Privacy Policy of REBECCA app (Last updated: September 2022)

Disclaimer

The REBECCA Application (the ‘App’) is developed and provided in the context of a European research project called ‘REsearch on BrEast Cancer induced chronic conditions supported by Causal Analysis of multi-source data’ (the ‘REBECCA project’). More information on the REBECCA project and the project partners (jointly: ‘us’ or ‘we’ or ‘Joint Controllers’) that are involved can be found on the project website (https://cordis.europa.eu/project/id/965231) of the European Commission as well as on the REBECCA website (https://rebeccaproject.eu/). Although the greatest possible care has been exercised to ensure the correctness and completeness of the information contained in the REBECCA App, we do not accept any responsibility or liability for the content thereof. You are responsible for the content that you upload in the App. By registering your account and by using the REBECCA App, you provide us with data, such as your unique username, details on your physical properties and several personal data, physical activity and geolocation data from the sensors of your mobile phone (or smartwatch, if available) and photographs. By accepting these terms you agree that the project partners may use this data for the purposes of implementing the REBECCA project. In view of the nature of the App and the REBECCA project we may decide, at our sole discretion, to delete certain uploaded data that do not comply with the project’s scope. We may also decide to terminate your registration and delete all data that have been uploaded via the App with immediate effect in the event you do not use the App for its intended purposes. Furthermore, we may at any time amend this disclaimer and policy. Amendments will enter into effect as soon as you provide your consent through the App. If you do not agree to changes to the terms, we may need to terminate your registration in the App and delete all data that you provided.

Privacy Policy

We attach great importance to the security and confidentiality of your personally identifiable information (“Personal Data”). This Privacy Policy describes our policies and procedures on the collection, use, storage and disclosure of your Personal Data when you use the REBECCA App.

Eligible users

In order to use the REBECCA App you must be a patient participating in the clinical trial in one of the clinical partners of REBECCA: La Fundación para la Investigación del Hospital Clínico de la Comunidad Valenciana (INCLIVA) in Spain, Stavanger University hospital (SUH) in Norway, or in a hospital of Region Stockholm (RSTO) in Sweden.

Joint Controllers

REBECCA partners jointly determine the means and purposes of the processing of your Personal Data occurring within the REBECCA App. For that reason they are joint controllers and have entered into a relevant joint controllership agreement which is available for review upon request. If you wish to receive a copy please reach out to the contact point for your country (see contact details provide below).

What information is collected?

By using the REBECCA App, you provide us with your Personal Data. We receive Personal Data from your devices and networks, including location data (GPS). You will be assigned a unique username (pseudonym) and periodically answer questions on your health (through various in-App questionnaires). All the uploaded data is connected with this username. We also receive and store physical activity data from the sensors of your mobile phone (or smartwatch, if available) such as heart rate, step count, sleep and stress data, meal information and photographs that you upload in the REBECCA App. We also log usage data when you use the REBECCA App.

We also collect location data in the background to calculate indicators of your functional status, including travelled distance, transportation preferences and daily mobility patterns. You can disable the collection of location data in the background at any time in the REBECCA App Settings. We also collect instantaneous location data when you take a photograph using the REBECCA App’s camera functionality to calculate indicators of your living environment.  

What is the legal basis for the processing of your Personal Data?

We process your Personal Data to provide you with the functionalities of the REBECCA App, pursuant to Articles 6.1.a) and 9.2.a) of the GDPR i.e. based on your explicit consent. Providing your Personal Data to us is voluntary, yet necessary for you to be able to use the REBECCA App. By downloading and using the REBECCA App you agree to the collection and use of your Personal Data in accordance with this Privacy Policy.

How is your information used?

We collect your Personal Data in order to develop analysis tools that, in the next stage of REBECCA, will be used to study the complex array of lifestyle parameters that might be associated with breast cancer recovery. The analysis results will then be used to create clinical guidelines and practices for post-cancer treatment.

More information about our research can be found at https://rebeccaproject.eu/.

We also use your Personal Data to develop and test new features of the REBECCA App and to provide technical support and troubleshooting activities.

How is your information shared?

Your Personal Data is only shared between the REBECCA project partners and occasionally with our external vendors (such as providers of cloud infrastructure services that we use to implement the REBECCA tools, and with whom we entered into appropriate data processing agreements), all of whom are located within the European Economic Area. Your personal data is not stored, used or exported outside the European Economic Area (i.e. European Union and Norway).

