April 16th, 2024
Thank you for visiting the Enabled Diabetes Inc website, https://diabeticsenabled.com which is hosted and operated by Enabled Diabetes Inc.
This Privacy Policy describes how we collect, use and handle information and personally identifiable data about our users when they access and use our website and Enabled App.
We collect and process all your data in compliance with applicable privacy legislation including the HIPAA,CCPA and PIPEDA.
This Privacy Policy does not limit any of your rights you may have pursuant to mandatory applicable privacy regulation.
Enabled Diabetes Inc
Privacy Policy
1. INTRODUCTION
1.1 Responsible entity
1.1.1 Enabled Diabetes Inc, is the stated responsible entity under the data protection regulations.
In other words, we are the data controller that decides on the purpose and means of processing the personal data of our users (“User Data”) and are therefore responsible for ensuring that personal data is processed in compliance with the applicable laws.
1.1.2 As the responsible entity we are subject, for example, to information requirements that we wish to fulfill in connection with this Privacy Policy. We also provide additional information within our products, e.g., we may ask you for a new consent or explain the consequences of revoking previously given consent.
The information in our products does not contradict this Privacy Policy, but rather supplements it with brief and easily readable information so that you can make decisions more easily.
This Privacy Policy and the additional information are easily accessible at any time from within our products.
1.2 Structure and consent concept
1.2.1 This Privacy Policy informs you about the purposes and scope of processing your User Data, as well as data transfers, and your extensive data protection rights. As our products are exclusively aimed at persons with diabetes, your use typically already provides information on your health condition. We therefore only process your health data if you have given your consent. We differentiate as follows:
1.2.1.1 “Necessary Processing” describes how we process the User Data required to fulfill the contract. Without this processing the use of our products is not possible from a legal and a factual point of view because our services depend on this processing. When User Data includes medical data, we additionally ask for your explicit consent to process this data.
1.2.1.2 “Processing for Product Improvement” explains how you can help us and other users, with your consent, by allowing us to use your data to develop algorithms for blood sugar prediction, improve the product and so forth without us contacting you for advertising purposes etc.
1.2.1.3 “Processing for Marketing Purposes” describes how we contact you for marketing purposes, with your consent, e.g., by email, notifications etc.
1.2.1.4 In “General Information” we have assembled the information that applies to all the above consents to avoid repetition.
The relevant categories are described in more detail below. You may provide the relevant consents upon registration or later via the account settings. You may revoke any consents at any time via the account settings or by sending an email to mhalonen02@gmail.com. In such an instance we will inform you about the consequences of the revocation. The lawfulness of the processing prior to revocation remains unaffected.
1.2.2 In some cases, the processing may take place independently of consent on the basis of statutory principles (e.g., medical device regulations). We will inform you accordingly in appropriate cases.
2. NECESSARY PROCESSING
When you register to use Enabled App, we process the User Data listed below to be able to provide our services, i.e., to fulfill a contract. User Data that includes your medical data is processed when you grant your explicit consent for processing it.
If you do not consent to this necessary processing, we are unable to provide you the services of Enabled Diabetes Inc. You may provide your consents during the registration process and manage them in the account settings.
2.1 Necessary User Data
2.1.1 In order to protect your User Data, our services can only be used in connection with a user account.
To create a user account and to use Enabled App we require and process the following User Data:
● First name
● Last name
● Email address
● Username
● Password
● Registration date
● Continuous Glucose Monitor you use
● Status of consents
● Device ID, manufacturer
● Device type, operating system version
● Language, country, time zone
We also collect
Commercial and Usage Data
App store download, device ID, operating system, browser type and version, token, activity events for customization, support queries.
Medical Data
Blood glucose reading and sensor data such as sensor value, time and time zone. We may receive medical data manually directly from you or with your authorization directly through a third-party API from a continuous glucose monitor.
2.1.2 If you wish, you can operate the user account under an assumed name (pseudonym), i.e. you do not have to state your real name. You can also enter any email address that you set up especially for us - however it must work so that we can send you important warnings.
The scope of the data recorded by Enabled Diabetes Inc depends on your registration and use of our products. We only process the User Data that you actively and voluntarily provide to Enabled Diabetes Inc. The entry of requested User Data is however a requirement for the comprehensive use of our products.
