The purposes of the processing
The purpose of the collection of data is to provide the Biowatch Services in accordance with the agreement. The Biowatch Service is a browser-accessed platform enabling “self-empowerment” based on a range of different data points such as user-input, data from wearables and laboratory tests and recommendations.
The Biowatch Service provides you with a tool to document the development in your optimization of mental health and correction of lifestyle related imbalances.
We continually improve the Biowatch Service by analyzing your use and the content you provide. The purpose also includes support services should you have trouble with the Biowatch Service, including to contact you if we experience problems in connection with lost or failed kits or tracking of kits under delivery or shipment.
No individual personal data will be used as we and our partners are purely interested in general insights based on data analysis. In this way, your use of the Biowatch Service will help improve optimization and proactive prevention for others. Any use of your personal data will always be done in a way to ensure that you are anonymized.
You have the option to receive messages and notifications via SMS, when your test results are ready. No test results will be shared by SMS. You can change your settings for notifications in the system (opt-in or opt-out), but some of the functions might not deliver you full value without notifications enabled. You are always welcome to contact us for enquiries about your account by contacting us at email@example.com.
As part of the Biowatch Service, some functions of the system offer you the possibility to share personal data with prequalified and carefully selected health experts. Sharing your personal data will only take place if you choose to activate or use the different functions in the Biowatch Service.
The lawful basis for the processing
As we are located in the EU, the General Data Protection Regulation (GDPR) applies to the collection of personal data irrespective of where the data subject is located.
The basis for our collection and processing are:
- Article 9(2a) of the General Data Protection Regulation (explicit consent for special categories of personal data) and
- Article 6(1a) of the General Data Protection Regulation (consent)
The categories of personal data collected
As we are a service for tracking your health data, a potential partner in research and development projects and an online community, we collect the personal data you continually provide using the Biowatch Service.
Collected personal data could include your name, private email and mobile number, birth date, gender and information in relation to workplace and habits (if the Biowatch Service is offered under an employee scheme). We collect personal data related to samples of your blood and spit and results based on laboratory analysis of such samples. Finally we may collect data related to your lifestyle e.g., your physical activity, diet, habits, supplements, medicine and information concerning your mental well-being and data from wearables you wear if such data is provided by you.
Moreover, we also collect technical data from the devices you are using.
The recipients or categories of recipients of the personal data
Recipients of anonymized personal data might include: healthcare experts, researchers, hospitals, laboratories, clinics, etc., employers (company dashboard), third-party digital content provides for our platform, insurance companies, unions, NGOs, pharmaceutical companies, and other end-users.
Samples of your blood and spit will be destroyed by the laboratory following the completion of analysing the samples.
Finally, we may disclose encrypted personal data to our IT service providers (data processors).
The details of transfers of the personal data to any third countries or international organizations
No personal data collected in the EU is transferred outside the EU/EEA.
The retention periods for the personal data
When a user requests an account deletion or deletion of personal data by contacting us at firstname.lastname@example.org, a deletion and anonymization process is activated.
The process includes assessing if we are obligated to store some or all the personal data for a longer period of time according to the GDPR and the applicable local laws. If we are not obligated to store the personal data and we have no other lawful grounds for further processing, we delete or anonymize the personal data. If the user is inactive for 24 months, the anonymization process is activated.
The source of the personal data
The personal data have been obtained during the onboarding process in the system and collected in connection with your use of the Biowatch Service.
The details of whether individuals are under a statutory or contractual obligation to provide the personal data
We only collect personal data based on direct consent from you. You have no obligation to provide us with personal data. If you do not provide us with the personal data necessary for providing the purpose of the Biowatch Service, we are not able to provide you with the full services or functions of the Biowatch Service.
The details of the existence of automated decision-making, including profiling
We do not base any automated decision-making, including profiling,on personal data from users as set out in Article 22(1) and (4) of the General Data Protection Regulation . Thus, no decision is based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects concerning the user.
The rights available to individuals in respect of the processing
As we are bound by the GDPR due to our location in Denmark, you have the following rights:
- Your right of withdrawal: if you wish to withdraw your consent, please request the deletion of your account at email@example.com – At any time you can withdraw your consent by turning off functions in the system or by deleting your account or mobile number (if provided).
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
The rights are limited in scope and application. Moreover, the rights are applied on a case-by-case basis to each data subject request.
Please be aware that in some instances we are joint controllers with one or more parties regarding your personal data. This might be the case where you have consented to giving us access to personal data you have shared with a third party, e.g., Oura Ring. If your request concerns personal data that is covered by a joint controllership, we might refer you to the third party for further resolving of your request.
You are not required to pay any charge for exercising your rights.
If you make a request, we must provide information on action taken without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In that case, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
Please contact us on firstname.lastname@example.org if you wish to make a request. When you make the request, please specify your request as best you can. This will help us process your request more quickly.
The right to lodge a complaint with a supervisory authority
You can lodge a complaint with your local Supervisory Authority in the EU:
If you live outside the EU, please contact the Danish Data Protection Agency (check current coordinates on the website listed above).
Carl Jacobsens Vej 35
Tel. +45 33 1932 00
Before you do, we hope you will contact us, the data controller, directly to give us a chance to solve the matter.
The name and contact details of the organization (data controller)
Søndergade 74, 5.
8000 Aarhus C
Business reg. no. (VAT): DK-38576496