Gripwise Tech (hereinafter: “us”, “we”, “our” and “Gripwise”) respects your privacy and is committed to protecting your personal data. “Personal data” means any information relating to an identified or identifiable natural person.
You must be 18 years or older to use our Services. It is expressly prohibited for minors under the age of 18 to create, register or use a “Gripwise” account.
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE APP.
Important information and who we are
The data controller for the provision of the services is:
Gripwise Tech, with registered offices in Av. Liberdade 4450, 4450-718 Matosinhos, Portugal
(hereinafter also referred to as “the Controller”).
With regard to the personal data of patients, which, depending on the agreement with you, may be integrated into the App either manually or automatically by you (hereinafter referred to as “patient data”), we are mainly acting as the Data Processor on your behalf, providing you with the web-app tool and the services.
Please see the “Contact us” section for our contact details.
Scope of the processing of personal data
We process your personal data only to the extent necessary to provide you with a functional Service. The processing of personal data takes place regularly only with the consent of the data subject or on the basis of other legal provisions that permit data processing (for more information see the section “legal basis”).
Your Personal data may be integrated into the App either manually or automatically, or directly collected via the App.
The data we process
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
|Data Category||Data types|
|Address (street, ZIP code)|
|Employment and work related data||Areas of interest|
|Office Address (street, ZIP code)|
|Free Text||Notes / communications|
|Usage data||Usage data|
Special Category Data
We do not collect any special categories of Personal Data about you.
Aggregated and anonymous Data
We may also collect, use and share Aggregated/Anonymous Data such as statistical.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. The resulting aggregated data must be considered as anonymous since it will not be possible to identify the data subjects it refers to.
We only use so-called “technical cookies” in our App, which allow us to recognize you as a user with each access. Such data is not passed on to third parties.
How personal data is collected
We use different methods to collect data from and about you including through:
Direct interactions. You may give us personal data by filling in forms/questionnaires or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- use our products or services;
- create an account on our App;
- give us feedback or contact us.
Third parties. We may receive personal data from third parties.
Purposes and Legal Basis
We have set out below, in a table format, a description of all the ways we may use the personal data and the legal basis which allow us to do it. For these purposes, we may share your personal data with other parties (see the “Sharing section” for more information).
|Purpose/Activity||Types of data||Legal Basis|
|Provide user with access|
to our App, account creation
and App’s basic functionalities
-Employment and work related data
|The processing of users’|
personal data is based on
its necessity for the performance
of the contract with you
(art. 6 (1) (b) GDPR) and on the legitimate
interest in an efficient implementation
of the App (art. 6 (1) (f) GDPR).
|We continuously strive to provide|
the best experience possible.
We therefore may use your Personal
Data to analyse, develop, and
improve technical functionalities
and ensure the security of our
-Employment and work related data
|The processing of Personal Data|
is based on our legitimate interest
in developing/improving, ensuring
the technical functionality
and the security of our
Services (art. 6 (1) (f) GDPR).
(administrative or customer
service purposes), Generic Marketing
of similar products or services
-Employment and work related data
|The processing of Personal Data|
is based on its necessity for the
performance of the contract with
you (art. 6 (1) (b) GDPR) and on
your legitimate interest to be
informed about news or updates
concerning the services provided
or similar products you
might be interested in
(art. 6 (1) (f) GDPR).
|Direct marketing – advertising|
or marketing material directed
to particular individuals (E.g.
|– Identification data|
– Usage data
|The processing of Personal Data|
is based on your consent
(art. 6 (1) (a) GDPR).
Safety and Security
Manage and Defend Legal Claims
If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
Fulfill Legal Obligations
Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sharing of Personal Data
In general, we do not disclose the Personal Data about you to third parties without your consent or otherwise as specified in this Policy.
In certain circumstances we may disclose or share your Personal Data with third parties only in the ways described in this Policy, including as follows:
- In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your Personal Data (i) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (ii) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (iii) as otherwise required or permitted under any applicable law, rule, or regulation, (iv) in good faith, to protect or defend the rights or property of Gripwise and other users, and (e) if Gripwise is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data;
- third party service providers: we may use third party service providers to provide certain data processing services for us (acting as our authorized data processors). When acting as our authorized data processors, they are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share anonymous, aggregate or generic data with third parties. However, in these situations we do not disclose any information that could be used to identify you personally.
We do not transfer any personal data outside the European Economic Area (EEA).
Data processing operations that are carried out via third party providers established outside of the geographical area upon mentioned can be carried out partially or completely in the countries of the respective branch only on the basis of an adequacy decision of the European Commission or, in case of no adequacy decision in place, in accordance with standard contractual clauses approved by the European Commission and appropriate safeguards adopted according to the GDPR and applicable data protection laws.
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have adopted appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We keep your data safe adopting the best practices and highest standards in terms of security.
We take various steps to protect your Personal Data from unauthorized access, use or modification and unlawful destruction and disclosure, for example:
- we adopt encryption technology to transfer and store your Personal Data;
- we limit the access to your Personal Data on a strict need-to-know basis;
- we put in place physical, electronic, and procedural safeguards in line with industry standards.
Please be aware that, despite our efforts, we do not warrant or guarantee that unauthorized access will never occur as no method of transmitting or storing information is completely secure.
All data handling is GDPR (General Data Protection Regulation) compliant.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If your data is no longer required for the purposes or legitimate interests pursued by us and no other legal basis intervenes, we will delete the data after the other legal basis no longer applies.
Under certain circumstances, you may have certain rights under data protection laws in relation to your personal data:
TO BE INFORMED
TO ACCESS YOUR PERSONAL DATA
You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly from our Services on your user interface.
TO UPDATE YOUR PERSONAL DATA
You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.
TO DELETE YOUR PERSONAL DATA (RIGHT TO BE FORGOTTEN)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted.
Please note that if you request us to remove your Personal Data, you may not be able to use our Services.
We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
TO RESTRICT THE USE OF YOUR PERSONAL DATA
You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the App during the time that the use of your personal data is restricted.
TO OBJECT TO THE USE OF YOUR PERSONAL DATA
Certain use of your personal data is based on our or others’ legitimate interest. You may have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
TO NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED DECISION-MAKING
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
TO TRANSFER YOUR PERSONAL DATA (DATA PORTABILITY)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
TO WITHDRAW CONSENT AT ANY TIME
Where the process of your personal data is based on your consent, you have the right to withdraw your expressed consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
TO LODGE A COMPLAINT
As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in Article 77 GDPR or seek a remedy in the national courts if you think that your rights in relation to your personal data have been breached. However, we would be grateful if you could give us the opportunity to address your complaint in the first instance by using the contact details provided at the end of this Policy.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at our email address mentioned below.
You have the right to make a complaint at any time to the competent supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the DPA so please contact us in the first instance.
Full name of legal entity: Gripwise Tech
Email address: email@example.com
Postal address: Av. Liberdade 4450, 4450-718 Matosinhos, Portugal
This version was last updated on 11th of March 2021.