Privacy Policy
Welcome to the DiaExpert App!
DiaExpert App (hereinafter referred to as "we" or "the software") are used to read, analyze and evaluate the glucose readings of the Continuous Glucose Monitoring System and form AGP statistical reports. We may collect and use your personal information during your use of our mobile applications. Personal information refers to various information recorded in digital or other forms that can identify the identity of natural persons alone or in combination with other information.
We will explain to you the purpose, method, and scope of the software's collection and use of your personal information, your rights to your personal information, and the protection measures we take to protect information security through this documentation.
Before using the software, please read this policy carefully to understand our measures to protect users’ personal information. If you do not agree to this policy, we will not be able to provide you with related services. If you enable the software, it means that you fully and clearly understand the following information collection and your rights.
This Policy will help you understand the following:
1.What data do we collect and how we use your personal information;
2.How do we keep your personal information;
3.How do we disclose your personal information;
4.How do we protect your personal information;
5.Your rights to your personal information;
6.Third-party service providers and their services;
7.About children;
8.Changes to our privacy policy;
9.Who is the data controller and how to contact us.
1.What data do we collect and how we use your personal information
1.1 What data do we collect
We collect personal information in order to operate more efficiently and provide you with the best user experience. We may collect the following personal information:
Personal identification information (nickname, real name, address, email address, phone number, gender, date of birth, height, weight, log records, password and verification code);
Information of your CGMS transmitter device (SN number, Bluetooth MAC address);
Blood glucose monitoring data;
Information of your terminal device during your use of the software, including terminal name, terminal model, IMEI number, mobile phone model, Mac address, serial number, IP address, operating system version;
Your activities after logging in to your account and software events information and other log records.
The information we collect depends on the products you actually use, the context in which you interact with us, the choices you make, which includes your privacy settings, and the products and features you use. It’s optional to provide us with personal information when we collect it. For core functions, if you choose not to provide your information, we may not be able to provide services for you and respond to or solve your problems. For non-core functions, if you refuse to provide personal information, the relevant functions may not be available, but it will not affect your use of our core functions.
Certain personal information is sensitive, including genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. We may collect and process such information after obtaining your explicit consent in order to provide our products and services, or permitted by applicable laws.
1.2 how do we collect and use your personal information
We may collect the personal information by the following ways.
Account Information Related Function:
(1) You need to register and log in to your account to use the software. During the registration process, you need to read and agree to the Terms of Use and Privacy Policy. Your Email address, password, and verification code are collected in order to register an account for you to log in and use related services.
(2) When you use the software, it’s optional to provide your profile photo, nickname, real name, gender, date of birth, height, weight, and other basic information. We collect the above information in order to combine personal conditions and blood glucose monitoring data to give you better software service. When you pair for the first time or manage your paired device (CGMS transmitter) on the mobile application, we need to collect the information of your device such as SN number, Bluetooth MAC address, etc., and we also need to collect the information of your mobile terminal device used to install the software. We collect the above information in order to complete the pairing of the device with the software and bind the account and device information, etc.
(3) If you paired the device with mobile application, the app would synchronize the data to cloud server. We would obtain your continuous blood glucose monitoring data.
(4) When providing after-sales service and customer support to you, we may ask you to fill out your some personal information, including device information, your name, email address, address, log logs. We use these information and related blood glucose monitoring data to analyze and diagnose product problems for providing customer support services.
(5) At the same time, in order to fulfill the obligations of network security protection, to ensure the function of the software and the security of your account, and to improve and optimize your service experience, we will collect your terminal device information during your use of the software, including terminal name, terminal model, IMEI number, mobile phone model, Mac address, transmitter serial number, IP address, operating system version and local logs. We collect the above information for verifying the identity of you equipment and account.
(6) We will use your personal information in strict compliance with the purposes described in this policy, and your personal information will only be used for the purposes identified, described, and authorized by you at the time of collection. If we want to use the information for other purposes not specified in this policy, we will ask for your consent in advance. We will not provide users’ personal information to third parties to use without the users’ consent.
