Privacy Policy
Last updated: October 3, 2024
Pal, operating under the official name Amie Technologies B.V. (hereinafter referred to as “amie”, “Pal”, “we,” “us,” and “our”) is a digital care app, aiming to help individuals with life-limiting illnesses and their family caregivers to deliver better at-home care.
Our Privacy Policy (hereafter referred to as “Privacy Policy”) is designed to help you understand how we collect, use and share your personal information and to assist you in exercising the privacy rights available to you.
This Privacy Policy covers the personal information we collect about you when you use our products or services, or otherwise interact with us, including on our public website at www.palhelps.com (the “Website“), on our mobile app accessible on the App Store and on Google Play, accessible through app.palhelps.com (the “App”), and on our beta and other products (collectively, “Services”).
For the purposes of this Privacy Policy, “Personal Data” refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
For purposes of the Privacy Policy, “you” and “your” means you as the user of the Service, and the “Care Recipient” means the person for whom you are using our Services to care for. The Care Recipient may be you or someone else. Our App is built around a Care Recipient’s profile. When you create an account, you will also automatically create a Care Recipient profile for yourself or someone you are caring for. You as a User, and the Care Recipient’s profile, collectively shape a care team, referred to as “Care Team.”
For the purposes of this Privacy Policy, “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
For the purposes of this Privacy Policy, “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
This policy also explains your choices surrounding how we use your personal information, which includes how you can object to certain uses of the information and how you can access and update certain information. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By engaging with our Services, you confirm that you have read, understood, and agreed to this Privacy Policy.
If you have any queries or objections about any of the ways we use your personal data, please contact us.
1. Personal Information we collect
We are committed to the GDPR principle of data minimisation, and only collect the personal data that we need to be able to provide our services to you. We collect personal information when you provide it to us, when you use our Website, App or Services, and when other sources provide it to us, as further described below. We regularly review our data collection practices to ensure they are necessary and proportionate.
A. Information You Provide to Us
Your Communications with Us: We collect personal information from you such as email address when you request information about our Services, register for our newsletter, subscribe to our service, participate in discussion boards or other social media functions on or via Pal, enter a survey, submit a query, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.
App entries: We collect personal information and details about yourself, as an App user, and a Care Recipient profile that you share with us through the App. By creating an account, and automatically creating a Care Recipient profile as an extension, and voluntarily adding personal details of anybody other than yourself, you are confirming that you have received their authorisation and permission to share their personal information with us.
Personal information of you or the Care Recipient may include name, gender, country of residence, birth year, diagnosis, prognosis, relationship to the Care Recipient and personal profile photos. We also collect any entries that you may add on the App, including but not limited to symptoms, their severity and notes, tasks, their details and notes, journal entries, their details and notes, as well as other information you choose to provide, and that may be associated with your account on the App.
You may also at any time share your App entries with other users, by inviting them to your Care Team, or sharing the URL for your Pal Calendar with them. In doing so, you confirm that you have received authorisation and permission from the Care Recipient and other users in the Care Team to share the Care Recipient’s personal information with them. All users and members of the Care Team will be able to access and view your app entries, will be able to invite and provide access to other users to join the Care Team, and can only leave the Care Team, by deleting their account voluntarily.
You are encouraged to review your personal information regularly for accuracy. The app provides features that allow you to confirm your entries before submission and to edit their information at any time to ensure its accuracy.
Any health information, including but not limited to diagnosis, prognosis and symptoms, is classed as sensitive personal data and we ensure safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive personal data is your consent. You can withdraw your consent at any time – for more information please see “Your privacy rights” below.
Surveys: We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
Interactive Features: We may offer interactive features such as forums, blogs, chat and messaging services, and social media pages. We and others who use our Website or Services may collect the information you submit or make available through these interactive features. Any content you provide via the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the personal information provided by you may be viewed and used by third parties for their own purposes.
Job Applications. We may post job openings and opportunities on the Website or Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
B. Information Collected Automatically
We keep track of certain information about you when you visit and interact with our Website, App or Services.
This automatically collected data may include:
- Technical Information: Your Internet Protocol (IP) address, browser details, operating system, device identifiers, mobile carrier, MAC address, cookie identifiers, and location information (inferred from your IP address).
- Usage Data: Details about your interactions with the Website, App, or Services, including pages visited, time spent on each page, links clicked, page response times, download errors, and any phone numbers used to contact customer support.
Cookies, Pixel Tags/Web Beacons, and Analytics Information: We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Website, App or Services. Technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services. The storage period for these Technologies varies:
- Cookies: Stored on your device for a specified period depending on the type of cookie (session or persistent). You can manage your cookie settings via your browser settings.
- Pixel Tags/Web Beacons: Used to track the effectiveness of our marketing campaigns and are deleted after a specific period.
