These terms of use (the "") of Trividia Health Inc. [] ("Trividia", "we", "us") apply to the registration of a user account ("User Account") for the use of the True vie Continuous Glucose Monitor System App for mobile phones ("CGM APP") and stipulate the terms and conditions for the use of the CGM APP. The use of the CGM APP and the registration of a User Account are mandatory to be able to use Trividia's blood glucose sensor and transmitter for measuring and monitoring blood glucose levels of diabetics (the "Product"). The Product in connection with the CGM APP assists diabetics in measuring, displaying and monitoring their current blood glucose levels, in identifying long-term glucose trends and developments based on their glucose levels, and warns diabetics if they become hyperglycemic or hypoglycemic and thus reach life-threatening states.
These T&Cs, applicable to the registration of a User Account and the use of the CGM APP, shall exclusively govern the relationship between any individual who registered a User Account for the use of the CGM APP (the "User") and Trividia. In the relationship between the user and Trividia, these T&Cs apply exclusively to the use of the CGM APP. The application of terms and conditions of the User is expressly rejected, even if the User expressly refers to their application.
1.1. Subject to these T&Cs Trividia offers to Users to register a User Account and use the CGM APP in connection with the Product to measure and monitor their current and long-term blood glucose levels. The T&Cs stipulate the terms and conditions for the registration of a User Account and the use of the Trividia's CGM APP. The T&Cs constitute the user agreement for the use of the CGM APP between the User and Trividia after the registration of a User Account ("User Agreement").
1.2. The T&Cs govern the mutual rights and obligation with respect to the provision and use of the CGM APP.
1.3. Trividia is not a healthcare professional and does not provide medical, health or other professional services or advice in relation to the User. We do not verify the accuracy of the health and user data as defined in our privacy notice for the CGM APP. The current and applicable privacy notice can be found here: [].
1.4. The use of the Product and the CGM APP does not replace proper healthcare and the regular consultation with healthcare professionals such as physicians. Should Users feel unwell, experience pain, or notice any other abnormality that may be related to their health, it is the User's sole responsibility to urgently consult a physician or other appropriate medical care. Trividia cannot give appropriate medical advice and recommends that Users consult a physician or other medical professionals. In urgent or life threatening cases, Users should dial the local emergency number of the country where they are currently located.
1.5. At their own responsibility, Users may also share data collected during the use of the Product and the CGM APP with their physicians, healthcare professionals or other healthcare service providers for the purpose of receiving medical treatment and advice.
1.6. The CGM APP may be downloaded from Apple's App Store and the Google Play Store. The use of Apple's App Store and the Google Play Store are subject to separate independent terms and conditions and Apple's and Google's privacy notice, which are not controlled by Trividia and cannot be influenced by us. The terms of use and privacy policy can be accessed at:
-
Apple Media Service Terms and Conditions:
https://www.apple.com/uk/legal/internet-services/itunes/uk/terms.html
-
Privacy Policy:
-
Google Play Terms of Service:
https://play.google.com/intl/de_uk/about/play-terms/index.html
-
Privacy Policy:
2.1 Upon the successful completion of the registration of a User Account as set out in section 3, Trividia grants the User access to the CGM APP and the User receives a non-exclusive, non-transferable, non-assignable, non-permanent, limited right to access and use the CGM APP in accordance with these T&Cs and the applicable laws ("Trividia Services").
2.2 In connection with the use of the Product and the CGM APP, Trividia Services include that Users:
a) measure and monitor their current and long term blood glucose levels and trends;
b) transmit, retrieve and display certain information regarding their diabetes on their mobile device on which they have installed the CGM APP;
c) receive warning messages and alerts in case of hyperglycemic or hypoglycemic and thus live-threatening states;
d) may voluntarily upload and store the collected data on Trividia's cloud servers located in Germany using the cloud services offered by Trividia in the CGM APP;
e) may use the CGM APP in offline mode without uploading their personal data to our cloud servers after the successful registration of a User Account;
f) may access and transfer this data, if uploaded to the cloud servers, to any other mobile device at any time by logging into their respective User Account;
g) perform backups of their data which are then stored on our cloud server;
h) share their uploaded anonymized data with research and development centers in the United States of America for statistical and analytical research purposes and to improve data related to diabetes research.
2.3 The access and usage right granted under these T&Cs is generally limited to the CGM APP and the Trividia Services in their current state upon registration of a User Account.
2.4 Trividia is entitled to introduce additional features and functions ("Upgrades") which may be only available upon payment of an additional fee. Such Upgrades may be subject to additional terms and conditions. If any such additional terms or fees accrue, Trividia will inform the User accordingly of the applicable terms and fees prior to the purchase of any Upgrades.
3.1 Users may only register a User Account with Trividia for the use of the CGM APP, if they purchased a Product from Trividia's local distributors. Users are only entitled to register a User Account if they are at least 18 year old, or at the age at which they have the legal capacity under the national law of their habitual residence.
3.2 During the registration process for a User Account, Users must accept these T&Cs, confirm that they have taken note of Trividia's Privacy Notice for the CGM APP, which can be found at [].
3.3 When registering a User Account, Users must provide the following information during the registration process ("Account Data"):
a) their email address;
b) a user name;
c) an individual password.
The provided information must be correct and the User must be the owner of the email address.
