| Change Details | Revision Number | Release Date |
|---|---|---|
At Swallowing Technologies (Company), we understand the importance of privacy and the protection of your personal information and non-personal information. Swallowing Technologies complies with applicable laws to ensure delivery of privacy and protection.
This Privacy Policy addresses privacy with the Company’s product BiSSkApp.
BiSSkApp is intended to be used as a rehabilitation tool to support recovery of swallowing in patients with dysphagia through visualisation of muscle activity; it is to be used solely under the guidance of a qualified health care professionals.
The Privacy Policy is effective from February 2023
The Company collects both information identifiable about an individual e.g., name (Personal Information) and information that doesn’t personally identify an individual or information that has been anonymized (Non-Personal Information) for the reasons described below.
Disclosure of information by You to the Company is required for the intended use of BiSSkApp. Choosing not to permit collection of information by the Company will result in an inability to access BiSSkApp.
We collect the following Personal and Non-Personal Information.
| Personal Information | Non-Personal Information |
|---|---|
| First Name | Pin code to access Clinician Settings |
| Last Name | |
| IP Address |
We collect the following Personal and Non-Personal Information. We collect Your patients Personal and Non-Personal Information when You register them to use BiSSkApp.
| Account Registration | |
|---|---|
| Personal Information | Non-Personal Information |
| Name | Password |
| Username | |
| IP Address | |
| Patient Profile | |
|---|---|
| Personal Information | Non-Personal Information |
| Name | Random Identifier |
| Date of Birth | Rehabilitation Start Date |
| Gender | Rehabilitation End Date |
| IP Address | Reason for Rehabilitation Discharge |
The following table describes the agencies that will collect and hold the information collected.
| Name | Trade Name | Address |
|---|---|---|
| Swallowing Technologies Limited | Swallowing Technologies | Leinster Chambers, Level 1, 249 Papanui Road, Strowan, Christchurch 8014 New Zealand |
The intended recipients of the collected data will be:
| Recipient Name | Recipient Addres |
|---|---|
| Swallowing Technologies Limited | Leinster Chambers, Level 1, 249 Papanui Road, Strowan, Christchurch 8014 New Zealand |
Swallowing Technologies shall use the following Data Processors:
| Data Processor | Purpose |
|---|---|
| Swallowing Technologies | Collection of personal information and non-personal information when users register as a Clinician to use BiSSkApp. |
| Collection of personal information and non-personal information when Clinician’s create a profile for their patient so they can use BiSSkApp. | |
| AWS Amplify DataStore Data which is stored locally on the native android application. | Collection and storage of (1) patient training data, (2) users’ username and password and (3) clinician’s pin code during online and offline use of BiSSkApp. |
| AWS DynamoDB Data which is stored in the cloud. | Collection and storage of (1) clinician registration details, (2) patient profiles and (3) data from AWS Datastore so that clinicians can review and amend the patient rehabilitation program. |
| AWS AppSync Data which is processed by the cloud. | Processing of (1) clinician registration details, (2) patient profiles and (3) data from AWS DataStore to AWS DynamoDB,so that clinicians can review and amend the patient rehabilitation program. |
To enable delivery of BiSSkApp, the Company may disclose collected data to third parties such as our suppliers, consultants, and other representatives who may be based outside of Australia, New Zealand, and Europe.
The Company shall not sell or rent your Personal Information.
All information is protected against loss, unauthorised access, modification or disclosure and other misuse through security and storage.
Information provided to any parties in connection with the provision of BiSSkApp, the Company will do everything reasonably within its power to prevent unauthorised access or disclosure of the information.
If there is a violation in our security systems, leading to non-permitted access to your Personal Information, we will contact You via the contact details provided.
Our databases and third-party services (e.g., AWS) have restricted access to Company staff only who can only use your Personal or Non-Personal Information for the permitted reasons described in Section 5.
Any parties authorized by the Company to process Personal Information have demonstrated security measures which ensure full compliance with applicable data protection laws e.g., NZ IPP.
Amplify DataStore Security will clear offline data on sign-out of BiSSkApp.
DynamoDB complies with industry standards such as ISO 27001 Information security, cybersecurity and privacy protection and ISO 27701 Security techniques for privacy information management to maintain security and secure operating standards.
Personal Information collected by the Company is voluntarily provided by You. As such, the accuracy of the Personal Information we receive is dependent on what You provide.
The Company shall endeavour to ensure that any information that is incorrect is corrected and updated when specific requests to do so are made in accordance with Section 11.
Where Personal Information is disclosed to further the use of BiSSkApp, the Company shall ensure that the information is accurate, up to date, complete, relevant, and not misleading.
The Company shall not retain Personal Information for longer than is required for the purposes for which the information may be lawfully used.
You have the right to consent to the Company collecting Your Personal and Non-Personal information.
You have the right to confirm if the Company holds any Personal Information about You.
You have the right to access, correct, erase, or restrict processing of Your Personal Information at any time. A formal request shall be made in writing addressing Privacy Officer at privacy@swaltech.com
There may be instances that the Company may require additional information to confirm Your identity
The Company shall provide the information free of charge unless the request is manifestly unfounded or excessive. If the request is found to be the latter, the Company shall provide rationale for either:
There may be instances where the Company is unable to identify You. If this instance occurs, then the Company may be unable to act upon Your request.
If dissatisfied with how the Company manages your request, You have the right to lodge a formal complaint with the appropriate authority.
| Location | Authority |
|---|---|
| New Zealand | Privacy Commissioner |
You have the right to object to the processing of your Personal Information at any point in the process. Once an objection is made, the Company shall no longer process your Personal Information.
