Previct Privacy Policy

Previct is a dependency treatment tool that supports the successful treatment of many substance and gambling addictions within public and private healthcare. Previct consists of a digital Application, a medical device and a portal for healthcare providers. The patient (“you”), will use the medical device when measuring your sobriety and the application when communicating with your treating physician.

This Privacy Policy explains how the mobile application Previct collects and uses your personal data when used as intended. It is your healthcare provider and treating physician that is in charge of your treatment and is responsible for the management of your personal data as data controller. For more information on how your data is used in your treatment, please see your healthcare provider’s privacy policy.

We, Kontigo Care AB (reg. no. 556956-2795 and registered address Påvel Snickares Gränd 12, 753 20 Uppsala, Sweden) follow the instructions from your healthcare provider and treating physician and act as the data processor. If you have questions or concerns, please contact your treating physician.

Last updated;  6 July, 2022

Table of Contents

  1. Introduction
  2. Who is responsible for your personal data?
  3. Kontigo’s and your healthcare provider’s collection and use of personal data
  4. Sharing your personal data only when strictly necessary
  5. Transfer of personal data to third countries
  6. Data storage and Retention period
  7. Your Rights
  8. Security
  9. Exclusions
  10. Changes and updates
  11. Questions or concerns

 

1. Introduction

  1.  The service Previct is a tool for healthcare providers to provide dependency treatment for alcohol and gambling. Previct also features functions for colleagues and family members as part of the treatment plan by your treating physician. The application can be downloaded from App Store or Google Play. This Privacy Policy explains how the mobile application Previct collects and uses your personal data when used as intended.

 

2. Who is responsible for your personal data?

  • 2.1 When you use Previct as part of your treatment plan from your healthcare provider, it is the healthcare provider that is responsible for the care including determining how your personal data is used. It is your healthcare provider and treating physician that is in charge of your treatment and is responsible for the management of your personal data as the data controller. For more information on how your data is used in your treatment, please see your healthcare provider’s privacy policy.
  • 2.2 Kontigo Care is the owner and provider of the mobile application Previct (the “Application”), the medical device to measure sobriety and the platform for healthcare providers (together the ”Service”). We act on your healthcare providers instruction as a data processor of the personal data necessary for your healthcare. Our processing includes operation, support and troubleshooting of the Service, supporting the healthcare provider in quality assurance of the healthcare provided and improvements of the services as well as compliance and information security. We are Kontigo Care AB with reg. no. 556956-2795 and registered address Påvel Snickares Gränd 12, 753 20 Uppsala (“Kontigo Care”, “We”, “Us”).

 

