Health StoryLines Web & Mobile app
Privacy Policy
EU, UK & Switzerland
Last update on 19 Jul 2024
Health StoryLines is a platform created by Alira Health for use on a mobile or web-based device to assist in your personal healthcare and provide those who have referred you, information that in turn can be used for additional guidance to improve your healthcare decisions.
Alira Health in an affiliate from Alira Health, a global healthcare firm whose mission is to humanize healthcare and life sciences in partnership with patients. From development to medical care, Alira Health complements the expertise of Pharma, Biotech, and MedTech clients with a full spectrum of services across entire solutions lifecycle, including clinical operations, real-world evidence, and patient-centric technology offerings.
This Privacy Notice explains how your personal data are processed when using Health Storylines on a mobile or web-based device.
When using Health StoryLines, Alira Health can be qualified differently regarding different data processing.
Alira Health acts as a Data Controller (responsible of the data processing) for activities dealing with
the management of Health StoryLines app such as:
Handling requests and complaints regarding the functioning;
Use of cookies for the functioning and managing;
Any processing strictly related to platform usage
Answer Bot to help the user thanks to a FAQ section (not available on the web-based service)
to generate, through Health StoryLines app, real word evidence for patients based on the monitoring of their pathology, the occurrence of potential side effects and drug intake
To send users information about studies or registries they may be eligible for based on the data they provided.
To request users to participate in interviews
To analyse data for research purposes with or without a Partner/Client involvement.
Alira Health acts also as a Data Processor (service provider) under the instructions of clients for all the health care personal data collected in a project-specific way, through forms for example, and processed in the context of the eligibility assessment for clinical trials or any other patients involving projects. If applicable, please refer to the specific tab linked to the project in which you are involved to have more information.
This Notice provides information covering both abovementioned cases.
Alira Health and its clients, as Data Controllers of personal data, have committed to comply with:
The General Data Protection Regulation N°EU 2016/679 (hereinafter, the "GDPR");
And all EU applicable laws and regulations regarding data protection.
The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter the "UK GDPR") and the UK Data Protection Act 2018 (amended 2020) (hereinafter the "Data Protection Act");
The Swiss revised Federal Act on Data Protection 2023 ("FADP"), whereby any reference to the FADP herein always includes a reference to the Swiss revised Ordinance on Data Protection 2022 (“FODP”);
Collectively referred as "Data Protection Laws".
With this Privacy Notice, Selfcare Catalysts want to make sure that you understand what personal information is collected about you, how your personal information is used, by which party, and how it is kept safe.
1. GENERAL WARNING
Access to the Alira Health’ mobile or web platform implies the User’s full and unreserved acceptance of this Privacy Notice (hereinafter the “Notice”), as well as its general terms of use and its Cookies Notice. The User acknowledges having read the information below and authorises Alira Health and its customers to process, in accordance with the provisions of the Notice, the personal data that he/she communicates on the Website.
The Notice is valid for all pages hosted on the Application. It is not valid for the pages hosted by third parties to which Alira Health may refer and whose privacy policies may differ. Alira Health cannot therefore be held responsible for any data processed on these websites or by them.
All processing of information will take place in Canada. If you reside outside Canada, your information will be transferred to Canada securely, where it will be processed and stored under Canada privacy standards. For users in the United States, Alira Health operates as a HIPAA business associate to your healthcare provider or third party that has referred you. By using Platform and providing information, you consent to such transfer to, and processing in, Canada. If you have downloaded the Platform by mistake, please go to Section 4 concerning “Uninstalling the Application.”
2. INFORMATION COLLECTED
When you disclose personal data via project-specific questionnaires, forms or other, Alira Health is acting as Data Processor of its Customers, which acts as controllers of data. This information will be:
- stored on AWS servers for the purpose of data backup;
- shared only in an aggregated anonymised form with Alira Health’ Customers
Shared in identifiable form with the Alira Health’s Customers for the purposes detailed in the study/project/registry specific documentation (i.e. Informed Consent and specific Privacy policy and Terms of Use, if applicable), upon your specific consent.
- some identifiable data (like your e-mail address) could also be shared with Alira Health for managing the data collection of the purposes of the study/project/registry as explained in the below table.
Your information will be used exclusively for processing your request of participation to the project described. Your personal information will be treated in strict confidence and will not be disclosed to third parties, unless specified in project-related specific tab of this privacy notice.
