© BYON8

  • Black Facebook Icon
  • Black Instagram Icon
  • Black LinkedIn Icon
  • Black Twitter Icon

BYON8 Corporation

Hangövägen 25, Hus 2, Plan 8

115 41, Stockholm, Sweden

Privacy Policy

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING BYON8 CORPORATION A.B. SERVICES

 

BE ADVISED THAT YOU MUST BE 16 YEARS OF AGE OR OLDER TO USE OUR SERVICES, ALTERNATIVELY THE LEGAL AGE OF MAJORITY DEPENDENT ON LOCAL LEGISLATION. IF YOU ARE UNDER 16 YEARS OF AGE OR THE LEGAL AGE OF MAJORITY, YOU WILL REQUIRE PARENTAL OR LEGAL GUARDIAN CONSENT TO GAIN ACCESS TO OUR SERVICES.

 

At Byon8 Corporation A.B. we have the stated goal of globalizing healthcare provision and accessibility. As such we are aware of our responsibilities to ensure privacy for all our customers and end users. Persons who use Byon8 Corporation A.B. services and whose personal data is processed (collectively referred to as “you”) shall be afforded these protections. Byon8 Corporation A.B. and its associated organisations (collectively referred to as  “we”, “us” or “our”) have prepared this Privacy Policy document to explain to our customers and end users how we collect, use, share personal data/information and for what purposes as described under the European Union General Data Protection Regulation (GDPR). This is to assist you in making informed decisions in regards to how your data is handled, controlled and stored. As the AITOPYA platform is continually evolving, we invite you to periodically review these terms and will inform you of any updates and changes agreed to in these terms moving forward. 

 

This Privacy Policy is intended to govern and include in its scope services and products we provide including AITOPYA, EMR/EHR systems, software, telemedicine functions, mobile applications, websites, devices and services. By use of the AITOPYA system, software, telemedicine functions, mobile applications, website, device or services, you accept to such collection, use and sharing of information and personal data and agree to the terms of this Privacy Policy.

 

We will only process your personal data and personal information according to the European Union GDPR and the Swedish Data Protection Act (2018:218). As used in this Privacy Policy, “personal data” and “personal information” will be referencing information connected to an identifiable natural person.  

 

1. Who we are

 

1.1 The provision of our services are delivered by Byon8 Corporation A.B. which is a registered company in Sweden through the Swedish Companies Registration Office (Bolagsverket). Byon8 Corporation provides both AITOPYA web-based services and mobile application services. As such we are responsible for your data as the providers of the AITOPYA diagnostic support platform, through both online web service and mobile phone application. In this consideration the definition of controller is afforded to Byon8 Corporation A.B. through to the processes of triaging by AITOPYA and consultation with the healthcare provider or physician support. When seeking support from AITOPYA, we act in the capacity of the controller. The healthcare provider or physician is allowed access to view the relevant medical files through the AITOPYA platform and once the consultation period is complete, access is revoked. In a practical sense, this would mean that information used in your treatment such as medical files and your patient history would be made available to the healthcare provider or physician. Once the consultation period is complete including inhouse visit or through the telemedicine feature and a prescription is given, the access to your medical file and patient history would be revoked. Please note this process can differ for non EU data subjects where Byon8 Corporation A.B. acts as a data processor.

 

 

2. Scope of this privacy policy

 

2.1 The scope of this Privacy Policy applies to the following categories of data, regulated by Article 6.1 and Article 6.4 of the GDPR:

 

2.2 Personal Information: In order to provide the service and as part of our business development activities we gather two types of personal information:

 

a. Offline Information: Originates from our interactions with users and potential customers during conferences, seminars, workshops and other gatherings.

 

b. Online information: Collection and processing of personal information which is required for signing up to AITOPYA or any of our related services, during the online registration process.  This is basic user registration information about yourself such as name, date of birth, email address, social security number and physical address.
 

2.3 Medical Information: In order to triage and refer a user/data subject to the relevant healthcare provider, we will need to collect medical information.

 

a. Medical information includes but is not limited to your health status, symptoms,  previous prescriptions, treatments, procedures and vital signs. These details will potentially include information from other consultations other than through AITOPYA or use of AITOPYA or another one of our Service. Any correspondence we receive from you will be uploaded electronically to your AITOPYA medical file.

