By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Cookie Policy for more information.
PreferencesDenyAccept

Privacy Policy

Version: April, 2024

WHO ARE WE AND WHAT IS OUR MISSION

„KELVIN HEALTH” AD, having its seat and registered address at Republic of Bulgaria, Sofia 1407, 47а Cherni Vrah Blvd, floor 4, and contact address at: Sofia 1404, 105а Bulgaria Blvd, entr. G, floor 4, office 12, with UIN206127056 („Kelvin“) is a company which main activity is development and implementation of software, mobile applications and software products for medical screening, monitoring and diagnosis of cardiovascular diseases, as well as development and implementation of solutions related to artificial intelligence and machine learning for early detection of diseases

We invent an electronic diagnostic software application for precise, remote detection, diagnosis and monitoring of vascular system health problems.

For the purposes of the above, we conduct a number of scientific surveys and studies within the meaning of the Health Act and the applicable by-laws (Surveys) in collaboration with licensed medical facilities in the country and abroad (users of our software product, hereinafter called "App")

Through the App, medical specialists from the respective medical facility collect infrared thermographic images of parts of the patient's body. These images along with other health information are subjected to precise scientificanalysis.

With regard to the data of the participants in the Surveys, Kelvin is the controller of personal data, and together with the medical facility - the contractor for the Survey act as joint controllers.

WHAT INFORMATION IS COLLECTED BY OUR APP

Through the Application, Kelvin collects pseudonymized information about survey participants such as: gender, age, infrared thermographic images of body parts, limited data on the results of medical examinations performed (if any) and conclusions of medical specialists (if any).

Kelvin does not collect, access or process survey participants' individualizing personal data and contact data. The patient's personally identifiable information and contact details remain with the treatment facility and Kelvin does not have access to them.

ON WHAT GROUNDS WE COLLECT LIMITED HEALTH DATA

In order to participate in a Survey conducted in the manner described above, the data subject signs an informed consent to participate in the Survey in prior ("Informed Consent").

This is not a consent to the processing of personal data, but a consent to participate in the Survey. For the purposes of this participation and in fulfillment of the obligations under the Health Act, the medical entity conducting the Survey, on its own statutory basis (and in particular Article 6, para. 1, c) of Regulation (EU) 2016/679 /GDPR, identifies the patient by a minimum of three names and a unique civil number, then further collects, processes and creates data on the health of the respective patient, incl. performs infrared thermographic imaging of patient body parts using the Kelvin App.

The text of the informed consent to participate in the Survey also contains a notification within the meaning of Art. 13 and Art. 14 Regulation (EU) 2016/679/GDPR, which informs the patient that participation in the Survey is related to the use of our electronic App, through which a limited volume of pseudonymized health information is collected and processed.

Signed consents for participation in the Survey remain with the treatment facility - contractor for the Survey and are not shared with Kelvin.

FOR WHAT PURPOSES WE PROCESS INFORMATION

Infrared thermographic images of body parts of various patients and records collected through the App are processed for the purposes of conducting scientific Survey - testing, analysis and development of a software product for medical diagnostics; to analyze trends and publish findings or survey reports; to invent and develop new health-related software features and products.

Kelvin does not process infrared thermographic images and records for any other purpose.

SHARING AND DISCLOSURE OF INFORMATION

In all possible cases of disclosure of information by Kelvin, the information provided is pseudonymized, partial and does not reveal the identity of the patient. The latter is possible only from the medical facility - contractor for the Survey.

As a rule, Kelvin does not disclose data collected through the App with third parties for any purposes related to the interests of those third parties.

It is possible for Kelvin to disclose information in a minimal, limited volume (consistent with the specific case) to law enforcement authorities, at their express request, in the event of an investigation and/or legal pursuit of rights (of Kelvin, of a Survey participant and/or of a third party).

The above also applies in the event of a sale or transfer of assets of our company, as well as if Kelvin is part of a merger, acquisition, financial/audit review, reorganization, bankruptcy, receivership. Information from the App may then be transferred as part of such transaction, under the rules of applicable law.