3.4 When logging in to his User Account in the CGM APP, the User will be prompted in the future to provide his email address or his user name and his individual password.
3.5 Users are obliged to keep all Account Data, in particular his user name and password, secret and carefully secure access to the User Account. Users shall ensure that no third parties have access to the User Account. The User must inform Trividia immediately, if he becomes aware of the loss of login credentials, his mobile device with the installed CGM APP, or if there are indications that the User Account has been misused. Such notice must include the User's email address and user name and may be sent to [].
3.6 Trividia reserves the right to delete the provided Account Data after a reasonable time, if the registration process fails, remains incomplete or is cancelled.
3.7 The User Account is not transferrable to a third party, as it is bound to the User, who indicated the Account Data during the registration process and successfully completed the registration. In the event that the User dies, Trividia is permitted to give the User's inheritors access to the User Account and to provide them with the information required for this purpose.
3.8 In case the User Agreement is terminated by Trividia or the User according to Section 7 of these T&Cs, the right to use and log in to the CGM APP expires as well automatically and immediately. Trividia is then entitled to suspend the User Account immediately and delete the data associated with the User Account within a reasonable period of time, subject to retention obligations under applicable laws.
4.1 The User is obliged to use the CGM APP solely for the purposes defined in these T&Cs and in accordance with these T&Cs. In particular, any kind of use is prohibited that may lead to a damage to the CGM APP, Trividia's IT infrastructure (including its cloud servers), its distributors, third parties, other Users of the CGM APP, violates statutory legal provisions or infringes any third party rights (e.g. intellectual property rights, data privacy rights). Users are not permitted to use the CGM APP in a manner that is suitable to harm Trividia, its distributors, other Users, third parties or to take advantage of or threaten the operation of the CGM APP or Trividia's IT infrastructure (including its cloud servers).
4.2 Trividia owns and retains all rights, in particular intellectual property rights, title and interest in and to the CGM APP and all respective usage rights to the CGM APP. The User is entitled during the term of the User Agreement on a non-exclusive, non-permanent and non-transferable basis to use the CGM APP and its features in accordance with these T&Cs as well as the potentially applicable additional terms and conditions for Upgrades. The User shall be not entitled to
a) use the CGM APP for commercial purposes or to benefit any third party;
b) use or attempt to use any unauthorized means to modify, reroute, or gain access to Trividia Services;
c) enable unauthorized third party applications, hardware or software to access, interfere with, or modify the CGM APP or the Product;
d) sublicense any of the User's rights under these T&Cs to a third party;
e) modify, copy, dissemble, decompile, translate, decode, edit, distribute, or make the CGM APP publicly available or create derivative works of it, unless permitted by law;
f) reverse engineer or derive the source code of the CGM APP, unless permitted by law;
g) use any automated means, processes or services to access or use Trividia Services, or to copy or scrape any data from the Trividia Services and the CGM APP.
4.3 The User is solely responsible to ensure that its mobile device meets the technical requirements for the use of the CGM APP. Users also have to ensure that they are using the latest version of the CGM APP. If the User does not update his CGM APP to the latest version provided by Trividia, Trividia cannot guarantee that the use of the CGM APP takes place with the current security standards.
5.1 Upon purchase of the Product, the Customer acquires, subject to the required minimum age of 18 years pursuant to Section 3.1. and the prerequisite of the registration of a User Account pursuant to Section 3, the right to download CGM APP from the providers mentioned in Section 5.2 and to install it on his mobile device.
5.2 Trividia supplies the CGM APP as a digital download on its website, which can be found at https://www.ican-cgm.com, and through Apple's App Store and the Google Play Store. To the extent that the supply of the CGM APP is carried out by the providers of the aforementioned app stores, any potential delay in the supply of the CGM APP (including updates) by the providers of the app store is not the responsibility of Trividia and does not constitute any claims of the User against Trividia.
5.3 The use and supply of the CGM APP is free of charge and the User may download the CGM APP at any time from Trividia's website or the app stores mentioned above. If in the future the CGM APP should provide chargeable content, Trividia will inform the User in due time about the chargeability.
5.4 Trividia supplies the CGM APP in its latest version and with the features and functions as set forth in Section 2. The features, functions and attributes of the Trividia Services and the CGM APP described in Section 2 constitute the subjective and objective conformity requirements agreed upon between Trividia and the User.
5.5 Trividia provides installation and instruction manuals for the CGM APP along with the instruction manual for the Product. Both manuals can also be found here: https://www.ican-cgm.com
6.1 Trividia warrants that the CGM APP conforms to the subjective and objective conformity requirements at the time of its supply and that its use by the User to the contractually agreed extent in the country of first download of the app does not conflict with any third party rights.
6.2 Insofar as the CGM APP does not meet the subjective or objective requirements for conformity as stipulated in these T&Cs, the user shall be entitled to the statutory warranty claims such as subsequent performance, revocation of the contract, reduction of the purchase price or damages, provided that the prerequisites of these provisions are met.
6.3 In accordance with Section 6.4, Trividia will provide updates to the CGM APP, which maintain the contractual condition of the CGM APP, including (critical) security updates ("Updates").
6.4 Trividia provides Updates for the CGM APP as of the initial supply of the app to an individual User for a minimum period of two (2) years and as long as Trividia supplies the CGM APP to an individual User. The maximum eligibility of an individual User to receive Updates ends with the termination of the User Agreement pursuant to Section 7 of these T&Cs.
