Cognitive IVF a.s.
1. General provisions
1. 2 The App connects users applying for in vitro fertilization with suitable IVF clinics as well as it allows the applicants to share the information about their health and fertility issues with the clinic they have chosen for the IVF cycle. The App also allows users to track data about their health information and procedures related to the IVF and further works as client´s decision support tool throughout the IVF healing process.
2. Controller of the personal data
2. 1 We are the controller of your personal data, together with our UK subsidiary Cognitive IVF UK LTD, a private limited company with its seat at 71-75 Shelton Street, Covent Garden, London, England, WC2H (hereinafter referred to as “Cognitive IVF UK”). The Company and Cognitive IVF CZ act jointly as a joint controllers in accordance with art. 26 of GDPR (joint controllers hereinafter referred to as “we”, “our”, “us”). Any data transfers between us as a data exported and Cognitive IVF UK as a data importer are based on the Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation. We are also authorised representative of Cognitive IVF UK in the European union under the Art. 27 of the GDPR.
2. 2 You may reach us directly at our e-mail email@example.com or on our address (hereinafter referred to as “Contact details”).
2. 3 Joint controllers have appointed an external data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. You may contact DPO at firstname.lastname@example.org, telephone number +420 777 118 385, or at:
ARROWS advokátní kancelář s.r.o.
150 00 Prague
3. 1 Personal data - means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, location data, e-mail.
3. 2 Processing of personal data - means any operation or set of operations which is performed on your personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. 4 Processor - means a natural or legal person, public authority, agency or another body that processes personal data on behalf of the controller;
3. 5 Purpose - the reason why the controller is processing your personal data;
3. 6 Cookies – a cookie is a small piece of data (text file) that a website (Site) –when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. The cookies we use may be divided as those used by us as first-party cookies (technical cookies) which are necessary to provide you with the functionality of the Site and third-party cookies – which are cookies from a different domain (for advertising and marketing purposes). This also includes other techniques that work in a similar way. Read more in the Cookies policy
3. 7 Recipient – the person that receives the personal data;
3. 8 The third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
3. 9 Consent - freely given, specific, informed and unambiguous indication of your wishes, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to you.
4. Data processed, purposes, method and period of time of processing the personal data
4. 1 Scope of data processed.
4. 1. 1 Sources of the personal data. We receive your personal data from various sources, which are in particular:
- when you register on our Site or App;
- when you use our Services (via App, Site or E-mail);
- when you participate in the clinical study which uses our App.
4. 1. 2 Data collected. We only process such personal data that are provided to us from you via the sources as described above. In particular, we process the following personal data:
- Account data: name and surname, e-mail, telephone number, the address of permanent residence, date of birth and state of nationality, gender, password or passcode, ID (for limited purposes).
- Health data: you may choose to provide personal information about your health and well-being such as: weight, body temperature, basic medical history, health conditions & diseases, menstrual cycle dates, various symptoms related to your menstrual cycle and health, other information about your health (including sexual activities, tests & exams, vaccination, family history, test results, diet, daily routine), previous pregnancies, physical attributes, anamnesis with a focus on diseases that may affect the ability to conceive and deliver a child, well-being, and related activities, including personal life, sexual orientation and health of your partner. These data may also include personal data collected in the course of research or study which you decided to participate in. In order for us to process any personal data under this category, we will explicitly ask for your consent.
- Payment data: further, we process the information on your bank or credit card details, the Main services you have ordered, your payments, invoices with your personal details, etc.
- Logged activities: You also may give us the ability to import into the App personal Data about your health and activities from third-party services such as Oura, Apple HealthKit, GoogleFit, Garmin connect, Strava etc. Such imported personal data may include sports activities, weight, calories burnt, heartbeat rate, number of steps/distance travelled, and other data about your health. In order for us to process any personal data under this category, we will explicitly ask for your consent.
- Other persons data: When you set up your profile in the App, you may also share with us data of your spouse or partner, as well as their Health data related to the conception and further development of a baby. We will require this other person to confirm their acknowledgement of the way how we process their personal data. For this reason, we will ask you for their e-mail address or telephone number.
4. 1. 3 Purpose, Grounds and Duration of the processing. We process your personal data for the following purposes:
- Provision of Services. We process the personal data described above for the purpose of the provision of Services to you, including sending the reminders on payment, handling potential complaint proceedings. This may also include, with your specific consent, transferring your data to third persons participating on provision of Services, especially to the health professionals, such as collaborating physicians. We process these personal data for the duration of the contractual relationship we have with you. For this purpose, the legal title for processing is necessity for the performance of the contract and the exception for processing your health data is your consent.