We may also receive your personal information indirectly from the following sources:
[ please list the indirect source and the data received]
Allow terminal device permissions:
(1) When you use the software, we may ask you to allow some of your device permissions in order to provide you with corresponding functions or services. Specifically, we may need you to allow the following device permissions:
Permissions | Corresponding functions/services | Purpose | Ask if permission is allowed | Optional for users | Effects of closing/denying permission | ||
Camera | Scan QR code | Scan the QR code to bind the transmitter | Yes | Yes | It may cause that the transmitter cannot be paired by scanning the QR code with the camera; however, you can still pair it by manually entering the SN number. | ||
Album |
| Access the album to get the profile photo | Yes | Yes | It may prevent you from obtaining the profile photo from the album, but not using the profile photo feature does not affect the use of other functions;however, you can still turn it on manually. | ||
Location | To enable Bluetooth on Android phones, you need to allow the terminal device’s positioning permission | Turn on the Bluetooth function | Yes | Yes | It may cause the Bluetooth function not able to be turned on; however, you can still turn it on manually. | ||
Bluetooth | Pair devices | Pair with the device | Yes |
| This may prevent pairing with the device and using device-related functions; however, you can still turn it on manually. | ||
Notifications | Alert for low/high blood glucose | Notify users about blood glucose | Yes | Yes | This may prevent timely notifications about blood glucose levels; however, you can still turn it on manually. |
(2) After the permission is allowed, you can enter the system [Settings] at any time to turn off the corresponding permission. After the permission is turned off, the corresponding function may not be able to be used normally.
We promise not to enable device permissions in scenarios that you do not authorize or use personal information collected by enabling device permissions for scenarios that you do not authorize.
Those authorized by you are exceptions:
You are fully aware that, in accordance with applicable laws, in the following situations, we do not need to ask for your authorization in advance to share, transfer and disclose your personal information:
(1) Related to our fulfillment of obligations stipulated by laws and regulations;
(2) Related directly to national security and national defense security;
(3) Related directly to public safety, public health, and major public interests;
(4) Related directly to a criminal investigation, prosecution, trial, and execution of judgments;
(5) When it is for the protection of your or other person’s lives, property, and other major legal rights and interests, but difficult to get your authorization;
(6) The personal information involved has been disclosed to the public by you;
(7) Necessary for the conclusion and performance of the contract between you and us;
(8) Your personal information is collected from legal and public sources, such as legal news reports, government information disclosure, and other channels;
(9) Necessary for maintaining healthy, safe, and stable operation, such as discovering and disposing of product or service failures;
(10) Necessary for news units to carry out legal news reports;
(11) For academic research institutions, it is necessary to carry out statistical or academic research in the public interest, and when the results of academic research or description are provided to the public, the personal information contained in the results is de-identified.
1.3 Our legal bases for processing personal information is as follows:
Our processing activities | Main legal bases |
Providing and maintaining our products and services | Necessary for contract performance; Consent; Necessary to protect your vital interests of the data subject; Legitimate interest. |
Improving our products and services | Necessary for contract performance; Consent; Legitimate interest. |
Marketing | Consent. |
Complying with our legal and regulatory obligations, such as post-marketing authorization’s obligations (if any). | Legal obligations; Necessary for reasons of public interest in the area of public health in case of health related data. |
2.How do we keep your personal information
We securely store your personal information in Ireland .
When we stop operating our products due to particular reasons, we will promptly inform you and stop the collection and processing of personal information. The retention period of the collected personal information we store is five years after our product withdrawal from market. Meanwhile, you always have rights to actively request delete all data through“Cancel Account” function or send request email to our technical support team. At the end of any retention period or when the information deletion conditions are met, we will completely delete all collected personal information.