6.5 Trividia informs the User on available Updates by a corresponding notice in the CGM APP or on the website. In addition, providers of the app stores may inform the User on available Updates. Trividia shall not be liable for any defect due to a failure by the User to update the CGM APP of which Trividia has informed the User, unless the failure to update is caused by defective installation instructions provided to the User.
6.6 The liability under statutory law (regardless of the legal basis) of Trividia and its legal representatives and vicarious agents is limited to damages (a) resulting from intent and gross negligence of Trividia, its legal representatives or vicarious agents, (b) to life, body or health or (c) resulting from the culpable breach of material contractual obligations, i.e. obligations the fulfillment of which is a prerequisite for the due performance of the contract or the breach of which jeopardizes the realization of the purpose of the contract and compliance with which the other party may regularly rely on (so called “cardinal obligations” = “Kardinalspflichten”). In the latter case the liability shall be limited in case of slight negligence to the damage which was typically foreseeable at the time of contract conclusion.
6.7 The liability for the loss of data is limited to the effort for retrieval that would have occurred in case of regular and proper back-ups. The User is solely responsible for conducting the back-ups of the data that they entered or uploaded to Trividia's cloud servers through the use of the respective feature in the CGM APP. The User is also solely responsible for saving any information required for evidence, accounting or other purposes on a storage device independent of Trividia's services.
7.1 These T&Cs become binding upon successful registration of a User Account and acceptance of these T&Cs by the User during the registration process. The User Agreement for the Trividia Services is concluded for an indefinite term.
7.2 The User may terminate the User Agreement at any time either by sending a termination notice in text form via email to cgmmk@Trividiameditech.com or by closing the User Account in the CGM APP and deletion of the CGM APP. In the event the User terminates the User Agreement by sending a termination notice via email, Trividia will suspend the account and delete all data associated with the User's User Account after a reasonable period of time and in accordance with Trividia's data retention policies.
7.3 Trividia may terminate the User Agreement at any time with a notice period of 30 days to the end of the month in text form without specifying any reasons.
7.4 If Trividia has concrete indications of violations of the User against legal provisions or against obligations under these T&Cs, Trividia may suspend the respective User Account until it is ensured that no further violations are committed.
7.5 In the event that the User repeatedly violates legal provisions or obligations arising from these T&Cs, Trividia may permanently suspend the respective User Account. Violations of obligations under these T&Cs permitting permanent suspension include, in particular, the User's obligations not to:
a) transfer the User Account to a third party or grant a third party access to the User Account;
b) provide false information during the registration process;
c) use an email address that is not owned by the User;
d) use the CGM APP in a manner that may cause damage to the CGM APP, Trividia's IT infrastructure (including its cloud servers); or
e) violate these T&Cs, statutory legal provisions or any third party rights.
7.6 If Trividia suspends a User, Trividia will take into account the legitimate interests of the User, in particular whether the User is responsible for the violation. Trividia will inform the User of the reasons for temporary or permanent suspension at the latest when the suspension becomes effective.
7.7 Trividia and the User have the right to terminate the User Agreement at any time without notice for good cause. Good cause includes, in particular, if the User repeatedly violates these T&Cs.
7.8 Trividia may also terminate the User Agreement, if the User decides to reject material changes pursuant to Section 9.1.
7.9 If Trividia has permanently suspended a User or terminated the User Agreement in accordance with these T&Cs, the User has no right to have his suspended User Account reinstated. The User is also not allowed to register a new User Account after a permanent suspension or a termination by Trividia.
8.1 Trividia's current and applicable Privacy Notice for the CGM APP can be found here: https://www.ican-cgm.com
9.1 Trividia may, at its sole discretion, extend, reduce, change or completely cease to provide Trividia Services to the Users, and amend these T&Cs. As far as changes are exclusively connected with advantages for the User, Trividia will inform the User 30 days before the changes apply. In case of material changes to the Trividia Services or to these T&Cs that could be disadvantageous for the User (e.g. introduction of a fee for previously free services, modifications of termination rights to the detriment of Users), Trividia will inform the User upon a 30 days' notice period. Changes become binding for the User and Trividia if the User does not reject in writing (email is sufficient) within this deadline and continues to use the CGM APP and the Trividia Services after the expiration of the deadline. Trividia informs the End User about this effect along with the change notice.
9.2 These T&Cs shall exclusively be governed by and construed under the laws of [] excluding its provision on the conflict of laws and the United Nations Convention on Contracts for the International Sale of Goods (CISG). In the event that your residence or abode is in a member state of the European Union and if you are a consumer, this stipulation is not in conflict with mandatory rules of the country in which your residence or abode is situated. Such rules shall remain unaffected.
9.3 Should any provision of these T&Cs be or become invalid in whole or in parts or should a loophole requiring closing show up, the validity of the other provisions shall not be affected. Rather, the Parties shall be obliged to replace the invalid or unenforceable provisions with another valid provision as close to the economic effect as possible.
The T&Cs are dated May, 5, 2023.
