Home Andaman7 privacy policy

Andaman7 privacy policy

Andaman7 privacy policy

Table of contents

Cookies policy

For our cookies policy, see Andaman7 Cookie Policy (current, shared)

Confidentiality commitment

As part of the use of the Andaman7 application (hereafter referred to as A7), A7 Software (the company, hereafter referred to as A7S) processes various data and is therefore responsible for this processing. The contact details of the data controller can be found at the end of the document.

This policy covers both the processing of medical data and the processing of non-medical personal data.

A7S attaches great importance to the protection of its users' data and has modified its confidentiality commitment following the implementation of the General Data Protection Regulation. (GDPR).

On May 25, 2018, the General Data Protection Regulations came into force.

This new regulation replaces the law of 1992-12-08 on the processing of personal data and ensures that people have more information and control over the use of their data by organizations.

The law applies to all European citizens. However, A7S believes in the importance of privacy protection and therefore applies this regulation to all of its users.

The objectives of this new regulation are:

  • To grant more protection and visibility to citizens regarding the use made of their personal data and to make companies processing such data more responsible.
  • Harmonize the way personal data is processed in Europe in order to protect the fundamental rights and freedoms of individuals within the EU.
  • Improve the level of cyber defense of companies.

Using your data in Andaman7

Your medical data

When you enter medical data into A7, the data resides only on your smartphone (and in any backups you create). Your medical data is not stored on A7S servers and A7S does not have access to your data. In accordance with the Regulation on data protection with regard to personal processing (specifically Article 9 on personal data relating to health), your medical data are only processed by A7S servers within the framework of 'an explicit relationship of trust created by you and with third parties within your' Circle of Trust 'such as parents, doctors, other healthcare professionals or organizations (hereafter “users”). The addition of third parties in the circle of trust is always initiated or explicitly accepted by the user. The intervention of A7S is limited to the exchange of data between you and the members of your circle of trust. The circle of trust is initially empty and there is no active synchronization by default, following the principles of “data protection by design and default ”. The addition of a member to the user's circle of trust is always at the user's initiative or expressly approved by him (explicit consent).

When data sending is activated by a user, medical data is encrypted during transfer between consenting users. The A7 mobile application connects directly to the A7S secure servers via an encrypted communication channel. While waiting for the recipient to connect to the A7S servers, the data is temporarily stored on A7S servers in encrypted form. When the recipient connects to the A7S servers, data is received through an encrypted communication channel. The temporarily stored encrypted data is then immediately deleted and no medical data remains on the A7S servers (no encrypted medical data is stored in the cloud).

Medical data remains the property of the user and is by default only stored on his device (s). The user deciding to share their data must do so in accordance with local rules and laws. Data backup is the responsibility of the user.

In order for User A to send their data to User B, User A must send a request to User B to agree to receive their data (the request is sent automatically when User A sets up a sharing link to user B). User B must then accept said request before receiving any data. The procedure must be carried out again in the other direction so that user B can share his data with user A. In other words, the effective exchange of medical data takes place only after the explicit consent of the two users (User A's Send Agreement and User B's Receive Agreement). This link can be broken at any time by either of the two users. Data can be exchanged unilaterally if necessary (it is not mandatory to exchange them bilaterally).

If the A7 application is deleted by user A, all their data, both medical and non-medical, will be deleted from their device. If the application is reinstalled later (on the same device or on another), entering the username and password of user A will allow the recovery of non-medical personal data stored on A7S servers. . If sharing links had been established from other users (B, C ...) to user A, users B, C ... will automatically send back to user A the medical data they hold on the latter (thus allowing partial or total recovery of user A's data, depending on the data that users B, C ... had on their devices).

If user A restores their device from their own backups, all data will be restored.

However, A7S reminds you that medical data can constitute sensitive data. Outside of the medical profession subject to professional secrecy, you are advised to only share your medical data with people you can trust.

