LAST UPDATED: 27-08-2021
HAPPI APP PRIVACY POLICY
Stichting HappiApp (the “Foundation”) wants you to be familiar with how we protect your privacy. This Privacy Policy describes our practices in connection with personal information that is collected through the Happi App.
ABOUT THE HAPPI APP
The Happi App is developed by experienced doctors with the help of patients(organisations). We have developed the Happi App to provide patients with knowledge, ease and trust in managing their disease and health and to improve patient care. Currently, the Happi App provides support for HIV patients (Happi HIV), skin patients (Happi Skin), those with a blood disease (Happi Hematology) and people with a fatty liver disease (Happi Liver), but in the future the Happi App might be extended to support other patient groups as well. This Privacy Policy will also apply to new versions of the Happi App once they are introduced
Functionality of the Happi App
When you use the Happi App, it provides you with the following tiles:
• My health: provides insight in your health process by measuring and providing insights into relevant aspects of your treatment. This may vary depending on the condition you are being treated for and improvements may be implemented overtime. For example:
o Happi HIV currently provides you with information about the effectiveness of therapy, your medication tolerability, your cardiovascular risk, an overview of your blood values and weight measurements taken in the hospital and insight in your quality of life (based on the quality of life questionnaires).
o Happi Skin currently provides you with information about the condition of your skin, including images of your skin over time, your health experience and your quality of life (based on the quality of life questionnaires);
o Happi Hematology currently gives you information about the severity of your condition, your quality of life (based on quality of life questionnaires) and the possibility to take a picture of your skin (over time);
• My medication: provides an overview of your medication schedule and adjustments to current time zones while traveling;
• My consultation: provides an overview of your hospital appointments and reminders
• My messages: here you can receive messages from the patient association (if Happi has a agreement with it) or messages about developments of the Happiapp itself.
• My measurements (for Happi Hiv and Happi Liver): provides the possibility to fill in blood and physical measurements which can be displayed graphically.
• My medication orders: It is also possible to order medication via the app (only for the Netherlands), whereby it is delivered free of charge from a central pharmacy. For Happi Skin it is possible to order additional products (so-called Over The Counter (OTC) products). A third party is used to handle the financial aspects (see below under finance).
• My treatment goal (Happi Skin only): offers the option of noting a treatment goal in the app.
• My questionnaires (only Happi Skin and Happi Hematology): offers the possibility to add additional disease-specific questionnaires.
In addition, the app contains an information section where you can find general information regarding your health status.
Local storage on your personal device
To protect your privacy, the information processed by the Happi App is stored locally on your device in encrypted format only and cannot be accessed by others, including the Foundation. The Happi App further does not process your name and contact details, but a unique identifier only.
Options within the HappiApp
• Importing measurements directly from your medical file. For example, Happi HIV provides you with the option to import information about your blood values and weight measurements directly from your healthcare provider(s). When setting up your Happi App account, you can select your healthcare provider(s) for this purpose. Please note that this feature is not yet enabled for all healthcare providers. When you select a supported healthcare provider during the set-up (or through your Happi App settings), you will be redirected to the secured login environment of your healthcare provider to enable the Happi App’s access to your blood values and weight measurements. No other data will be retrieved.
• Research and statistical analysis and improving patient care. When you enable this option in the App, your information will be used for research and statistical analysis. To protect your privacy, the Happi App will automatically replace your unique identifier with yet another identifier and subsequently transfer your information to a safely secured platform operated on behalf of the Foundation by a Trusted Third Party (TTP), which data can only be accessed by dedicated staff of the TTP for research and analytics purposes only, and not by others including the Foundation. The TTP will provide the results of such research and analytics in aggregate format only to the Foundation or third parties as instructed by the Foundation. Only results will be provided and in no event the underlying data.For more information about how your information is processed and for what purposes, please read the privacy information below.
• Give health care provider permission for the Happi portal. Happi HIV offers you the opportunity to make all information from Happi transparent to healthcare providers in the Happi portal. To this end, during the installation of the Happi app (or later in the settings), you can select one or more care providers and give permission to view your results in the Happi portal. You can only give care providers with a BIG registration access to your results in the Happi portal. You can later revoke this permission at any time in the settings of the app by removing the care provider from the app.
For more information about how your information is processed and for what purposes, please read the privacy information below.
PROCESSING YOUR INFORMATION
Information processed to provide the functionality of the Happi App
In order to provide the functionalities of the Happi App, the Happi App will need to process your medical and health related information (e.g.,medicine used, blood values, hospital appointments, etc.). You can manually insert this information in the Happi App. The Happi App also provides you with the option to import the relevant medical information (for example for Happi HIV: blood values and weight measurements) directly from your hospital.
The foundation takes great care in protecting your privacy. To create a Happi account, we ask for some personal data such as your name and contact details.These contact details are stored encrypted. In addition, a unique identification code is generated for communication with the Happi portal.Furthermore, your information is stored in an encrypted way and is not accessible to others, including the Foundation.
