Skip to main content

BiSSkApp Privacy Policy

1         Revision History and Change Details

Change Details Revision Number Release Date
Updated for latest architecture and business changes 01 August-2024
Initial Release 00 October-2023

2         Introduction

At Swallowing Technologies (Company), we understand the importance of privacy and the protection of your personal information and non-personal information. Swallowing Technologies complies with applicable laws to ensure your privacy is protected.

3         Purpose

This Privacy Policy addresses privacy within the context of the BiSSkApp service.

BiSSkApp is intended to be used as a rehabilitation tool to support recovery of swallowing in patients with dysphagia through visualisation of muscle activity; it is to be used solely under the guidance of a qualified health care professional.

4         Effective Date

The Privacy Policy is effective from August 2024.

5         What data do we collect and why do we collect it?

The Company may collect identifiable information about an individual e.g., name (Personal Information), as well as non-identifiable or anonymized information (Non-Personal Information) for the reasons described below.

Disclosure of information by You to the Company is required for the intended use of BiSSkApp. Choosing not to permit collection of information by the Company will result in an inability to access BiSSkApp.

5.1       Clinician Details

We collect the following Personal and Non-Personal Information from Clinician users.

Personal Information Non-Personal Information
Name Password
Username PIN to access Clinician Settings
Email
IP Address

 

We collect Your Personal and Non-Personal Information when You register as a Clinician with BiSSkApp.

5.2       Patient Details

We collect the following Personal and Non-Personal Information from Patient users. We collect Your Patient’s Personal and Non-Personal Information when You register them to use BiSSkApp.

 

Personal Information Non-Personal Information
Sex Random Identifier
Gender Identity* Rehabilitation Start Date
Medical Diagnosis Rehabilitation End Date
Date of Birth Reason for Discharge
IP Address Password

* This field is optional.

5.3       Cookies

We use Cookies so that we can enable You to be automatically logged into the Web Application between uses.

We use Cookies to collect information as described below.

Cookies
Name Purpose
Access Token Authorise API operations.
ID Token Used to authenticate users and contains information such as name, username, and email.
Refresh Token Refreshes Your Access and/or ID tokens when they expire.
Last Auth User Used to maintain the username of the user that was last authenticated in the browser.

 

6         Who Will Collect and Hold Information?

The following table describes the agencies that will collect and hold the information collected.

Name Trade Name Address

Swallowing Technologies Limited

 

Swallowing Technologies

58 Langdons Road,

Papanui,

Christchurch 8053,

New Zealand

 

7         Who Will Have Access to the Information?

The intended recipients of the collected data will be:

Recipient Name Recipient Address

Swallowing Technologies Limited

 

58 Langdons Road,

Papanui,

Christchurch 8053,

New Zealand

 

Swallowing Technologies shall use the following Data Processors:

Data Processor Purpose
Swallowing Technologies Collection of personal information and non-personal information when users register as a Clinician to use BiSSkApp.
Collection of personal information and non-personal information when Clinicians create a profile for their patient so they can use BiSSkApp.

AWS DynamoDB

Data which is stored in the cloud.

Collection and storage of (1) patient training history for clinical review, (2) patient profiles for clinical review and amendment of rehabilitation program, (3) users’ username and password for authorisation, (4) clinician’s PIN for authorisation, and (5) clinician registration details.

AWS Cognito

Data which is collected, processed and stored in the cloud.

Collection, processing, and storage of (1) username, (2) email, and (3) password when a user registers or signs into their profile.

AWS CloudWatch

Data which is collected and stored in the cloud.

Collection and storage of all event data and event logs e.g., user sign-in, administration tasks.

Sentry

Data which is collected and stored in the cloud.

Collection and storage of error and crash data for quality assurance purposes.

 

To enable delivery of BiSSkApp, the Company may disclose collected data to third parties such as our suppliers, consultants, and other representatives who may be based outside of United States, Australia, New Zealand, and Europe.

The Company shall not sell or rent your Personal Information.

8         Protection of Information

All information is protected against loss, unauthorised access, modification or disclosure and other misuse through secure storage and access control mechanisms.

Information provided to any parties in connection with the provision of BiSSkApp, the Company will do everything reasonably within its power to prevent unauthorised access or disclosure of the information.

If a violation of our security policies is detected that leads to unauthorised access to your Personal Information, we will contact You via the contact details provided.

8.1       Swallowing Technologies

Our databases and third-party services (e.g., AWS) have restricted access to Company staff only who can only use your Personal or Non-Personal Information for the permitted reasons described in Section 5.

Any parties authorised by the Company to process Personal Information have demonstrated security measures which ensure full compliance with applicable data protection laws e.g., NZ IPP.

8.2       AWS Services

AWS comply with industry specific standards such as ISO 27001, ISO 27017, ISO 27018, ISO 27701 and SOC 1, 2 and 3 reports.

9         Accuracy of Information

Personal Information collected by the Company is voluntarily provided by You. As such, the accuracy of the Personal Information we receive is dependent on what You provide.

The Company shall endeavour to ensure that any information that is incorrect is corrected and updated when specific requests to do so are made in accordance with Section 11.

Where Personal Information is disclosed to further the use of BiSSkApp, the Company shall ensure that the information is accurate, up to date, complete, relevant, and not misleading.

10    Retention of Personal Information

The Company shall not retain Personal Information for longer than is required for the purposes for which the information may be lawfully used.

11     Information Rights

You have the right to consent to the Company collecting Your Personal and Non-Personal information.

You have the right to confirm if the Company holds any Personal Information about You.

You have the right to access, correct, erase, or restrict processing of Your Personal Information at any time.

A formal request shall be made in writing addressing Privacy Officer at privacy@swaltech.com

There may be instances that the Company may require additional information to confirm Your identity.

The Company shall provide the information free of charge unless the request is manifestly unfounded or excessive. If the request is found to be the latter, the Company shall provide rationale for either:

  1. Charging You for the request to account for administrative costs of providing the information.
  2. Refusing to act on Your request.

There may be instances where the Company is unable to identify You. If this instance occurs, then the Company may be unable to act upon Your request.

If dissatisfied with how the Company manages your request, You have the right to lodge a formal complaint with the appropriate authority.

Location Authority
New Zealand Office of the Privacy Commissioner
Australia Office of the Australian Information Commissioner
United States U.S. Department of Health and Human Services

 

You have the right to object to the processing of your Personal Information at any point in the process. Once an objection is made, the Company shall no longer process your Personal Information.