- Research or study. In some cases and with your previous consent, we also process data collected during your participation in health research or study, based on your consent or other legal title. These data may also be shared with study sponsor, investigator and relevant research institutions. Personal data will be provided directly by you, observed, measured or inferred in the research or study, or provided to us by the third parties, for example manufacturers of devices which measure your data. We may also receive data for the research or study from your healthcare provider and give them your data from the research or study for the purpose of healthcare services provision by the healthcare provider. Specific information about processing of your data for this purpose, including scope of data processed, recipients of data, duration of processing, involved entities etc. was presented to you in the informed consent with participation in relevant research or study and in detailed form in the specific information about processing of personal data in the respective research or study.
- Further development of Service and increasing accuracy of recommendations with the use of health data. With your consent, we use your personal data, including health data, to increase accuracy of recommendations from our Services with the use of health data. The legal basis and exception for the use of health data is your consent. For this purpose, we process your personal data for the period of 5 years since their collection, but in case no longer than until the consent is revoked.
- Further development of Service without the use of health data. We also use some personal data to improve our Service, Site and App, especially to train the AI algorithms that run the Site and App to make your experience with our services even more enjoyable on the basis of the legitimate interest consisting of further improvement of our services.
- Performance of general legal duties. We also process your account data and payment data in accordance with the relevant accounting acts or acts on value-added tax, as we are obliged to store those documents for a certain time period (this specific time period may differ according to applicable law in each country). If there is such a legal obligation, we store the concerned documents together with your personal data for the time period as stated by the applicable law.
- Protection of our rights and legitimate interests. Further, we process your personal data described above on the basis of the legitimate interest consisting of recovery of our claims against you and/or to protect and enforce our claims and the exception for processing your health data is establishment, exercise or defence of our legal claims. For this purpose, we process your personal data for the period of time corresponding to the statutory limitation period.
- Promotion of Services and our other products. If you use the Services, we also use your personal data described above, with the exception of health data and logged activities, to promote our products and services, including sending of promotional communications. Legal basis for this processing is our legitimate interest of promotion of our activities and we process your personal data for the duration of the contractual relationship and 2 years after.
- Receiving newsletters. We may also use your e-mail address for the purpose of sending newsletters to which you subscribed, on the basis of your consent. For this purpose, we process your personal data until you revoke this consent.
- Operation of the Site and App and their security (Essential Cookies). We process your Cookies data, which are necessary for operation of Site and App, including presentation, their functionality and ensuring your safety. Within this purpose, we identify you as a visitor during the browsing or during repeated logins on the Site and in the App. The legal basis for such processing is our legitimate interest on due functionality and operation of our Site and App. We generally retain your personal data for up to 2 years after yours visit to our Site and App.
- Promotion and marketing on our Site and in the App (Marketing Cookies). We process your Cookies data, which are necessary for targeting and showing our advertisement (marketing cookies), while your data may also be transferred to third parties. Within this purpose, we promote and market products and services on the Site and in the App and show you marketing communication related to products and services you expressed your interest in and promote our brand through online promotion, while your data may also be transferred to third parties. The legal basis for processing here is therefore your consent, given through the Cookies Sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
- Customization of website (Functional Cookies). We process your Cookies data, which are necessary for customization of website (functional cookies). We can than simplify browsing of the Site or the App for you. For this purpose, we customize Website and the App – location, language choices and your device to your preferences, while your data may also be transferred to third parties. The legal basis for processing here is therefore your consent, given through the Cookies sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
- Analysis of visits of website (Analytics Cookies). We also process your Cookies data, which is necessary for analysis of visits of our website (analytics cookies). Within this purpose, we monitor traffic on our Site and in the App, optimize our Site and App, ensure the security of your data and make it more seamless and user-friendly, while your data may also be transferred to third parties. We process your data based on your consent, which you gave to us through the Cookies Sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
4. 2 Cookies
4. 2. 1 While using our Site and the App we may process your personal data (Cookies data) via cookies and other tracking technologies. Cookies are small text files that are stored in your web browser that allows us or a third party to recognize you. Cookies can be used to collect, store and share bits of information about your activities across websites, including our Site and App. This also applies to other similar technologies used for this purpose.
4. 2. 2 We use the following cookies:
- Technical cookies are necessary to ensure the correct function of the Website;
- Third-party cookies – tracking cookies, analytical/targeting cookies.
4. 2. 3 You may adjust the authorization or the refusal of all of the cookies or only some of the cookies. The refusal of the cookie files may have a negative influence on the functionality of the websites, including the Site. You may adjust your choice regarding the cookies anytime or you may erase them from your electronic device at any time. Detailed information regarding the cookies is provided on the website of the appropriate website browser provider. Read more about the Cookies policy.
4. 3 How we process data. We process your personal data, in the scope and for the purposes described above, by automated means, which also includes using statistical methods. In certain cases, we may also process your personal data manually.
4.4 Children data. We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register at our Site, apply for our Main services or send any personal data.
4.5 Consequences of failure to provide data. The provision of your personal data is a requirement necessary to enter into contract for provision of our services. In case these data are not provided, we would not be able to provide you with our services.
