This privacy notice (“Notice”) describes the personal data that is collected during the use of Soturi™ app. Orion Corporation and Newel Health s.r.l. respect your privacy and are committed to protecting your personal data. Please read this Notice carefully.
Soturi™ is a platform, including mobile application (“app”) connected to a wearable device, aiming to support people living with Parkinson’s Disease (PD) in their daily life. This is a minimum viable product (MVP) of Soturi™, which is intended only for pilot use in Italy, Germany and France, and for a scientific study in Finland. The purpose of the use of this MVP version of Soturi™ app (“ Soturi™ app”) is to collect data to better understand how patients may benefit from its features and services, and to better recognize PD symptoms towards improving and building future digital disease management solutions for PD. For this reason, use of Soturi™ app includes automatic data acquisition and collection of information provided by users. Collected data will be analyzed for further development of digital treatment and monitoring solutions for PD and/or similar diseases. Data collection with MVP is intended to take place until the end of June 2023, however no longer than the end of year 2023. Soturi™ app shall be available for users until end of 2023 or once a commercial version of Soturi™ app is available, unless otherwise stated with updated privacy notice.
Soturi™ app has been co-designed with experts in PD. The app includes digital services (“Service”) in the areas speech support (called “speech exercise program” in the application), physical exercise (called “physical exercise program” in the application), and psychological support (called “anxiety relief” in the application) specifically designed for people with PD. In addition, the app includes features (“Features”) for medication intake tracking and reminders as well as symptom tracking.
In order for you to use the Soturi™ app, we require certain personal data. Note that in case you choose not to provide us with your personal data, it will not be possible for you to use the app. By switching the toggles with the statements “I give my consent...” upon first registration to the app, you agree to your data being processed as described in this Notice. You further acknowledge that giving your consent for the processing of personal data as described in this Notice is entirely voluntary and you are not under a legal obligation to provide any personal data.
We may update or amend this Notice at any time, we will notify you about updates and amendments as required by law.
Orion Corporation and Newel Health s.r.l. (also referred to as “we”, “us”, or “our” in this document) are joint data controllers of Soturi™ app.
The Data Controller is:
Newel Health S.r.l.
Largo Abate Conforti
84121 Salerno
Italia
You may contact us:
Orion Oyj.
Orionintie 1
02200 Espoo
Finland
You may contact us:
We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing our privacy practices and our compliance with all applicable data protection laws. You can contact our DPO via email, by writing to dpo@newel.health for Newel Heath and to privacy@orion.fi for Orion Oyi.
Email: support@soturi.health
Soturi™ app MVP user registry.
We process your personal data only to the extent necessary to provide you with a functional service, to improve it and to update you regarding our application and/or our services. The processing of personal data takes place with your explicit consent or on other legal basis that permit data processing.
Personal data is collected for the following purposes.
We may use the data collected with Soturi™ app in subsequent scientific studies of PD or similar conditions or other purposes related to the controllers’ field of business, by rendering the data into anonymised format.
When we process your personal data, we comply with the law on the processing of personal data. Your personal data will not be passed on to other third parties than the data controllers’ service providers or used for purposes other than those described in this Notice.
Orion Corporation and Newel Health s.r.l. use service providers to collect and process data that assist in the technical implementation of processing purposes, such as data analysis, storage or server maintenance. We use SeeWeb and Microsoft Azure for processing data collected through the app and the wearable device. Brevo is used for sending automated push notification or emails and Matomo for tracking technology implemented in the app. Additional third parties may be used for analysis of data acquired with Soturi™ app for algorithm development and anonymisation of the data after it has been analysed.
Orion Corporation or Newel Health s.r.l. may also transfer the personal data stored in the register to another company in case Orion Corporation or Newel Health s.r.l. decides to sell or license Soturi™ app to another company. If the ownership or control of Orion Corporation, Newel Health s.r.l. or its parts or products or services changes, we may transfer your data to a new owner. In such cases, Orion Corporation and Newel Health s.r.l. require that the recipient of the personal data processes the data in in the manner specified in this Notice.
The legal basis for the processing of personal data is the consent of the data subject. We process special groups of personal data related to your health (“sensitive personal data”), such as information about your PD, with your explicit consent.
We collect data from the users themselves, as well as automatically through the wearable device and the app.