2.2 Necessary purposes
2.2.1 All the necessary purposes of our processing are associated with providing our services:
Use of our Enabled App leads to technical and device-related data recordings such as the device ID, location and use behavior data.
The legal basis for processing this data is our legitimate interest to improve your user experience (e.g. by allowing the Enabled App to remember choices you have made while using the App) and to prevent any misuse of our Products (e.g. to ensure that certain functions are available only in specific areas).
Registration leads to the creation of your user account using the email address and password. The legal basis for this is the performance of a contract so that we may provide you with our Products you have requested from us.
The provision of our services requires you to voluntarily provide us CGM data. When you provide us manually with your CGM data, the legal basis is your explicit consent and the performance of a contract between us as our Enabled App would not work without your CGM data.
Communication from Enabled Diabetes Inc with you within our Enabled App or via other electronic messaging services (e.g. email) where this is required to support or troubleshoot our products. This is how we process any comments and queries that you may have via various communication channels when using Enabled App. Please therefore think about which information and data you want to give in your active communication with us - this is solely your decision.
When you provide us your contact details and other information in connection with communicating with our customer service, the legal basis for processing that personal data is our legitimate interest to serve you and/or our legal obligations e.g. in relation to fulfilling your rights as a data subject.
We may conduct clinical studies or research alone or with our partners as we are committed to the science of all aspects of diabetes and determining and improving effectiveness of techniques for controlling and treating diabetes. For this we or our relevant partner will always acquire your explicit consent.
3. PROCESSING FOR PRODUCT IMPROVEMENT
We also process your User Data to improve our products and services as described in more detail below. In these instances, the processing is based on our legitimate interest to develop and improve the Enabled App and to ensure that it is safe to use.
3.1 Usage Data
Activity events that allow us to understand how you use our products. This enables us to see how our products are used and for example where menu designs can be optimized.
3.2 Other Data
We also ask users information about their country, diabetes type, gender and age. This data is used to analyze which user groups each user would be most closely related to.
3.2 Purpose of product improvement
As a result of fast-moving technological progress, we have to continually analyze, develop, test, and improve our products and their interactions, in order to ensure that our content benefits users in the most effective way. To achieve this, we conduct usage and security tests and the knowledge gained is incorporated into improved new versions of our products such as the app. These improvements are also provided to you via regular updates.
4. PROCESSING FOR MARKETING PURPOSES
4.1 Newsletter
4.1.1 We would like to send you interesting information on products and services in addition to the contractual scope (including information from carefully selected partners) and invitations to participate in surveys or other sales promotions and marketing activities (“Newsletter”).
4.1.2 You can select whether you want to subscribe to our Newsletter (opt in) i.e. this processing is based on your consent. You can revoke your consent at any time via the link in the Newsletter or the account settings.
4.2 Other types of marketing
4.2.1 Other consents, e.g., for surveys or notifications are obtained as required when you are logged in. We always explain to you why we need certain data and how you can revoke the consent.
5. USAGE FOR STATUTORY PURPOSES
5.1. Enforcement of rights and disclosures required by law
The use of personal data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest.
6. GENERAL INFORMATION
6.1 Purpose limitation and security
6.1.1 Enabled Diabetes Inc uses your personal data exclusively for the purposes determined in this Privacy Policy and the relevant consents. We ensure that each processing is restricted to the extent necessary for its purpose.
6.1.2 Each processing always guarantees adequate security and confidentiality of your personal data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and encryption methods.
6.2 Processors
6.2.1 Our products are subject to complex processes that we have to manage and keep up-to-date. For technical support we may use affiliated companies and third-party suppliers (“Processors”) in order to offer you a comprehensive and optimal use of our product.
6.2.2 Enabled Diabetes Inc transfers User Data to Processors exclusively within the framework of this Privacy Policy and only to fulfill the purposes stated in it. Processors work according to our specifications and instructions; they are not permitted to use the personal data of our users for their own or other purposes.
6.2.3 We use Processors offering sufficient guarantees that suitable technical and organizational measures are undertaken in a way that the processing of personal data complies with the statutory requirements and our Privacy Policy. The protection of the rights of our users is ensured by concluding binding contracts that meet the strict requirements of HIPAA.
