Privacy Policy of REBECCA app (Last updated: November 2023)
Disclaimer
The REBECCA Application (the ‘App’) is developed and provided in the context of a European research project called ‘REsearch on BrEast Cancer induced chronic conditions supported by Causal Analysis of multi-source data’ (the ‘REBECCA project’). More information on the REBECCA project and the project partners (jointly: ‘us’ or ‘we’ or ‘Joint Controllers’) that are involved can be found on the project website (https://cordis.europa.eu/project/id/965231) of the European Commission as well as on the REBECCA website (https://rebeccaproject.eu/). Although the greatest possible care has been exercised to ensure the correctness and completeness of the information contained in the REBECCA App, we do not accept any responsibility or liability for the content thereof. You are responsible for the content that you upload in the App. By registering your account and by using the REBECCA App, you provide us with data, such as your unique username, details on your physical properties and several personal data, physical activity and geolocation data from the sensors of your mobile phone (or smartwatch, if available) and photographs. By accepting these terms you agree that the project partners may use this data for the purposes of implementing the REBECCA project. In view of the nature of the App and the REBECCA project we may decide, at our sole discretion, to delete certain uploaded data that do not comply with the project’s scope. We may also decide to terminate your registration and delete all data that have been uploaded via the App with immediate effect in the event you do not use the App for its intended purposes. Furthermore, we may at any time amend this disclaimer and policy. Amendments will enter into effect as soon as you provide your consent through the App. If you do not agree to changes to the terms, we may need to terminate your registration in the App and delete all data that you provided.
Privacy Policy
We attach great importance to the security and confidentiality of your personally identifiable information (“Personal Data”). This Privacy Policy describes our policies and procedures on the collection, use, storage and disclosure of your Personal Data when you use the REBECCA App.
Eligible users
In order to use the REBECCA App you must be a patient participating in the clinical trial in one of the clinical partners of REBECCA: La Fundación para la Investigación del Hospital Clínico de la Comunidad Valenciana (INCLIVA) in Spain, Stavanger University hospital (SUH) in Norway, or in a hospital of Region Stockholm (RSTO) in Sweden.
Joint Controllers
REBECCA partners jointly determine the means and purposes of the processing of your Personal Data occurring within the REBECCA App. For that reason, they are joint controllers and have entered into a relevant joint controllership agreement which is available for review upon request. If you wish to receive a copy please reach out to the contact point for your country (see contact details provided below).
What information is collected?
By using the REBECCA App, you provide us with your Personal Data. We receive Personal Data from your devices and networks,).
You will be assigned a unique username (pseudonym) and periodically answer questions on your health (through various in-App questionnaires). All the uploaded data is connected with this username. We also receive and store physical activity data from the sensors of your mobile phone (or smartwatch, if available) such as heart rate, step count, sleep and stress data, meal information and photographs that you upload in the REBECCA App. We also log usage data when you use the REBECCA App.
We also collect your location data in the background to calculate indicators of your functional status, including travelled distance, transportation preferences and daily mobility patterns. Location data is collected automatically and provides increased accuracy and unbiasedness when calculating your indicators, as compared to self-reporting methods (i.e. questionnaires). You can disable the collection of location data in the background at any time in the REBECCA App Settings. We also collect instantaneous location data when you take a photograph using the REBECCA App’s camera functionality to calculate indicators of your living environment.
What is the legal basis for the processing of your Personal Data?
We process your Personal Data to provide you with the functionalities of the REBECCA App, pursuant to Articles 6.1.a) and 9.2.a) of the GDPR i.e. based on your explicit consent. Providing your Personal Data to us is voluntary, yet necessary for you to be able to use the REBECCA App. By downloading and using the REBECCA App you agree to the collection and use of your Personal Data in accordance with this Privacy Policy.
How is your information used?
We collect your Personal Data in order to develop analysis tools that, in the next stage of REBECCA, will be used to study the complex array of lifestyle parameters that might be associated with breast cancer recovery. The analysis results will then be used to create clinical guidelines and practices for post-cancer treatment.
More information about our research can be found at https://rebeccaproject.eu/.
We also use your Personal Data to develop and test new features of the REBECCA App and to provide technical support and troubleshooting activities.
Profiling and location data processing:
Cancer, as well as primary treatment for cancel, can significantly affect the behaviour of a breast cancer patient in multiple ways. In particular, they can affect physical condition, mobility, outgoing behaviour, appetite, sleep quality, and various other aspects. Because of this, the REBECCA 360º monitoring platform will monitor and collect various “signals” of primary information, from which detailed analysis of your behaviour can be extracted. To this end, the REBECCA patient App will be used to collect such signals and information from your smartphone, whereas a wearable device will be used to collect physiological signals.
In particular, the wearable device collects signals relevant to motion, as well as to heart rate. From these base signals, a variety of physical indicators can be extracted, such as number of steps, detection of exercise sessions (including type of exercise and intensity), recognition of type of physical activity (including level & intensity), recognition of transportation mode during trips, estimation of heart rate variability and resting heart rate, detection of stress moments, and more.
The REBECCA pApp will continuously collect your geographical co-ordinates, as well as your answers to questionnaires and photographs (including annotations) that you manually contribute.
Location information can be used to extract a lot of indicators such as time you spend at home, at work, preference of transportation mode, visits to specific types of places (such as restaurants or parks/recreational facilities) and potential increase or reduction in frequency of visits to such places.
Please note that these indicators will be presented only to you and your clinician, and only after some level of pre-processing. In particular, while the exact geographical co-ordinates will be stored internally in the REBECCA server, these raw data will never be shown to anyone. Instead, only an abstract level of information will be presented.