How is your information secured?

Personal Data collected through the REBECCA App is treated as confidential. Your Personal Data will not be lent, rented, sold or made public. We have implemented electronic and physical security measures, such as secure and encrypted connections and access on a need-to-know basis only. Your data will be pseudonymised. Authentication and authorisation mechanisms have been implemented to regulate access both to the REBECCA App and to your Personal Data.

How long will we retain your data?

Generally, your Personal Data will  only be stored for the term of the REBECCA project. After the REBECCA project ends, the data collected via the App will be stored on the REBECCA platform for a period of 12 months, upon the lapse of which the data will be irreversibly erased from the server (as the REBECCA platform will be shut down) and the REBECCA wearable. Please note however, that prior to shut down, your Personal Data (organized in data sets) will be exported from the REBECCA platform to the clinical partner you enrolled with. Further processing by that clinical partner will take place in accordance with the patient consent form that you signed when enrolling to participate in the REBECCA project. That clinical partner will be an independent controller of your Personal Data from that moment on.

Since REBECCA participates in Open Research Data Pilot, materials generated under the REBECCA project will be disseminated to the public in accordance with the Open Access Strategy and the REBECCA Grant Agreement. However, any Personal Data that they might contain shall be anonymized. Any personal data that is not anonymized, and could be used to identify individuals, falls outside the scope of the Open Access Strategy and thus will not be made open. At any time you may delete the REBECCA App from your device. This will not affect the processing of your data collected via the App prior to your deletion of the REBECCA App.

Rights of data subjects

You have the right of access, the right to rectification, the right to erasure (also known as the right to be forgotten), the right to object to or to restrict the processing of your Personal Data, the right to withdraw your consent[1] as well as the right to data portability (to the extent permitted by law). Such a request can be submitted electronically to any of the REBECCA partners, who may forward your request to another project partner that will decide upon your request. You can submit your request using the contact details provided below.

If you are dissatisfied with the processing of your data by us, you have the right to contact the competent data protection authority of your country (for a complete list of all national data protection authorities go to https://edpb.europa.eu/about-edpb/about-edpb/members_en).

Updates to this Privacy Policy

We can change this Privacy Policy on our own initiative at any time. If any material changes to this Privacy Policy shall affect the processing of your Personal Data, we will communicate these to you via a pop-up screen inside the REBECCA App, prior to the changes becoming effective and update the “Last updated” date at the top of this Privacy Policy. We invite you to read the latest version of this Privacy Policy on the REBECCA App, available also on the REBECCA website.

Warning for safe use

Be responsible while using the REBECCA App. Do not take photos with the REBECCA App while walking in the streets, driving, or biking.

Contact information

Aristotle University of Thessaloniki is one of the REBECCA partners responsible for the processing occurring within the REBECCA App and acts as a primary contact point with respect to REBECCA App functionalities and troubleshooting.

If you have any questions, complaints or requests regarding the use of your personal data, you can contact Aristotle University using the contact details below:

Aristotle University of Thessaloniki

Research Committee

University Campus

54124 Thessaloniki

Greece

Website: www.rc.auth.gr

Tel.: +30 2310 994003

Principal Investigator: Professor Anastasios Delopoulos

Email: [email protected]

For Spain you may also contact:

Rafael Barajas Cenobio (DPO)

Email: [email protected]

Phone number: +34 96 197 35 35

INCLIVA, Avenida Menéndez Pelayo 4 acc. 46010

Valencia, Spain

For Norway you may also contact:

Kristin Jonsdottir (PhD),

The Research Department, Stavanger University Hospital

E-mail: [email protected]

Phone: +47-416 31 063

Sweden you may also contact:

Ioannis Ioakeimidis,

Department of Biosciences and Nutrition, Karolinska Institute

E-mail: [email protected];

Phone number: +46 (0) 735 056 651

A list of all of the REBECCA partners (with links to their individual websites and contact details) is available here: https://rebeccaproject.eu/consortium/.  

The Privacy Policy of the website is available here.

The Privacy Policy of the Browser Plugin is available here.


[1] Withdrawing your consent will not affect the lawfulness of processing based on consent that took place before its withdrawal.