This notice provides you with information on how your personal data is used for the Maela patient engagement and remote monitoring solution, offered by a company called Medtronic (hereafter, the “Services”).
If you have any questions or concerns about this notice or the Services, please ask your Data Privacy Officer (DPO) for more information.
Description of the Services
The Services are designed to help care teams manage patients through their care pathway. Through a protocol validated by the care team, the Services are adapted to the specific intervention and pathway, and allow patients to share relevant information with their care team.
Your personal data
Personal data means all information relating to an identified or identifiable natural person, i.e. all information which can either directly or indirectly lead to knowing who you are.
By using the Services, the following categories of your Personal Data may be utilized:
- Full name;
- Your email and phone number;
- Optional data (address, etc.) as determined by you and your administrator;
- List of devices (smartphone, computer) used to access the Services.
Use of the personal data
Your personal data are collected as part of the use of the Services for the following purposes:
- To provide you with access to the solution to allow you to use it as per your ascribed role, including access to relevant information;
- To enable the functioning of the Maela solution; this includes cookies if using the browser-based application;
- To evaluate and improve functioning of the Services;
- For any other purposes required to comply with applicable laws, court orders or regulations.
The processing of your Personal Data will only be done for the purposes mentioned above.
In order to provide the Services, third-party service providers, listed in the paragraph below, will access your personal data in order to carry out the Services. Such third-parties will not use your personal data other than for the stated purposes within this form. The following describes in detail the way such third-parties will access and manage your personal data to carry out the Services.
Medtronic and Maela, for the purposes of
- Providing the Maela solution and technical support;
- Helping with the resolution of problems or incidents;
- Analysing the functioning and provisioning of the Maela solution and the provision of the Services in order to improve them;
- Providing the Maela application development and maintenance, data hosting support and data hosting maintenance.
All third-party service providers are established within the European Economic Area (EEA) and provide an adequate level of protection of your Personal Data. No Personal Data is transferred outside the EEA. We ensure that all third-party service providers adhere to high privacy and security standards and requirements.
Data security
Your personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Maela solution utilizes encryption to secure your data when it is in transit and when stored at rest to prevent unauthorized access.
You remain responsible for securing the access to the device you utilise for access to the Services.
Data transfer
Beyond the usage of the data by your hospital, for the provision of the Services, your personal data will remain in Switzerland or in the European Economic Area (EEA), which are by the European Commission as providing an adequate level of data protection. Additionally, such entities have committed to adhere to standard contractual model clauses offering sufficient safeguards on data protection for exchange of personal data within Medtronic entities as provided by the European Commission.
Retention of your data
We do not store personal data longer than is necessary for the purposes mentioned above, unless otherwise legally required. Your personal data is stored and maintained in two (2) places:
- The Maela solution, for the purpose of delivering the Services and allowing the hospital to have access to a copy of the data. Personal health data stored in the Maela solution will be maintained until the hospital no longer uses the Services. After that, your data will be deleted from the Maela solution.
- [keep if relevant] The Maela analytics database: your personal data from the Services may be used in the Maela analytics database and retained on behalf of your employer to provide it with the possibility to analyse its care activity and progress stemming from activity involved via the Services.
Cookie usage
A cookie is a numeric code that a website transfers to PC or mobile device for easier recordkeeping purposes. When a user connects for the first time to the Maela web application from a given browser on a given hardware device (or after the user password has expired, or after all cookies have been deleted by the user for that given browser in that given device or after the user deleted that cookie via the Maela menu “My verified devices”), the user goes through a two factor authentication process, where an SMS code is sent to the user’s phone via SMS. During that connection, a token is created and is stored for a month. That token can be deleted in the menu “My verified devices”. It can also be deleted from your browser tools directly along with all other cookies from your browsing history.
Your rights
You may be entitled to request to access, rectify, erase, and restrict your personal data, and/or obtain more information about the processing of your personal data and the applicable safeguards. You have the right to lodge a complaint with the competent supervisory authority.
You can exercise your rights by sending a signed letter or an email to your employer’s Data Privacy Officer at this address [insert address]. We will assist you in any privacy requests or concerns that you may have.
This is the privacy notice version 1.0, dated July the 27th, 2020.