For example:
1. time spent at home/work: in order to compute this indicator, the REBECCA system needs to infer your home or work address. However, the addresses will never be shown to anyone, and will never be available for export. Instead, only the time that is measured (by the system) that you spent at those locations will be available to the clinician;
2. visits to restaurant: for the REBECCA system to compute this indicator, it needs to know your exact geographical location over time. However, once the system detects a visit to a place and identifies that this place is a type of restaurant, it will only show this information. The exact location, name, and other identifiable information about the restaurant will never be shown. As a result, it is not possible (for the clinician) to infer your exact location based on this indicator.
Various views of the data and their time evolution will be available both to you as the patient, via the smartphone application, and to the clinician, via the web-based interface.
Please note, that no profiling will take place unless you provide us with your consent thereto, and that you will be able to withdraw your consent and halt the use of your location data at any time (an option to disable the location data within the mobile app settings will be available within the pApp).
How is your information shared?
Your Personal Data is only shared between the REBECCA project partners and occasionally with our external vendors (such as providers of cloud infrastructure services that we use to implement the REBECCA tools, and with whom we entered into appropriate data processing agreements), all of whom are located within the European Economic Area. Your personal data is not stored, used or exported outside the European Economic Area (i.e. European Union and Norway).
How is your information secured?
Personal Data collected through the REBECCA App is treated as confidential. Your Personal Data will not be lent, rented, sold or made public. We have implemented electronic and physical security measures, such as secure and encrypted connections and access on a need-to-know basis only. Your data will be pseudonymised. Authentication and authorisation mechanisms have been implemented to regulate access both to the REBECCA App and to your Personal Data.
How long will we retain your data?
Generally, your Personal Data will only be stored for the term of the REBECCA project. After the REBECCA project ends, the data collected via the App will be stored on the REBECCA platform for a period of 12 months, upon the lapse of which the data will be irreversibly erased from the server (as the REBECCA platform will be shut down) and the REBECCA wearable. Please note however, that prior to shut down, your Personal Data (organized in data sets) will be exported from the REBECCA platform to the clinical partner you enrolled with. Further processing by that clinical partner will take place in accordance with the patient consent form that you signed when enrolling to participate in the REBECCA project. That clinical partner will be an independent controller of your Personal Data from that moment on.
Since REBECCA participates in Open Research Data Pilot, materials generated under the REBECCA project will be disseminated to the public in accordance with the Open Access Strategy and the REBECCA Grant Agreement. However, any Personal Data that they might contain shall be anonymized. Any personal data that is not anonymized, and could be used to identify individuals, falls outside the scope of the Open Access Strategy and thus will not be made open. At any time you may delete the REBECCA App from your device. This will not affect the processing of your data collected via the App prior to your deletion of the REBECCA App.
Rights of data subjects
You have the right of access, the right to rectification, the right to erasure (also known as the right to be forgotten), the right to object to or to restrict the processing of your Personal Data, the right to withdraw your consent[1] as well as the right to data portability (to the extent permitted by law). Such a request can be submitted electronically to any of the REBECCA partners, who may forward your request to another project partner that will decide upon your request. You can submit your request using the contact details provided below.
If you are dissatisfied with the processing of your data by us, you have the right to contact the competent data protection authority of your country (for a complete list of all national data protection authorities go to https://edpb.europa.eu/about-edpb/about-edpb/members_en).
Updates to this Privacy Policy
We can change this Privacy Policy on our own initiative at any time. If any material changes to this Privacy Policy shall affect the processing of your Personal Data, we will communicate these to you via a pop-up screen inside the REBECCA App, prior to the changes becoming effective and update the “Last updated” date at the top of this Privacy Policy. We invite you to read the latest version of this Privacy Policy on the REBECCA App, available also on the REBECCA website.
Warning for safe use
Be responsible while using the REBECCA App. Do not take photos with the REBECCA App while walking in the streets, driving, or biking.
Contact information
Aristotle University of Thessaloniki is one of the REBECCA partners responsible for the processing occurring within the REBECCA App and acts as a primary contact point with respect to REBECCA App functionalities and troubleshooting.
If you have any questions, complaints or requests regarding the use of your personal data, you can contact Aristotle University using the contact details below:
Aristotle University of Thessaloniki
Research Committee
University Campus
54124 Thessaloniki
Greece
Website: www.rc.auth.gr
Tel.: +30 2310 994003
Principal Investigator: Professor Anastasios Delopoulos
Email: [email protected]
For Spain you may also contact:
Rafael Barajas Cenobio (DPO)
Email: [email protected]
Phone number: +34 96 197 35 35
INCLIVA, Avenida Menéndez Pelayo 4 acc. 46010
Valencia, Spain
For Norway you may also contact:
Kristin Jonsdottir (PhD),
The Research Department, Stavanger University Hospital
E-mail: [email protected]
Phone: +47-416 31 063
Sweden you may also contact:
Ioannis Ioakeimidis,
Department of Biosciences and Nutrition, Karolinska Institute
E-mail: [email protected];
Phone number: +46 (0) 735 056 651
A list of all of the REBECCA partners (with links to their individual websites and contact details) is available here: https://rebeccaproject.eu/consortium/.
The Privacy Policy of the website is available here.
The Privacy Policy of the companion App (cApp) is available here.
The Privacy Policy of the Browser Plugin is available here.
[1] Withdrawing your consent will not affect the lawfulness of processing based on consent that took place before its withdrawal.