Name | Function | Role in the DPIA process |
---|---|---|
Jiangfeng Fei | CEO, Trividia Health | Accountable |
Lee Scott Taylor | Head of European Access | Responsible (final approval) |
Echo Yu | Regulatory Affaire Director | Responsible (author) |
Zhigang Zhong | IT Security Officer | Consulted |
Robin Chen | Data Protection Officer | Consulted |
Contact details of the Data Protection Officer:
Robin Chen xiaobing.chen@Trividia.com Tel: 0731-89935578
The DPIA is conducted due to the processing on a large scale of special categories of data in the meaning of Art. 9 (1) GDPR, i.e. health data or personal health information (Art. 35 (3) lit. b) GDPR). The processing has not yet been commenced. The controller wants to assess what legal bases are available for the processing, the necessity and proportionality of the processing and what appropriate safeguards are required for the intended processing activities.
[Currently there are no annexes or references. It may be useful to refer to, e.g., certain customer agreements or other privacy/compliance documentation.]
[Complete when draft is final, max. 1 year from approval]
Trividia Health Inc. ("Trividia") is the controller of different categories of personal data, including personal health information, which is provided by private individuals using Trividia's CGM APP, the blood glucose sensor and its transmitter. Trividia operates and offers the CGM APP to private individuals, who purchased a blood glucose sensor and a transmitter from one of Trividia's distributors. In order to be able to use Trividia's CGM APP, customers must register a user account in the CGM APP and provide personal information such as their email address, a user name and an individual password ("User Account Data"). Besides User Account Data and certain technical device data, which are necessary for using the CGM APP, Trividia processes in particular personal health information when it comes to the use of the blood glucose sensor, the transmitter and the CGM APP. During registration, customers may voluntarily indicate their diabetes type, gender and age, while the blood glucose sensor and the transmitter will continuously process and transmit glucose levels to the CGM APP via Bluetooth in order to enable customers to view current glucose levels, and to provide them with long-term glucose trends and developments based on their glucose levels ("Health Data") as well as to send warning messages and alerts in case of life-threatening glucose levels. Except for personal data such as names and email addresses required for the registration of a user account with the CGM APP, all personal data is generally stored on the user's device by default. Any data that is stored locally is not accessible for Trividia and its employees. CGM APP users also have the voluntary option to use a cloud service and upload their personal data, including their Health Data, to Trividia's cloud servers. If the data is uploaded to the cloud server, Trividia intends to share Health Data in an anonymized format with research and development centers, external researchers, healthcare companies and professionals, and health authorities in the United States of America.
As Trividia processes special categories of personal data referred to in Art. 9 (1) GDPR, i.e. Health Data, and because the processing of data concerning health is generally associated with a high risk to the rights and freedoms of natural persons, the following DPIA will be limited to this specific category of personal data.
Trividia processes Health Data and corresponding information for multiple purposes.
The main purpose of the processing of Health Data is the provision of current glucose levels and enabling customers to view a retrospective analysis of their glucose levels, which shall be associated with an improvement of the understanding and control of their diabetes. In addition to the improvement of the understanding of customers' diabetes, Health Data is processed to protect the life of Trividia's customers in case of life-threatening glucose levels.
Trividia additionally intends to process and share Health Data that is voluntarily uploaded to Trividia's cloud servers using the cloud service in an anonymized form with research and development centers in the United States of America for statistical and analytical research purposes and to improve data related to diabetes research. Processing for research purposes includes, but is not limited to, creating, accessing, storing, using, analyzing, and sharing the data with affiliates, external researchers, healthcare companies and professionals, and health authorities. Anonymized data will also be used to evaluate and improve the performance of the CGM APP and to update and improve existing features, develop new features to meet the individual needs of our users, and to improve statistical and scientific research capabilities.
The legal basis for Trividia's processing activities in relation to the processing of customers' Health Data is their prior express consent pursuant to Art. 9 (2) lit. a) GDPR. Trividia is aware that valid consent requires a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of its personal data. Trividia also understands that the processing of special categories of personal data in the sense of Art. 9 (1) GDPR requires explicit consent. Therefore, Trividia will only process customers' Health Data when the customer has expressly consented to the processing of his or her personal information for the purposes provided for in Trividia's procedures for obtaining informed consent. Conscious of the relevant consent requirements under the GDPR, Trividia obtains consent prior to the processing for each and every purpose for which the processing of customer's Health Data is intended.
Already for storing Health Data on the user device (in the default function) Trividia requires users to consent to this storage. The user is notified that without this consent, the CGM APP will not be usable with all functions. The consent will be requested in the course of the account registration process and requires an active action of the user. In this process, the user is also provided with key information regarding the processing and meaning of his/her consent.
On optional basis, the user can upload his/her Health Data to cloud servers operated by third party service providers of Trividia. This step requires (theoretical) access to the uploaded data by Trividia and the engaged service provider. Uploading the data requires a separate consent in the same form as described above in paragraph b).
In certain specified cases and when Health Data is uploaded to Trividia's cloud servers, Trividia intends to share anonymized Health Data with independent third parties. Recipients of Health Data include to the extent necessary Trividia's technical and customer support service providers, Trividia Group companies (i.e. affiliate companies), research and development centers in the United States of America, external researchers, healthcare companies and professionals, and health authorities. In any case, the legal basis for the processing and sharing is the express consent of the data subject pursuant to Art. 9 (2) lit. a) GDPR. Consent for sharing personal data also includes consent to the act of anonymizing itself. Data sharing requires a separate consent in the same form as described above in paragraph b).