- Local Storage: Data stored locally in your browser and retained until you delete it.
You can control and manage these Technologies through your browser settings or via our Cookie Manager.
Analytics: We may also use third-party service providers to collect and process analytics and other information on our Website or Services. Our Services may also contain links to other websites or applications. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of those third parties to understand their practices regarding your personal data. We are not responsible for the privacy practices or content of such third-party services. These third-party service providers may use cookies, pixel tags, web beacons or other storage technology to collect and store analytics and other information.
C. Information from Other Sources
We may obtain information about you from other sources, including through third-party services and organisations. For example, if you access our Website, App or Services through a third-party application, such as a social networking site or a third-party login service, we may collect information about you from that third party that you have made available via your privacy settings.
2. How we use your information
We use your personal information for a variety of purposes, including to:
Provide the Services or Requested Information, such as:
- Fulfilling our Services;
- Setting up and administering your account with us;
- Process the Care Recipient’s health data to allow you to log health information about the Care Recipient’s symptoms including severity, frequency, time, and notes;
- Identifying and communicating with you, including providing newsletters and marketing materials;
- Managing your information;
- Responding to your questions, comments, and other requests;
- Providing access to certain areas, functionalities, and features of our Services; and
- Answering your requests for customer or technical support.
Serve Administrative and Communication Purposes, such as:
- Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
- Sending communications about new product features, promotions, Pal’s strategic partners, and other news about Pal;
- Measuring interest and engagement in our Services, including analysing your usage of the Services;
- Enhancing functionality and user experience, by analysing user interactions with our Services;
- Developing new products and services and improving the Services;
- Ensuring internal quality control and safety;
- Authenticating and verifying individual identities;
- Carrying out audits;
- Communicating with you about your account, activities on our Services and Privacy Policy changes;
- Preventing and prosecuting potentially prohibited or illegal activities;
- Enforcing our agreements; and
- Complying with our legal obligations;
Marketing of Products and Services: We may use personal information to tailor and provide you with content and advertisements. If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us.
Consent: We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
De-identified and Aggregated Information Use: We may use personal information and other data about you to create de-identified and/or aggregated information. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
3. Disclosing your information to third parties
We may share your personal information with the following categories of third parties:
Service Providers: We may share any personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) customer service activities; and (v) the provision of IT and related services.
Currently, we use the following Service Providers for (i), (ii), (iv), and (v):
- Amazon Web Services (AWS): Used for cloud storage and hosting of personal data to ensure secure and reliable data management.
- Apple: Used for app distribution through the App Store and related services for iOS devices.
- Google: Used for app distribution, analytics, and marketing services, including through Google Play.
- Mailerlite: Used for email marketing and managing communication with users.
- NewRelic: Used for performance monitoring and diagnostics of the app and its services.
- Retool: Used for internal application management to provide operational support and develop internal tools.
- Sentry: Used for error tracking and bug reporting to improve the app’s stability and functionality.
- Typeform: Used for collecting feedback through surveys and questionnaires.
- Webflow: Used for website design and hosting of certain sections of the company’s site, the App library.
- WordPress: Used for website management and hosting of Pal public website.
Business Partners: We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.
Affiliates: We may share personal information with our affiliated entities.
Advertising Partners: We do not share your information, including personal information, to advertise any third party’s products or services via the Services. We may use and share your personal information with third-party advertising partners to market our own Services and grow our Services’ user base, such as to provide targeted marketing about our own Services through third-party services. If you prefer not to share your personal information with third-party advertising partners, you may follow the instructions below.
We may share your personal information with other third parties, including other users, in the following circumstances:
Disclosures to Protect Us or Others: We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfer: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
4. International Data Transfers
All information processed by us may be transferred, processed, and stored in a variety of locations, including cloud services provided by Amazon Web Services (AWS), which may process and store data in regions outside your country of residence, such as the Netherlands, the United Kingdom, and the United States. To ensure your data is protected, we endeavour to safeguard your information consistent with the requirements of applicable laws.
Some data is stored locally on your device to enable functionality within the app. Users also have the option to manually export their data, through downloading reports, and once exported, it is their responsibility to manage and store it securely.
5. Your Choices
General: You may have the right to object to or opt out of certain uses of your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
Email Communications: If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).
Mobile Devices: We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. With your consent, we may also collect precise location information if you use our Apps. You may opt out of this collection by changing the settings on your mobile device.
6. Your Privacy Rights
Depending on your location and in accordance with applicable laws, you may have the following rights regarding your personal data:
-
Request access: You have the right to request access to the personal information we hold about you. You may also request to receive a copy of your electronic personal information in a structured, commonly used, and machine-readable format.
