| Document Reference: | STL-POL-009 | Version: | 03 | Release Date: | Mar-2025 |
1. Introduction
At Swallowing Technologies (Company), we understand the importance of privacy and the protection of your personal information and non-personal information. Swallowing Technologies complies with applicable laws to ensure your privacy is protected.
2. Purpose
This Privacy Policy addresses privacy within the context of the BiSSkApp service.
BiSSkApp is intended to be used as a rehabilitation tool to support recovery of swallowing in patients with dysphagia through visualisation of muscle activity; it is to be used solely under the guidance of a qualified health care professional.
3. Effective Date
The Privacy Policy is effective from March 2025.
4. What data do we collect and Why do we collect it?
The Company may collect identifiable information about an individual e.g., name (Personal Information), as well as non-identifiable or anonymized information (Non-Personal Information) for the reasons described below.
Disclosure of information by You to the Company is required for the intended use of BiSSkApp. Choosing not to permit collection of information by the Company will result in an inability to access BiSSkApp.
4.1 Clinician Details
We collect the following Personal and Non-Personal Information from Clinician users.
| Personal Information | Non-Personal Information |
| Name | Password |
| Username | PIN to access Clinician Settings |
| IP Address |
We collect Your Personal and Non-Personal Information when You register as a Clinician with BiSSkApp.
4.2 Patient Details
We collect the following Personal and Non-Personal Information from Patient users. We collect Your Patient’s Personal and Non-Personal Information when You register them to use BiSSkApp.
| Personal Information | Non-Personal Information |
| Sex | Random Identifier |
| Gender Identity* | Rehabilitation Start Date |
| Medical Diagnosis | Rehabilitation End Date |
| Care Setting | Reason for Discharge |
| Feeding Route | Complications During Treatment |
| Diet Level | Password |
| Date of Birth | |
| IP Address |
* This field is optional.
4.3 Cookies
We use Cookies so that we can enable You to be automatically logged into the Web Application between uses.
We use Cookies to collect information as described below.
| Cookies | |
| Name | Purpose |
| Access Token | Authorise API operations. |
| ID Token | Used to authenticate users and contains information such as name, username, and email. |
| Refresh Token | Refreshes Your Access and/or ID tokens when they expire. |
| Last Auth User | Used to maintain the username of the user that was last authenticated in the browser. |
5. Who Will Collect and Hold Information?
The following table describes the agencies that will collect and hold the information collected.
| Name | Trade Name | Address |
| Swallowing Technologies Limited | Swallowing Technologies |
2 Charles Luney Lane Bromley, Christchurch 8062 New Zealand |
6. Who Will Have Access to the Information?
The intended recipients of the collected data will be:
| Recipient Name | Recipient Address |
| Swallowing Technologies Limited |
2 Charles Luney Lane Bromley, Christchurch 8062 New Zealand |
Swallowing Technologies shall use the following Data Processors:
| Data Processor | Purpose |
| Swallowing Technologies | Collection of personal information and non-personal information when users register as a Clinician to use BiSSkApp. |
| Collection of personal information and non-personal information when Clinicians create a profile for their patient so they can use BiSSkApp. | |
|
AWS DynamoDB Data which is collected and stored in the cloud. |
Collection and storage of (1) patient training history for clinical review, (2) patient profiles for clinical review and amendment of rehabilitation program, (3) users’ username and password for authorisation, (4) clinician’s PIN for authorisation, and (5) clinician registration details. |
|
AWS Cognito Data which is collected, processed and stored in the cloud. |
Collection, processing, and storage of (1) username, (2) email, and (3) password when a user registers or signs into their profile. |
|
AWS CloudWatch Data which is collected, processed, and stored in the cloud. |
Collection and storage of all event data and event logs e.g., user sign-in, administration tasks. |
|
Sentry Data which is collected, processed, and stored in the cloud. |
Collection and storage of error and crash data for quality assurance purposes. |
To enable delivery of BiSSkApp, the Company may disclose collected data to third parties such as our suppliers, consultants, and other representatives who may be based outside of United States, Australia, New Zealand, and Europe.
The Company shall not sell or rent your Personal Information.
7. Protection of Information
All information is protected against loss, unauthorised access, modification or disclosure and other misuse through secure storage and access control mechanisms.
Information provided to any parties in connection with the provision of BiSSkApp, the Company will do everything reasonably within its power to prevent unauthorised access or disclosure of the information.
If a violation of our security policies is detected that leads to unauthorised access to your Personal Information, we will contact You via the contact details provided.
7.1 Swallowing Technologies
Our databases and third-party services (e.g., AWS) have restricted access to Company staff only who can only use your Personal or Non-Personal Information for the permitted reasons described in Section 4.
Any parties authorised by the Company to process Personal Information have demonstrated security measures which ensure full compliance with applicable data protection laws e.g., NZ IPP.
7.2 AWS
Amazon Web Services (AWS) comply with industry specific standards such as ISO 27001, ISO 27017, ISO 27018, ISO 27701 and SOC 1, 2 and 3 reports.
8. Accuracy of Information
Personal Information collected by the Company is voluntarily provided by You. As such, the accuracy of the Personal Information we receive is dependent on what You provide.
The Company shall endeavour to ensure that any information that is incorrect is corrected and updated when specific requests to do so are made in accordance with Section 10.
Where Personal Information is disclosed to further the use of BiSSkApp, the Company shall ensure that the information is accurate, up to date, complete, relevant, and not misleading.
9. Retention of Personal Information
The Company shall not retain Personal Information for longer than is required for the purposes for which the information may be lawfully used.
10. Information Rights
You have the right to consent to the Company collecting Your Personal and Non-Personal information.
You have the right to confirm if the Company holds any Personal Information about You.
You have the right to not identify yourself or to use a pseudonym when dealing with the Company.
You have the right to access, correct, erase, or restrict processing of Your Personal Information at any time.
A formal request shall be made in writing addressing Privacy Officer at privacy@swaltech.com
There may be instances that the Company may require additional information to confirm Your identity.
The Company shall provide the information free of charge unless the request is manifestly unfounded or excessive. If the request is found to be the latter, the Company shall provide rationale for either:
- Charging You for the request to account for administrative costs of providing the information.
- Refusing to act on Your request.
There may be instances where the Company is unable to identify You. If this instance occurs, then the Company may be unable to act upon Your request.
If dissatisfied with how the Company manages your request, You have the right to lodge a formal complaint with the appropriate authority.
| Location | Authority |
| New Zealand | Office of the Privacy Commissioner |
| Australia | Office of the Australian Information Commissioner |
| United States | U.S. Department of Health and Human Services |
You have the right to object to the processing of your Personal Information at any point in the process. Once an objection is made, the Company shall no longer process your Personal Information.