Your non-medical personal data

What personal data is held by A7S

The personal data collected in the context of the use of A7 are as follows: all the fields filled in during your registration and in particular your name, first name, gender , age, email, address, nationality, national number, telephone number, language, organ donor, IP address, type of mobile device used ... You will find the exhaustive list of these non-medical personal data in the interface “Other” of the application. The latter depends directly on the fields that you have completed in the application. Therefore, only complete the fields that you agree to share with A7S.

What is the legal basis for data processing

The data is only processed by virtue of your express consent to this privacy policy.

What your non-medical personal data is used for

  • For your research of other A7 users. By default, each user is visible to all others. However, each user can decide to hide by deactivating the option in the application settings.
  • To enable us to establish general coded and anonymized data statistics: number of users, number of countries using the app, female / male use, demography.
  • To improve our products or services or to send important information about the use of A7 to our users (subscription to our newsletter is separate).
  • For sending our newsletter if you have decided to subscribe to it.

By providing personal data and choosing to share it with your community, you give A7S your express authorization to process this information to the extent that it is necessary for the purposes indicated above.

If A7S processes personal data for other purposes, incompatible with the purposes for which they were initially collected (the new purpose is not described in the initial information notice and the data subject can only guess what their personal data will also be processed for this new purpose), A7S will take all necessary measures to process such data lawfully and inform the data subject.

A7S can provide the information on both a collective and individual basis and will always ensure that it is written in understandable and simple language.

A7S may modify this commitment at any time, which will be announced and effective in conjunction with the update of the application.

Where is your personal non-medical data stored?

The non-medical personal data described above are stored on servers belonging to the company A7S and located in Europe. We plan to have additional servers in other parts of the world to comply with the requirements of upcoming regulations.

Are your non-medical personal data processed by subcontractors?

Yes, A7S can ask a subcontractor to process personal data exclusively on behalf of A7S and on the latter's instructions. A7S contractually ensures that the subcontractor cannot process this data for own purposes independent of the purposes for which A7S uses the subcontractor.

What are your rights regarding the use of your personal non-medical data held by Andaman7?

You have a right of access, a right to be forgotten, a right of rectification, a right to limit processing, a right to portability, a right of opposition .

How long are your non-medical personal data kept?

Your personal non-medical data is kept as long as you have not informed A7S of your decision to no longer use A7 permanently.

Confidentiality and integrity

The company adopts the technical and organizational measures required to ensure that the processing of personal data is always carried out with the appropriate guarantees to protect the data against unauthorized access or unlawful processing and against loss, destruction or harm. accidental damage. Andaman7 was built on the principles of "security by design and privacy by default".

How to assert your rights

The person concerned can exercise their rights by sending an email to the Data Protection Officer of A7S at the following address: dpo@andaman7.com . A7S can ask the interested person to identify himself in order to ensure that the effective exercise of the rights is really requested by the data subject.

If you have any questions regarding the application of the principles or obligations underpinning A7S, please do not hesitate to contact us at the following address: dpo@andaman7.com.

A7S undertakes to respond to the request of the person concerned within a maximum period of one month. Failing that, A7S informs the person concerned of the reasons for his inaction or the delay in following up on the request. A7S makes the necessary efforts to inform the recipients of the personal data of the data subject that the latter is exercising his right to rectify, erase or restrict processing.

If you wish, you have the right to lodge a complaint with the data protection authority: Rue de la Presse 35 in 1000 Brussels, Belgium.

Applicable law

Any action against a controller or a subcontractor is brought before the courts of the Member State in which the controller or the subcontractor has an establishment. Such an action may also be brought before the courts of the Member State in which the data subject has his habitual residence, unless the controller or the processor is a public authority of a Member State acting in the exercise of its powers. prerogatives of public power.

Andaman7 (A7 Software sa), rue Wagner 127, BE-4100 Boncelles (Liège), Belgium Company number (VAT): BE 0567.738.723

Web: www.andaman7.com email: support@andaman7.com

Download Andaman7, it's free for individual users and will always be!

download Apple IOS download Android

Download app on iOS and Android download Apple IOS download Android
Download app on iOS and Android download Apple IOS download Android