3.How do we disclose your personal information
3.1 We will only publicly disclose your personal information in the following circumstances:
(1) After obtaining your explicit consent, or when the disclosure is based on law: in the case of mandatory compliance with subpoenaing or other legal procedures, lawsuits, or mandatory requirements of government authorities, if we sincerely believe that disclosure is necessary for protecting our rights and your or others’ safety, investigating fraud and responding to government requests, we may disclose your personal information.
(2) Authorization to share, transfer or publicly disclose personal information is an exception.
You are fully aware that, in accordance with applicable laws, in the following situations, we do not need your authorization to collect and use your personal information. Please see Section 1.2 for such exceptions.
3.2 Personal information shared to provide our products and services
We share your personal information with third parties only where it is necessary, and for purposes described in this policy.
We may share your personal information with the following categories of third parties:
(1) Our affiliates: We may share your personal information with our corporate subsidiaries and affiliates.
(2) Our Business partners and services providers: To fulfill our purposes set out above, we may transfer your personal information to our business partners and/or service providers as necessary for them to provide services to us or you. For example, we may distribute our products in your country by our distributor(s), and distributor(s) may share your personal information to provide customer care or aftersales service and etc.
Our Business Partner | The Purpose of Sharing |
|
|
|
|
|
|
(3) Government agencies and professional advisors: Where permitted or required by applicable law or regulation, we may also have to transfer your personal information to government agencies (such as medical device regulators, tax authorities, courts, and other government authorities) to comply with our legal obligations, and to external professional advisors as necessary to defend our legal interests.
(4) Organizations involved in business transfers: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, will be transferred to the acquiring entity or the surviving entity in a merger or other such transaction. Such information would be transferred in accordance with applicable law.
(5) Other lawful reasons provided by law: We may share your personal data with third parties based on other legitimate reasons authorized by applicable law.
4.How do we protect your personal information
We take reasonably practicable technical security and organizational measures to protect the collected information related to our services. We have taken industry-standard measures for security safeguards to protect the personal information you provide from unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonably practicable measures to protect your personal information, including:
(1) We encrypt many services using mainstream security technologies such as SSL. We regularly review information collection, storage, and processing measures (including physical security measures) to prevent unauthorized access or tampering with various systems.
(2) We strictly control the access to personal information and only allow our employees who need to know the information in order to help us process personal information, and the personnel of service companies authorized to process personal information to access personal information, and they need to perform strict contractual confidentiality obligations and failure to follow these obligations may result in legal liability being investigated or termination of their relationship with us. Access logs of personal data will be recorded and regularly audited.
(3) The security of your information is very important to us. Therefore, we will continue to strive to ensure the security of your personal information, and implement safeguards such as full security encryption for the storage and transmission process, so as to prevent your information from being accessed, used, or disclosed without authorization. At the same time, the certain content of some encrypted data, except the user himself, no one else has the right to access.
(4) When we transmit and store your special types of personal information, we will adopt security measures such as encryption; when storing personal biometric information, we will use technical measures to process it before storing it.
(5) We will strictly screen business partners and service providers, and implement personal information protection requirements into business contracts or audits, assessments, and other activities of both parties.
(6) We will hold security and privacy protection training courses, testing, and publicity activities to enhance employees' awareness of the importance of protecting personal information.
(7) The internet environment is not 100% secure and we will do our best to ensure the security of any information you send us. Even if we make great efforts and take all reasonable and necessary measures, it may still be possible that your user information is illegally accessed, stolen, tampered with, or destroyed, resulting in damage to your legitimate rights and interests. Please understand the above risks of the information network and take it voluntarily.
(8) In the event of an unfortunate user information security breach incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the treatment measures we have taken or will take, recommendations for you to prevent and reduce risk by yourself, and remedies for you, etc. We will promptly notify you of the relevant information of the event by email, letter, telephone, push notification, etc. When it is difficult to inform the subjects of user information one by one, we will publish announcements in a reasonable and effective way. At the same time, we will also actively report the handling of user information security incidents in accordance with the requirements of regulatory authorities.