6.2.4 The third-party suppliers appointed by Enabled Diabetes Inc may only use other processors (subcontractors) with our prior consent. If a subcontractor does not comply with the same data protection obligations and all the appropriate security measures that we impose on our Processors, then we will prohibit the hiring of such a subcontractor.
6.3 Encryption, pseudonymization, and anonymization
6.3.1 Each data transfer, without exception and by default, is encrypted during transfer. Using HTTPS (hypertext transfer protocol secure) we ensure that your data is not intercepted by unauthorized third parties.
In addition, for the purposes of data security and minimization, we also use other processes for the encryption and pseudonymization of User Data. Of course, this depends on the type, scope, and purpose of the relevant data processing. For example, we only disclose User Data that a Processor requires to carry out his tasks.
6.3.2 When a contractual relationship with a Processor is terminated, such Processor must, at Enabled Diabetes Inc's discretion, either return all our User's Data or delete it if there are no statutory storage obligations.
6.3.3 Data that requires no personal reference for processing (e.g. for research and analysis) is subject to anonymization. This prevents a connection to a specific user being made in all cases.
6.4 Location of our partners and suppliers
6.4.2
In any case, all Processors are subject to the obligations in this Privacy Policy and we use industry standard methods and protocols for encrypting data in transit. If you need more information, please reach out to us at mhalonen02@gmail.com.
6.4.3 If you are located in the US, we will only process your data within the US and select our partners for processing of your data accordingly. See also section 6.8 below.
6.5 Categories of recipients
6.5.1 Our cooperation partners are bound by the agreements signed with Enabled Diabetes Inc Inc and only process data according to our instructions. We provide our users' Data only to fulfill the contract.
Customer support services and their tools help our customer support to handle our users' inquiries quickly and efficiently. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.
Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future.
Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.
Hosting and cloud services and their tools are used to store data and to produce anonymized analyses (see section 2.4 above).
6.8. Storage and deletion
6.8.1 Your User Data is stored on your device. This data is also stored on our servers.
6.8.2
If you are located in the USA, we will only process and store your data within servers in the USA.
6.8.3 As a rule, Enabled Diabetes Inc Inc only stores your personal data for the duration of the contract. In exceptional cases, longer storage may be required in order to fulfill post-contractual obligations or to comply with statutory storage obligations or disclosure duties, or to assert, exercise, or defend legal claims (limitation periods).
6.9. Minors
Minors below the age of sixteen are only permitted to use our products with the consent of a parent/guardian. This also applies to processing their personal data, which is only legal if and to the extent to which the consent has been obtained by and through the parent/guardian. Otherwise use of our products is prohibited.
6.11. Changes
6.11.1 As technology and processes in the Internet as well as data protection legislation are constantly being developed, we have to undertake changes from time to time. We will inform you of changes by appropriate means whilst granting an appropriate advance notice period and if necessary, obtaining new consents.
6.11.2 Unless otherwise provided by this Privacy Policy, the same definitions apply in our General Terms and Conditions - T&Cs.
7. YOUR RIGHTS
7.1. Revocation of consents
If we process your User Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.
7.2. Information, correction, and restriction
7.2.1 Each user has the right to request information on the processing of their personal data. Users can also request a copy of their personal data by contacting us. Users can contact us at any time at mhalonen02@gmail.com.
7.2.2 Your right to information covers information on the processing purposes, data and recipient categories, storage time, origin of your data, and your rights under the data protection regulations. You can find all of this information in this Privacy Policy.
7.2.3 Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data yourself in our apps. You have the right to restrict data processing for the duration of any investigation review that you have requested.
7.3 Deletion (“right to be forgotten”)
Each user has the right to request the deletion of their personal data. To do so, please contact us at any time at mhalonen02@gmail.com.
7.4 Ability to transfer data
Finally, each user has the right to request that we provide an overview of their personal data to another responsible party if this is technically feasible.
7.5 Complaints
7.5.1 If you feel we are not protecting your data protection rights adequately, please contact us at any time at mhalonen02@gmail.com. We will handle your request as soon as possible.
THANK YOU FOR YOUR CONFIDENCE IN US!