DigimEvo takes your privacy very seriously and treats all your personal data with great care. This document sets out DigimEvo’s policy regarding privacy and security. It is recommended that you read this policy carefully. The capitalized words are defined in the Terms of Service.
1. Who is DigimEvo?
DigimEvo Limited is a company with limited liability established and existing under the laws of Spain, having its registered office at Travessera de les Corts 262, 12 2, Barcelona 08014.
DigimEvo has developed a platform used by healthcare providers to gather information from, and/or provide information to their patients. DigimEvo is not a health care provider and does not screen content posted by healthcare providers, nor does it select or screen specific information that are displayed to patients.
2. The Applicable Law
DigimEvo Limited by incorporation as a company in the Spain is subject to the Data Protection Act 2018, Regulation (EU) 679/2016 (GDPR) and the Privacy in Communication Regulations 2011 when controlling or processing data in the course of its business.
However, where you live and where your health provider incorporates impacts the data protection and privacy laws which may apply to the control or processing of your data.
3. DigimEvo as data processor
DigimEvo will store and process personal data on behalf of its customers, the healthcare providers. For this processing, the healthcare provider will act as the "data controller" within the meaning of the Data Protection Act 2018 and Regulation (EU) 279/2016 (GDPR).
DigimEvo also at times acts as a Data Processor when responsible for the lawful processing of personal data. The lawful grounds on which we process personal data can vary depending on the terms of our business but we rely in general on a variety of lawful basis to process including contract, consent and legitimate expectation. Please refer to your healthcare provider the Data Controller for your personal data about the way they might process your personal data and the terms of their privacy policies.
4. DigimEvo as data controller
In certain circumstances DigimEvo may also process your personal data for its own purposes, in which case DigimEvo will be the “data controller” of your personal data and responsible for the lawful processing of this personal data. You may object to your data being processed however this may prevent our services being provided to you. Please reach out to the contact details below should you want us to stop processing your data.
5. What personal data does DigimEvo collect and process?
In order to make use of the Service, it is necessary to create a personal Account. For this you are required to enter certain information about yourself. Your name, sex, e-mail address are obligatory other fields are optional like phone or country of residence.
The information contained in your account is not visible to third parties. For patients, only the healthcare provider that’s been authorized by the patient can see their account information.
6. Terms of Service
By using the Service, the healthcare provider shares educational information using video prescription with the patients and the patients provide feedback about it. This information is private between the patient and the healthcare provider and it’s only accessible if the patient authorizes the health provider to access the data.
DigimEvo stores this information behalf of the healthcare provider. DigimEvo will only process the patient information for its own purposes with the consent of the patient. After the patient has given his consent, DigimEvo will anonymise the patient information and share it with authorised third parties.
If the patient is a minor, the parents or legal guardians of the patient will be asked to give their consent for the processing described above.
When using DigimEvo, cookies are saved on your computer. Cookies are small pieces of information (in the form of text) that a server sends to your browser (such as Internet Explorer or Firefox) with the intention that the browser sends this information back to the server the next time a user makes use of the Service. Cookies cannot damage your computer or the files saved on it.
When you use the Service, first party cookies are saved on your computer. First party cookies are made by or for DigimEvo and are stored on your computer by DigimEvo and only DigimEvo has access to these cookies. Such cookies are used by DigimEvo, for example, to remember your login information.
In order to collect data on the usage of DigimEvo’s website (the marketing website, not the platform used for access to the Service), DigimEvo uses Google Analytics. Google Analytics stores a permanent cookie on your computer which is subsequently used to register your use of the website. This data is then analyzed by Google and the results are given to DigimEvo. This enables DigimEvo to improve their services to customers and site visitors.
You can configure your browser so that you do not receive any cookies the next time you use the Service. However, it is then possible that you will no longer be able to make full use of the DigimEvo website or the portal log in services offered online.
8. The Purposes for which DigimEvo processes personal data
DigimEvo may use your personal data for the following purposes:
- To allow the healthcare provider to use the Service, including the management of the video prescription programs for patients, the management of the patients’ compliance with the video prescription programs and the exchange of video prescription program templates with other users of DigimEvo.