To the extent Health Data is processed in countries outside the European Economic Area (“EEA”), Trividia takes appropriate measures to provided guarantees that the recipients comply with the main principles of the GDPR. Unless there are other appropriate safeguards or transfer mechanisms (such as adequacy decisions of the EU Commission) in place, Trividia uses the standard contractual clauses approved by the EU Commission pursuant to Art. 46 (2) lit. c) GDPR when drafting the contracts concluded with its service providers and business partners and, in addition, obtains the data subject's express consent pursuant to Art. 49 (1) lit. a) GDPR for the third country transfer. The consent according to above paragraphs c) and d) include an expressive consent for transfer to third parties outside the EEA. This consent is accompanied by information regarding the potential risks for personal data being transferred to countries outside the EEA.
The Health Data, uploaded to Trividia's cloud servers, is processed by a limited number of personnel. Solely authorized employees of Trividia will have access to the serves and the data stored thereon. Authorized employees include technical staff who is responsible for the maintenance of the servers. In addition, Trividia's customer support team may have access to Health Data, when users of the CGM APP contact the customer support and provide information on their Health Data or request support for the CGM APP that potentially requires access to the Health Data. These employees and all other employees receive special trainings and information on their, and Trividia's privacy, confidentiality and data security information and have to participate in regular privacy and data security trainings. In specific cases it may also be required for personnel of hosting service providers to access the Health Data stored on their servers for maintenance and trouble-shooting purposes. In the event of customer support requests, it may also be necessary for customer support purposes that Health Data is disclosed to Trividia's external customer support service provides such as call centers. The service providers are bound by data processing agreements meeting the requirements of Art. 28 GDPR and obliged to ensure that their personnel having access to the Health Data are trained respectively as well.
Prior to the start of processing, data subjects have been consulted and informed about Trividia's processing activities by receiving the relevant privacy notice. In addition, health data is generally stored locally on the data subject's mobile device by default to reduce the risk to individuals' freedoms and rights with respect to their personal data. Before the data is uploaded to Trividia's cloud servers, the data subject must give consent to the upload and, in this regard, will be informed of the relevant processing activities that will be carried out when and after the data is uploaded, so that data subjects can make a free and informed decision regarding their personal data prior to the processing.
Data concerning health in the meaning of Art. 9 (1) GDPR, namely health data including blood glucose levels.
Private individuals who suffer from diabetes having purchased or ordered the Trividia blood glucose sensor and transmitter from Trividia distributors, and have registered with the CGM APP.
When it comes to data processors, Trividia engages and cooperates with certain service providers in order to provide the CGM APP and the cloud services. These data processors have been carefully selected beforehand, are contractually obligated in the scope of Art. 28 (3) GDPR and have been verified for reliability in accordance with Art. 28 (1) GDPR. Data processors engaged by Trividia are basically technical service and host providers. The following data processors are involved and carry out processing on behalf of Trividia:
Trividia Health Inc, in the USA (support services)
[call center]
Oracle Cloud ("ORACLE") in the EU with physical server location in Germany and United Kingdom (as hosting provider)
With the consent of the data subjects Trividia intends to share Health Data in an anonymized form to the extent necessary with research and development centers in the United States of America, external researchers, healthcare companies and professionals, and health authorities. These recipients are separate controllers, as Trividia will not be further involved in the processing and in determining the purposes and means of the processing, or processors which have been selected as described in sec.B.II.3.a).
The above recipients of personal data are established outside the EEA or are controlled by a parent company located in a third country. When it comes to data sharing with recipients set out in sec. B.II. 3. b), Trividia ensures that all data is anonymized prior to the disclosure. In addition, Trividia takes appropriate measures to provide guarantees that the recipients comply with the principles of GDPR. Unless there are other appropriate safeguards or transfer mechanisms (such as adequacy decisions of the EU Commission) in place, Trividia uses the standard contractual clauses approved by the EU Commission pursuant to Art. 46 (2) lit. c) GDPR when drafting the contracts concluded with service providers and obtains prior consent for the data transfer from our customers. Before Trividia asks customers to consent to the processing and transfer of their personal data, the necessary information according to Art. 12, 13 GDPR is provided including information on the risks associated with data transfers to third countries that do not have the same level of data protection as the European Union so that they can make an informed decision.
Only authorized employees access personal data and Trividia performs daily incremental backups and monthly full backups of data stored on the cloud server for data loss prevention purposes. The data is deleted or anonymized as soon as it is no longer necessary for the purposes it has been collected and processed. The data is basically stored for the duration of the contractual relationship regarding the CGM APP. Health Data that is uploaded to Trividia's cloud servers will be retained for twelve months from the last use of the customer's user account and deleted or aggregated thereafter. If data subjects withdraw their consent or exercise their right to be forgotten under Art. 17 GDPR, Trividia will delete respective data. Any data that is stored on the mobile device used by the customer in conjunction with the use of the CGM APP will be stored locally until the customer decides to delete the CGM APP.
Data that is processed in connection with Trividia's customer service will be stored where this is necessary to ensure product safety and to comply with applicable regulatory provisions. The retention period of this information may vary between two and ten years after the last sale of the products by distributors.
Trividia also retains data in accordance with retention periods under tax and commercial law, insofar as applicable. This does not include Health Data.
In any case, where it is necessary and required by law, Trividia will restrict access to the data and anonymize it to the extent permitted by applicable laws and regulations in order to ensure security of the data and reduce the risks to the freedoms and rights of the data subjects.
