Growzen Buddy Privacy Policy

PRIVACY POLICY

The Growzen™ Buddy app is a mobile application (the “Application”) owned by Ares Trading SA, Zone Industrielle de L’Ouriettaz, 1170 Aubonne, Switzerland (hereinafter “ATSA”) an affiliate of Merck KGaA, Darmstadt, Germany.

The Growzen™ Buddy app runs on the Health Harmony® platform, a platform owned by Care Innovations (part of Icon plc Group), LLC, 950 Iron Point Road, Suite 160, Folsom, California 95630, USA (“Care Innovations), which is the legal manufacturer of the Health Harmony platform.

This Privacy Policy describes how Personal Data is collected and made available to users of the Application by both ATSA and Care Innovations, as well as how users may avail of their associated privacy rights in using the Application.

For the purposes of this Privacy Policy and pursuant to applicable privacy law:

  • “Personal Data” means any information relating to, or capable of identifying, a natural person or “data subject”. This can include either direct identification by reference to a person’s legal name, or indirectly through other identifiers (such as referring to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
  • “HCPs” means health care professionals who assist a given patient with the treatment program and who may access Personal Data relating to such treatment, including sensitive medical data through other related applications.
  • ATSA is a data controller, acting independently from any HCPs involved in the treatment of a given patient.
  • Care Innovations is a “data processor”, acting on the instructions of ATSA to help provide the Application and related systems to users.
  • HCPs also act as data controllers independently from ATSA and its affiliates in using related systems to the Application to help provide remote care management and monitoring.

The Application has been designed and implemented with due consideration of applicable privacy law, including the General Data Protection Regulation (EU Reg 2016/679 “GDPR”) as a standard reference. Depending on your location, more specific privacy law may apply in your case.

In processing your Personal Data in this way, we rely on your specific consent and our own legitimate interests in developing and administering the Application.

  1. Which Personal Data can be collected and visible through the Application?
  2. If you are a patient using the easypod® device, and/or Aluetta® pen with Smartdot™ transmitter (the “Device” or the “Devices”), the following main data sets (including Personal Data) in particular may be collected and visible through the Application:
  • Identification and contact data (such as your name and address, and that of your doctor or HCP) and the name other relevant individuals authorized to help with your treatment (for example, a parent or guardian, or where you have one or more caregivers)
  • Information transmitted from your device (date, time, dose injected, injection type, device identification and settings)
  • Data entered by your doctors and nurses concerning your treatment (for example, height and weight measures)
  • Your weight and height data (which you may add and update). These “self-measurements” are voluntary and will be used only to facilitate and illustrate your treatment progress. These may also be confirmed/updated by your doctor or nurse during the visits.
  1. If you are a Caregiver (or a parent or a guardian), you will be able to consult all of the above as it relates to treatment of your child/patient dependent, as well as any of your own Personal Data processed in relation to that treatment (e.g. phone number, email address, relationship to the child).

Depending on the platform from which you downloaded the Application you may also be asked to provide separate consent for your Personal Data to be processed in other applications of the platform provider (i.e. Apple Store). Please note this is not strictly required for the use of growzen ™ buddy App.

In accepting this Privacy Policy you freely and expressly consent to the processing of your Personal Data as per information provided in this Privacy Policy (alternatively where you are a caregiver, parent or legal guardian, you consent of the processing of such Personal Data on behalf of yourself and any child dependent).

  1. Who may view your data?

Your data, once transferred to growzen™ connect software and including the Personal Data described above, may be accessed by your HCP, to support you during your treatment as freely and expressly consented by you.

For child patients (typically including any individuals under sixteen years old, but varying depending on the laws in your location) caregivers, parents or legal guardians may also access and view such data provided they have requested and obtained a valid access to use the Application.

Some Personal Data may also be accessed and viewed by other ATSA affiliates , as well as our trusted service providers (such as Care Innovations). Typically, such access is strictly limited to necessary operational or maintenance purpose. Further information on the usage for analytical or statistical purposes is provided in section 6 below. ATSA and its affiliates ensure that any such access is pursuant to the requirements and protections of applicable privacy law, including ensuring that any such Personal Data is sufficiently protected (for example, by signing appropriate data processing agreements where international transfers are required, or by implementing robust technical and organisational measures such as encryption and role-based access).

  1. Where is Your Data stored and how is it protected?

Your data will be stored in the growzen™ connect software database which is located within the European Economic Area (EEA). However, in limited circumstances, and for necessary operational or maintenance purposes in particular as stated in Section 2 above, more restricted Personal Data sets may be processed outside the EEA, by other ATSA affiliates, or by authorised service providers (such as Care Innovations) in providing the services described above in section 2. This may also include usage and analytics data (including where anonymised) and other limited datasets which may be stored or viewable outside the EEA.

As data controller, we ensure that all required steps are taken to ensure that any such Personal Data is adequately protected, that any processing complies with applicable law, and that recommended or industry standard practice is followed to help protect the confidentiality, integrity and availability of your related Personal Data. As an example, your Personal Data is encrypted when transferred and stored in the growzen™ connect software network, as well as from your mobile device.