- To allow the patient to use the Service, including the access to home video prescription programs provided by the healthcare provider and monitoring the compliance and providing feedback to the healthcare provider.
- To communicate with you about the Service and/or other services of DigimEvo;
- To configure DigimEvo for your use..
- For protection purposes and to generate anonymous statistical data.
9. Data Sharing
DigimEvo will only release medical information to third parties where the healthcare provider has given consent for the specific third party involved (for instance, an insurance company) to receive such information and if such information is anonymized to protect patient privacy.
- if it is obliged to do so based on the Agreement with the healthcare provider;
- if it is obliged to do so on account of national or international laws, case law and/or regulations;
- if DigimEvo considers it necessary to do so in defense of its own rights; or
- if you have given permission to do so.
DigimEvo may post customer testimonials/comments/reviews on the Website, which may contain personal data of healthcare providers. DigimEvo shall obtain the healthcare provider’s consent via email prior to posting the testimonial.
10. International Data Transfers
As DigimEvo use localized servers to store your personal data this minimizes data transfers to countries which may not provide adequate protections in law to your personal data. For a full list of countries approved by the European Commission as ‘adequate’ please click here https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
11. Behavioural data processing
DigimEvo uses third-party analytics services to help understand the usage of the Service by healthcare providers. No patient information is shared through these services.
12. Data Retention
All data processed by DigimEvo will be kept for periods in accordance with the Data Retention Policy. Where a health provider terminates the DigimEvo service, stored personal data will be deleted or retained in accordance with the DigimEvo Data Retention policy.
13. Data Security
DigimEvo takes appropriate technical and organizational measures to protect your (personal) data against loss or any form of unlawful use. Because of the medical nature of some of the personal data, DigimEvo has incorporated a very high level of security.
To protect the confidentiality and integrity of your personal data, we:
- Have internal policies that keep your data private and confidential.
- Encrypt all communications between DigimEvo and our users (http: via SSL, email via TLS).
- Encrypt all patient health information in our database ("at-rest").
- Limit information access inside our company to the absolute minimum necessary.
- Use an electronically and physically secured data center.
- Use a firewall which blocks access by attackers and unauthorized users.
- Automatically logoff healthcare providers after a certain period of inactivity.
- Require all of our users to choose strong passwords
- Use a world-class CDN (content distribution network) which filters out possible attackers
- Use state-of-the art development and testing systems.
- Use best-in-class server management technologies.
14. Your right to access or delete your personal data
If you wish to access your personal data that DigimEvo may have stored or if you wish to ask for a copy of that data, or change data that you cannot change yourself in your Account, then you can send your request to gdpr@DigimEvo.com. DigimEvo will provide you with the personal data within 4 weeks. If DigimEvo is for any reason unable to satisfy your request it will inform you as soon as reasonably possible.
DigimEvo will retain your personal data for as long as your Account is active or as needed to provide the Service to you, to resolve disputes, enforce agreements or comply with any legal obligations in accordance with the Data Retention Policy. If you wish to delete your Account or request that DigimEvo no longer uses your personal data, you can contact us at gdpr@DigimEvo.com. DigimEvo retention and deletion requests are subject to law, defence of legal claims or statutory obligations irrespective of the Retention Policy.
15. The Applicable Supervisory Authority
Should you have a complaint about the way in which your data is controlled or processed your should first contact your Health provider. If you feel that this does not resolve your concerns about the way in which your data is controlled or processed then you have the right to complain to the national supervisory authority of your country.
While DigimEvo applies Spanish law due to incorporation, the full list of European supervisory bodies can be found here https://edpb.europa.eu/about-edpb/board/members_en
16. Policy Date
This policy is subject to annual review or where the data protection and or privacy law changes. and therefore this policy will be amended in the future. Any policy amendments will be posted to the DigimEvo website. This policy was last updated on 10 November 2020.
17. Contact Details
If you have any questions, please do not hesitate to contact our data protection officer via gdpr@DigimEvo.com or at Travessera de les Corts 262, 12 2, esc B , 08014 Barcelona