Last update: 10 October 2018
Qinematic Services (the "Service") is a cloud-based system for automated screening of posture, balance and movement control. The Service is provided by Qinematic AB, corporate registration no. 556890-1903, a limited liability company incorporated under the laws of Sweden, with its registered address at Högsätravägen 17, 181 58 ("Qinematic", "we" or "us") and visiting address at Ynglingagatan 18, 113 47 Stockholm, Sweden.
The Service is offered to businesses and organisations that are interested in providing health services to their customers or their employees (in the following collectively "Health Service Providers", each a "Health Service Provider"). Until recent implementation of the new EU General Data Protection Regulation (GDPR), the Swedish Personal Data Act (1998:204) implemented the EU Directive 95/46/EC. According to both directives, the entity deciding the purposes and the means of processing data is considered the personal data Controller. When you, as a consumer, use the Service, your Health Service Provider is the personal data Controller for the processing of your Personal Data, and Qinematic is the personal data Processor for your Health Service Provider: Qinematic processes such data on behalf of and according to the instructions of said Health Service Provider. The Health Service Providers are responsible for complying with applicable data protection legislation.
Your privacy is important to us. This document contains a policy statement regarding the collection, use and processing of personal data by the Health Service Provider within the Service and your rights in relation to your personal data. It also contains information regarding our collection of and processing of certain anonymised data for research and analysis purposes.
With "Personal Data" we mean information that is directly or indirectly referable to a natural living person, e.g. name and address but also health information. When using the Service, Personal Data will be collected from you.
The following personal data is collected and processed by your Health Service Provider:
self-reported bodily discomfort
self-reported recent history of falling
other health questionnaires; and
When you use the Service, certain information will be collected automatically, including information about your posture, balance and movement. We collect a ‘depth cloud’ of your body surface to make these calculations. You may see a colour image of yourself on the screen during a test, but we do NOT record colour photos or RGB video of your performance.
Purposes of processing…
Health Service Providers
It is the Health Service Provider that decides the purposes for the processing of your Personal Data and each Health Service Provider may choose to communicate other purposes with you, such as research purposes if your use of the Service is carried out in relation to a research project. Unless otherwise agreed between you and your Health Service Provider, the Health Service Provider will process the information set out above for the following purposes:
to estimate measurements for your posture, balance and movement
to assist in providing you with advice based on their own judgement
to administrate your account and to provide, and improve your experience with the Service, and to otherwise provide the Service; and
to send you feedback, alerts or messages.
As provider of the Service, Qinematic collects and processes your Personal Data also for its own, limited purposes:
for research purposes (for example whereby Qinematic alone or together with e.g. a professional research institute analyses data from performed tests in the Service), and
to develop and improve the Services.
Personal Data used for research and development will be anonymised to an extent that we will not have the possibility to identify you by use of the data in our possession. We will store:
anonymised 3D-data coordinates (XYZ) of estimated body parts
anonymised Summary report data
anonymised Biomechanics report data
other self-reported data
other data provided by your Health Service provider
Security and sub-processors
Qinematic currently offers the Service via Microsoft Azure. You can find more information about the Services and security here, including information on location of servers, applied processes for removal of data etc. Microsoft is the sub-processor of your Personal Data, engaged by Qinematic materially to store the Personal Data processed in the Service in the Microsoft Azure cloud.
Transfer to third parties and to third country
Your Personal Data will not be transferred by Qinematic to third parties or outside of any region according to local data protection laws. Personal Data collected in the EU will not be transferred by Qinematic to a country outside the EU/EEA without your consent. The Service Provider is responsible for compliance with local data protection laws.
Responding to legal requests and preventing harm
Your Health Service Provider may access, preserve and share your information in response to a legal request (like a search warrant or a court order), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations, if the Health Service Provider has a good faith belief that the applicable law so requires.
Information that your Health Service Provider receives about you, may be accessed, preserved and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or otherwise to prevent harm.
Some other things you need to know…
Notice of changes
Your Privacy Rights under EU law
EU law permits residents of the Member States once per calendar year to request details about what personal information is stored, the source of the data and the identity of parties to whom the data has been provided, free of charge, without indicating any reasons. Such a request shall be put to your Health Service Provider, being the personal data controller of your Personal Data. Please check your local data protection laws for regions outside of the EU.
In the EU, you can object to the use of your personal data at any time and revoke the consent to use your data that you provided upon your registration. In addition, you can request rectification, erasure or blocking at any time of any personal data that is inaccurate. Such a request shall be put to your Health Service Provider.
To exercise the aforementioned rights, or if you have any questions about our sharing practices, your rights under EU or other applicable law, or wish to have your personal information removed, please contact your Health Service Provider. The identity of your Health Service Provider and contact information may be found onscreen at the site where you perform your test, and on any reports generated by a Health Service Provider.