Last update: June 2024
Privacy Policy
florio® ITP App
We appreciate your interest in florio® ITP. This product allows you to record and display data related to your immune thrombocytopenia disease (ITP), your treatment and your well-being.
Health data contain most sensitive information, and the protection of your data has highest priority for us. This Privacy Policy ("App Privacy Policy") explains which personal data are processed when you download, sign-up to use and use the App, and how we use these data. The App Privacy Policy also contains a description of your rights as a user. Please read this App Privacy Policy carefully.
Florio GmbH ("Florio GmbH", "we" and "us"), as controller within the meaning of the General Data Protection Regulation ("GDPR"), is responsible for the lawfulness of the processing of your data. You can contact us at any time using the contact details below:
Florio GmbH
Wilhelm-Wagenfeld-Strasse 22
80807 München
Germany
Phone: +49 89 321 977 090
Email: info@florio.com
You can contact the data protection officer at any time using the contact details below:
Data Protection Officer
Florio GmbH
Wilhelm-Wagenfeld-Strasse 22
80807 München
Germany
Email: privacy@florio.com
When you use the App, we process the following personal data, including sensitive health data:
|
Registration data and log-in credentials such as your user name and email address, and a florio assigned user ID |
We process these data to enter into the contract to use the App based on the Terms of Use for the App with you, to provide the App and to allow you to use it. The legal basis for this processing is its necessity for the conclusion and performance of the contract to use the App, Art. 6 (1) lit. b GDPR. We process your user ID to be able to handle your support requests quickly and efficiently. The legal basis for this processing is our legitimate interest in providing efficient user support, Art. 6 (1) lit. f GDPR. |
|
Device data/technical data/IP address |
We process these data for ensuring, maintaining and improving security, protection against loss of data or unauthorized access, as well as delivering updates, Art. 6 (1) lit. f GDPR. |
|
Information relating to your disease and treatment (health data) that you enter in the App, such as: · information about demographics (e.g. your age, country, language preference); · information about your treatment plan (e.g. product name, dose and frequency); · information about your medications taken (e.g. date/time taken, dose, product name); · information about your thrombocyte (platelet) count; · information about your symptoms such as bleeds, petechiae or bruise (e.g. location on the body, time/date, cause); · information about other symptoms such as fatigue (date, severity) and your well-being; · information on activity automatically collected and stored within the last six months through your smartphone's functionalities or any other device, such as a wearable (e.g. a smartwatch), that you use, based on platforms such as Apple HealthKit or Google Fit, depending on the individually selected settings of your smartphone or device which may include your activity levels (steps taken, heart rate, calories burned, walks and runs, heart points, motion minutes, standing hours, stair-steps, basic energy consumption, energy consumption during exertion, duration of a workout, resting heart rate), nutrition information, or sleep pattern data. |
We process these data to provide you with the individual functions of the App, namely logging and tracking your health condition. This includes providing you with printable summary reports you can generate within the App that display data and trends based on the data you record in the App. The legal basis for this processing is your explicit consent, Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR. We can only make the App available to you if You consent to the processing of your health data for the purposes outlined here. If you do not want your health data to be processed for the outlined purposes, please do not sign-up for or use the App. You can withdraw your consent at any time, but this will not affect the lawfulness of the processing of your personal data carried out prior to the withdrawal. However, in this case, you can no longer use the App. We may furthermore use your non-identifiable data, which means data based on which you cannot be identified, for supporting science and research purposes. We will only do so if and to the extent that this is permitted by applicable law. |
|
Data about your device and your use of the App, such as most used functionalities and errors |
We process such data to better understand how users access, use and navigate our App in order to be able to improve it and make it more user-friendly. The legal basis for this processing is your consent, Art. 6 (1) lit. a GDPR. We ask for your consent via the App. You can use the App without consenting to this processing. |
|
We may process data that you share with us in the context of support requests. |
We process such data to handle your support requests. The legal basis for this processing is its necessity for the performance of the contract that we have concluded with you based on the Terms of Use for the App, Art. 6 (1) lit. b GDPR and, in the case of health data, your explicit consent according to Art. 9 (2) lit. a GDPR. |
Your data will not be shared with any third parties without your prior consent, unless this is expressly stipulated in this App Privacy Policy or we are legally obliged to do so. We may share your data as follows:
· Your physician: the App allows you to share summary reports displaying data and trends based on the data you record in the App with your physician in order to assess your individual health situation. If you decide to do so, summary reports will be shared with your physician through the App.
· Service providers: we cooperate with third parties that perform services and process data, some of which is personal data (including health data), according to our instructions in relation to the App, for the purposes of processing information or operating the App, as well as providing content and programs. Such third parties are restricted from processing the data for any purpose other than to provide these services. Read more about this at https://florio-itp.com/legal/ under Service Providers.