During the use of Soturi™ app, we collect personal data, which is information that makes it possible to identify a person. In addition, we collect sensitive personal data related to your health.
Related to wearable device, a voucher code will be provided to you with which you can order the wearable device directly from Garmin webshop. Garmin will ask for some personal data to be able to deliver the device to you. Garmin will process your personal data to for delivery purposes in accordance with their then-current privacy policy as an independent data controller. We are not responsible for personal data required by Garmin for delivery purposes nor are we collecting that data.
With regard to your use of the wearable device, we collect the data automatically from the wearable device. Garmin will not have access to this data and you do not need to download any of their applications to use the wearable device. If you choose to download a Garmin application and to connect your wearable device with it, any data collected by Garmin is processed by Garmin in accordance with their then-current privacy policy as an independent data controller. We are not responsible for personal data processed by Garmin in connection with any of their applications nor are we collecting that data through such Garmin applications.
When you use Soturi™ app, we collect the following data.
Eventually, the following data will be combined and analyzed together: data collected during user profiling, data collected when using the app, data that is automatically collected through the wearable device will be analyzed together for the purpose of 2. Development of digital treatment and monitoring solutions.
In addition, data automatically collected through the app may be analyzed together with data collected during user profiling, data collected when using the app and data that is automatically collected through the wearable device for the purpose of 3. Improving Soturi™ app and understanding how you interact with the app and the wearable device.
All data is stored electronically.
All data you enter into the app is stored on your mobile device as well as in an external database to ensure the app is available for you to use at all times. The data stored on the mobile device is only available to the user after logging in to the app.
Data categories that contain sensitive personal data (2. Data collected during user profiling, 3. Data collected during the use of the app) are stored in pseudonymized format in an external database. Also raw sensor data automatically collected with wearable device (i.e. accelerometer data and heart rate) is stored separately from all other data in its own database, in pseudonymized format. Pseudonymization means processing personal data in such a way that your personal data can no longer be linked to you without further information. All sensitive personal data is kept separate from identifiable personal data collected during registration (1. Data collected during registration). The same person does not have access to both identification data (such as name, email address) and sensitive personal data that is stored in pseudonymized format.
The electronically stored data is stored in a dedicated database, access to which is controlled by user IDs and passwords, as well as various system-level user restrictions. Access to the database is restricted and controlled only by Newel Health s.r.l. representatives involved in the implementation of Soturi™ app.
Orion and Newel Health s.r.l. representatives will only process your data (name, contact details) for purpose 1. Providing the app and its Features and Services, and for supporting your use of the app or wearable device.
People who analyze your data for purpose 2. Development of digital treatment and monitoring solutions and 3. Improving Soturi™ app and understanding how you interact with the app and the wearable device, will not be able to identify you, your name or your contact information.
Data collected through the app is stored on a SeeWeb private cloud infrastructure based in Italy. And raw data collected with sensors in the wearable device is stored in Microsoft cloud, which is based in the EEA. For these purposes no personal data is transferred outside of the EEA.
However, for providing technical or customer support, personal data may be transferred in exceptional cases, but not routinely, outside of the EEA to a Microsoft or other service provider. In such cases, the controllers will protect the transfer of personal data outside of the EEA through appropriate safeguards, such as the EU standard contractual clauses.
Data collection with MVP is intended to take place until the end of June 2023. Data may be collected for the purposes 2. Development of digital treatment and monitoring solution as well as 3. Improving Soturi™ app and understanding how you interact with the app and the wearable device (see section 4 of this Notice) six months after the intended data collection period with MVP, however no later than end of year 2023. Data may be analyzed during and after the intended data collection period, after which the data will be anonymised in a manner that no longer permits your identification. Data anonymization will take place no later than end of year 2024.
Personal data may be collected and retained for purpose 1. Providing the app and its Features and Services (see section 4 of this Notice) until commercial version of Soturi™ app is available, in case you continue using the MVP version of Soturi™ app after year 2023.
You have certain rights when your personal data is processed by us. Such rights are set out in chapter III of the GDPR and, specifically, you have the right:
You may exercise your rights by contacting us at the addresses provided above. We will get back to you as soon as possible and, in any case, no later than 30 days upon receiving your request.
This Privacy Policy was last updated on September 18th 2022.
We will update you should we modify or amend this Privacy Policy.