If necessary and after proper settlement of rights and obligations in writing, Kelvin may share information from the Application with companies that provide services related to the correct, technically sound and lawful conduct of our Surveys. These are our partners, subcontractors, and they will be required to protect the information on our App in the same way that Kelvin keeps and protects it.

SECURITY

Kelvin pays efforts to ensure that Survey participants' information is treated securely, in controlled, restricted access systems and with physical security measures.

DATA SUBJECTS’ RIGHTS AND METHODS OF EXERCISE THEM

The Personal Data Protection Act and Regulation (EU) 2016/679/GDPR guarantee data subjects at least the following rights in relation to their personal data:

1/ Right to information

Every individual, a subject of personal data, has the right to receive information about the controller of personal data, as well as about the processing of the personal data. This information includes:

- data identifying the controller, as well as its contact details, including the contact details of its data protection officer;

- the purposes and legal basis for the processing;

- the recipients or categories of recipients of the personal data, if any;

- the controller's intention to transfer the personal data to a third party (when applicable);

- the period of storage of personal data;

- the existence of automated decision-making, including profiling (if any);

- information about all the rights that the subject has, incl. the right to appeal to the supervisory authority.

The information is not provided if the data subject already has it.

Since the relations between the participants in the scientific Survey and Kelvin are carried out through the medical institution - the contractor of the relevant Survey (and not directly), it is the medical institution that is the party that exercises the information according to the above text.

2/ Right of access

As a rule, when a written request for information is made by a data subject, the personal data controller, together with its data protection officer, carries out the necessary verification and provides a response with the required information within 14 (fourteen) days, but not more later than 30 (thirty) days from the date of receipt of the request. If necessary, this period can be extended, taking into account the complexity and number of requests from a certain person. The controller informs the data subject of any such extension within one month of receiving the request, indicating the reasons for the delay. The request must contain identification of the person (three names and social security number for Bulgarian citizens, and for all other persons - citizens of other EU member states - names and date of birth), description of the request, preferred form for providing access to personal data, signature, date, email, correspondence address and power of attorney. The request shall be filed in a separate inbound register of the controllerand may be submitted electronically, on-site at an office of the controller, by post at the controller business address.

The reference is provided in one copy, free of charge. For additional copies requested by the data subject or in the case of excessive requests by the subject, especially due to their repetition, the controller may charge a reasonable fee equal to the administrative costs incurred.

When providing a copy of personal data, the controller may not disclose the following categories of data: third parties personal data, unless they have expressed their express consent to this; data that constitutes a trade secret, intellectual property or confidential information; other information that is protected under applicable law.

The reasonableness and excessiveness of a request is assessed on a case-by-case basis by the controller.

In case of refusal to grant access to personal data, the controller shall justify his refusal and inform the data subject of his right to file a complaint with the supervisory authority.

Kelvin brings to the attention of data subjects that due to the objective impossibility of identifying the subject because it does not access his personally identifiable data, it is objectively impossible for Kelvin to provide references to access requests. Requests for access should be directed by the data subject to the medical institution - performer of the scientific Survey, which (medical institution) is able to identify the subject and provide the requested reference.

3/ Right to rectification

Data subjects may request that their personal data processed by the personal data controller be rectified in case the latter is inaccurate or incomplete. In the case of a satisfied request for correction of personal data, the controllershould notify the third parties - the recipients of data, to whom such data were disclosed. The right to correction is exercised by sending a written request to the controller.

Due to the objective impossibility to identify the subject, because it does not have access to his personally identifiable data, it is objectively impossible for Kelvin to carry out correction of specific data. Requests for rectification should be directed by the data subject to the medical facility performing the scientific Survey, which (medical facility) is able to identify the subject and make the correction directly in the Kelvin App.

4/ Right to data portability

Any personal data subject has the right to request from the personal data controller to prepare the data in a structured, widely used and machine-readable format and transfer them to another controller when the processing is based on consent or on a contractual basis obligation and the processing is carried out in an automated manner.

In the hypotheses of the scientific Surveys, the processing of patients’ data is based on the fulfillment of a legal obligation.

