PRIVACY POLICY
This Privacy Policy applies to the use of the Sexual Health – mobile device application (the “App”) owned by Pomeranian Medical University in Szczecin (“we” or “us”). “You” or “User” refers to any user of the App.
This policy sets out our commitments and explains the rights that You have with respect to the data we collect from You, including your personal information. If You do not agree to the terms of this Privacy Policy, please do not use the App.
The provision of personal data is a contractual requirement. Providing personal data is voluntary, but necessary for using the App properly. Also the range of our service might be limited when You refuse to provide your personal data.
WHO WE ARE
Pomeranian Medical University in Szczecin, Department of Infectious Diseases, Rybacka Street 1, 70-204 Szczecin, Poland. You can contact us via e-mail: rektor@pum.edu.pl or phone number: 91 48 00 801. We are your personal data controller.
DATA PROTECTION OFFICER
Our Data Protection Officer is Magdalena Łobacz, whom You can contact via e-mail: iod@pum.edu.pl or phone number: 0048 91 4800790.
DATA WE COLLECT
The application saves locally (i.e. in the phone’s memory) anonymous User data: gender, age, sexual orientation and whether User is taking drugs.
No data such as email, phone number or first and last name are collected at any time.
The web server, with which the App communicates, stores data about the User’s research results (blood, urine, etc.).
If the User gives their consent, the application will send data about the medication, visits and vaccinations to the web server. This data will be anonymised – it will not be possible to associate it with any application ID or user.
PURPOSE OF DATA COLLECTION
Above-mentioned data is collected in order to enable use the application, i.e. to generate a list of medicines, tests and visits for the User. Because some prophylactics depend on gender, these data are transferred to the server, which generates entries to the calendar and returns them to the phone. After generating such a list, the patient sees in his phone, for example, information that on Thursday he must take 18 tablets of medicine and on Friday he will do blood tests. The test results can only be entered by the doctor after receiving the access code from the patient – then they are transferred to the mobile application. The doctor has access to them on the website but the patient can at any time withdraw this consent using the application. The test results are saved anonymously – i.e. they are assigned to a unique, 40-character identifier, which is stored in the application. Knowing this code is not enough to identify a particular person. We collect data also for purposes deriving from our legitimate interests: for analytical, statistical purposes and to ensure ICT security related to the App.
LEGAL GROUNDS FOR DATA COLLECTION
The personal data we collect are processed on the terms specified in the regulations on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) – GDPR applies to the processing of personal data of Users residing in the European Union.
The main legal ground for data collection is your consent granted on the base of article 6 (1)(a) of the GDPR, article 9 (2)(a) of the GDPR and legitimate interests pursued by the controller – article 6 (1)(f) of the GDPR.
RECIPIENTS OF THE PERSONAL DATA
The recipients of the User’s personal data may be our authorized employees, external service providers, e.g. IT service providers, hosting providers, and other entities processing data on our behalf on the basis of a contract of entrustment processing of personal data.
THE PERIOD FOR WHICH THE DATA WILL BE STORED
Your data will be stored for the duration of the use of the App and legally agreed archiving period or until the consent to data processing is withdrawn (if consent is the basis for processing) and the User exercises their right to obtain the erasure of personal data (“right to be forgotten”), and in any case for the period specified by the provisions related to the legal obligation of the data controller.
RIGHTS YOU HAVE
You have got the right to request from us access to and rectification or erasure of personal data or restriction of processing or to object to processing as well as the right to data portability.
The User has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (f) of Article 6(1) of GDPR. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims. You may also execute the right to withdraw consent for processing your data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You may also lodge a complaint with a supervisory authority in your country if in your opinion we process your personal data unlawfully (EU RESIDENTS ONLY).
SAFETY MEASURES WE USE
We use appropriate technical and organisational measures to ensure and to be able to demonstrate that processing of your data is performed in accordance with applicable law, including GDPR. In particular the SSL protocol is used for data transmission. The web server is protected by a firewall.