3. Kontigo’s and your healthcare provider’s collection and use of personal data

  • 3.1 We handle your personal data as necessary to provide your healthcare provider with data to provide healthcare services to you.
  • 3.2 Contact information to administer your account
  • 3.2.1 We collect information that your healthcare provider has provided to us, including but not limited to user data, name, e-mail, social security number
  • 3.3 Technical data to optimise the Service and Application’s performance
  • 3.3.1 When you use our Services information about the mobile device that you use to access our Service, including the hardware model, operating system and version, unique device identifiers, IP-address, and mobile network information is collected in order to adapt and optimise user experience of the Application. Device-ID of the alcohol medical device is captured to ensure relevant linkage between user and result.
  • 3.4 Health data and location data to support your treating physician to provide you with healthcare
  • 3.4.1 When you follow your treating physician’s treatment plan and complete the steps in the Application, health data such as profile picture in relation to measurement of sobriety and secure identification, self-evaluation of healthcare status and mental status, completed assignments, communication between user/patient and treating physician. If your treatment plan includes obligation to check-in into treatment meetings, the Application may collect your GPS coordinates at check-in.
  • 3.4.2 Note that it is the treating physician that may choose to include certain information, such as individual social security number, it is not collected by default. Note that the treating physician does not make notes in Previct, and that all record-keeping takes place in the healthcare provider’s ordinary medical record system. Your healthcare provider process your patient data to provide you with healthcare based on article 6.1. c and article 9.2 GDPR and Patient Data Act (2008:355).
  • 3.5 Continuously improve the service
  • 3.5.1 Your healthcare provider has instructed us to continuously improve our Services including user experience as part of the healthcare provider’s quality improvement work in order to continuously increase safety, medical quality, efficiency and availability of the Services. The processing necessary to improve the Service is based on the healthcare provider’s rights to process personal data in connection with quality assurance and improvement of care (article 6.1. f GDPR and Patient Data Act 2008:355).
  • 3.6 Manage your support requests
  • 3.6.1 When you communicate with the healthcare provider or us, we may reply to your questions to resolve an issue or troubleshoot a technical error through our support channels including telephone or email. Your healthcare provider and us use your data based on carrying out your treatment plan, based on the healthcare provider’s right to process personal data in relation to administration of its healthcare operations (article 9.2 h GDPR and Patient Data Act 2008:355). Use of your personal data for support matters is based on the healthcare provider’s right to fulfil its legal obligations under mandatory legislation in the healthcare industry (article 6.1 c GDPR).
  • 3.7 We, Kontigo, process this personal data for the purposes described in section 3.2 – 3.6 in accordance with the data processing agreement we have in place with your healthcare provider.
  • 3.8 To fulfil our legal obligations
  • 3.8.1 Kontigo Care and the healthcare provider may process your personal data and health data on the basis of legal obligation (article 6.1 c GDPR) to follow obligations in law, rulings and awards or government decisions. We will process and save your data to the extent it is necessary to fulfil our legal obligations and requirements in law.
  • 3.9 Administration in relation to mergers, acquisitions and other reorganisations
  • 3.9.1 If Kontigo Care or the healthcare provider ceases to exist through liquidation or bankruptcy, we will delete your personal data to the extent they are not needed to fulfil legal requirements.
  • 3.9.2 If Kontigo Care or the healthcare provider is acquired, merged or split as part of a reorganisation, the new entity will continue to use your personal data in accordance with this policy, unless new information is provided to you. The healthcare provider and we may then continue to process your data on the basis of our legitimate interest (article 6.1 f GDPR) and to fulfil our legal obligations (article 6.1 c GDPR). The healthcare provider will process your health data on the basis of providing you with healthcare (article 9.2 h GDPR) and to be able to establish, assert or defend legal claims (article 9.2 f GDPR).

 

4. Sharing your personal data only when strictly necessary

  • 4.1 Your data is continuously shared with your healthcare provider so you can receive your treatment including any subcontractor of your healthcare provider. The healthcare provider is responsible for managing the medical records in separate systems outside of the App and our Services. Any medical records will be saved in systems outside of the App and our Systems at a supplier that acts as a data processor to the healthcare provider and follows the healthcare provider’s instructions. This privacy policy does not cover such use of your data.
  • 4.2 We use a hosting partner and a partner to supply the location check-in feature in the Application.
  • 4.3 Our partners are bound by our strict data protection requirements and they are not allowed to use personal data they receive for any other purpose.
  • 4.4 If we consider it necessary, we may also share your personal data in the following situations:
  • a) comply with the law, legal proceedings, government decisions or court orders and provide information to the police and other competent authorities;
  • b) be able to fulfil our agreements;
  • c) protect our customers and users, for example to prevent attempted fraud or spam, or to facilitate the prevention of death or serious injury; and
  • d) manage and maintain the security of our service, including preventing or stopping an attack on our systems or networks.

 

5. Transfer of personal data to third countries

  • 5.1 The data of Previct resides within Sweden. We have designed the system and services with security in mind and have chosen a Swedish cloud service provider.
  • 5.2 In limited cases we may transfer data to suppliers outside of the EU/EEA, namely the US, where your rights may not be protected at the equivalent level as the EU. All transfers are made in line with applicable law, e.g. accepted transfer mechanism and supplemental safeguards. The additional safeguards we use are (a) the decision on adequacy available here and (b) EU Standard Contractual Clauses available here.
  • 5.3 There is an option for your healthcare provider and treating physician to active feature check-in while at treatment meetings. If considered beneficial to your treatment plan and recovery, you may be prompted to check-in in the Previct App while at treatment meetings. In doing so, you will send your location GPS coordinates in Google Maps to the treating physician and it will be shared with Google. We have taken appropriate security measures to protect your data, with encryption in transit and

 

6. Data storage and Retention period

  • 6.1 We will only retain your personal data for as long as it is necessary to provide you will healthcare according to your treatment plan and to fulfil our legal obligations. For all purposes, see section 3 above. When your treating physician has terminated your treatment plan, your account in our System will be terminated and the data will be automatically anonymised or deleted within 30 days.

