BE ADVISED THAT YOU MUST BE 16 YEARS OF AGE OR OLDER TO USE OUR SERVICES, ALTERNATIVELY THE LEGAL AGE OF MAJORITY DEPENDENT ON LOCAL LEGISLATION. IF YOU ARE UNDER 16 YEARS OF AGE OR THE LEGAL AGE OF MAJORITY, YOU WILL REQUIRE PARENTAL OR LEGAL GUARDIAN CONSENT TO GAIN ACCESS TO OUR SERVICES.
1. Who we are
1.1 The provision of our services are delivered by Byon8 Corporation A.B. which is a registered company in Sweden through the Swedish Companies Registration Office (Bolagsverket). Byon8 Corporation provides both AITOPYA web-based services and mobile application services. As such we are responsible for your data as the providers of the AITOPYA diagnostic support platform, through both online web service and mobile phone application. In this consideration the definition of controller is afforded to Byon8 Corporation A.B. through to the processes of triaging by AITOPYA and consultation with the healthcare provider or physician support. When seeking support from AITOPYA, we act in the capacity of the controller. The healthcare provider or physician is allowed access to view the relevant medical files through the AITOPYA platform and once the consultation period is complete, access is revoked. In a practical sense, this would mean that information used in your treatment such as medical files and your patient history would be made available to the healthcare provider or physician. Once the consultation period is complete including inhouse visit or through the telemedicine feature and a prescription is given, the access to your medical file and patient history would be revoked. Please note this process can differ for non EU data subjects where Byon8 Corporation A.B. acts as a data processor.
2.2 Personal Information: In order to provide the service and as part of our business development activities we gather two types of personal information:
a. Offline Information: Originates from our interactions with users and potential customers during conferences, seminars, workshops and other gatherings.
b. Online information: Collection and processing of personal information which is required for signing up to AITOPYA or any of our related services, during the online registration process. This is basic user registration information about yourself such as name, date of birth, email address, social security number and physical address.
2.3 Medical Information: In order to triage and refer a user/data subject to the relevant healthcare provider, we will need to collect medical information.
a. Medical information includes but is not limited to your health status, symptoms, previous prescriptions, treatments, procedures and vital signs. These details will potentially include information from other consultations other than through AITOPYA or use of AITOPYA or another one of our Service. Any correspondence we receive from you will be uploaded electronically to your AITOPYA medical file.
b. Your personal medical information may be corrected or updated at your request as outlined in Article 16 of the GDPR. Furthermore, we hold the right to correct this medical information based on information from healthcare providers outside the AITOPYA platform or our associated products. This will be the case if the information is deemed relevant to medical provision of healthcare.
c. As the controller of this data we will ensure never to share this information other than to the respective healthcare provider. Byon8 Corporation A.B. hereby also guarantees that no sharing of your health and medical data to any non-medical third party sites or actors. Medical third party actors would include biomedical laboratories, local clinics, tertiary hospital facilities, insurers, physiotherapists etc.
2.4 Financial Information: Payments that are made through the platform, either through the AITOPYA mobile application or web based service, your credit/debit card details and account number are processed by a third party processor which will store all payment details and records of the transaction. We will only retain a record of the transactions on secure servers. We will not retain any credit/debit card or account details used in payment of any of our services.
2.5 Technical Information: When you use our mobile application or affiliated websites, we automatically receive technical information regarding your access to our app or website. This information is used to provide better functionality and improve your experience with our products. The following types of information will be recorded:
Your IP address
Uniform Resource Locators
Type of browser
Time zone settings
Time you accessed browser
Other metrics on use of the website or application e.g. time spent, functions accessed etc.
Please follow link to our Cookies Policy here.
2.6 Customer Correspondence: Any correspondence regarded as customer service correspondence such as phone calls, emails, faxes, pre-sales enquiries, written communication or video chats will be retained. We keep records of these for internal key performance indicators (KPIs). The indicators allow as to measure and improve on our customer service, and investigate any misconduct or violations by users, healthcare providers and us.
2.7 Questionnaires And Surveys: Periodically we send out optional questionnaires and surveys to our users to collect demographic information, assessing needs and collecting feedback on functionality. Users will always be given prior notice as to why the information is being collected and its intended use.
2.8 Information From Third Party Sources: We may receive metadata about you from publicly traded companies (as permitted by law) e.g. data aggregators. The information we receive might be combined with other existing information we receive about you.
3. Where is your personal information stored
3.1 The AITOPYA application and website are platforms owned wholly by Byon8 Corporation A.B. The application and website are continually upgraded as a result of feedback and iteration on the existing product. In this way we assure continuing quality improvement. The data that is collected through the application and website are not stored on your device but instead are on a cloud based service. This cloud service and complementary infrastructure is provided by a one of our subcontractors.
