Last Updated: October 15, 2024
The Ehlers-Danlos Society
Mobile App Privacy Policy
Introduction
We are The Ehlers-Danlos Society (“Ehlers Danlos”, “us”, “we”, “our”, “The Society”). We are an international nonprofit organization, dedicated to patient support, scientific research, advocacy, and increasing awareness for the Ehlers–Danlos syndromes and hypermobility spectrum disorder. We are registered in England and Wales under registration number 10722868, and we have our registered office at Wayman House 141 Wickham Road, Shirley, Croydon, Surrey, England, CR0 8TE. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number ZB343307.
When using our mobile application, we are the Processor in terms of your Personal Data, which means that you decide what Personal Data to enter and how that data will be used whilst using our app.
We provide our support and services to individuals located in countries all over the world, and we are therefore committed to ensuring we meet our legal obligations when processing personal data under the data protection laws of these countries, which include but are not limited to:
- the UK General Data Protection Regulation and the EU General Data Protection Regulation 2016/679 (together referred to herein as the “GDPR”);
- the UK Data Protection Act 2018 (“DPA 2018”)
- the California Consumer Privacy Act (“CCPA”);
- the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”);
- the Colorado Privacy Act (“CPA”);
- the Connecticut Data Privacy Act (“CTDPA”);
- the Utah Consumer Privacy Act (“UCPA”);
- the Virginia Consumer Data Protection Act (“VCDPA”).
The purpose of this privacy notice is to explain what Personal Data may be processed when you use our app and how we will process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to Contact Us’ section.
Who This Privacy Notice Applies To
This privacy notice applies to you if:
- You download or use our mobile application.
There are additional privacy notices available to view online at https://www.ehlers-danlos.com/our-policies/ which relate to the other products and services we provide.
Some of the informational resources available to you within our app are hosted externally and may require you to be redirected to our website to view. As our website uses cookies, you will be asked for your cookie preferences prior to any cookies being placed. For more information around the cookies we use on our website, please read our cookie policy which is available from the hyperlink above.
What Is Personal Data
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
How Our App Collects Your Information
All Personal Data within the app will be collected from or inputted directly by you as the user. We do not collect any additional data from you (device information, usage, location data) whilst you use our app. All data inputted will be stored locally on your device within encrypted files.
Personal Data Our App Collects
The type of Personal Data processed will depend on how you use the mobile app and what Personal Data you decide to enter. There are optional fields which may or may not be completed depending on your preference and you may enter as little or as much information as you wish. Again, this information will only be used by you locally, for example when you use it create a PDF document and export from the app.
If all fields are completed, the mobile app may process your:
- Name
- Address
- Date of Birth
- Gender
- Pronouns
- Email Address
- Telephone Number
- Special Category Personal/Health Data
- Emergency Contacts
- Primary Carer and/or GP
- Preferred Hospital and/or Clinic
- Emergency Instructions
- Organ Donor Status
As mentioned in the section above, all information will be stored locally on your device with The Society having no access to your Personal Data.
Purposes and Lawful Basis
We will only process your Personal Data when the law allows. Most commonly, we will process your Personal Data with your consent, or where we have a legitimate interest to do so. The Personal Data processed by our app will only be used locally for the purposes chosen by you as the user.
Sharing Your Personal Data
As the mobile app is installed and runs locally on your device, there is no data transmitted from your device to The Society or any other third party. We can also confirm that there are currently no tracking and/or analytical tools within our mobile application.
International Transfers
As the Personal Data processed by our app is stored locally (on your device), there will be no international transfers of Personal Data.
How Long Our App Keeps Your Data
Any Personal Data entered will be retained locally within the app until deleted by you as the user. When our mobile app is un-installed/deleted from your device, all personal data that was previously inputted will also be removed.
We Protect Your Information
The Ehlers-Danlos Society takes every possible measure to ensure that your information is not compromised in any way. We implement appropriate technical and organizational measures to protect data that we process from unauthorized disclosure, use, alteration or destruction. Therefore, all Personal Data processed by our app is stored locally on your device within encrypted files.
What Are Your Data Protection Rights?
The Ehlers-Danlos Society would like to make sure you are fully aware of your rights. We will always ensure, no matter where you are located in the world, that we adhere to and fully respect your data protection rights. If you wish to exercise your data protection rights, please email [email protected].
Although when using our app, no information will be shared with The Society, you may choose to engage with us in another way, or via one of our communication channels.