 

b. Your personal medical information may be corrected or updated at your request as outlined in Article 16 of the GDPR. Furthermore, we hold the right to correct this medical information based on information from healthcare providers outside the AITOPYA platform or our associated products. This will be the case if the information is deemed relevant to medical provision of healthcare.

 

c. As the controller of this data we will ensure never to share this information other than to the respective healthcare provider. Byon8 Corporation A.B. hereby also guarantees that no sharing of your health and medical data to any non-medical third party sites or actors. Medical third party actors would include biomedical laboratories, local clinics, tertiary hospital facilities, insurers,  physiotherapists etc.

 

2.4 Financial Information: Payments that are made through the platform, either through the AITOPYA mobile application or web based service, your credit/debit card details and account number are processed by a third party processor which will store all payment details and records of the transaction. We will only retain a record of the transactions on secure servers. We will not retain any credit/debit card or account details used in payment of any of our services.

 

2.5 Technical Information: When you use our mobile application or affiliated websites, we automatically receive technical information regarding your access to our app or website. This information  is used to provide better functionality and improve your experience with our products. The following types of information will be recorded:

 

  • Your IP address

 

  • Login information

 

  • Uniform Resource Locators

 

  • Type of browser

 

  • Time zone settings

 

  • Time you accessed browser

 

  • Language settings

 

Other metrics on use of the website or application e.g. time spent, functions accessed etc.

 

Please follow link to our Cookies Policy here.

 

2.6 Customer Correspondence: Any correspondence regarded as customer service correspondence such as  phone calls, emails, faxes, pre-sales enquiries, written communication or video chats will be retained. We keep records of these for internal key performance indicators (KPIs). The indicators allow as to measure and improve on our customer service, and investigate any misconduct or violations by users, healthcare providers and us.

 

2.7 Questionnaires And Surveys: Periodically we send out optional questionnaires and surveys to our users to collect demographic information, assessing needs and collecting feedback on functionality. Users will always be given prior notice as to why the information is being collected and its intended use.

 

2.8 Information From Third Party Sources: We may receive metadata about you from publicly traded companies (as permitted by law) e.g. data aggregators. The information we receive might be combined with other existing information we receive about you.   

 

 

3. Where is your personal information stored

 

3.1 The AITOPYA application and website are platforms owned wholly by Byon8 Corporation A.B. The application and website are continually upgraded as a result of feedback and iteration on the existing product. In this way we assure continuing quality improvement. The data that is collected through the application and website are not stored on your device but instead are on a cloud based service. This cloud service and complementary infrastructure is provided by a one of our subcontractors.

 

3.2 All your information outlined in section 2, excluding financial information, is stored primarily within the European Union. Furthermore, no information classified as sensitive information under Article 9 of the GDPR is stored outside the European Union. This storage also includes non European Union data subjects unless specifically stated through a different agreement by a virtual manufacturer.

 

3.3 Associated healthcare providers are obligated to meet the same standard of data protection in regards to sensitive information, irrespective of being non union based. Specifically in regards to sensitive information as stipulated in Article 9 of the GDPR. This requirement includes any EMR systems or similar system.

 

 

4. How do we use your information

 

4.1 We may use the information collected for the following purposes:

 

  • To register you or your device for the service

 

  • To provide a service or feature you have requested

 

  • To provide customised service or features based on past use of our service

 

  • To deliver advertisements, customized content or promotional communication

 

  • For assessment or analysis of our market activities, customers, products, and services (e.g. questionnaires and surveys)

 

  • To provide updating and maintenance services for the application or your device

 

  • To protect, identify or prevent fraud or other criminal activity, claims and other liabilities

 

  • To comply with our legal and regulatory requirements, relevant ISO standards and our policies including this Privacy Policy

 

 

5. Who do we disclose your personal information to

 

5.1 We will not disclose your personal information to any third parties for their own independent marketing activities without your consent. However, we do hold the right to share your information for the following activities:

 

  1. Partner Organisations & Subsidiaries: Your personal information may be shared for the purposes outlined in this Privacy Policy. The term “Partner Organisation” refers to organisations that Byon8 Corporation A.B. has partnered with to achieve outlined business outcomes. Subsidiaries refers to organisations that Byon8 Corporation A.B. directly owns or owns majority shares in the organisation.

 

  1. Service Providers: Byon8 Corporation A.B. holds the right to disclose your information to organisations we deem trusted business partners such as wireless carriers, telecommunications carriers, financial transaction processors and insurance providers.