 

7. Your Rights

  • 7.1 Under the GDPR you have certain rights to access, correct, restrict and delete your personal data. Since Previct is a tool that your healthcare provider uses for the purpose of giving you healthcare, you may direct your data rights request directly to them.
  • 7.2 Kontigo Care cares about your integrity and is committed to complying with data protection legislation. As a developer, we have designed our tool Previct in accordance with the obligations of privacy by design and by default.
  • 7.3 Any questions or concerns that are directed to us, but that we determined rightfully belong to your treatment will be directed to your healthcare provider.
  • 7.4 If you have concerns or question regarding the functionality of our App you have the following rights:
  • a) The right to access. You have the right to request us copies of the personal data we process about you.
  • b) The right to rectification. You have the right to request that we correct any information which is inaccurate or incomplete.
  • c) The right to erasure. You have the right to request that we erase your personal data, under certain conditions.
  • d) The right to restrict processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • e) The right to object to processing. You have the right to object to our processing of your personal data, under certain conditions.
  • f) The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • g) Profiling and automated decision-making. You have the right to object to decisions made through automated processing, including profiling.
  • 7.5 We respond to all requests that we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. You can contact us by sending an email to privacy@kontigocare.com.
  • 7.6 You may also file a complaint to the Swedish Authority for Privacy Protection (“IMY”), www.imy.se about our collection and use of your information.
  • 7.7 You may also contact our data protection officer via dpo@kontigo.com

 

8. Security

  • 8.1 To protect your personal data and the privacy of our users, we have implemented physical, technical and organizational security measures .
  • 8.2 Personal data processed and used by Kontigo Care is stored in Sweden, where our suppliers and we are active. We take steps to ensure that the information we collect in accordance with this Privacy Policy is dealt with in accordance with this Policy and in accordance with applicable laws where the information is available.
  • 8.3 When required or appropriate and feasible, we obtain written assurances from third parties that may access your data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by Kontigo Care. If we were to transfer your personal data to third countries, i.e. countries outside the EU / EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements.
  • 8.4 To protect the privacy of your personal information, we maintain both technical and organisational safeguards, and we update and test our security regularly. However, an information system is never completely secure. Hence, we cannot guarantee the absolute security of your information. We are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.

 

9. Exclusions

  • 9.1 Third Party content
  • 9.2 Our privacy policy applies only to our service so if you click on a link to another website, Kontigo Care is not responsible for the processing of personal data by any third parties. We encourage you to read the respective privacy policy of any other websites you are re-directed to.
  • 9.3 Aggregated data and anonymous data
  • 9.3.1 We may de-identify or aggregate information about you and share it freely, so that you can no longer be identified. We may also share information about you with your consent or at your direction or where we are legally entitled to do so.
  • 9.4 Children
  • 9.4.1 Our services are not intended for children under the age of thirteen. We never knowingly or intentionally collects information about children. If you believe we process information about a child, please notify us at privacy@kontigocare.com and request erasure of personal data.

 

10. Changes and updates

  • 10.1 We reserve the right to make changes and updates to this Privacy Policy, When we make such updates or changes, the “Last Revised”-date at the top of this Privacy Notice will be updated. The changes made will be described under the section “Change History”. If we make any significant changes, we will notify you in the Service or by e-mail. We regularly review, and if necessary, update this Privacy Policy.

 

11. Questions or concerns

  • 11.1 If you have any questions about your data or this privacy policy, please do not hesitate to contact us:

 

Kontigo Care AB

privacy@kontigocare.com

www.kontigocare.com

You are also always welcome to contact our Data Protection Officer:

Sharp Cookie Advisors with team lead Sofia Edvardsen dpo@kontigo.com