Privacy Policy
Table of contents
- How to Use this Document
- Summary
- Section 1 - What Data do we Collect?
- Section 2 - How do we Use your Data?
- Section 3 - When and How do we Share your Data?
- Section 4 - Consent
- Section 5 - Security
- Section 6 - Safety of Children
- Section 7 - Your Rights to Control What Happens to your Data
- Section 8 - How Long do we Retain your Data?
- Section 9 - Changes to this Privacy Policy
LAST UPDATE: July 14, 2021
Byteflies’s mission is to make health care more personal, proactive, accessible, affordable and equitable, especially for people with chronic conditions. We do this by providing services that allow you and your healthcare provider to collect high quality and relevant medical data no matter where you are and, if needed, for long periods of time.
Everything we do with that data, described in this document, is intended to support that (and only that) mission.
How to Use this Document
This Privacy Policy concerns the use of any Byteflies device, application, and service except for our public websites, which are covered here. Below, we simply refer to “Byteflies services”.
This Privacy Policy applies to patients (END-USER
) who participate in a Byteflies Care@Home program. It also applies to professional users (PRO-USER
), such as healthcare providers prescribing or using a Byteflies Care@Home program, and researchers using a Byteflies service.
END-USERS
are indicated with a in the text.
PRO-USERS
are indicated with a in the text.
Privacy policies can be dense legal documents. We try to keep ours as straightforward and transparent as possible. If you have any questions or comments, please contact us.
Summary
What data do we collect? | |
When you use a Byteflies service three types of data can be collected:
| |
How do we use your data? | |
The collected data is used to provide our services. These services will be clearly explained before you participate in a Byteflies Care@Home program. As the , you always remain the owner of your data unless specified otherwise by your healthcare provider or study coordinator (see and below for more information). | |
When and how do we share your data? | |
Byteflies does not sell, rent, lease, give away, disclose, or share your data without your explicit consent. The only situation where consent can be requested to share your data with a 3rd party, are clinical or research studies conducted in collaboration with a clinical or research partner (see ). | |
Your right to control what happens with your data | |
Byteflies is a GDPR and HIPAA compliant company. This means that we are committed to protecting your privacy, conducting our business in a transparent manner, and making sure that you have full control over what happens with your data () or the data a professional user () is authorized to collect. More information is available here: | |
What if I participate in or run a clinical or research study? | |
| It is possible that you were recruited to participate in a clinical or research study by us or one of our partners. In that case, you will have received an informed consent form that explains what data will be collected as part of the study and how it will be used. All studies Byteflies participates in or conducts follow the World Medical Association Declaration of Helsinki guidelines on medical research involving human subjects. Participating in a study that uses Byteflies services in no way changes our commitment to safeguarding your privacy and data rights. | If you use Byteflies services to conduct a study, we will have signed a Data Processing Agreement (DPA) with you or your institution. |
Section 1 - What Data do we Collect?
When you use a Byteflies service we collect data relating to you and your use of our services from a variety of sources.
Data we collect directly from you
-
Physiologic and Behavioral Data: Byteflies services are intended to record health-related data, more specifically physiologic* and behavioral** data. Some of this data is processed into vital signs and other health-related measures to assist your physician () in providing you () with appropriate care. This data is transmitted to a Byteflies managed server (Byteflies Cloud) hosted on secure and privacy-regulation compliant providers. For EU users, all data is stored on EU-based servers. For US users, data is stored on EU or US-based servers.
-
*Physiologic Data: Byteflies services can record various physiologic signals, such as but not limited to, the beating of your heart, brain activity, skeletal muscle contractions, and eye movement. Once that raw data is securely transmitted to the Byteflies Cloud, it can be automatically processed to derive vital signs and other health-related digital measures.
-
**Behavioral Data: Byteflies services can record inertial signals which reflect movement of a wearable device (and thus the wearer of the sensor). Once that raw data is securely transmitted to the Byteflies Cloud, it can be automatically processed to derive motion and behavioral measurements, such as but not limited to activity levels, step counts, and sleep-wake patterns.
-
- Other Intentionally Shared Data: We may collect your personal or health-related information if you submit it to us in other contexts. For example, if you complete a symptom survey included in a Byteflies service. We take care to limit the collection of this data to what is required to assist your healthcare provider in administering high quality care. Note that in some cases this data may be requested via a free text field. It is important to never disclose personal information yourself () or from your patient () unless you are comfortable and legally-allowed to share this data.