The data collected by the blood glucose sensor is transmitted via the transmitter to the customer's mobile device on which the CGM APP is installed. This transmission adopts the Bluetooth Standard Protocol for encryption. Data that remains stored exclusively locally on the customers' mobile device is not accessible for Trividia or its employees by remote technical means and encrypted using CBC (Cipher Block Chaining Mode) encryption. Should customers decide to use the cloud service, the data transmission is encrypted by HTTPS encryption. For data encryption on AWS cloud servers the Advanced Encryption Standard (AES) is utilized.
To the extent necessary and requested by the customer, Trividia's customer services teams may have access to the customers' data stored on the cloud server. Regardless of the location of the customer service personnel accessing the personal information, the access is carried out via a secured network connection.
In terms of data loss prevention and to provide customers with data backups in case of accidental data loss or loss of their mobile device, Trividia performs daily incremental backups and monthly full backups of the data stored on our cloud servers. For data stored merely locally on customer mobile devices we do not perform data backups.
Additional data protection technologies include management of encryption keys, redaction of application layer data, and masking of sensitive production data for use in nonproduction environments for testing and development purposes.
Trividia offers a blood glucose sensor, which allows users to view their current blood glucose levels, monitor their diabetes, and improve their understanding of their diabetes through retrospective analysis capabilities in an intelligible mobile app. Without the collection, transmission and processing of blood glucose levels stored at least locally on the device, the CGM APP and consequently the blood glucose sensor itself would not be usable and would not serve the purpose for which they were invented and developed. As a consequence, customers would not be able to monitor their current glucose levels and their diabetes. Assumed the data would not be stored locally on the mobile device, a retrospective analysis of the customer's glucose levels could not be conducted. Without being able to conduct a retrospective analysis, the customers would not be able to improve their understanding of their diabetes, and may not be able to improve the quality of their life. In addition, without monitoring current blood glucose levels, diabetics could easier fall into hyper- or hypoglycemic blood glucose levels, which can be life-threatening. The processing of the corresponding data therefore helps diabetics to recognize life-threatening blood glucose ranges and corresponding tendencies at an early stage, to take timely corrective measures and thus to protect their lives.
As a risk mitigation measure, Trividia decided to allow the storage of the data locally on the mobile device by default, so that users can decide themselves whether they want to upload their data to the cloud servers. Except for the users themselves, nobody is able to access the data stored locally on the mobile device. Therefore, it is in the sole discretion of the users whether they are willing to increase the risk to their freedom and rights.
Processing, collecting and storing the data merely locally on the mobile device and leaving the decision to upload it to Trividia's cloud servers is the least intrusive and processing activity with least risk that can be performed to achieve the purposes of the processing and to provide customers with a technology based product. The data is obtained through the users themselves and on a voluntary basis, as they are free to purchase other, non-technology based products that do not provide for the tech-based features and advantages and therefore process less data.
Trividia also intends to process the data for research purposes as described in sec. B.I.2.b) by sharing the data with recipients named in that section and in sec. B.II.3. Trividia will share the data with third parties only when the data is uploaded to the cloud servers, when the customers gave their consent and in an anonymized form. The disclosure of data to the specified recipients is necessary so that they can conduct statistical and analytical research on diabetes and possibly develop new medications, or at least improve medical knowledge and thus medical advice for people with diabetes.
Data masking (also known as data scrambling and data anonymization) is the process of replacing sensitive information copied from production databases to test non-production databases with realistic, but scrubbed, data based on masking rules. Trividia utilized Oracle Data Masking and Subsetting Pack license to use data masking features. For details, please refer to Data Masking and Subsetting Guide.
Since the data will be shared exclusively in an anonymized format that does not allow the identification of data subjects, and only when the CGM APP user gives his or her explicit consent, the processing is the least intrusive, and is also based on the explicit expressed wishes of the users. The same applies for the processing for the improvement of the CGM APP. The data is solely used for this purpose when it is uploaded to the cloud server with the users consent and in an anonymized format.
Less intrusive and risky means than using anonymized data and following a consent based approach are not available, so that the selected means of processing are the most privacy friendly and proportionate available to achieve these purposes.
The data is collected directly from the data subjects through a sensor which is self-applied to their skin. Trividia has no influence on the stored data.
In operation, the CGM System uses an integrated transmitter to convert electric signals to digital signals (following a process of signal amplification and filtering) and relay the data to the user's Bluetooth 4.0 (and later) smartphone using the Bluetooth LE connectivity provided by the Nordic SoC. The processor with floating point unit (FPU) provides ample computational power to run the complex sensor algorithms that ensure correct conversion the sensor data from the transmitter into the blood glucose value displayed on the companion APP.
See B.II.3.d).
Data subjects are informed about the processing through the provision of Trividia's privacy notice which contain the relevant information according to Art. 13 GDPR. The privacy notice is provided when registering an account in the CGM APP. Users must confirm acknowledgment of the privacy notice during the registration process.
Data subjects using the CGM APP may contact the data protection officer and request access to their personal information. Data stored on the device of the data subject can be viewed at any time on the device.
For data that is stored on the cloud server, the data subject can exercise his or her right of erasure by contacting the data protection officer and request deletion of the data. In addition, any data stored on the cloud server will be deleted or aggregated after a period of twelve months from the last use of the respective user account.
