updated: 26 December 2019
1. Terms and Definitions
1.1. For the purposes hereof, the following terms and definitions are used:
Web-site - the web-site with a domain name “lungpass.com”.
LungPass - the mobile application designed for automatic lungs auscultation and its web-version.
We (Healthy Networks) - Healthy Networks OÜ.
You (User) – any individual that is using functional features of the Services and has reached the age of full legal capacity in accordance with the legislation of the country of their citizenship.
Services - the web-site with a domain name “lungpass.com” and the mobile application “LungPass” (including its web-version).
2.1. This Policy shall govern any interaction between Healthy Networks and users related to personal data when using the Services.
2.2. This Policy neither governs nor determines the rights and obligations of third parties. It also does not apply to third-party applications or software available to users for integration with the Services. Thus, if you integrate any third-party applications with our Services, we will not be able to control how such applications process your personal data.
2.3. Please do not use the Services if you do not agree with the provisions and scope hereof.
3. Who determines the purposes and means of personal data collection?
3.1. The purposes and means of how your personal data is collected in these Services are determined by the following legal entity:
Healthy Networks OÜ
Estonia, Harju maakond,
Tallinn, Narva mnt 5, 10117
email (general questions): email@example.com
email (personal data questions): firstname.lastname@example.org
4. Personal data we collect
4.1. Personal data is any information that could enable direct or indirect identification of a person (e.g., their name, passport details, online identifier, etc.).
4.2. In accordance herewith, personal data may be collected both directly and indirectly.
(1) Personal data are collected directly when you provide them voluntarily (e.g. when registering in LungPass).
Also, an indirect collection of your personal data occurs when we receive your personal data from third parties (for example, when your physician enter your data in LungPass).
4.3. We collect the required minimum of your personal data for the purposes hereof:
(1) registration data: telephone number, e-mail. Accounting data can also include information about your Facebook or Google account if you choose such an account registration way.
(2) account data: surname, name, age and date of birth, gender, weight, photo;
(3) medical info: the drugs taken and the history of treatment (drug title, dosage, start and end dates), dynamics and prognosis of the condition, chronic diseases, information about smoking and harmful working conditions, physician's appointments, answers to questions about the health status;
(4) auscultation results: lungs sounds and its analysis;
(5) payment info: your payment card details;
(6) additional info: device model and ID, operating system and its language settings.
5. Data Processing, Storage and Protection
5.1. “Processing” is understood as at least one of the following: storage, modification, retrieval, disclosure, structuring, use, destruction as well as any other action with respect to your personal data.
5.2. We will process your personal data only for the following purposes and on the following legal grounds:
|Data type||Processing purposes||Legal basis||Retention period|
|Registration data||We process your registration data to create and register your account in LungPass. Also, the your email will be used to respond to your inquiries that you send via the feedback form on the Web-site.||Legal interest to provide services and respond to your requests and inquiries.||Until your account is deleted.|
|Account data||We process your account data to ensure your ability to use the LungPass functionality.||Legal interest to provide services.||Until your account is deleted.|
|Medical info||We process your medical info to enable you and your physician to monitor the dynamics of your medical condition, and also so that LungPass gives a more accurate analysis of your medical condition.||Your explicit consent.||Until your account is deleted.|
|Auscultation results||We process your auscultation results to enable you and your physician to monitor the dynamics of your lungs condition.||Your explicit consent.||Within 6 (six) months. After this retention period we anonymize these data.|
|Payment info||We process your payment info for making payments in LungPass.||Performance of a contract between Healthy Networks and users.||Until your account is deleted.|
|Additional info||We process additional info in order to provide users with the possibility of proper and uninterrupted use of the functionality of the Services (for example, to log errors, send notifications, or select the right resources from the server).||Legal interest to provide services, the availability of the functions of the Services and to improve their quality.||Until your account is deleted.|
5.3. Subject to data anonymization, your personal data may be used by Healthy Networks for any other purposes. For example, this happens every six months, when we anonymize lung sounds and upload them to removable devices so that our data scientists can work with them to improve the performance of LungPass. After anonymizing lung sounds, we with 100% probability will no longer be able to determine which User they belong to.
5.4. We do not not use automated decision-making tools (including profiling) in personal data processing. Automated decision-making tools primarily include those systems that process your personal data without human intervention to make decisions that may have potential legal consequences for you.
5.5.Your personal data will be stored on the servers of our counterparties that we are using for operating our Services. Also, a copy of all your data is always stored on your device for the correct operation of LungPass. It is downloaded from our server after your authorization and is deleted from your device after logging out.