5. Transfer of the personal data to third persons and the beneficiaries of the personal data
5. 1 We are authorized to transfer the personal data we collect by the means described above to third persons who ensure some services relating to the provision of our Services, including administration or IT support, organization and storage of the personal data etc. These subjects are in the position of processors or controllers of your personal data.
5. 2 We may share the collected personal data in particular with the following recipients:
- our suppliers of IT systems, who may have in specific cases access to your personal data and act as data processors;
- our external providers of accounting services that are necessary for fulfilling our legal obligations and
- act as data processors; and
- our external providers of legal services that are necessary for the enforcement of our claims and for protection of our legal entitlements and act as data processors or data controllers;
- our sister companies and other subsidiaries such as Cognitive IVF UK LTD. and act as data processors or data controllers;
- collaborating physicians of your choice participating on provision of the Fertility Report Service, who act as data controllers; we have taken steps to ensure that all collaborating physicians are bound by the same strict data protection requirements.
You may also instruct us to share your personal information with providers of health services, physicians, fertility clinics etc., who act as data controllers, especially in the case you choose to use the services of the provider of health services recommended by the App.
5. 4 We, including the processors and controllers, are obliged to keep all the personal data confidential. The exemption is the duty to report your personal data to the designated public authorities and other entities who are entitled to request the personal data by the law (i.e. Police, Tax authority etc.).
6. Security of your personal data
6. 1 We have introduced to our system such necessary technical and organizational measures of internal control and processes of the safety of the information that follows best practice corresponding to the potential risk to you. At the same time, we take into consideration the perspective of future technological progress in order to protect your personal data from unauthorized disclosure, access or its loss. These measures include, but are not limited to, employees’ data protection training, regular backups of the data, the data recovery procedure, and mechanism of responsibility for an infringement of protected data, software and hardware protection. We also adhere to strict policies and procedures when using or disclosing protected health information under the HIPAA, especially the Privacy Rule Policies, Security Rule Policies and the Breach Notification Policy, and have appointed a Security Officer.
6. 2 The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.
7. Your rights
7. 2 If you wish to exercise your rights or to receive the relevant information, contact us via one of our Contact details. When you contact us, we have to ask you to provide us with your identification information or other personal data which you have provided us earlier. The provision of such information is necessary for the verification if it is you who has actually sent the request. We will provide you with the answer no later than one month after receiving such request, whereby we retain the right to extend this time period by two months.
7. 3 Your rights. In accordance with the applicable law, you may require access to the personal data, which we, as a controller of personal data, process, the right for rectification, erasure or transferability, right to lodge a complaint, right to require the restriction of the processing and right to object to processing. At any time you may withdraw your consent on the processing of personal data.
7. 5 Erasure of your personal data. Anytime you may provide us with a request for the erasure of your personal data. After you contact us with such a request and if one of the grounds for erasure of data applies, we will erase affected personal data from our databases without undue delay, unless we process some of your personal data because of our legal obligation or for the establishment, exercise or defence of our legal claims.
7. 6 Withdrawal of the consent on the processing of personal data. You may anytime withdraw the consent on the processing of personal data that you granted us without giving us any reason. If you want to withdraw your consent let us know via one of our Contact details. Please take into account that the withdrawal of the consent does not affect the lawfulness of the previous processing on the basis of a given consent.
7. 7 Access and transferability of your personal data. You have a right to receive information about processing of your personal data and a copy of your personal data processed by us. If you require, we can transfer all or only part of your personal data provided by you (processed by automated means on the basis of the contract or consent) directly to a third person (another controller of personal data), whom you mention in your request for the transfer of the personal data, if such request will not have a negative effect on the rights and freedoms of other persons and will be technically feasible.
7. 8 Restriction of the processing. If you provide us with a request to restrict the processing of your personal data, especially in cases when you doubt the accuracy, lawfulness or our need to process your personal data, we will assess your request and may restrict the processing of your personal data to the necessary minimum (processing for assessment, enforcement or defence of our legal claims or because of the protection of the right of another natural or legal person or from other reasons). However, if the restriction of the processing is cancelled and we will continue in the processing of your personal data, we will give you a notice about this without undue delay.
7. 9 Objection to processing. You have a right to object to processing of your personal data, based on your particular situation, at any time, where this processing is based on our legitimate interest. We will no longer process your personal data unless we are able to demonstrate compelling legitimate interest to do so or unless such processing relates to direct marketing.
7. 10 A complaint at the Office for personal data protection. You have a right to lodge a complaint regarding our processing of personal data at the UK Information Commissioner’s Office, with its registered office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK, website: https://ico.org.uk/, and at the Czech Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, Czechia, website: https://www.uoou.cz/.
7. 10 Access to protected health information. If we hold the protected health information in records that may be used to make decisions about them and we qualify as a covered entity under the HIPAA, you have a right to access or amend your individual information or have an accounting of disclosures. If we do not act as a covered entity but as a business associate under the HIPAA, we will forward your request to the applicable covered entity.
Questions and comments