With respect to the data stored locally on the customer's mobile device, the data subject can easily delete the data at any time by removing the CGM APP from his or her mobile device.
If data subjects believe that data processed by the company and stored on the cloud server is incorrect, they can contact the company‘s data protection officer. User Account Data can be rectified by the user at any time in the CGM APP.
There will be no use case to exercise the right to object pursuant to Art. 21 GDPR, because the relevant data is not processed on the basis of Trividia's legitimate interest, not for the purpose of direct marketing and not for scientific, historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR.
The users have a right to request the transfer of their personal information in certain circumstances. This includes data Trividia process in an automated way in the APP based on user's consent.
The assessment of the risks broadly follows the method described in the DSK short paper no. 18 "Risk Assessment".[(DSK_Kurzpapier Nr. 18_Risiko_für die Rechte und Freiheiten natürlicher Personen (datenschutzkonferenz-online.de), p. 4-5.] To describe the risks, we are using the matrix recommended by the Bavarian supervisory authority for the private sector in its example DPIA["Durchführung einer Datenschutz-Folgeabschätzung nach Art. 35 DSGVO in Anlehnung an die ISO/IEC 29134", p. 18.].
Damage | ||||
Very large | ||||
Substantial | ||||
Limited | ||||
Minimal | ||||
Minimal | Limited | Substantial | Maximum | |
Probability |
Minimal | Minor disturbances |
Limited | Disturbances |
Substantial | Material negative consequences |
Very large | Very serious and/or irreversible consequences |
Minimal | Almost impossible / unimaginable |
Limited | Requires a lot of effort (e.g., to overcome security measures) |
Substantial | It is possible to overcome security measures with little effort |
Very large | It is easy to cause the damage |
Green | Low risk |
Yellow/orange | Medium risk |
Red | High risk |
Identification of the risk | Assessment | |||||
---|---|---|---|---|---|---|
Source of the risk | Description of the risk | Possible damage | Probability | Severity of the possible damage | Result | |
1 | Employees | Unauthorized disclosure of the data by authorized to access and use it | Violation of the data subject's personality and privacy rights | Minimal | Substantial | Medium Risk |
2 | Employees | Unauthorized accessing and/or disclosure of the data by employees not authorized to access it | Violation of the data subject's personality and privacy rights | Minimal | Substantial | Medium Risk |
3 | External; IT Security risks | Third parties obtain unauthorized access to the data, possibly disclose it further | Violation of the data subject's personality and privacy rights | Limited | Substantial | Medium Risk |
4 | Loss of the mobile device on which the Trividia APP is installed | Unauthorized access to the data, in particular Health Data, stored on the mobile device by third parties who find the device | Violation of the data subject's personality and privacy rights, loss of control over their personal data, identity theft, discrimination | Limited | Substantial | Medium Risk |
5 | Transmission of the data from the transmitter to the user's mobile device | Unauthorized access to the data, in particular Health Data, during transmission to the user's mobile device and unauthorized interception of such data | Violation of the data subject's personality and privacy rights, loss of control over their personal data, discrimination | Limited | Limited | Low Risk |
6 | Use of cloud services provided by an U.S. cloud service provider | Unauthorized access to the data, in particular Health Data, and transfer of the data to a country that is not yet confirmed by the EU Commission to ensure an adequate level of data protection and the rights of data subjects | Violation of the data subject's personality and privacy rights, loss of control over their personal data, identity theft or fraud, unlawful and intransparent processing | Limited | Substantial | Medium Risk |
7 | Transfer of data to research and development centers, external researchers, healthcare companies and professionals, and health authorities | Unauthorized access to the data, in particular Health Data and unlawful disclosure | Violation of the data subject's personality and privacy rights, loss of control over their personal data, identity theft or fraud, unlawful and intransparent processing, refusal of data subject rights, processing of unanticipated data | Minimal | Substantial | Medium Risk |
8 | Loss or deletion of data stored in the cloud or the mobile device | Unintentional loss of data through cyber-attacks or data incidents, employee errors, or defects of the cloud server or the mobile device | Violation of the data subjects personality, privacy and contractual rights, loss of control over their personal data | Minimal | Substantial | Medium Risk |
Both, authorized and unauthorized personnel will receive special trainings on privacy laws and will be made aware of data protection laws, basic requirements, consequences of data protection violations and their impact on the controller as well as the data subjects and their data protection rights.
Trividia or its employees cannot access data stored locally on the mobile device of the customer. Should the customer decide for Trividia's cloud service and upload his or her personal data to Trividia's cloud servers, solely authorized employees will have access to the servers and personal data stored thereon and only on a “need-to-know” basis. Such personal will receive the aforementioned training on privacy laws. Access by any other personnel is prevented by logical access restriction and specifying an access control list ("ACL") blocks all IP addresses that are not in the ACL list from accessing the database.
In addition, Trividia retains data associated with user's CGM APP account and stored on a cloud server for a period of 12 months following the last use of the account. Customer support requests will be retained, where this is necessary, to ensure product safety and to comply with applicable regulatory provisions.
As soon as the data is no longer necessary for the purposes collected and processed or if the customer exercise their right to be forgotten, withdraw their consent, Trividia deletes or anonymizes such personal data.