· Authorities: to the extent required by law or necessary for the use in legal proceedings, we may also share your personal data with local or foreign government authorities, supervisory authorities, law enforcement authorities, courts and tribunals, namely
o health data
§ for the establishment, exercise or defence of legal claims and
§ for reasons of public interest in the area of public health;
o other personal data
§ for compliance with legal requirements and
§ on the basis of our legitimate interest.
For example, we may be required by healthcare or medical products legislation to report any incidents to supervisory authorities.
· Potential asset purchasers: if we sell or transfer assets or if we intend such sale or transfer, a merger or a transfer or company restructuring, in particular for the purpose of due diligence processes, we may transfer your personal data (except health data) to one or more third parties as part of such transaction or restructuring, on the basis of our legitimate interest for continuing business or making business transactions or on the basis of your consent, where required.
· Other categories of recipients: we may also share your
o health data with third parties where this is necessary for the establishment, exercise or defence of legal claims or for the protection of vital interests of a third party
o other personal data with third parties where this is necessary for the purposes of our own, or a third party’s, legitimate interests relating to law enforcement, litigation, criminal investigation, protecting the safety of persons, or to prevent death or imminent bodily harm, unless we deem that these interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.
The App is hosted on servers in Germany, which means that your data are stored in Germany. We may transfer certain data to service providers located in third countries, see clause 3 of this App Privacy Policy under “Service providers”.
We take reasonable steps to protect your data from loss, misuse, unauthorised access, disclosure, alteration or destruction by taking security precautions that provide for industry‑standard protection. The App is regularly tested by external security experts, who probe our systems for vulnerabilities, and confirm that defences against malicious attack or accidental data loss are as strong as possible.
We will store your data only for the period necessary to fulfil the purposes outlined in this App Privacy Policy. After that, we will delete your data, unless statutory retention obligations preclude this or a prolonged storage is necessary in the specific individual case for the establishment, exercise or defence of legal claims. If you withdraw your consent or delete your user account, we will delete your data from our operational database. Insofar as statutory retention obligations apply or it is necessary to retain your data for the establishment, exercise or defence of legal claims, we will store your data in a storage archive.
To request that your user account be deleted, please contact help@florio.com via the App or your preferred email client or browser. If you are using florio ITP v5.1.1, you can delete your user account directly from within the App.
Subject to the statutory provisions, including the corresponding local laws, you have a number of rights in connection with our processing of your personal data, which we will outline in more detail below. To exercise these rights, including the withdrawal of your consent, or if you have any questions, requests or complaints about the processing of your data in relation to the App, please contact info@florio.com.
· Access: you have the right to request access to your personal data processed by us and a copy of this data (right of access).
· Rectification: you have the right to have any incorrect data rectified and, taking into account the purposes of the processing, to have incomplete personal data completed (right to rectification).
· Erasure: you have the right, if there are justified grounds, to request the erasure of your data (right to erasure).
· Restriction of processing: you have the right to request the restriction of processing of your data, provided that the statutory prerequisites apply (right to restriction of processing).
· Data portability: you have the right to receive the data provided by you in a structured, commonly used and machine-readable format and to transmit those data to another controller or, to the extent that this is technically feasible, have them transmitted by us (right to data portability).
· Right to object: you have the right, on grounds relating to your particular situation, to object to any processing of your data for the purposes of legitimate interests pursued by us or a third party (right to object)..
· Withdrawal of consent: you have the right to withdraw your consent at any time without giving reasons and with effect from the date of withdrawal. The withdrawal of your consent will not affect the lawfulness of processing your data based on consent before this consent was withdrawn. Withdrawal of your consent will mean that, from the time you withdraw, it may be impossible to operate the App.
· Complaint: notwithstanding any other remedies, you are also entitled anytime to file a complaint with a supervisory authority, for example in your country of origin. If you live in Ireland, you may lodge your complaint with the Irish Data Protection Commission (https://www.dataprotection.ie/). Florio GmbH, as a company established under German law and located in Munich, is supervised by the Bavarian Data Protection Commissioner (https://www.datenschutz-bayern.de/index.html.en).
The App may contain links to external websites that we believe may provide useful information to the users of the App. This App Privacy Policy and the obligations under it do not apply to such external websites (unless these websites are owned by us and directly link to this App Privacy Policy). We suggest contacting such external websites directly for information on their privacy and security policies. We cannot be held liable for the content provided on such websites.
We reserve the right to make changes to the App Privacy Policy in the future. In case of material changes (e.g., in particular, any changes that materially affect your rights), we will notify you, such as on our website and/or publish a temporary notice on the App. The App Privacy Policy in the respective applicable version can be accessed and viewed on our App at any time.
* * *