Personal information
The following personal information is stored on your device:
• Unique identifier
• First and Surname
• Gender
• Birth date and country of birth
• Email address
• Telephone number
• scan/photo of ID card
• Information about your health, such as
o Whether you are asmoker or not
o Use of medication
o Treatment information
o Your responses to the ‘quality of life’- questionnaires
o Medical appointments
o Treatment goal
o Ordering of medication
Additionally, if you use Happi HIV:
o Blood values:
CD4
Viral load
Hemoglobine (Hb)
Leucocyten (L)
Trombocyten (Tr)
Tot. cholesterol (Tchol)
HDL
LDL
Triglyceriden
AF
y-GT
ALAT
ASAT
LDH
Bilirubine totaal
Creatinine (creat)
Glucose
Your blood pressure
Your weight and. blood pressure
In addition, if you use Happi Liver:
• Fibroscan - degree of fibrosis
• Fibroscan - degree of fat
• Blood values
AF
y-GT
ALT
AST
LDH
Bilirubin total
Option to import measurements directly from your health care provider
You can choose to give the Happi App access to measurements (such as, for Happi HIV, blood values and weight measurements) directly from your healthcare provider(s), by selecting the healthcare provider during the set-up of the App, or by adding a healthcare provider through your settings. Please note that this feature is not yet enabled for all healthcare providers. When you select a supported healthcare provider during the set-up or through your settings, you will be redirected to the secured login environment of your healthcare provider to enable the Happi App’s access to your blood values and weight measurements. This functionality will be supported by a third party service provider. No other information than the blood values and your weight measurements will subsequently be accessed by the Happi App and you may withdraw your consent at any time.
Option to process de-identified information for research and statistical analysis
During the set-up, we will ask whether you want to give the Happi App permission to share your information with the Foundation for research and statistical analysis purposes in a safe and secure manner.
If you give your permission, the Happi App ensures this happens in a safe and secure manner by de- identifying the information further. Your birth date will be automatically replaced by your birth year, and your unique identifier will automatically be replaced with another unique identifier. The Happi App will subsequently transfer your de-identified information to a safely secured platform operated on behalf of the Foundation by a certified Trusted Third Party, Mediquest. The information can only be accessed by dedicated staff of the TTP for research and analytics purposes only. The de-identified information will not be accessible by the Foundation or any third party.
Use of aggregate information
The TTP will provide the results of such research and analytics in aggregate format only to the Foundation, or third parties as instructed by the Foundation. In no event will these results contain personal information and the TTP will in no event provide the underlying data to the Foundation or third parties. For example, the analytical insights may be shared with health insurers, pharmaceutical companies and (academic) hospitals to further contribute to the improvement of patient care. Further use of aggregate information includes preparing aggregated trend reports on how the functionality of the Happi App is used by patients, so we can improve the Happi App.
Trusted Third Party
Mediquest will operate the platform and host the information on behalf of the Foundation and, upon the Foundation’s instructions, perform research and create analytical insights to (i) improve patient care; and (ii) improve the functionality of the Happi App itself. Mediquest does this by analyzing the de- identified data set. For example, the de-identified information may show that a group of patients reported a better health status after the use of a specific medicine. The generated insights and analytical reports will be shared with the Foundation, or third parties as instructed by the Foundation, and will be used to further improve patient care or to improve the Happi App.
As Mediquest doesn’t have the key to the original identifier, Mediquest cannot trace the information it receives back to the individual user of the Happi App and will only perform analyses on the de-identified information upon the Foundation’s instructions. The Foundation doesn’t have access to the de- identified information as hosted by Mediquest, but does have the key which enables the connection between the unique identifier as processed by Mediquest and the unique identifier on the Happi App. The Foundation has strict contractual arrangements in place with Mediquest to ensure that the information is not used for any other purpose than as described in this Privacy Policy.
Happi Portal
The Happi portal is intended to provide healthcare providers with insight into the individual data of the patient registered in the Happi app after the patient's consent (selected in the Happi app). The Happi portal is owned by PatientAppBV, which has a license to the ownership of the Happi app. The server for storing patient data is owned by E-Sites BV with which both Stichting HappiApp and PatientApp BV have a data worker agreement. There are also strict contractual arrangements between the foundation, PatientApp and E-Sites to ensure that the information is not used for any other purpose than described in this Privacy Policy.
Payment of OTC products
In the Happi Skin app it is possible to buy additional skin products (so-called Over The Counter (OTC) products). These OTC products are not reimbursed by the health insurance and must be paid for by the Happi user himself.
Happi uses the 'post pay' principle in which you first order your product via the Happi app, and pay afterwards within 14 days. This process is handled byBillink BV. The personal data that you provide to Happi in the context of your order that uses post-payment, are used by Billink - or by third parties to whom the claims are transferred - for, among other things:
§ Risk analyses and creditworthiness testing in order to prevent excessive lending;
§ Ensuring proper communication, administration, customer relationship management, invoicing and collection of the claims arising from the post-payment service;
§ Preventing, detecting and combating fraud or irregularities;
§ Approaching you for (direct) marketing purposes, provided this is done within the framework of the General Data Protection Regulation.
