The security of your personal data with respect to the use of the SIVA-P3 Mobile Application is very important to us. We take the protection of your data very seriously. Personal data is all information that can lead to your identification (hereinafter “Personal Data”).
The SIVA-P3 Mobile Application is a mobile application that analyzes data from the SIVA-P3 wearable, detects cough events and logs these events to aid a healthcare professional in diagnosing and treating chronic cough conditions.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Controller of your Personal Data is: Evoleen AG.
If you have any problems, questions or suggestions, please contact Evoleen AG.
Collection of Data
The SIVA-P3 Mobile Application analyzes audio and acceleration data recorded by your SIVA-P3 wearable device for cough events. Except for the first 24 hours of usage, where a full audio recording is retained and transmitted for calibration purposes, no audio data will be transmitted to us. Only information associated with the event (time and date of coughing) will be transmitted. Additionally, temperature, air pressure and number of steps walked are recorded once every minute. These data are transmitted to assist in understanding potential patterns with respect to the cough events and environmental factors that may trigger coughing.
To identify you as a patient of the clinical study, we ask you for your study access code. We associate all cough events as well as the initial audio recording with your study access code. Only the principal investigator of the clinical study will be able to associate any of the recorded data to any other Personal Data.
The list of cough events and associated metadata as laid out in the previous section is transmitted to the Controller’s cloud infrastructure. The data is used to allow you and / or a healthcare professional associated with you to chart the data in order to help making better treatment decisions.
The initial 24 hour audio recording is used to cross check the performance of the automated analysis and to create an initial reference data point. For this purpose, an automatic algorithm scans the audio for “explosive sounds” (characteristic for cough sounds). Segments of a duration of maximally one second following these explosive sounds will then be judged by trained listeners if they constitute a cough event or not. This data reference point will then be used to evaluate the performance of the fully automatic algorithm that is used to detect cough events within the SIVA-P3 Mobile Application for the remainder of the study time.
The processing of the data is carried out by the Controller in data processing centres in the European Union.
If necessary, the Controller may commission external service providers to process your data (such as call centers, technical service providers, hosting providers or IT companies). Depending on the type of service, your data may be accessible to these service providers for the purpose of providing the service. The Controller obligates all service providers to protect your data by exercising care in selecting the service provider and by obliging the service provider to ensure compliance with data protection. The updated list of these parties can be requested from the Controller at any time.
The data collected will be used according to the SIVA-P3 Study protocol which can be accessed online at https://clinicaltrials.gov.
The service provider Evoleen AG uses technical and organizational security measures to protect data against manipulation, loss, destruction or access by unauthorized persons (use of a certified infrastructure). These security procedures are continuously adapted to new technological developments.
You have the right to request from the Controller (1) access to and (2) rectification or (3) erasure of your Personal Data or (4) limitation of the processing of your Personal Data, as well as (5) to object to the processing of your Personal Data. Furthermore, you have (6) a right to data portability. Simply send an e-mail to the Controller of your Personal Data: firstname.lastname@example.org or contact the Controller at the address mentioned in section 2 above.
You have the right at any time to withdraw your consent to the processing of your Personal Data for the future. For clarifications sake such withdrawal will, however, not affect the lawfulness of processing based on consent before its withdrawal. Again, just send an e-mail to the Controller of your Personal Data: email@example.com or contact the Controller at the address mentioned in section 2 above.
Data is retained according to the SIVA-P3 Study protocol. You have the right at any time to request the person responsible to block or remove your Personal Data. Again, you may send an e-mail to the Controller of your Personal Data: firstname.lastname@example.org or contact the Controller at the address mentioned in section 2 above.
In Switzerland, you can lodge a complaint with the competent data protection authority (https://www.edoeb.admin.ch) if you do not agree with the processing of your Personal Data.
If you are resident in the EU, you also have the right to lodge a complaint with your national data protection authority or with the European Data Protection Supervisor (https://edps.europa.eu/) if you do not agree with the processing of your Personal Data.
Last updated: 4 February 2021