5.Your rights to your personal information
5.1 Your Rights
We respect your rights to your personal information, and below are your rights and how we will protect your rights.
(1) The right to be informed
By publishing this personal information protection policy and in accordance with the requirements of laws and regulations, we will inform you of how we will handle your personal information through specific announcements, text messages, or email. We are committed to ensuring transparency in the use of your information. You can regularly check this policy, receive emails and text messages about the update of the policy, contact us through the methods shown in this policy, and other means to learn about the collection and use of your personal information.
(2) The right of access
You can directly search or access your personal information in our product or service interface, including that you can log in to your account at any time through the product page to access personal information related to your account.
If you are unable to search or access your personal information by yourself or encounter any problems in exercising your data access rights, you can contact us through the methods shown in this policy and request access to your personal information.
(3) The right to rectification
You have the right to ask us to correct or supplement your personal information we process when you find that it is inaccurate or incomplete.
For some of your personal information, you can correct your profile information through "Home - Personal Center - Profile".
For personal information that has not yet provided you with a channel for self-correction, your decision to contact us and request to correct or supplement your personal information through the methods shown in this policy will not affect the previously initiated right to complaint based on your authorization.
(4)The right to erasure
If you use the “delete account” function in the software (in the “Personal Center - Others” page, click delete account), you can delete your personal information completely in real time. For some of your personal information, you can delete it directly on the page related to the functions of the product or service. Specifically: For personal information that has not yet been provided you with a self-deletion channel or your personal information that we have collected and used in violation of our agreement with you, you can contact us through the methods shown in this policy and ask us to delete your personal information.
(5)The right to restriction of processing
You can ask us to suspend the processing of your personal information, if (i) you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(6)The right to data portability
You can ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format in certain circumstances. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(7)The right to object
You can object to our processing if you believe it impacts on your fundamental rights and freedoms, where we are relying on a legitimate interest for data processing but there is something about your particular situation.
(8)The right to withdraw consent
Where we process your personal information by your consent, you can withdraw your consent at any time. However, the withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent.
(9)The right to object to automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This right shall not apply if the decision: (i) is necessary for entering into, or performance of, a contract between you and the data controller; (ii) is authorized by applicable law which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (iii) is based on your explicit consent.
In the cases referred to in sub-paragraph (i) and (iii) above, we will implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
5. 2 Respond to your above request
You have the right to contact us through the means shown in this policy and make a complaint. We will respond within 30 workdays after receiving your complaint.
Please note that for security reasons, we may verify your identity before processing your request. For your reasonable request, we do not charge any fees in principle. However, for repeated requests that exceed reasonable limits, we will charge certain fees as appropriate. For requests that are unreasonably repetitive, require excessive technical means (for example, require the development of new systems or fundamentally change the existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical, we may reject your requests and tell you the specific reasons for it. In addition, if your request involves matters directly related to public interests, such as national security, national defense security, public health, criminal investigation, etc., or may cause serious damage to the legitimate rights and interests of yourself or other individuals or organizations, we may not be able to respond to your request.
6.Third-party service providers and their services
Our websites, products, applications, and services may contain links to third-party websites, products, and services. You can choose whether to access or accept websites, products, and services provided by third parties.
Before submitting personal information to third parties, please carefully read and agree to the privacy policies of these third parties. This personal information protection policy does not apply to third-party services.
