Introduction

Welcome to the “Gripwise” Privacy Policy. 

Gripwise Tech (hereinafter: “us”, “we”, “our” and “Gripwise”) respects your privacy and is committed to protecting your personal data. “Personal data” means any information relating to an identified or identifiable natural person.

Users can access the services via the mobile-app installed in mobile devices (hereinafter: “the App”). This privacy policy aims to give you information on how we collect and process your personal data through your use of the App (including any data you may provide through any of the mentioned means), and inform you about your privacy rights and how the law protects you. 

You must be 18 years or older to use our Services. It is expressly prohibited for minors under the age of 18 to create, register or use a “Gripwise” account.

The information provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above App but relate to resources outside the App domain. Clicking on those hyperlinks may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Services, we encourage you to read the privacy policy of every website or mobile application you visit. 

PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE APP.

Important information and who we are

The data controller for the provision of the services is:

Gripwise Tech, with registered offices in Av. Liberdade 4450, 4450-718 Matosinhos, Portugal

(hereinafter also referred to as “the Controller”). 

With regard to the personal data of patients, which, depending on the agreement with you, may be integrated into the App either manually or automatically by you (hereinafter referred to as “patient data”), we are mainly acting as the Data Processor on your behalf, providing you with the web-app tool and the services.

Please see the “Contact us” section for our contact details.

Scope of the processing of personal data

We process your personal data only to the extent necessary to provide you with a functional Service. The processing of personal data takes place regularly only with the consent of the data subject or on the basis of other legal provisions that permit data processing (for more information see the section “legal basis”). 

Your Personal data may be integrated into the App either manually or automatically, or directly collected via the App.

The data we process

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Data CategoryData types
Identification dataName
Email address
Birthdate
Address (street, ZIP code)
UserID
IP-address
Physical CharacteristicsSex/Gender
Employment and work related dataAreas of interest
Office Address  (street, ZIP code)
Appointments
Free TextNotes / communications
Usage dataUsage data

Special Category Data

We do not collect any  special categories of Personal Data about you.

Aggregated and anonymous Data

We may also collect, use and share Aggregated/Anonymous Data such as statistical. 

Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. The resulting aggregated data must be considered as anonymous since it will not be possible to identify the data subjects it refers to.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Cookies

We only use so-called “technical cookies” in our App, which allow us to recognize you as a user with each access. Such data is not passed on to third parties.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

How personal data is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us personal data by filling in forms/questionnaires or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • use our products or services;
  • create an account on our App;
  • give us feedback or contact us. 

Third parties. We may receive personal data from third parties.

Purposes and Legal Basis

We have set out below, in a table format, a description of all the ways we may use the personal data and the legal basis which allow us to do it. For these purposes, we may share your personal data with other parties (see the “Sharing section” for more information).

Purpose/ActivityTypes of dataLegal Basis
Provide user with access
to our App, account creation
and App’s basic functionalities
-Identification data
-Physical Characteristis
-Employment and work related data
-Free Text
-Usage data
The processing of users’
personal data is based on
its necessity for the performance
of the contract with you
(art. 6 (1) (b) GDPR) and on the legitimate
interest in an efficient implementation
of the App (art. 6 (1) (f) GDPR).
We continuously strive to provide
the best experience possible.
We therefore may use your Personal
Data to analyse, develop, and
improve technical functionalities
and ensure the security of our
Services.
-Identification data
-Physical Characteristics
-Employment and work related data
-Free Text
-Usage data
The processing of Personal Data
is based on our legitimate interest
in developing/improving, ensuring
the technical functionality
and the security of our
Services (art. 6 (1) (f) GDPR).
Service Communications
(administrative or customer
service purposes), Generic Marketing
of similar products or services
(E.g. newsletters).
-Identification data
-Physical Characteristis
-Employment and work related data
-Free Text
-Usage data
The processing of Personal Data
is based on its necessity for the
performance of the contract with
you (art. 6 (1) (b) GDPR) and on
your legitimate interest to be
informed about news or updates
concerning the services provided
or similar products you
might be interested in
(art. 6 (1) (f) GDPR).
Direct marketing – advertising
or marketing material directed
to particular individuals (E.g.
Newsletter profiled)
– Identification data
– Usage data
The processing of Personal Data
is based on your consent
(art. 6 (1) (a) GDPR).
OTHER PURPOSES
Safety and Security

If necessary, we may use your Personal Data to promote the safety and security of our Services and our users. We may use your Personal Data to monitor operations, authenticate users, detect and protect against fraud and other criminal activity and enforce our Terms of Use and other policies. We will rely on our legitimate interests when processing Personal Data in detecting and preventing fraud and illegal conduct or if necessary for complying with a legal obligation to which we are subject.

