Insulia® app data and privacy policy

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using the Insulia App, requesting services from us and/or confirming your consent to the way we process data, you are accepting and consenting to the practices described in this policy.
This policy sets out the basis on which any personal data we collect from you, or that you (or others) provide to us, will be processed by us.
The data controller is Gateshead Health NHS Foundation Trust/Newcastle Gateshead Clinical Commissioning Group
Trust: Daren Rigg – Darren.rigg1@nhs.net
CCG: Sam Hood – samanthahood@nhs.net
The Insulia App is owned and operated by Voluntis SA of 58 Avenue de Wagram, 75017 Paris, France and is made availble under the Insulia App Terms of Use.

Sources of information

We collect and process information provided by:

  • you;
  • healthcare professionals and;
  • automatic transfer from a measurement device.

Information collected by the Insulia App

We will collect and process the following information:
All users:

  • name and surname;
  • e-mail address;
  • telephone number;
  • address/workplace;
  • connection/user ID; and
  • logs of system access and use.

Patient data:

  • name and surname;
  • gender;
  • e-mail address;
  • date of birth;
  • telephone number;
  • Insulia App licence activation and expiration dates;
  • identifiers relating to the Insulia App licence, smartphone and internet connection; and
  • health information including details of disease type and status, treatments and doses, blood analysis results (including HbA1c and glucose levels), patient weight and other information relevant to the use of the Insulia App.

Uses made of personal data (Authorised Processing)

The Insulia App uses the above information in order to:

  • generate suggested doses of insulin and educational coaching messages based on blood glucose values;
  • capture, store and transmit diabetes-related healthcare information, enhance data management, display reports and graphs to aid the patients and practitioners with the review, analysis, and evaluation of patient data in order to support effective diabetes management;
  • the information collected in the Insulia App will be retained for a period of 10 years following the last use of the app, in order to enable Voluntis to comply with its legal and regulatory obligations, and such historic information will only be used for those purposes; and
  • produce sets of anonymised data by removing information linking the information to identifiable individuals and combining the information with anonymised data from other users, such anonymised data may be used by Voluntis in order to improve the Insulia App and will be held with strict controls in place to ensure that the information cannot be used in order to identify individuals.

The legal basis for using your data

We rely upon the following grounds in order lawfully to process your personal data (including information relating to your health):

  • the processing is necessary for the purposes of preventative medicine, medical diagnosis, the provision of health care or treatment or the management of health care systems and services and/or pursuant to contract with a health professional; and those undertaking the processing are subject to a binding obligation of confidence in relation to that data;
  • As a patient have consented to the processing; and
  • As a professional the processing is being undertaken at your request pursuant to a contract under which you have been granted rights to use the Insulia App.

Recipients of information

The personal data contained in the above information will be used and shared in the following manner:

  • you may access your own personal data recorded within the App;
  • your prescribing physicians and healthcare team may access your personal data recorded within the App in order to support your care;
  • CLARANET, acting as subcontractor for Voluntis to host your data on their secured servers in France;
  • Voluntis and its sub-contractors may access the entire data-set, including your data recorded within the App to the extent reasonably necessary:
  • in connection with the Authorised Processing;
  • in order to manage your user account and its own records; and;
  • to support and maintain the Insulia App (including providing maintenance and support services to you and/or your healthcare team);
  • In order to improve the App and associated services; and
  • in order to comply with their legal and regulatory obligations.

Voluntis’s staff are subject to a binding obligation of confidence and will only access any personal data in accordance with the uses of the data outlined above. The sub-contractors and their staff are likewise subject to binding obligations of confidence and will only access any personal data in accordance with the uses of the data outlined above.

No information containing your personal data will be transferred outside the European Economic Area or the United Kingdom.

Security of Information

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share your password with anyone.

Information shared with your prescribing clinician and healthcare team and stored on their systems will be held in accordance with the security measures they have in place.

Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, it will be held in accordance with the measures outlined above.

Your rights

You have the right:

  • to request a copy of the personal data that we hold about you;
  • to have any incorrect data that we hold about you rectified;
  • to have the personal data that we hold about you erased (subject to any overriding requirements) and/or to have the processing of such data restricted in line with your rights under the General Data Processing Regulation;
  • to request that the personal data we hold about you is provided to you (or your nominee) in a standard format;
  • where our processing of your data is based upon consent, to withdraw such consent at any time or to limit the processing;
  • to lodge a complaint with regard to our processing of your personal data with the relevant supervisory authority, the Information Commissioner (please see: https://ico.org.uk/)
    The Information Commissioner can be contacted at
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF;
  • If you wish to exercise any of the above rights, please contact our Data Protection Officer : privacy@insulia.com
    Service protection des données personnelles
    Voluntis
    22 Quai Gallieni
    92150 Suresnes, FRANCE

Furthermore, you have the right to ask us not to process your personal data for marketing purposes. We will inform you (before using your data in this way) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can also exercise the right at any time by contacting us at privacy@insulia.com.

Changes to this Privacy Policy

Any changes we make to this Privacy Policy in the future will be posted here and, where appropriate, notified to you by e-mail or other electronic means. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to privacy@insulia.com.