ALTHOUGH WE TAKE ALL REASONABLE MEASURES TO SECURE YOUR DATA, BYTEFLIES CANNOT BE HELD RESPONSIBLE FOR ANY PERSONALLY IDENTIFIABLE INFORMATION (PII) SUBMITTED VOLUNTARILY AND UNSOLICITED BY THE USER THROUGH A BYTEFLIES SERVICE.
- Account Registration Information: You may need a Byteflies account to use certain Byteflies services ( and ). When you register for an account, we collect your email address which may also disclose your name.
- Billing Information: If you make a payment to Byteflies, we need your billing details, such as a name, address, company, phone number, VAT number, email address and other relevant contact details ().
Data we collect about you indirectly or passively when you interact with us
- Usage Data: We collect usage data about you whenever you interact with a Byteflies service. This may include log-in attemps, what you click on, when you performed certain actions, and so on. Additionally, like most websites and applications today, our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed, operating system versions, and timestamps.
- Device Data: We collect data from the devices (including certain Byteflies hardware devices) and applications you use to access our services, such as your IP address, relevant device and experiment identifiers, operating system version, device type, system and performance data, and browser type. We may also infer your geographic location based on your IP address. Some of our devices are capable of setting up a remote connection to Byteflies servers which may expose more of the device’s surroundings (e.g. networks). Retrieving this data is only possible with explicit consent for each request.
Section 2 - How do we Use your Data?
This section describes what we do with the collected data and why, and how it is managed during its lifetime. Importantly,
BYTEFLIES SERVICES CAN ONLY BE PRESCRIBED BY A CERTIFIED HEALTHCARE PROFESSIONAL. BYTEFLIES DOES NOT MAKE ANY DIAGNOSTIC OR PROGNOSTIC CLAIMS NOR IS BYTEFLIES RESPONSIBLE FOR ANY DIAGNOSTIC OR PROGNOSTIC CLAIMS BASED ON PERMITTED USAGE OF OUR DEVICES AND SERVICES.
To Manage Byteflies Services
We process the data described in Section 1 in order to derive relevant health and disease insights. These data and insights are shared with professional users () and, in certain cases, with to provide you with specific healthcare services as decided by your healthcare provider.
- This data is never sold, rented, leased, given away, disclosed, or shared without your explicit consent.
- This data is never aggregated unless you have given explicit consent as part of your participation in a clinical study.
- You ( and ) may choose to export data from our services to 3rd party applications or websites. We do not own or operate these applications or websites. You are responsible for reviewing the privacy policies and statements of such applications or websites to ensure you are comfortable with the ways in which they use the data you share with them.
Furthermore, we may use your data for the following limited purposes:
- To monitor, maintain, and improve our services and features: We perform statistical and other analysis on data we collect to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate or develop new features. We may use your data for internal purposes designed to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research, and development purposes.
- To enforce our Terms of Service.
- To respond to legal requests or prevent harm: If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond and prevent potentially illegal activities.
- To create new services, features, or content.
- To contact you about your service or account: We can occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register).
Customer Support
In case you experience an issue with a Byteflies service or have a question, we may need to access your data to assist you.
We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized 3rd parties as a result of collecting and transmitting your data through the internet. If you have any questions about the security of your personal data, contact us.
Section 3 - When and How do we Share your Data?
Byteflies does not sell, rent, lease, give away, disclose, or share data withour explicit consent. In two common scenarios, consent can be requested to share your data:
- To allow a healthcare provider to use the collected data for clinical decision making. This may include providing a with an account that can access (a subset of) your data.
- To allow (a subset of) your data to be shared with researchers running a research or clinical study, typically with the intention to improve the standard of care.
In both cases, either Byteflies or a 3rd party will provide an informed consent form (ICF) that clearly explains what you () are giving consent for and under which circumstances you can withdraw that consent. It is possible that you () are asked to provide consent for both a medical and research use. In those cases, the research use will always be optional and opt-in. You will never be denied the use of a Byteflies service as prescribed by your physician () if you decide not to agree to the research use of your data.
If a healthcare provider stores data collected by a Byteflies service on one of their services (e.g. an electronic medical record system), that usage of the data is a contract between you () and them (). Please refer to the privacy policy of the healthcare provider for more information.