Manage and Defend Legal Claims

If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.

For this purpose, we may also share certain information with other parties, please see below.

Fulfill Legal Obligations

Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing of Personal Data

In general, we do not disclose the Personal Data about you to third parties without your consent or otherwise as specified in this Policy.

In certain circumstances we may disclose or share your Personal Data with third parties only in the ways described in this Policy, including as follows:

  • In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your Personal Data (i) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (ii) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (iii) as otherwise required or permitted under any applicable law, rule, or regulation, (iv) in good faith, to protect or defend the rights or property of Gripwise and other users, and (e) if Gripwise is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data;
  • third party service providers: we may use third party service providers to provide certain data processing services for us (acting as our authorized data processors). When acting as our authorized data processors, they are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

We may share anonymous, aggregate or generic data with third parties. However, in these situations we do not disclose any information that could be used to identify you personally.

International transfers

We do not transfer any personal data outside the European Economic Area (EEA). 

Data processing operations that are carried out via third party providers established outside of the geographical area upon mentioned can be carried out partially or completely in the countries of the respective branch only on the basis of an adequacy decision of the European Commission or, in case of no adequacy decision in place, in accordance with standard contractual clauses approved by the European Commission and appropriate safeguards adopted according to the GDPR and applicable data protection laws.

Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have adopted appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We keep your data safe adopting the best practices and highest standards in terms of security.

We take various steps to protect your Personal Data from unauthorized access, use or modification and unlawful destruction and disclosure, for example:

  • we adopt encryption technology to transfer and store your Personal Data; 
  • we limit the access to your Personal Data on a strict need-to-know basis;
  • we put in place physical, electronic, and procedural safeguards in line with industry standards.

Please be aware that, despite our efforts, we do not warrant or guarantee that unauthorized access will never occur as no method of transmitting or storing information is completely secure.

All data handling is GDPR (General Data Protection Regulation) compliant.

Retention Period

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

If your data is no longer required for the purposes or legitimate interests pursued by us and no other legal basis intervenes, we will delete the data after the other legal basis no longer applies.

YOUR RIGHTS

Under certain circumstances, you may have certain rights under data protection laws in relation to your personal data:

TO BE INFORMED

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is what we are doing, providing you with the information in this Privacy Policy.

TO ACCESS YOUR PERSONAL DATA

You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly from our Services on your user interface.

TO UPDATE YOUR PERSONAL DATA

You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.

TO DELETE YOUR PERSONAL DATA (RIGHT TO BE FORGOTTEN)

You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. 

Please note that if you request us to remove your Personal Data, you may not be able to use our Services. 

We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.

TO RESTRICT THE USE OF YOUR PERSONAL DATA

You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the App during the time that the use of your personal data is restricted.

TO OBJECT TO THE USE OF YOUR PERSONAL DATA

Certain use of your personal data is based on our or others’ legitimate interest. You may have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.

TO NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED DECISION-MAKING

You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.

TO TRANSFER YOUR PERSONAL DATA (DATA PORTABILITY)

You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.

TO WITHDRAW CONSENT AT ANY TIME

Where the process of your personal data is based on your consent, you have the right to withdraw your expressed consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

TO LODGE A COMPLAINT

As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in Article 77 GDPR or seek a remedy in the national courts if you think that your rights in relation to your personal data have been breached. However, we would be grateful if you could give us the opportunity to address your complaint in the first instance by using the contact details provided at the end of this Policy. 

Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at our email address mentioned below.

You have the right to make a complaint at any time to the competent supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the DPA so please contact us in the first instance. 

GripwiseContact details

Full name of legal entity: Gripwise Tech

Email address: info@gripwisetech.com  

Postal address: Av. Liberdade 4450, 4450-718 Matosinhos, Portugal

Changes to the privacy policy and our duty to inform you of changes

We may modify and revise this Policy from time to time. Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. 

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.

This version was last updated on 11th of March 2021.