5/ Right to erasure (right to be forgotten)

Any personal data subject has the right to make a written request for deletion of his/her data, the so-called "right to be forgotten" if one of the following conditions is met:

- the person's personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

- the data subject withdraws his consent if the data processing is based on consent and there is no other legal basis for the processing;

- the data subject objects to the processing and there are no overriding legal grounds for the processing;

- the personal data were processed illegally;

- personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the controller;

- the personal data were collected in connection with the provision of information society services to children and the consent was given by the bearer of parental responsibility for the children.

Due to the objective impossibility of identifying the data subject, because it does not have access to his/herpersonally identifiable data, it is objectively impossible for Kelvin to perform the deletion of data. Requests for erasure should be directed by the data subject to the medical facility - contractor of the scientific Survey, which (medical facility) is able to identify the subject and carry out data deletion directly in the Kelvin App.

Kelvin only processes pseudonymised information, which it deletes when it is no longer necessary for the purposes stated above.

Kelvin's obligation to delete information initially obtained through the App does not extend to software, data models or anonymized data sets in which the individual cannot be identified.

6/ Right to request restriction of processing

Any personal data subject has the right to request restriction of the processing of his personal data by the controllerin the following cases:

- the accuracy of the personal data is contested by the data subject. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of the personal data;

- the processing is unlawful, but the data subject does not want the personal data to be deleted, but instead requires the restriction of its use;

- the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;

- the data subject has objected to the processing pending verification of whether the legitimate grounds of the controller prevail over the interests of the data subject.

The written request for restriction of processing (to be regular) must contain individualizing data of the subject, which Kelvin does not have. Therefore, in order for such a request to be fulfilled, it should be directed to the medical facility - executor of the Survey.

7/ Right to object to the processing of personal data

The data subject has the right to object to the processing of his personal data by the controller if the data is processed on one of the following grounds:

- the processing is necessary for the performance of a task of public interest or in the exercise of official powers granted to the controller;

- the processing is necessary for purposes related to the legitimate interests of the controller or a third party;

- data processing includes profiling.

Upon receipt of such a request, the controller shall terminate the processing of personal data, unless it proves that there are compelling legal grounds for its continuation that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims .

To the extent that Kelvin does not have individualizing data of individuals, there is an objective obstacle for the controller to process and fulfill such a request from a data subject.

8/ Right of the data subject not to be subject to a decision based solely on automated processing, including profiling

The right is exercised with a written request addressed to the address of management of the relevant personal data controller. The written request (to be regular) must contain individualizing data of the subject, which Kelvin does not have. Therefore, in order for such a request to be fulfilled, it should be directed to the medical facility - executor of the Survey.

9/ The data subject's right to file a complaint with the Commission for Personal Data Protection

In the event of a violation of the rights of the data subject or the applicable legislation on the protection of personal data, the subject has the right to submit a complaint to the Commission for Personal Data Protection or to the relevant Data Protection Authority (Data Protection Authority) in the relevant country.

More information about the supervisory authority of the Republic of Bulgaria - the Commission for Personal Data Protection is to be found at www.cpdp.bg .

In addition to the above, any personal data subject has the right to be notified, and the controller is obliged to notify the subject, in the event of a breach of the security of his personal data and when this breach is likely to create a high risk for the rights and the freedoms of the data subject. The notification should be made without undue delay after its discovery and contain a description of the nature of the personal data security breach, indicating the nature of the breach, the name and contact details of the data protection officer, the consequences of the breach and the measures taken measures by the controller to deal with the breach and to reduce any adverse consequences.

As Kelvin does not have identifying information about data subjects (including their contact details), it is objectively impossible for Kelvin to send individuals notifications.

KELVIN CONTACTS FOR PERSONAL DATA MATTERS

Pursuant to Art. 37, para. 1, c) of Regulation (EU) 2016/679/GDPR Kelvin has designated a data protection officer as follows:

Boryana Valentinova

mobile: 00359878771920,

e-mail: info@kelvin.health

address: Sofia 1404, 105а Bulgaria Blvd, entr. G, floor 4, office 12,

UPDATES TO THIS POLICY

Kelvin may revise this Privacy Policy and publish updated versions when new grounds, new purposes and/or new technical solutions for processing, protecting and sharing information arise.

For SpecialistsAbout UsNews & MediaContact
© 2020 Kelvin Health Inc. All rights reserved
Terms Of UsePrivacy Policy