Service Providers
We use service providers to run certain Byteflies services. We may give authorized persons working for some of these providers access to your data, but only to the extent necessary for them to perform their services for us. We also implement reasonable contractual and technical protections to ensure the confidentiality of your personal information and data is maintained, used only for the provision of their services to us, and handled in accordance with this Privacy Policy. Amazon Web Services (AWS) is our only service provider. We have a business associate agreement (BAA) with AWS that stipulates their and our requirements to comply with GDPR and HIPAA regulations as explained above.
When Required or Permitted by Law
We may disclose your data as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
Change in Business Ownership or Structure
If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between Byteflies entities, you expressly consent to Byteflies transferring your data to the new owner or successor entity so that we can continue providing our services. If required, Byteflies will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
Section 4 - Consent
Any medical or research usage of your data will be clearly explained in an ICF as discussed in Section 3. | |
& | In addition, when you provide us with personal information to register and use a Byteflies service, complete a transaction, arrange for a delivery or return, or request support, we assume that you consent to us processing and using that information for that specific reason only. |
If we ask for your personal information for a secondary reason, like keeping you up-to-date on new service features, we will ask you directly for your consent. |
If you change your mind after opting-in you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us directly.
Section 5 - Security
To protect your personal data, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
Please note that we handle any event that might impact the availability, confidentiality, or integrity of personal data as a data breach and will act in accordance with the applicable data protection regulations and other laws for all impacted individuals, including but not limited to the EU General Data Privacy Regulation (GDPR) and US Health Insurance Portability and Accountability Act (HIPAA).
In addition, we regularly perform Data Protection Impact Assessments (DPIAs) for existing and new Byteflies Services. A public summary DPIA can be accessed here and is regularly revised.
Byteflies NV, located at Borsbeeksebrug 22, 6th floor, 2600 Antwerp, Belgium is the data controller and processor for all data we collect from users in the EU and US.
Byteflies Cloud is hosted on Amazon Web Services (AWS), and unless mentioned otherwise, these servers are located in Ireland. More details about our commitment to safeguarding your data can be found on the Our Commitment page.
Section 6 - Safety of Children
Certain Byteflies services can be used by persons under the age of 18 provided their parent or legal guardian and healthcare provider consent to it and it is allowed under the legally marketed intended use of the Byteflies service in question.
Section 7 - Your Rights to Control What Happens to your Data
We implement the rights for individuals as stated in the GDPR worldwide, including:
- The right to be informed about how we collect and why we use the data
- The right to access and rectify your personal information
- The right to be forgotten
- The right to data portability
- The right to be notified if your personal information was in any way compromised
Note that participation in a clinical study may overrule some of these rights. If that is the case, you will be informed of this in the study’s informed consent form and you will need to give your express permission.
Specifically, you can:
- Access and correct your personal information: As a user of a Byteflies service, you may access and correct certain personal information that Byteflies holds about you. In all cases, requests to exercise these rights may be directed to our customer support team.
- Delete your data: Deleting data will not permanently remove it immediately. As long as you keep using a Byteflies service we may retain your deleted data for a limited time in case you deleted something by accident and need to restore it (which you can request by contacting customer support). To the extent permitted by law, we will permanently delete your data if you instruct us to do so, in which case you will not be able to use any Byteflies services until you make a new account.
- Cancel your account: To cancel and delete your account, please contact customer support. We will respond to any such request, and any appropriate request to access, correct, update, or delete your personal data within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).
- Take your data elsewhere: Taking into account that Byteflies services provide data in a structured, commonly used and machine-readable format, you ( & ) as a user of our products and services, already have the right to transmit those data to another company’s application or service if desired.
Section 8 - How Long do we Retain your Data?
We generally retain your data for as long as you have an account with us, or to comply with our legal obligations (which may include local laws governing the storage of medical data), resolve disputes, or enforce our agreements. Data that is deleted from our servers may remain as residual copies on offsite backup media for up to 6 months.
Section 9 - Changes to this Privacy Policy
We may modify this Privacy Policy at any time, but if we do, we will notify you. If we determine the changes are material, we will provide you with an additional prominent notice as is appropriate under the circumstances, such as via email or in another conspicuous manner reasonably designed to notify you. If, after being informed of these changes, you continue to use our services beyond the advance-notice period, you will be considered as having expressly consented to the changes in our Privacy Policy (this document). If you disagree with the terms of this Privacy Policy or any updated Privacy Policy, you may close your account at any time by contacting us.