5.6. We use Microsoft Azure service for operating our Services. Therefore, your data will be stored on the servers of the following legal entity:
Microsoft Ireland Operations Limited (Ireland)
Address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
5.7. Employees of Healthy Networks shall also take all necessary organisational, legal and technical measures available to us for protection of your personal data. Users of the Services shall also be responsible to the maximum possible extent for the provision of accurate account details, keeping passwords and any other information required for authorisation confidential and its protection from unauthorised access by third parties.
5.9. Any personal data collected and processed hereunder shall be properly protected unless:
(1) you consent to their disclosure;
(2) such personal data are anonymized;
(3) such personal data are subject to disclosure under the applicable law.
5.10. We will do our best to keep your personal data protected by limiting the number of people who have access to your personal data, using anti-virus software, Web Application Firewall and traffic filtering for our servers that store personal data. However, despite any possible measures taken on our part, we cannot guarantee full protection of the Services against information security risks.
6. Transfer and Disclosure
6.1. Your personal data could be transferred to the following legal entities:
(1) Google Inc. (Ireland)
Address: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Google may have access to the personal data that you provide to us because we use Gmail service to respond to your request and Firebase and Crashlytics services for logging errors.
(2) Google Play (PAYMENT SERVICES)
Google Play may have access to the personal data that you provide to us because we use their services for making payments in LungPass.
(3) Plivo Inc. (Ireland)
Address: 1 Spencer Dock, North Wall Quay, Dublin 1, Ireland
Plivo may have access to the telephone number that you provide to us as part of the registration data, since we use their service to send you an SMS-confirmation. This will happen only if you choose the method of creating an account with the usage of your telephone number.
(4) Healthy Networks Limited Liability Company (Belarus)
Address: Starinovskaya str., 3 - 11H, Minsk 220056, Belarus
Healthy Networks Limited Liability Company that is incorporated in the Republic of Belarus may have access to the personal data that you provide to us because they are our contractor and processor in the development and operating of LungPass. We legally obligated them to follow the same level of data protection as we implemented in our company. We also signed Standard contractual clauses with them to provide appropriate safeguards of such a transfer.
(5) Your physician
If your physician also uses LungPass and you have given him the appropriate consent, he will have access to your medical info to analyze your condition.
(6) Profiles in your account
LungPass functionality allows you to create multiple profiles within the same account. This is provided primarily for families who want to collectively analyze their health status. Therefore, if you create several profiles in your account, each of them will have access to the data of all account profiles.
6.2. To ensure the provision of our services, your personal data may also be transferred to a legal entity created after reorganization of Healthy Networks should it be necessary.
6.3. Please note that disclosure of your personal data may be required in accordance with the law and judicial procedures or at the request of public bodies of the country of your stay or other countries. Your personal data will be disclosed if it is necessary for the purposes of national security, law enforcement, protection of the rights and legitimate interests of Healthy Networks and third parties or for other substantial public interest purposes.
7. Children's Personal Data
7.1. To the extent to which it is not prohibited by the applicable law, we do not authorize the use of our Services by individuals who have not reached the age of full legal capacity in accordance with the legislation of the country of their citizenship. We do not collect and process (at least knowingly) their personal data without the consent of their legal representatives.
8. User Rights
8.1. The rights of users related to the collection and processing of personal data shall be determined in accordance with the applicable law.
8.2. If you are a citizen of a European Union member state, your rights with respect to the collection and processing of personal data may be determined in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
In accordance with the General Data Protection Regulation you may access, change and/or make additions to, delete, restrict processing and migration of, object to or withdraw your consent to the processing of your personal data as well as lodge a complaint to the supervisory authority.
8.3. To exercise any of your rights above and any other rights guaranteed to you by applicable law and if you have any related questions, write to: email@example.com. For issues related to your personal data please contact: firstname.lastname@example.org.
8.4. Healthy Networks reserves the right to verify your identity before exercising any rights at your request. In case we are not able to exercise any of your rights or provide any information, we will also explain the reasons to you.
9. Final Provisions
9.1. This Policy may be amended and (or) modified at any time of the Services operation. In this case, a notice with information about the changes accompanied by the new version of the Policy and date of its adoption will be published in the Services. The User of the Services must read and acknowledge the new version hereof.
9.2. The Policy is an agreement between us and the User about the use of the Services. Any other pre-existing written or oral agreements or arrangements with respect to such use are hereby cancelled.
9.3. If any provision hereof is invalid or unenforceable, other provisions shall remain valid and enforceable to the fullest extent permitted by applicable law.
9.4. Failure to enforce your strict compliance herewith cannot be construed as our waiver of any provision hereof or any right hereunder.