-
Request correction: You have the right to request that we correct any inaccuracies or incomplete information in your personal data.
-
Request deletion: You have the right to request the deletion of your personal information when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
-
Request restriction or object to processing: You have the right to request the restriction of processing of your personal data in certain circumstances or to object to the processing of your personal data, including the right to opt in or opt out of the sale of your personal information to third parties.
-
Request data portability: You have the right to request that we transfer your personal data to another organisation or directly to you, where technically feasible, in a structured, commonly used, and machine-readable format.
-
Right to not be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. If such processing occurs, you have the right to request human intervention, express your point of view, and contest the decision.
- Not be discriminated against: You will not be discriminated against for exercising any of these rights.
To exercise any of these rights, please contact us as set forth below, in section 14. We will process such requests in accordance with applicable laws, and respond to your request within two to fourteen business days, although this period may be extended for complex requests. To protect your privacy, we will take steps to verify your identity before fulfilling your request, such as by requiring you to submit your request via your account.
Please note that there are certain exceptions to these rights. For example, we may not be able to delete your personal data if it is necessary for compliance with a legal obligation or if it is needed for the establishment, exercise, or defense of legal claims.
You can manage your consent and communication preferences in the following ways:
- Email Communications: Adjust your settings in the app, or use the unsubscribe link in our marketing emails to opt-out.
- App Notifications: Adjust your settings in the app or on your device.
- Cookies and Tracking Technologies: Manage your preferences through our Cookie Manager or browser settings.
We are committed to ensuring that our practices comply with the General Data Protection Regulation (GDPR) 2018. We uphold your rights regarding your personal data, including the rights to access, correct, delete, and restrict the processing of their information. We also ensure that personal data is processed lawfully, fairly, and transparently.
7. Data Retention
We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfil the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
Users have the option to delete their accounts directly from the App. If they are part of a Care Team, they have the choice to retain logged data to assist their Care Team. Once a User deletes their account, their information will be permanently erased from our system, or it will be modified so it no longer identifies the User. Please note that this process may take up to 30 days.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected and as required by applicable laws. Retention periods vary depending on the type of data.
8. Security of your Information
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy.
We use the S3 storage service under Amazon Web Services (AWS) to store files, such as profile pictures. All other sensitive data is stored in a PostgreSQL database hosted and managed by AWS using their RDS service. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption both in transit and at rest, access controls, regular security audits, and staff training on data protection, ensuring that all personal information is encrypted in transit between the device and any external storage host. AWS complies with industry-standard security certifications, including ISO 27001. While we strive to protect your personal data, we cannot guarantee its absolute security. To the fullest extent permitted by applicable law, we do not accept liability for unauthorised disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security breach that affects your personal data, we may attempt to notify you electronically by posting a notice on the Services, by mail, or by sending an email.
In the event of a data confidentiality breach, we follow a structured process to mitigate the impact. Upon detecting or being notified of a breach, we will promptly:
- Investigate the breach to determine its nature, scope, and the data affected.
- Contain the breach to prevent further unauthorised access, use, or disclosure.
- Assess the risks to individuals whose data may have been compromised, including potential harm or impact.
- Notify affected users if their personal data has been compromised, in accordance with legal requirements. Notifications will include details of the breach, the data affected, and steps users can take to protect themselves.
- Take corrective actions, such as enhancing security measures and conducting audits to prevent future breaches.
We will also report the breach to relevant supervisory authorities as required by applicable laws and regulations.
9. Third-Party Websites/Applications
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact to help you understand their practices regarding your personal data. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
10. Children’s Information
The Services are not directed to children under 16 (or other ages as required by local law), and we do not knowingly collect personal information from children. If the Care Recipient profile of your Care Team belongs to a child who is under 16, by adding their personal information, you are confirming that you are their parent or sole guardian or have the legal authority to share their personal information with us.
If you believe we have collected such information without consent or if you learn that your child has provided us with personal information without your consent, please contact us immediately, so we can take steps to delete the information. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
11. Supervisory Authority
If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
12. Accessibility
We are committed to ensuring our Privacy Policy is accessible to all users, including those with disabilities. If you require this Privacy Policy in an alternative format, please contact us and we will provide the information in a suitable format.
13. Changes to Our Privacy Policy
We may revise this Privacy Policy from time to time at our sole discretion. We encourage you to review our Privacy Policy to stay informed.
If there are any changes to the purposes for which we collect and process your personal data, we will update this Privacy Policy accordingly.
If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. Where the lawful basis for processing is user consent, we will re-obtain your consent before any such changes are applied.
14. Contact Us
If you have any questions about our privacy practices or this Privacy Policy, please contact our data protection officers in one of these ways:
Nara Moripen is the data protection officer and data controller of the personal data processed under this policy.