1.1 Responsible entity
1.1.1 SWEETBEE BV, located in Herent, Belgium is a project partner of the EU H2020 Project NUTRISHIELD (https://nutrishield-project.eu/), whose objective, among others, is the development of the NUTRISHIELD APP (the “App”). SWEETBEE is responsible for the development of the app, therefore the “controller” responsible for the security and compliance with all applicablepersonal data protection laws.
1.2 Structure and consent concept
1.2.1 This privacy notice informs you (the App user) about the purposes and scope of processing your User Data, as well as data transfers, and your extensive rights. As our offer is exclusively aimed at persons receing dietary recommendations by health professionals, such as persons with diabetes and/or obesity, your use typically already provides information on your health condition and health habbits. We therefore only process User Data as health data with your consent.
You may provide the relevant consents upon registration. You may revoke any consents at any time by sending an email to firstname.lastname@example.org. In such an instance we will inform you about the consequences of the revocation. The lawfulness of the processing prior to revocation remains unaffected.
1.2.2 In some cases, the processing may take place independently of consent on the basis of statutory principles (e.g. medical device regulations). We will inform you accordingly in appropriate cases.
2. PROCESSING OF YOUR PERSONAL INFORMATION
If you grant your consent, we process the User Data listed below in order to be able to provide our services. If you do not consent to this necessary processing, you cannot use the App.
2.1 Necessary User Data
2.1.1 In order to protect your User Data, our services can only be used in connection with a user account. To create a user account we require and process the following User Data:
Device ID, manufacturer, device type, operating system version
Language, country, time zone
2.2 Complementary User Data
2.2.1 Complementary User Data, to which you provide us with the explicit consent to process, include the patient ID provided by the health professionals who registered you in the personalised nutrition project. Although the app does not include further personal data, the patient ID is connected to the database operated at the premises of the hospital, where personal data are stored, such as:
Date of birth
Medical data such as those derived by the analysis of biosamples (blood, urine, other)
Demographical data and data derived from the questionnaires filled by the health professionals.
Medical Master Data: diabetes type, diagnosis year, insulin therapy (pen/pump), blood glucose target range, height, weight, meter/therapy device, medication, type of insulin, basal settings, correction factors, carbs / insulin ratio.
App entries such as date/time/time zone/place, type and duration of activities (breakfast, office work, sport etc.), food intake/meal/ingredients, pills taken/injections, blood glucose measurements, notes/text, blood pressure, weight, HbA1c, ketones, steps, images/photos, medication, tags, points, imported values; sensor data such as start date/time, end date/time, time zone, sensor value, type; temporary basal rate, date; app settings such as display options, activated integrations; or coaching (status, targets, other illnesses).
2.2 PROCESSING PURPOSES
2.2.1 All the necessary purposes of our processing are associated with providing our services:
Order, delivery, support, of our services in connection with the App;
Recommendations based on the App.
3. SCIENTIFIC RESEARCH PURPOSES
The App is committed to the treatment of children whose diet much be controlled, such as childen with diabetes and/or obese children. Therefore, anonymous User Data may also be used for the purposes of research and statistics (always whilst complying with the recognized ethical scientific standards) and internal analyses. This is used mainly to determine and improve the effectiveness of techniques for controlling and treating diabetes.
6. GENERAL INFORMATION
6.1 Purpose limitation and security
6.1.1 The App uses your personal data exclusively for the purposes determined in this privacy notice and the relevant consents. We ensure that each processing is restricted to the extent necessary for its purpose.
6.1.2 Each processing always guarantees adequate security and confidentiality of your personal data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and the latest encryption methods, always taking into account state-ofthe- art technology and implementation costs.
All NUTRISHIELD consortium partners are “processors” with regard to the processing. Processing by processors is performed exclusively within the framework of this privacy notice and only to fulfill the purposes of the Project.
6.3 Encryption, pseudonymization, and anonymization
6.3.1 Each data transfer, without exception and by default, is encrypted during transfer and upon upload on the App.
6.4. Storage and deletion
Your User Data is stored on your device and transferred to the NUTRISHIELD database at the premises of the hospital. This data is also stored on our servers. We only use systems that meet GDPR requirements.
The App only stores your personal data for the duration of the contract and for a period of five (5) years thereafter.
Minors, below the age of sixteen are only permitted to use the App with the consent of a parent/guardian. Otherwise use of our products is prohibited.
7. YOUR RIGHTS
7.1. Revocation of consents
If we process your User Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.
7.2. Information, correction, and restriction
7.2.1 Each user has the right to request information on the processing of their personal data. To do so, please contact SWEETBEE at any time at email@example.com.
7.2.2 Your right to information covers information on the processing purposes, data and recipient categories, storage time, origin of your data, and your rights under the data protection regulations. You can find all of this information in this privacy notice and we are happy to provide it to you in an electronic form.
7.2.3 Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data yourself in our apps. You have the right to restrict data processing for the duration of any investigation review that you have requested.
7.3 Deletion (“right to be forgotten”)
Each user has the right to request the deletion of their personal data. To do so, please contact SWEETBEE at any time at firstname.lastname@example.org.
7.4 Ability to transfer data
Finally each user has the right to request that we provide an overview of their personal data to another responsible party, if this is technically feasible.
7.5.1 If you feel we are not protecting your data protection rights adequately, please contact us at any time at email@example.com.
7.5.2 Any user has the right to submit a complaint with the Italian and/or Belgium Data Protection Authority if they believe that the processing of their personal data is not in compliance with data protection regulations. In addition, the user has a right to complain to a supervisory authority in the EU member state in which they are resident, in which their workplace is located, or which is the location of a suspected infringement.