Consent for use of personal data in Koios Customer Portal

Last modified: October 27, 2020

Consent for use of personal data in Koios Customer Portal

Below Koios Medical, Inc. (“We”, “Us”, “Our”) describes the types of personal data concerning the Customer (You) which We must process in order to meet Our obligations under the European Commission and other country regulations on Electronic Instructions For Use (“eIFU”)  of medical devices, to provide You with digital access to Electronic Instructions For Use of Koios DS Products on the Koios DS Customer Portal (the Customer Portal) and which data may qualify as personal data under the EU General Data Protection Regulation (“GDPR”), and asks for Your consent to such processing of Your Data.

The personal data We collect on the Customer Portal.

We process the following data concerning You when You use the Customer Portal (“Customer Portal Data”):

  • Customer Portal Data, which includes:
    • First Name, Last Name, Username, Email, Customer Name and the region/country You come from.
    • Optional data: (required if You request hard copy delivery of the Instructions for Use): Phone, City, State/Province, County, Zip or postal code, Country;
    • Any other Personal Data necessary for Koios to meet its obligations under the European Commission Regulation on eIFU.
  • Device Data and Analytics Information, which includes:
  • “Device Data” includes information about Your browser type and operating system, IP address and/or device ID, including basic analytics from Your device or browser;
  • “Analytics Information” relates to Your use of the Customer Portal. Koios use Google Analyticsfor this service.

 

The purposes for which We use Your Customer Portal Data.

We use Your Customer Portal Data for the following purposes:

  • to identify You, to create Your profile, and verify Your identity so You can log into and use the Customer Portal.
  • to provide You with notices about Your account.
  • to track what region You come from so We can direct You to the appropriate Instructions for Use (the correct version of the product(s)) and the language appropriate for You.
  • to track what document(s) You download as well so that We can notify You when changes are made to the Instructions for Use or other documents that You have downloaded.
  • to provide You with the reasons for any revisions to the Instructions for Use, the version numbers that You have downloaded, and the version numbers for any new versions that You should download.  We will contact You if You have downloaded documents and let You know about new versions that are available.
  • to meet any other requirement under the European Commission Regulation on eIFUs.
  • to respond to Your inquiries and requests.
  • to protect the security and integrity of the Customer Portal.
  • to use Device Data and Analytics Information to recognize Your device and browser and do things such as keep You logged in or to understand Your usage patterns of the Koios Customer Portal. We do not use cookies on the Koios Customer Portal to service third party ads.

 

Sharing of Your Customer Portal Data.

We do not share any of Your Customer Portal Data with vendors and other third parties. However, We share Device Data and Analytics Information with service providers, such as service providers like Google. We only provide access to any data within the  Customer Portal to those staff who reasonably need access to operate the service. We may disclose Your Customer Portal Data if We believe in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on Us; (c) to protect or defend Our rights or property; and/or (d) to investigate or assist in preventing any violation or potential violation of the law.

 

How We Protect Your Customer Portal Data.

We use industry standard security measures to ensure the confidentiality, integrity and availability of data uploaded onto or downloaded from the Customer Portal. This includes practices like encrypting connections to the Customer Portal, hosting the Customer Portal on leading cloud providers with robust physical security, and ensuring that access to any personal data within the Customer Portal by Our staff is limited to those staff who need access to run the Customer Portal. Security takes ongoing work and We will continue to monitor and adjust its security measures as the Customer Portal develops. Please notify Us immediately at info@koiosmedical.com if You suspect Your account has been compromised or are aware of any other security issues relating to the Customer platform.

 

How Long Koios retains Customer Portal Data.

We retain Customer Portal Data for as long as is necessary under eIFU regulations as such data is required to offer to You the Customer Portal. You may submit an account deletion request by emailing info@koiosmedical.com. We retain Your Customer Portal Data for 60 days following close of Your account, unless a separate legal ground for retention applies.

Withdrawal of Your consent.

You may withdraw Your consent to Koios’ processing of Your Customer Portal Data at any time. Your withdrawal of consent shall not affect the lawfulness of processing based on Your consent before Your withdrawal thereof. Upon proper receipt of Your withdrawal request, We will no longer process Your personal data and You may request Us to delete Your data, unless We have another legal ground(s) for the processing of Your data, as set forth below.

Other GDPR data subject rights.

Your rights with respect to Your personal data include the following:

  • You have the right obtain from Us confirmation as to whether or not We process personal data concerning You, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, You shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

  • You have the right to obtain from Us without undue delay the rectification of inaccurate personal data concerning You. Taking into account the purposes of the processing, You shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • You have the right to obtain from Us the erasure of Your personal data without undue delay and We shall have the obligation to erase Your personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) You withdraw the consent on which the processing is based and there is no other legal ground for Our processing, including retention, of the Customer Portal Data;

(c) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or You object to the processing pursuant to Article 21(2) of the GDPR;

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which We are subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

–     You have the right to obtain from Us restriction of processing where one of the following applies:

(a) You contest the accuracy of Your personal data, for a period enabling Us to verify the accuracy of the personal data;

(b) the processing is unlawful and You oppose the erasure of Your personal data and request the restriction of their use instead;

(c) We no longer need Your personal data for the abovementioned purposes of Our processing, but they are required by You for the establishment, exercise or defense of legal claims;

(d) You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of Us or a third party override Your rights.

–     You have the right to receive Your personal data, which You have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Us, where:

(a) the processing is based on Your consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and

(b) the processing is carried out by automated means.

–     You have the right to object, on grounds relating to Your particular situation, at any time to processing of Your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

–     You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.

–     You have the right to complain to the competent supervisory authority about Our processing of Your personal data.

Please be advised that Your rights listed above are not absolute and may be subject to statutory exemptions, exceptions, conditions and/or restrictions under GDPR or other legislation.

Provision of personal data

Your providing of Your personal data is not a statutory requirement. It is a requirement necessary to enter into the agreement for the use of the Customer Portal. If You do not provide Your personal data, You cannot use the Customer Portal.

Data Transfers from the EU to the United States.

When using the Customer Portal, Your personal data will be transferred from Your EU member state to the United States. You are hereby informed that, due to the absence of an adequacy decision and appropriate safeguards,  the data protection offered in the United States is not considered adequate under EU law (GDPR).  This means that the privacy protections and the rights of authorities to access Your personal data in the United States may not be the same as in Your home EU member state.

By signing this consent form, You explicitly consent to the proposed transfers of Your personal data to the United States.

How to Contact Koios.

If You have any questions, comments, or concerns with this information and consent form, You may contact Us by email at info@koiosmedical.com.

Acknowledgment

By signing this consent form, You acknowledge that Your use of the Customer Portal is intended for exclusive use by professional users and that You are a professional user.