For a complete overview of the processing that takes place with 'after payment', we refer you to Billink's Privacy Statement.
LEGAL BASES
The Happi App processes your information, because this is necessary to provide you with the functionalities of the App. The processing is therefore based on contractual necessity.
> As your information qualifies as medical and health related information, the Happi App will ask for your explicit consent to process your health information.
> The Happi App will only import your blood values and weight measurements from your healthcare provider with your explicit consent, which consent you can withdraw through the Happi App settings at any time.
> The Happi App will transfer your information to the TTP for purposes of research and statistical analysis only with your explicit consent, which consent you can withdraw through the Happi App settings at any time.
> The Happi app exports your data to the Happi portal for insight by your healthcare provider only with your explicit consent. You can withdraw this permission at any time via the settings of the Happi app.
SECURITY OF YOUR INFORMATION
Note that your information will be stored locally on your device in an encrypted format, meaning that even if someone unlawfully gains access to your information, the information will not be readable to them. The information on the Happi App cannot be accessed by others. During the set-up of the Happi App, the App will prompt you to set a 6-digit passcode to ensure that unauthorized persons cannot access the Happi App and the information stored therein, even if you lose your device. The App will not allow you to set a simple password that can be easily guessed by others, such as 000000 or 123456.
Your information is also always encrypted when it is transferred or in transit, including when your measurements are imported to the Happi App from your healthcare provider, or when information is transferred to Mediquest.
If you give permission to import your measurements from your healthcare provider to the Happi App, this connection between your healthcare provider and the Happi App will be enabled by a third party service provider. We have entered into strict contractual arrangements with the service provider to ensure this connection happens in a safe and secure manner.
Your information is also encrypted when it is transferred to Mediquest. Mediquest is a certified third party and complies with appropriate security standards to process the de-identified information and to perform the data analysis as described above. For more information about Mediquest and its security measures, please click here. To further protect your safety, we have ensured that the information will only be processed in the European Economic Area (EEA).
Your information is also encrypted when it is transferred to the Happi portal. The server on which this data is managed meets the latest security requirements and all information is stored encrypted so that it cannot be viewed by anyone.
YOUR PROFILE SETTINGS AND RIGHTS
How we use your information will depend on which functionalities you use, and the choices you make. In your Happi App settings, you can change your settings at any time. You can:
(1) Choose to import your measurements directly from your healthcare provider. You can remove or add a healthcare provider for Happi HIV at any time through your settings. If you decide to no longer allow your healthcare provider to share your blood values and weight measurements with the Happi App, the App will not import new measurements. Measurements that were previously imported will remain on the App until you manually delete the data as described below; and
(2) Choose to share de-identified information with the TTP for research and analytics purposes. If you no longer wish to share your information with the TTP for research and analytics purposes, you can change your sharing settings in the Happi App. If you withdraw your consent, the Happi App will no longer share de-identified information with the TTP. Information that was shared prior to your withdrawal will continue to be used for research and analytic purposes until you request erasure of your de-identified information shared with the TTP.
(3) Choose to share your data with your healthcare provider in the Happi portal. You can remove or add your healthcare provider (s) for Happi at any time through your settings.If you decide to no longer share your data with your healthcare provider (s), the Happi app will no longer share it with the Happi portal. Your practitioner will no longer be able to see your data in the Happi portal.
Your rights regarding information stored on your device
You can access, correct and update your information collected by the Happi App through the Happi App itself. You can also delete all information from the Happi App by accessing the settings in the App and selecting “Delete data”. Please note that if you update or delete information from the Happi App, this will only remove or update the information stored locally on your device.Your rights regarding information processed by the TTPPlease send an email to info@happiapp.nl if you wish to remove your information from the secured platform operated by Mediquest, or request to access, correct, or object to the processing of information, or if you would like to request to receive a copy of your information for purposes of transmitting it to another company or foundation (to the extent these rights are provided to you by applicable law). You will be requested to provide certain information to enable de-identification.
RETENTION PERIOD
The information is stored locally on your device and will remain on your device until you uninstall the Happi App or remove all information through your settings.
The de-identified information will be processed for research and analytics purposes on the secured platform for as long as the Foundation operates the Happi App and performs its statutory objective of improving patient care.We will 2-annually ask for renewal of your explicit consent to continue processing your information for analytical and research purposes.
USE OF HAPPI APP BY MINORS
The Happi App is not directed to individuals under the age of sixteen (16), and we do not knowingly collect information from individuals under 16.UPDATES TO THIS PRIVACY POLICYThe “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Happi App.
CONTACTING US
Stichting HappiApp, located at Deken Roesstraat 9, 3581 RX in Utrecht, is the foundation responsible for collection and use of your information under this Privacy Policy.If you have any questions about this Privacy Policy, please contact us at info@happiapp.nl, or the address provided above.Because email communications are not always secure, please do not include sensitive information in your emails to us.You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. Click here to find the contact details of your national data protection authority.
About
Happi App Foundation