The protection of your personal data is a priority for CARDIOID TECHNOLOGIES, which is why, under Regulation No. 2016/679 of the European Parliament and its Council, of 27 April 2016 (General Data Protection Regulation), we are pleased to introduce you to our Privacy Policy for the ConnectedHeart App, to keep you informed on the rules applicable to the processing of your personal data, rights, as well as to inform you on how to manage the respective consents.
The rules provided for in this Privacy Policy complement the provisions on the protection and processing of personal data that are provided for in the contracts celebrated with CARDIOID TECHNOLOGIES. This Privacy Policy applies exclusively to the collection and processing of personal data carried out by CARDIOID TECHNOLOGIES, whenever this takes place.
WHO ARE WE?
Your data will be processed by CARDIOID TECHNOLOGIES Lda, a private limited company with headquarters in Parque Tecnológico de Óbidos, Rua da Criatividade, 2510-216 Óbidos, Portugal, NIPC 513 077 634 (hereinafter referred to as CARDIOID).
CARDIOID, through its DPO (DATA PROTECTION OFFICER) is responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (hereinafter referred to as GDPR).
ConnectedHeart is a registered trademark of CARDIOID TECHNOLOGIES Lda, under number 696574 issued by Instituto Nacional de Propriedade Industrial (INPI) in Portugal.
WHAT IS PERSONAL DATA?
Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person. An identifiable person is considered to be a person who can be identified directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or to one or more specific elements of the identity physical, physiological, genetic, mental, economic, cultural or social of that natural person.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
The ConnectedHeart App (hereinafter referred to as APP) is a mobile application intended to assist cardiac patients to improve their cardiovascular health through tailored cardiac rehabilitation programs. After a rehabilitation program is prescribed by a medical doctor, the APP guides the patient through the types and frequency of exercises they should perform, capturing physical activity and physiological data to remotely verify patient adherence to the program, and to quantify the evolution of the relevant cardiac parameters. Physical activity information is collected through the mobile phone’s on-device sensors, while cardiac physiological data is collected via an external device (such as a wearable), typically connected via Bluetooth Low Energy (BLE) to the patient’s mobile phone.
To attain these functional goals, the APP collects the types of data described below. For the purposes of this Privacy Policy, the definition of medical or clinical relevance is the sole responsibility of the medical doctor that prescribed the rehabilitation program.
Login Information
The APP requires the user’s email and a password to verify and authorize access to the provided services. Login information is processed by a GDPR-compliant 3rd party provider.
Contact Information
For the medical team to be able to contact the user throughout the rehabilitation program, the APP collects the name, address, email, and phone number of the user. Additionally, the user’s health number is collected for administrative purposes.
Socio-Demographic Data
Date of birth (to compute age), sex, and gender are used to personalize the user experience of the APP and are also medically relevant for the purpose of evaluating the evolution of the cardiac parameters measured by the APP.
Health Data
In the context of a cardiac rehabilitation program, the user’s relevant medical history, including medications, is inserted in the APP by the prescribing medical doctor. Furthermore, upon user input, the APP collects measurements of blood pressure, blood oxygen saturation, blood sugar, body temperature, weight, and food intake. Additionally, the user is asked to fill out questionnaires deemed relevant by the prescribing medical doctor about health, exercise, and lifestyle habits.
Physiological Data
While the user is performing a prescribed exercise, cardiac physiological data is collected via an external device, such as a wearable. From these devices, the APP collects, depending of the type of device, the electrocardiogram (ECG), the photoplethysmogram (PPG), heart rate, and heart rate variability.
Physical Activity Data
While the user is performing a prescribed exercise, activity data is collected to quantify the duration, length, and intensity of the exercise. For this, the APP uses the on-device sensors (via interfaces provided by the native mobile operating system) to collect the number of steps (via inertial sensor), altitude variation (via barometric or GNSS sensor), distance and speed (via GNSS sensor), and the geolocated exercise route (via GNSS sensor).
HOW LONG DO WE KEEP YOUR INFORMATION?
The collected information is stored by CARDIOID for as long as the user has an active login account. Users can request account termination at any time through a dedicated mechanism within the APP. User data will be deleted after 30 days after the reception by CARDIOID of the termination request.
TO WHOM CAN WE TRANSMIT YOUR PERSONAL DATA?
CARDIOID uses a GDPR-compliant 3rd party cloud services provider, including a database hosting service. Data storage is done in computational centers located in the European Union.
Collected health data is only accessible by the prescribing medical doctor, or by clinical staff authorized by the medical doctor, with the sole purpose of providing relevant and informed care to the user, in accordance with deontological medical practice.
CONFIDENTIALITY
We are committed to keeping your data safe, so we apply appropriate technical and organizational measures to ensure a level of security that is adequate for the risk of keeping your personal data on file.
We also respect the confidentiality of your information. As such, we do not sell, distribute or otherwise commercially make your information available to any third party. In light of the above, CARDIOID undertakes to keep your information confidential in accordance with this Privacy Policy and applicable legislation.
EXERCISE OF RIGHTS
If you still have any doubts regarding the processing of your personal data, or wish to exercise any of your rights, please contact us:
Email: [email protected]
Address: Rua Conselheiro Emídio Navarro 1, Room E.06
1959-007 Lisbon, Portugal
Please note that, from time to time, CARDIOID TECHNOLOGIES may update this Privacy
Policy, and we advise you to periodically review it to stay up to date.
REVISION HISTORY
Revision 1.0, April 15, 2025
First version.