SDK name | Purpose |
Huawei SDK | The mainly used is the scan framework in the Huawei joint operation service, which is convenient for users to scan quickly, and does not involve the collection of users’ private data. |
Tencent SDK | Mainly to collect application crash logs to facilitate program optimization, and does not involve the collection of users’ private data. |
Getui push notification SDK | The following information is mainly collected to provide you with push notifications services. For details, please visit the Getui User Privacy Policy: https://legal.igexin.com/privacy_en.html (1) Mobile equipment information: The equipment identity, platform, and manufacturer information are used to generate a unique push notifications target ID (CID) and equipment ID (GID) to ensure the accurate delivery of the push notifications and the accurate identification of equipment. Mobile equipment brand, model and system version are used to optimize the effectiveness of channel resources and improve the delivery rate and stability of push notifications. In addition, to ensure the uniqueness of the CID and improve the stability and accuracy of push notifications, you are also required to allow the storage permission (WRITE_EXTERNAL_STORAGE) and equipment permission (READ_PHONE_STATE). (2) Application list information: We use link combination technology for push services. When equipment has multiple app push links active at the same time, we will randomly combine ours with one link to save battery power and data traffic for users. Therefore, it is necessary to obtain the application list information; at the same time, we provide the smart push service, which can recommend push content that is more in line with the needs of the users and reduce the interruption of useless push content. You can choose to enable or disable this service, but turning off this service will result in increased battery and data traffic consumption. (3) Network information and location information: to maintain the stability of the network connection to the greatest extent and establish a long link, we need to know the network status and changes of the equipment, so as to achieve a stable and continuous push service. We provide situational push functions, and location information will help us provide you with refined pushes for real life scenarios, recommend push content that better suits the users’ needs, and reduce the interruption of useless push content to the users. To ensure the stable running and functioning of the push service, so that you can use and enjoy more functions and services, the service will integrate software development kits (SDK) and application programming interfaces (API) provided by partners. We will conduct strict security checks on the software development kits (SDK) and application programming interfaces (API) that can obtain your information, and agree strict data protection measures with partners to make them comply with this policy and any other relevant confidentiality and security measures to handle personal information. The details of the partner are as follows, we recommend that you read the relevant privacy policies: SDK name: Zhuoxin ID Involved information: weak equipment features (features that do not have uniqueness and stability): equipment information (manufacturer, model, system information), equipment network information (networking mode and status information), equipment environment information (screen brightness, battery status and located country), equipment application information (installation information such as the version of common applications on the equipment) Purpose of use: to provide equipment identity and security risk control services Main partner: China Academy of Information and Communications Collection method: SDK collection Partner official website link: https://zxid.caict.ac.cn Partner Privacy Policy Link: https://zxid.caict.ac.cn/privacy |
Our products and services do not intently design for children (under 16 years of age in any jurisdiction or the age defined as a child in your jurisdiction). Thus, we do not knowingly collect any personal information from children. If we learn that we have collected or received personal information from any child without verification of parental consent, we will delete that such information. If you believe that we might have any information from or about a child, please contact us.
8.Changes to our privacy policy
We reserve the right to update or modify this privacy policy from time to time. We will send you notifications of changes to our policy through various channels. For major changes to the policy, we will send you push notifications through the software.
This policy is subject to adjustment, but without your express consent, we will not weaken your rights in accordance with this policy.
If you do not agree to the above personal information protection policy, we will not be able to collect and use the information necessary to provide services, so that we will not be able to provide services to you normally.
The policy will take effect from the date of update (October 13, 2021).
9.Who is the data controller and how to contact us
MicroTech Medical (Hangzhou) Co., Ltd., a company based in China, with its headquarter at No.108 Liuze St., Cangqian, Yuhang District, Hangzhou, 311121 Zhejiang Province, P.R.China, is the controller of your personal information.
If you have any questions or concerns about our personal information protection policies or practices, please contact us at:
Company Name: MicroTech Medical (Hangzhou) Co., Ltd.
Address: No.108 Liuze St., Cangqian, Yuhang District, Zhejiang Province, Hangzhou, P.R.China, 311121
Company Email: bd@microtechmd.com
Official Website: http://www.microtechmd.com
If you have any questions or concerns about our privacy policy or the processing of personal information, and you need to delete your data or have a complaint related to privacy, you can contact us to exercise your rights regarding your data privacy.
Version: V1.0.0
Update Time:Feb 27th 2024