We ensure our procedures and security measures are closely monitored and updated where necessary to remain in close step with new legal requirements and best practice. As an example, our policies from both the technical and organisational perspective are periodically reviewed.

However, please note that any transmission of data relating to your usage of the Application over external networks (mobile phone network provider, or internet service providers) is beyond our reasonable control. As such, ATSA and its affiliates cannot be held liable for any delay, failure, performance, non-performance, interruption or corruption of any data or other information transmitted through or using such external networks.

  1. How long is your data retained for?

Your data is retained to the extent required by law, or for as long as you continue to use the Application. Please note that this is separate to any usage or storage of your data by your HCP, acting as a separate data controller.

  1. Right to access, review, correct and object

You confirm that your usage of the Application is independent from your treatment and entirely voluntary. You are free to change your mind and withdraw your consent as a whole or in part by informing your HCP at any time. If you want to have your data deleted to the extent, you may also request this from your HCP. Subject to the above, we will retain any Personal Data relating to you or your dependent child to the extent required by law, or otherwise for as long as reasonably required to provide the Application.

Depending on applicable privacy law in your location, you may also have various rights over your or your child’s Personal Data processed through the Application. The following, as an example, includes some of those applicable under the GDPR (which may be different from those in your own location).

  • Right of access: The right to obtain further information on the processing of any Personal Data and to receive a copy of such data.
  • Right to rectification: The right to request that we correct or complete any inadequate, incomplete or inaccurate Personal Data.
  • Right to erasure: As previously mentioned, you may request for such Personal Data to be deleted.
  • Right to stop processing: Under certain conditions, you may request us to stop or restrict the processing of such Personal Data, except where we are legally entitled or required to do so.
  • Right to data portability: You may ask to receive a copy of such Personal Data in a structured, common and machine-readable format and/or request that such data is transferred to another data controller (and where reasonably feasible).
  • Right to lodge a complaint with a supervisory authority: Where you feel that such Personal Data has been processed in a way that violates applicable privacy law, you may contact the applicable data privacy regulator for your location.

NOTE1: If you are participating in a clinical study, specific consent and related terms may also continue to apply. Please contact your specific trial doctor if you have any questions on this.

NOTE2: Please note, that should you delete the Application on your mobile your HCP may continue to review your treatment data through growzen™ connect software. To revoke your consent for this please contact your HCP.

  1. Use of data for analytical or statistical purposes

To better understand and improve the usage of the growzen™ connect software, and the Application, ATSA, and its affiliates, may also use system data for (anonymised and aggregate) statistical reports and business reviews, as well as to create general adherence reports.

This may include the following in particular:

  • Processing of data with the help of support and analytical tools, including troubleshooting activities to help ensure the proper functioning of growzen™ connect software, and for compiling reports on website activity, measuring how many users visit certain pages or how often they return to certain pages. In the interests of transparency, to compile such reporting data, we may process your basic connection details (IP address, city and/or country of connection) to help compile (aggregated) statistics and information on the usage of our services.
  • We may also process other usage-related data such as unique phone ID, to understand for example if there are accessibility or functionality issues between versions of our application or website in different locations, and with the different operating systems or networks used.
  • We may also collect usage level data to better understand and improve how our software and applications are being used. This can help us, for example, to understand and improve key Application features, resolve issues some users may be encountering, and to assess related technical capabilities. To be effective, this data is typically analysed at a highly aggregated level (i.e. not capturing individual usage data).

We process this data based on our legitimate interest to ensure an optimal functioning level for growzen™ connect software and growzen™ buddy.

Please note that you can opt out (at any time) of some non-essential processing as follows:

  • Opt-out from usage-based reporting for educational material by the following link: [https://www.adobe.com/uk/privacy/opt-out.html[1]] “Adobe Website Preferences – Cookie Settings”.
  • Opt-out from in-app usage tracking by selecting “no” from your growlink™ app settings under “App Analysis”.
  1. Does the Application send push notifications?

Push notifications are messages that are sent from the Application to your device, where they are prioritised and displayed. The Application uses push notifications only for notifications that refer, for example, to your injection adherence or to the synchronisation of your device. You can disable receiving push notifications at any time in your device’s settings.

Alternatively, you can arrange to receive such information by email or SMS notifications.

  1. Contact

If you have any questions or concerns you can also contact the Merck KgaA, Darmstadt, Germany data protection officer at privacy@merckgroup.com . If your query concerns a specific user account, you may be required to provide some limited Personal Data for authentication purposes. If your query is more general, you may choose to limit the Personal Data you provide (for example, using a different email address).

 

Last update: June 2022

[1] Select the link based on the language used for localization (e.g. French in Switzerland https://www.adobe.com/ch_fr/privacy/opt-out.html, Germand in Germany: https://www.adobe.com/de/privacy/opt-out.html )