request that your personal data be deleted, we will proceed to permanently destroy your personal details (see section seven). Personal data that is used for research purposes is stored for as long as it is necessary to fulfil the purpose for data processing.
5. RECIPIENTS OF YOUR PERSONAL DATA
6. DATA TRANSFERS TO THIRD COUNTRIES OUTSIDE OF THE EU/EEA
Elsa endeavours to always process your personal data within the EU/EEA. In cases where your personal data is transferred outside of the EU/EEA and to a country that is not considered to offer an adequate level of protection, we will take appropriate security measures before any such transfer is commenced. Examples of such security measures can include an EU-US Privacy Shield Agreement in the case of transfers to the US or adoption of the EU Commission’s standard clauses.
7. YOUR RIGHTS
The personal data that Elsa processes about you must be correct. Should it come to light that your data is incomplete or incorrect, you are entitled at any time to request that it be corrected or supplemented. You are also entitled, in certain circumstances, to: i) request that your personal data be deleted, ii) request that processing of your personal data be restricted, iii) object to the processing of your personal data, which includes requesting that it not be processed or used for direct marketing or analytical purposes (even profiling to the extent this is connected to direct marketing) and iv) request that your personal data be transferred to you or to another person in an electronic format.
If you object to our data processing, then Elsa will no longer be permitted to process your personal data, unless we have a legal basis for processing other than a balancing of interests or unless we can demonstrate overriding legitimate grounds which outweigh the interests, rights or freedoms of the data subject, or if the processing is undertaken for the purpose of determining, practising or defending legal claims. If your objection relates to processing that is undertaken for purposes of direct marketing, then Elsa will no longer be entitled to process your data for this purpose (unless we have a legal basis for processing other than a balancing of interests).
If you have any questions about how Elsa processes your personal data or if you would like to exercise any of the rights described above, please feel free to get in touch with Elsa (see contact details above).
8. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME
9. COOKIES, BEACONS AND SIMILAR TECHNOLOGIES
What is a cookie?
A cookie is a small text file that is stored on your computer, smartphone or other device whenever you visit a website. Among other things, cookies can help us to recognise you the next time you visit our website, and they also enable us to offer you a more secure and operationally stable service.
Elsa uses the following cookies:
We use functional cookies in order to enable certain functions within the service and to remember your choices and settings whenever you use the service again.
We use analytical cookies to measure demand for our product, to study how it is used and to collect data on how it functions when in operation. The information that we collect is then used to maintain and improve the service.
Third party cookies
10. DATA PROTECTION OFFICER
11. THE RIGHT TO LODGE A COMPLAINT
If you believe that our processing of your personal data is in breach of the GDPR or applicable privacy legislation, you can lodge a complaint with the relevant supervisory authority. In Sweden, this authority is the Swedish Data Protection Authority (Datainspektionen) and their website is: www.datainspektionen.se.
12. NOTIFICATION OF AMENDMENTS