Depending on the purpose for which we process your personal data, Alira Health and its customers, as data controllers, need to process one or other personal data. Data provided will not be kept for longer than necessary to fulfill the purposes for which they have been collected, including any legal requirements. Depending on each case, the processing will therefore be as follows:
| Purposes | Types of personal data | Responsible for collection | Retention period |
|---|---|---|---|
| Account creation for Health StoryLines platform | Name, surname , phone, email address, age, sex | Alira Health | As long as you use the platform and 3 years after you stop using it |
| Improving personal health care | Healthcare information (specific to each project – see specific tab related to the project for which you participate) | Alira Health’s clients | As long as you use the platform and 10 years after you stop using it, but this can be longer depending on the regulations related to the project (for example clinical trial). |
| Improving personal health care | Aggregated healthcare data | Alira Health and its Clients | These data will be de-identified (cannot be linked back to you anymore) and aggregated. No retention period is required for this data. |
| To answer to your queries either by email or through the contact form | Name, email address, project associated (if applicable) Please note that other Personal Data may be processed by Alira Health’ clients depending on your request and the information you provide us. |
Alira Health and Clients (if applicable) | We will process your data for the time necessary to meet your request. The retention period is 3 years, to ensure customer issues are resolved and for accountability purposes, but this can be longer depending on the regulations related to the project (for example clinical trials). |
| To answer your questions thanks to an Answer Bot ( mobile app. Only) The Bot only provides information based on a FAQ | Name, email, conversation history |
Alira Health and it’s vendor Zendesk | NA – Conversations are stored only if you opt to contact a support agent |
| To send you newsletters and educational material | Name, email address | Alira Health and its Clients (see specific tab related to the project in which you are involved) | We will process your data until you unsubscribe to the Newsletter or after 3 years of non-activity. |
| To send you information about clinical study you may be eligible for based on the data you provided. | Name, Email address, Healthcare information | Alira Health | As long as you use the platform and 3 years after you stop using it |
| To invite you to an interview in which we gather your preferences and feedback about the platform. | Name, Email address, Healthcare information |
Alira Health |
As long as you use the platform and 3 years after you stop using it. |
| For statistical purposes | Aggregate statistical data (e.g., Company page on Twitter, Facebook, Instagram, LinkedIn, YouTube and Flickr). | Alira Health | Statistical information is stored by Twitter, Facebook, Instagram, LinkedIn, YouTube and Flickr and consequently subject to their retention policy. We may export statistical reports, but we guarantee that this is only in an anonymous form. |
| Use of cookies for the functioning and managing of our website | Cookies may store in certain circumstances personal data which may include IP addresses, browser type, location, operating system,… | Alira Health | Please, see our Cookies Notice |
3. DISCLOSURE TO THIRD PARTIES
We do not sell or trade to outside parties your identifiable personal data.
Nevertheless, we may disclose User Provided Information and Automatically Collected Information we collect from you to third parties, including client pharmaceutical companies, for their own market research purposes where it is not prohibited by applicable laws. Prior to any disclosure to third parties, your User Provided Information and Automatically Collected Information is de-identified as described herein so that the information cannot be linked back to you.
You can always disable the access of the User Provided Information and/or Automatically Collected Information by written request. If you need help with this, Alira Health Privacy and Security Official will assist you.
De-identification will be accomplished using the safe harbor method as described by 45 CFR § 164.514(a) in the Guidance on De-identification of Protected Health Information September 4, 2012, published by the U.S. DHHS.
De-identified data files will be transmitted to the third party purchaser using a Secure FTP or other encrypted transmission methodology.
In some particular case we may disclose your email address (or other identified data; see project-specific tab) following specific demand from our customers. Such disclosure, if any, its purpose and third parties concerned are described in the customer’ specific tab of this privacy notice.
If you are an EEA, UK or Swiss resident, sharing your personal data as explained above may involve a transfer of personal data to a third party outside your country of residence. Alira Health and Alira Health are therefore committed to complying with the transfer rules under applicable Data Protection Laws and therefore ensure to:
• Transfer your data to countries where the data recipient is located that has been recognised as adequate by the relevant authority; or
• Where a country has not received an adequacy decision from the relevant authority to implement appropriate safeguards, such as the EU Standard Contractual Clauses ("SCCs") with UK and Swiss Addendum where relevant or the UK International Data Transfer Agreement.
4. UNINSTALLING THE APPLICATION
You can stop all collection of information by uninstalling the Platform through use of the uninstall processes available on your mobile device, the mobile platform marketplace, or network.
5. YOUR RIGHTS
According to the GDPR, you have the following rights subject to limitation as set forth by applicable data protection law:
Access. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information related to the processing of data and a copy of the data being processed.
Rectification. You have the right to require rectification of inaccurate or incomplete data about you.
Right to be forgotten. To obtain the deletion of your personal data under certain specified circumstances.
Restrict processing. You have the right to restrict processing of data under certain specified circumstances.
Data portability. You have the right to request for the receipt or the transfer to another organisation, in a machine-readable form, of your personal data.
Restrict processing. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data.
Right to withdraw consent. When you have given your explicit consent for the processing of your data, you can withdraw it at any time without any cost nor justification.
If you would like to exercise your rights, please let us know by contacting our DPO (see contact details below). You have also the right to lodge a complaint if you consider that your personal data is not processed in accordance with the GDPR, the UK GDPR and/or the FADP.
If you are part of a project, please refer to the specific tab/informed consent linked to the project in which you are involved to have the specific email address for privacy enquiries.
If you are an EEA resident, you have the right to lodge a complaint with the Supervisory Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement. Please find the contact information of all Authorities on https://edpb.europa.eu/about-edpb/about-edpb/members_en.
If you are a UK resident, you can lodge a complaint to the ICO through https://ico.org.uk/make-a-complaint/.
If you are a Swiss resident, you can lodge a complaint to the FDPIC: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html
6. SECURITY
We provide physical, electronic (including encryption), and procedural safeguards to protect the information we process. For example, we limit access to this information to authorised employees and contractors who need to know the information to operate, develop, or improve our Platform. Please be aware that although we endeavor to provide reasonable security for information we process, no security system can prevent all potential security breaches.
You are responsible for protecting your data that resides on your mobile device or computer used to access our applications. Alira Health is not responsible for the loss or theft of the data that is on your own device, and we encourage all users to implement security features on your devices.
7. CHANGES
This Privacy Statement may be updated from time to time for any reason. We will notify you of any changes to our Privacy Statement by posting the new Privacy Statement here https://www.healthstorylines.com/privacy-policy.
You are advised to consult this Privacy Statement regularly for any changes.
9. CONTACT US
Alira Health Inc, acting as Controller
30 Adelaide St. E, 12th Floor (Industrious)
Toronto, ON M5C 3G8, Canada
Website : https://www.healthstorylines.com/
Data Protection Officer
MyData-TRUST SA
Alirahealth.HSL.dpo@mydata-trust.info.
If you are part of a project, please refer to the specific tab/informed consent linked to the project in which you are involved to have the specific email address for privacy enquiries.