Data stored locally on the users mobile device is encrypted using CBC (Cipher Block Chaining Mode) encryption. Using CBC encryption has the advantage that plaintext patterns will be destroyed, identical plaintext patterns and blocks have different cipher texts, different cyber attacks such as time memory tradeoff and plaintext attacks become more difficult and reordering of the cipher text blocks result in erroneous plaintext blocks. The CGM APP is additionally protected against unauthorized access by security measures such as password prompt each time the App is launched and automatically sign out when the user closes the App.
These means protect data that is stored locally in an adequate and state of the art manner.
The transmission from the glucose level transmitter to the CGM APP adopts the Bluetooth Standard Protocol for encryption. Establishing a connection basically requires authentication, authorization and a so called “pairing” between the devices. In order to establish the connection and pair the devices, the CGM APP user needs to enter a specific pin code, which can be set individually by the user.
The Bluetooth Standard Protocol in conjunction with the authentication, authorization and "pairing" requirements is technically sufficient and state of the art to protect the transmitted data and prevent unauthorized access.
When customers voluntarily decide to opt for Trividia's cloud service and upload their data to Trividia's cloud servers provided by AWS, the data transfer from the mobile device to the cloud server is encrypted using HTTPS encryption. HTTPS encryption is the standard communication protocol in the internet and represents a transport encryption, which shall ensure a tap-proof transfer of data in the internet between the client (sender) and the server (recipient).
When the data is stored on the cloud server, it is encrypted by Advanced Encryption Standard (AES), a highly secure encryption method adopted by the U.S. Government to protect non-classified data and classified information up to Top Secret level, given that a key with a length of 192 or 256 bits is used. At present, there exists no known practical attack that would allow unauthorized persons to decrypt and read data encrypted by AES without the knowledge of the key, so that the risks associated with the upload of the data is reduced to a minimum. The encryption ensures that third parties cannot access and read the data without the knowledge of the encryption key.
When it comes to third country transfers in the meaning of Art. 44 et. seq. GDPR, Trividia takes appropriate measures to provide guarantees that the recipients comply with the principles of GDPR and inform data subjects in the privacy notice about the risks associated with third country transfers where no adequacy decision of the European Commission exists, so that data subjects can make an informed decision regarding the processing of their data. As a risk mitigation measure, third country transfers may only occur if data subjects actively decide to upload their data to Trividia's cloud server, i.e. Trividia's customer must actively opt in for the upload of their data and give their express consent for the upload. This upload function is disabled in the default setting of the CGM APP. When no other appropriate safeguards or transfer tools for the third country transfer are in place, Trividia uses the standard contractual clauses approved by the EU Commission pursuant to Art. 46 (2) lit. c) GDPR when drafting contracts concluded with its service providers, so that these business partners are contractually obliged to adhere to the principles of the GDPR. Therefore, the risk associated with third country transfers and using Trividia's cloud service is low and Trividia implemented countermeasures to ensure the security and integrity of users' Health Data.
Data of data subjects will only be provided to these recipients if the customer has chosen to upload his or her data to the cloud server and consented to the sharing of the uploaded data with the aforementioned recipients. To avoid an unauthorized access to or an unlawful disclosure of the personal data, Trividia solely shares anonymized data with these recipients. By anonymizing the shared data as described under C.I.1.b), Trividia ensures that its customers remain unidentifiable and that the data cannot be de-anonymized by the recipients.
Storing data on electronic devices or on cloud servers always bears the risk that data is lost due to data incidents, loss of the device itself, employee errors or defects of the cloud server. In order to prevent the loss of user data, Trividia has set up various processes to secure and backup user data. For data stored exclusively on the customer's mobile device, Trividia has integrated an upload option into the CGM APP that allows CGM APP users to upload the data to Trividia's cloud servers by using the cloud service. If the users lose their mobile device or if it breaks, the data can be easily retrieved from the cloud server and transferred to a new device by using the appropriate user account and logging in. The relevant data is then available again in the CGM APP.
Data stored on the cloud server, is secured against data loss through daily incremental backups and monthly full backups, which allow Trividia to provide the user with backups of their data in cases of accidental data loss, data incidents, employee errors or cloud server defects. These backups are stored on a separate server, which is independent from the main cloud server, so that backups would not be affected by any data incidents, employee errors or cloud server defects. In addition, Trividia utilizes Oracle Object Storage feature to prevent data loss, any loss in data redundancy is automatically detected and self-healed, without any customer impact.
The risks for the rights and freedoms of Trividia's customers and users of the CGM APP in connection with the blood glucose sensor and the transmitter and Trividia's cloud service in relation to the purposes of the processing and specific processing activities of Trividia are acceptable. Although the processing of special categories of personal data, i.e. Health Data, and hence very sensitive data, always incurs material risks for the rights and freedoms of data subjects, Trividia has implemented effective risk mitigation and counter measures to reduce the risks associated with the processing of such data to reach the corresponding purposes. These measures include, among others, data access restriction to relevant personnel, offering a cloud service and performing regular backups of user data to prevent data loss, using specific and different high-quality and secure encryption technologies when transferring and storing user data, and contractual instruments when drafting and concluding agreements with business partners located in third countries to provide sufficient and appropriate guarantees for transfers to these third countries.
In conclusion, Trividia comes to the assessment that no high or inacceptable risks for data subjects result from the processing of Health Data in the manner performed by Trividia.
***