 

  1. Other Parties including Regulatory Bodies: Instances where legal or regulatory requirements to disclose information to the competent authority or to comply with compulsory legal obligations. Additionally, to verify and evidence compliance with the policies and laws governing our services.

 

  1. Corporate Transactions: Information may disclosed in the event of a company merger or transfer of assets, or in the event of bankruptcy.

 

 

6. How long do we store your personal information

 

6.1 We will only keep your data as long as its required. In practicality, this would mean the duration it would take to ensure quality service provision for your health outcomes. The healthcare provider has an obligation to keep your medical records but in the case they are unable to do so (specifically in certain markets we operate in), we have procedures governing data retention and encryption. Please view Data Retention policy here.

 

6.2 In the event that you close your account with us, your personal information is anonymised and is unidentifiable . After a period of 1 week your account will be permanently deleted and your data encrypted. In the event the data must be retained for compliance or other legal obligations, the data will be encrypted once this obligations are completed.

 

6.3 Alternatively through the Right To Erasure in Article 17 of the GDPR, you as the data subject can request your data to be deleted.

 

6.4 Furthermore, Article 20 of the GDPR regarding Right To Data Portability also allows you to request your data to be packaged and moved from us to another data controller at your request.


 

7. Information stored in third countries

 

7.1 Be aware that our databases are facilitated through third party operators who assist in the maintenance and storage of relevant data. These operations are primarily outside of Sweden, which may mean data transfers within the European Union or Outside the European Union.

 

7.2 Alternatively for non-union based data subject, this would mean your personal information will be transferred to Sweden where our databases are located and processing takes place. The information would then be transferred to a third country where storage of data would be located. Please note that irrespective of whether you are a European citizen/national, the protections provided will be that of data subjects located within the union as stipulated by the scope of the GDPR and operations of union based data controllers.


 

8. Your rights as EU data subject

 

8.1 The GDPR enshrines the rights of EU data subjects and we aspire to safeguard these rights for all our users. These rights include:

 

  1. The right to know if your data is being processed and for what purposes it is being processed for. This includes transfer to third countries and ongoing collaborations with partner organisations.  This should be communicated in a clear and concise manner.

 

  1. If the information retained or processed is inaccurate, you have the right to rectification of this information.

 

  1. The previously mentioned right to erasure or to be forgotten including all publicly accessible information. This is specifically referring to user data, as medical information is required to be retained for a specific time period. Any medical information that does not fall under the scope of legal obligations will be erased.

 

  1. Request a restriction to the processing of your personal data as natural person if you do not wish certain processing activities to be conducted.

 

  1. The ability to request your data be transferred to the controller of your choosing in a recognised standard format.

 

8.2 You may also contact the Swedish Data Protection Authority (Competent Authority in Sweden) with any complaints that you have about the handling of your data.


 

9. Disclaimer

 

9.1 This Privacy Policy does not include any processing activities that Byon8 Corporation A.B. acts in the capacity of a personal data assistant to any controller that Byon8 Corporation A.B. performs the function of personal data assistant. This includes any functions as a Original Equipment Manufacturer (OEM) to a virtual manufacturer, government, insurer, non governmental organisation (NGO) or other organisation classifying themselves as a data controller under the GDPR. The organisation assuming the responsibilities of controller will be responsible for determining how the data is processed and as such assume responsibility for requests Byon8 Corporation A.B. will be asked to execute on the controllers behalf. It is up to the data controller to ensure that processing request instructions are compliant to the GDPR requirements for EU based controllers and respective local data protection regulations for non EU based controllers.

 

9.2 Byon8 Corporation A.B. will however work to ensure that data privacy requirements obligatory to both the controller and personal data assistant (processor) will be adhered to in respect to records of treatments, appropriate levels of security and the appointment of a data protection officer (DPO) as stipulated under the GDPR and Swedish Data Protection Act (2018:218).


 

10. Contact us

 

10.1 If you have any further questions regarding our processing, control and storage of your data or specific requests regarding your data, please contact our data protection officer:

 

Company Information

Founded:  2015

Organisation Number: 559027-2430

CEO: Josef Murad

 

Address

Data Protection Officer,

Byon8 Corporation, Hangövägen 25,

Hus 2, Plan 8, 11541, Stockholm, Sweden

 

Email

Josef Murad

DPO@byon8.com