Pilloxa privacy statement
In this privacy statement, we describe the personal data we collect, how and why we use it, and what choices and rights you, as a website visitor or mobile application user, have regarding your personal data. This privacy statement applies when you visit our website (www.pilloxa.com), use our mobile application, “MA”, or contact us through our customer support. When referring to “we” or “us”, we mean Pilloxa AB.
What does this privacy statement apply to?
This privacy statement applies to the personal data collection processes for which Pilloxa is the data controller. As a data controller, we may use your personal data for the purposes described in this privacy statement and are responsible for ensuring that your personal data is handled in accordance with applicable law, such as the GDPR.
For the avoidance of doubt, this policy does not govern the processing of personal data that we conduct as a data processor, meaning on behalf of a data controller. As such, processing activities related to the use of our smart pillbox and/or our mobile application (collectively the “Service“) – which we conduct as a subcontractor on behalf of the party that gives you access to the Service (for example a health care establishment, laboratory, or a pharmaceutical company), hereinafter called a “Premium Program” (that is initiated and controlled by another party than Pilloxa) – are not covered by this privacy statement.
Please note that the provider of your Premium Program (if other than Pilloxa) is responsible for and shall provide you with separate information on how your personal data is used as part of the Service.
Why do we collect personal data?
We collect and use your personal data for the following purposes.
● Customer support – We process personal data to provide requested customer service when you contact us through our online chat, in the mobile application chat, over the phone or via email.
Legal basis: We use personal data for this purpose based on our legitimate interest to respond to your requests.
● Marketing – If you sign up to receive more information about our Service or subscribe to our newsletter, we process personal data to send you updates about our Service to your email. You can unsubscribe at any time through the link provided in the footer of each email.
Legal basis: We use personal data for this purpose only if you subscribe and thereby consent to receiving our newsletter.
● Website functionality – We process personal data to identify a device and enable basic website functionality, such as the chat function.
Legal basis: We use personal data for this purpose based on our legitimate interest to keep our website secure and running and to provide customer support.
● Website analysis – We process personal data to analyze how our website is used, for example which parts of the website our visitors click and how long they stay on our site. We use this data to improve website navigation and user experience. The collected data is pseudonymized and aggregated, meaning that we can only see certain data connected to a visitor number.
Legal basis: We use personal data for this purpose only if you consent to the use analytical cookies. If you change your mind, you may at any time uninstall cookies through the settings in your web browser.
● Mobil application functionality – We process personal data to identify a device and enable basic functionality at the MA, such as the reminder or alarm function.
Legal basis: We use personal data for this purpose based on our legitimate interest to keep our mobile application secure and running and to provide customer support.
● Mobil application analysis – We process personal data to analyze how the MA is used, for example if you read the articles that are published or if you connect with a Connected Service Program. We use this data to improve the MA user’s experience and functionality. The collected data is pseudonymized and/or aggregated, meaning that we can only see certain data connected to a user number.
Legal basis: We use personal data for this purpose based on our legitimate interest to develop our mobile application.
● Medical information – We may process personal data related to your medical conditions if you choose to use the MA as a medical diary, upload your medication list, set reminders that you are supposed to take your prescribed medication or insert other medical information in the free text area of the MA. The collected data will be encrypted and/or pseudonymized.
Legal basis: We process personal data for this purpose with the user’s consent.
What personal data do we collect?
For the purposes stated above, we may collect the following categories of personal data.
- Contact information such as name, email address and phone number.
- Device information such as IP address, collected through cookies.
- Additional personal data that you provide us with in correspondence.
- Medical information that you add by using the MA.
Please note! In order to follow our legal obligations of data minimization we kindly ask you not share personal data concerning your health status in correspondence with us, for example if you reach out to our customer support via email or mobile application chat.
What are cookies and how are they used?
In addition to the personal data that you provide to us when contacting us or signing up for our newsletter, some data is obtained automatically from your device through the use of “cookies” or similar tracking technologies when you visit our website. Cookies are small text files that are stored on your device and collect information about your device and your use of the website.
Some cookies are necessary for the website to function as intended, and these will be installed automatically on your device based on our legitimate interest to provide you with a functioning and safe website. Other cookies, such as those used for analytical purposes, will only be installed if you allow us to use such cookies when first visiting our website (as part of selecting your cookies preferences).
Who can access your personal data?
At Pilloxa, personal data can only be accessed by those of our employees and consultants who need the personal data to perform their work. Besides our employees and consultants, we use certain trusted third parties to help us provide, improve, promote, and protect our services. For example, we use third parties to provide the customer service chat, and to manage marketing, data storage, and web hosting on our behalf.
If you are using the MA we will only share aggregated data with our partners, unless you have given your consent for that information to be transferred to the sponsor of that Premium Program or if the Sponsor needs to get in touch with you due to reports of adverse events.
For our partners to perform their services, it is sometimes necessary for us to share your personal data with them. We only share such personal data that is required to perform the service in question. We also ensure that all third parties who get access to your personal data are required to handle such data in accordance with this privacy statement.
Is your personal data transferred to third countries?
If we transfer or enable our partners to transfer or store your information outside the European Union or the European Economic Area, we will take the necessary steps to ensure that your personal data is used and stored in accordance with this privacy statement. Such actions may include signing so called “EU Standard Contractual Clauses” with the recipient that gets access to your personal data outside of the European Union or the European Economic Area, together with additional security measures (for example encryption and pseudonymization).
How long do we store your personal data?
We store your personal data as long as it’s necessary for the purpose we collected the data for. How long we store your data will therefore vary depending on the purpose for which we collected the personal data.
- Personal data collected for the purpose of customer service will be deleted after two years of inactivity.
- Personal data collected for the purpose of marketing is deleted once you unsubscribe from the newsletter.
- Personal data collected for the purpose of development of the MA will be deleted when you stop using the MA.
- Medical information will only be collected and stored as long as you use the MA, and will be deleted as soon as you withdraw your consent by stopping using the MA.
- Personal data collected through cookies is deleted once the cookie has reached its expiry date.
The expiry dates for cookies vary as some cookies are stored only as long as you visit our website (so called session cookies), and some cookies are stored for a longer time (so called persistent cookies). Session cookies are deleted once you close your browser and persistent cookies typically expire after either one day or one month, depending on the cookie. You may also uninstall cookies at any time.
What are your rights?
In relation to your personal data that we collect and use, you always have the following rights.
● The right to access your data – You always have the right to ask us for supplementary information on what personal data we collect about you.
● The right to correct inaccurate information – You always have the right to correct or ask us to correct any inaccurate personal data about you.
● The right to request erasure or restriction of your data – You have the right to have us erase or restrict the use of your personal data that is no longer needed for the purposes we collected the data. You also have a right to object to any processing you find unlawful or unnecessary for the informed purposes.
● The right to information on the source of data we collect – You have a right to get information on the source of information that is not provided by you and about automated decision-making, such as profiling.
● The right to data portability – When technically possible, you have the right to get your personal data transferred to another service.
● The right to make a complaint – If you are unhappy with the way we protect your personal data, you have the right, at any time, to file a complaint to the Swedish Authority for Privacy Protection () or the competent supervisory authority in your country of residence.
How can you contact us?
Changes to the privacy statement
We may update this privacy statement as necessary to reflect changes in our services and offerings and to satisfy legal requirements. We will inform you by email of any material changes that affect your rights before such change takes effect. You can always view the most current privacy statement on our website under the section “Privacy”.
This privacy statement was last updated on October 13, 2022.
Pilloxa AB (org.nr. 559019-3354)
David Bagares gata 3 111 38, Stockholm, Sweden