Therefore, if you are in the EU or UK and provide The Society with your Personal Data, you have the following rights:
- The right to access You have the right to request from The Ehlers-Danlos Society copies of your personal data and information about our processing of it.
- The right to rectification You have the right to request that The Ehlers-Danlos Society correct any information you believe to be inaccurate. You also have the right to request The Society to complete information you believe is incomplete.
- The right to withdraw You have the right to withdraw your consent at any time when The Ehlers-Danlos Society are relying on consent as the lawful basis for processing your personal data.
- The right to erasure You have the right to request that The Ehlers-Danlos Society erase your personal data, under certain conditions. Some data that is being used under certain conditions may not be able to be deleted, such as research data, however in these instances we will ensure all data being used is de-identified and cannot be linked with you.
- The right to restrict processing You have the right to request that The Ehlers-Danlos Society restrict the processing of your personal data, under certain conditions.
- The right to object to processing You have the right to object to The Ehlers-Danlos Society processing of your personal data, under certain conditions. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
- The right to data portability You have the right to request that The Ehlers-Danlos Society transfer the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
We do not make significant decisions based solely on automated processing.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at [email protected].
You can also lodge a complaint with your relevant data protection supervisory authority.
If you are located in the US, although The Ehlers-Danlos Society is not currently subject to any state privacy laws, we will always ensure that no matter where you are located, we adhere to and fully respect your data protection rights.
You can find the enacted US state privacy laws listed below:
California Consumer Privacy Act (as amended by the California Privacy Rights Act)
The Connecticut Data Privacy Act
Virginia Consumer Data Protection Act
Children’s Privacy
The Ehlers-Danlos Society is committed to complying with the ICO’s Childrens Code (UK), the Children’s Online Privacy Protection Act (COPPA) and to protecting the online privacy of children under the age of 13. In certain circumstances, we may offer our products and services to children under the age of 13, however we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child under the age of 13, you must have your parent’s permission to use our services. If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law.
How to Contact Us and Our Data Protection Officer
If you have any questions about The Ehlers-Danlos Society Mobile Privacy Policy, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: [email protected]
Call us: +1 410-670-7577 or +44 (0) 203 887 6132.
Or write to us at: The Ehlers-Danlos Society Headquarters, 447 Broadway, 2nd FL #670, New York, NY 10013, USA or The Ehlers-Danlos Society Europe Office, Office 7, 35-37 Ludgate Hill, London, EC4M 7JN, United Kingdom.
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted by
using the above Society email or postal addresses. Please send your communication clearly indicating ‘FAO the ‘Data Protection Officer’ and your message will be passed directly to Evalian Limited for attention.
Our EU Representative
We are based outside the EU and under the EU GDPR, we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for people in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU.
Our EU representative is DataRep who can be contacted as follows:
- Sending an email to DataRep at [email protected] quoting ‘The Ehlers-Danlos Society’ in the subject line
- Sending an online webform at www.datarep.com/data-request
- Mailing your inquiry to DataRep at the most convenient of the addresses in the table below. Please note when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not The Ehlers-Danlos Society or your inquiry may not reach its destination.
DataRep Postal Address List:
| Country | Address |
| Austria | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Belgium | DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium |
| Bulgaria | DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria |
| Croatia | DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia |
| Cyprus | DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus |
| Czech Republic | DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic |
| Denmark | DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark |
| Estonia | DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia |
| Finland | DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland |
| France | DataRep, 72 rue de Lessard, Rouen, 76100, France |
| Germany | DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany |
| Greece | DataRep, 24 Lagoumitzi str, Athens, 17671, Greece |
| Hungary | DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary |
| Iceland | DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland |
| Ireland | DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland |
| Italy | DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy |
| Latvia | DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia |
| Liechtenstein | DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria |
| Lithuania | DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania |
| Luxembourg | DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg |
| Malta | DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta |
| Netherlands | DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands |
| Norway | DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway |
| Poland | DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland |
| Portugal | DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal |
| Romania |
DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania |
| Slovakia | DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia |
| Slovenia | DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia |
| Spain | DataRep, Calle de Manzanares 4, Madrid, 28005, Spain |
| Sweden | DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden |
How To Complain
You have the right to lodge a complaint with the relevant supervisory authority if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at: Contact us | ICO, or by telephone on 0303 123 1113
For supervisory authorities in other countries within the EU see the link below:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
Policy Review and Amendments
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified: 15th October 2024.