3.2 All your information outlined in section 2, excluding financial information, is stored primarily within the European Union. Furthermore, no information classified as sensitive information under Article 9 of the GDPR is stored outside the European Union. This storage also includes non European Union data subjects unless specifically stated through a different agreement by a virtual manufacturer.
3.3 Associated healthcare providers are obligated to meet the same standard of data protection in regards to sensitive information, irrespective of being non union based. Specifically in regards to sensitive information as stipulated in Article 9 of the GDPR. This requirement includes any EMR systems or similar system.
4. How do we use your information
4.1 We may use the information collected for the following purposes:
To register you or your device for the service
To provide a service or feature you have requested
To provide customised service or features based on past use of our service
To deliver advertisements, customized content or promotional communication
For assessment or analysis of our market activities, customers, products, and services (e.g. questionnaires and surveys)
To provide updating and maintenance services for the application or your device
To protect, identify or prevent fraud or other criminal activity, claims and other liabilities
5. Who do we disclose your personal information to
5.1 We will not disclose your personal information to any third parties for their own independent marketing activities without your consent. However, we do hold the right to share your information for the following activities:
Service Providers: Byon8 Corporation A.B. holds the right to disclose your information to organisations we deem trusted business partners such as wireless carriers, telecommunications carriers, financial transaction processors and insurance providers.
Other Parties including Regulatory Bodies: Instances where legal or regulatory requirements to disclose information to the competent authority or to comply with compulsory legal obligations. Additionally, to verify and evidence compliance with the policies and laws governing our services.
Corporate Transactions: Information may disclosed in the event of a company merger or transfer of assets, or in the event of bankruptcy.
6. How long do we store your personal information
6.1 We will only keep your data as long as its required. In practicality, this would mean the duration it would take to ensure quality service provision for your health outcomes. The healthcare provider has an obligation to keep your medical records but in the case they are unable to do so (specifically in certain markets we operate in), we have procedures governing data retention and encryption. Please view Data Retention policy here.
6.2 In the event that you close your account with us, your personal information is anonymised and is unidentifiable . After a period of 1 week your account will be permanently deleted and your data encrypted. In the event the data must be retained for compliance or other legal obligations, the data will be encrypted once this obligations are completed.
6.3 Alternatively through the Right To Erasure in Article 17 of the GDPR, you as the data subject can request your data to be deleted.
6.4 Furthermore, Article 20 of the GDPR regarding Right To Data Portability also allows you to request your data to be packaged and moved from us to another data controller at your request.
7. Information stored in third countries
7.1 Be aware that our databases are facilitated through third party operators who assist in the maintenance and storage of relevant data. These operations are primarily outside of Sweden, which may mean data transfers within the European Union or Outside the European Union.
7.2 Alternatively for non-union based data subject, this would mean your personal information will be transferred to Sweden where our databases are located and processing takes place. The information would then be transferred to a third country where storage of data would be located. Please note that irrespective of whether you are a European citizen/national, the protections provided will be that of data subjects located within the union as stipulated by the scope of the GDPR and operations of union based data controllers.
8. Your rights as EU data subject
8.1 The GDPR enshrines the rights of EU data subjects and we aspire to safeguard these rights for all our users. These rights include:
The right to know if your data is being processed and for what purposes it is being processed for. This includes transfer to third countries and ongoing collaborations with partner organisations. This should be communicated in a clear and concise manner.
If the information retained or processed is inaccurate, you have the right to rectification of this information.
The previously mentioned right to erasure or to be forgotten including all publicly accessible information. This is specifically referring to user data, as medical information is required to be retained for a specific time period. Any medical information that does not fall under the scope of legal obligations will be erased.
Request a restriction to the processing of your personal data as natural person if you do not wish certain processing activities to be conducted.
The ability to request your data be transferred to the controller of your choosing in a recognised standard format.
8.2 You may also contact the Swedish Data Protection Authority (Competent Authority in Sweden) with any complaints that you have about the handling of your data.
9.2 Byon8 Corporation A.B. will however work to ensure that data privacy requirements obligatory to both the controller and personal data assistant (processor) will be adhered to in respect to records of treatments, appropriate levels of security and the appointment of a data protection officer (DPO) as stipulated under the GDPR and Swedish Data Protection Act (2018:218).
10. Contact us
10.1 If you have any further questions regarding our processing, control and storage of your data or specific requests regarding your data, please contact our data protection officer:
Organisation Number: 559027-2430
CEO: Josef Murad
Data Protection Officer,
Byon8 Corporation, Hangövägen 25,
Hus 2, Plan 8, 11541, Stockholm, Sweden