Privacy Policy Impella App

Privacy Policy for the Impella Mobile Application

Status: January 2023

Background

This service (hereinafter "App") is provided by the

Abiomed, Inc.
22 Cherry Hill Drive
Danvers, MA 01923
United States
+1 (978) 646-1400

(hereinafter "we" or "us") as the „Controller” within the meaning of the applicable data protection law.

If you have any questions, requests or concerns about privacy, please contact us via Abiomed's privacy web form.

Within the app, we enable you to retrieve important information about the Impella® family of heart pumps for healthcare professionals.

When you use the app, we process personal data about you. Personal data means any information relating to an identified or identifiable natural person. Since the protection of your privacy when using the app is important to us, we would like to inform you with the following information about which personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to protect our legitimate interests, also on what we base this.
You can access this privacy policy at any time under the menu item "Privacy Policy" within the app.

Please note that the following information refers exclusively to the legal requirements and provisions on data protection of the European General Data Protection Regulation ("GDPR"). Any national provisions on data protection of the individual EU member states are not taken into account. 

Information on the processing of your data

Certain information is already processed automatically as soon as you use the app. We have listed below for you exactly which personal data is processed:

Information collected during the download

When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control. Please note and read the corresponding information on data protection and terms of use provided via the app store you are using.

App Store:

https://www.apple.com/de/legal/privacy/data/de/app-store/
https://support.apple.com/de-de/HT211970

Google PlayStore:

https://support.google.com/googleplay/answer/11416267?hl=de&co=GENIE.Platform%3DAndroid#zippy=%2Cdatenerhebung%2Cdatenweitergabe

Information that is collected automatically

When opening the App, we automatically collect certain data that is required to use the App. This includes:

• Access data (email and password)
• Random (generated by Firebase or Okta) unique user ID
• Device information (device ID, device type, device-specific settings and app settings as well as app properties, the browser type and operating system).
• Date and time
• IP address
• Location
• Language setting
• Referrer
• amount of data transferred and the message whether the data exchange was complete, crash of the app, error messages
• User interactions (views accessed, content opened or downloaded, call-to-actions).

This data is automatically transmitted to us, 

1. to provide you with the Service and related features;
2. improve the functions and performance features of the app; and 
3. Prevent and eliminate misuse and malfunctions.

 

The Impella mobile app does not set cookies. However, user interactions are tracked using a user ID for quantitative analysis of app usage.

Consent to app tracking via the end device you are using (Apple/Android - systems)

The providers of the end device you use offer different technologies for requesting and setting your consent for the tracking of information and data when using apps. A request for consent can be made when opening the app for the first time and then managed via the settings of your device in the data protection/privacy area under the respective app. Abiomed has no influence on these technologies, in particular we cannot revise to what extent app tracking is allowed or prevented by using these settings. We therefore ask you to familiarize yourself with the settings and associated information of your respective end device provider.

Data processing by us is carried out on the basis that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) lit. b GDPR insofar as this is necessary for the provision of the services for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in ensuring the functionality and error-free operation of the App and in being able to offer a service that is in line with the market and interests of you as a professional user or interested party of our products and therapies.

Creation of a user account (registration) and login

When you create a user account or register, we use your access data (e-mail address and password) to grant you access to your user account and to manage it ("mandatory data"). Mandatory Data within the registration process are marked with an asterisk and are required for the conclusion of the terms of use. Since the Impella App is aimed at healthcare professionals and the content is accordingly geared towards this target audience, you will also be asked to provide profession-related information during registration and asked to confirm this. If you do not provide this data or do not wish to confirm your professional expertise, you will not be able to create a user account.

In addition, you can provide voluntary information about your field of study and interests as part of the registration process. Insofar as you authenticate yourself via biometric features (e.g. fingerprint, facial geometry), these are also processed. However, these are only stored locally and encrypted on your end device.

We use the mandatory information to authenticate you when you log in and to follow up on requests to reset your password. We process and use the information you provide during registration or login to (1) verify your eligibility to manage the User Account; (2) enforce the App's Terms of Use and any rights and obligations associated therewith; and (3) contact you to send you technical or legal notices, updates, security messages, or other communications relating to, for example, the management of the User Account.

We use voluntary information to display relevant information within the app according to the settings you have made.

This data processing is justified by the fact that (1) the processing is necessary for the provision of the services or information requested by you, Art. 6 (1) lit. b GDPR, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app, Art. 6 (1) lit. f GDPR.

Use of the app

Within the app, you can manage and edit your personal information in your profile. This Information includes in particular:

• First and last name
• E-mail
• Password
• Country
• Hospital/Facility
• Profession and specialty
• Interests
• Notification selection

The app also requires the following permissions:

Internet access: This is required to store your edits on our servers and to provide and update information and functions.

The processing and use of these data is carried out for the provision of the service. This data processing is based on the fulfillment of the terms of use between you as the data subject and us pursuant to Art. 6 (1) lit. b GDPR.

Disclosure and transmission of data

In addition to the cases explicitly mentioned in this data protection declaration, your personal data will not be transferred without your express prior consent or if transfer is permitted or required by law.

Intracompany disclosure

The data you provide during registration and on your profile will be shared within the Abiomed group of companies for internal administrative purposes, including joint customer support, to the extent necessary. 

Any disclosure of personal data is justified by the fact that we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR are not overridden.

Business transfer

As our business evolves, we may change the structure of our business by changing its legal structure, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. For any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any disclosure of personal data is based on a legitimate interest in adapting our corporate organization to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR not prevail.

Disclosure for the fulfillment of a legal obligation and for the assertion, exercise and defense of legal claims

If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to harmed third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with. national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f GDPR do not override.

Processor

We rely on contractually affiliated companies of the Abiomed Group as well as the following third-party companies and external service providers to provide our service:

• Google LLC for authentication via Firebase Authentification
• Google LLC and Google Ireland Limited for quantitative analysis of app usage
• Okta Inc. for authentication via Okta Authentification
• HubSpot Inc. for central internal management and customer support
• Veeva Systems Inc. as a global content delivery network to deliver media content 

Any disclosure of personal data is based on the fact that (1) we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR not prevail and (2) we have carefully selected our third-party companies and external service providers as processors within the scope of Art. 28 (1) GDPR, regularly reviewed them and contractually obligated them to process all personal data exclusively in accordance with our instructions.

Data transfers to third countries

We also process data in countries outside the European Union (“EU”) and the European Economic Area ("EEA"), in particular at our headquarters in the USA.

In order to ensure the protection of the rights of the data subject also in the context of these data transfers, we use the Standard Contractual Clauses of the EU Commission in accordance with Art. 46 (2) lit. c GDPR when structuring the contractual relationships with recipients in third countries. If personal data is transferred from the United Kingdom and Northern Ireland, the so-called "UK Addendum" or, alternatively, the "International data transfer agreement" apply accordingly.

These are available under:

EU SCC

UK Addendum

Alternatively, you can also request these information from us using the contact details provided.

Data storage period

We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. Unless otherwise specified, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 14 days , during which we keep backup copies after deletion, unless this data is needed longer for criminal prosecution or to secure, assert or enforce legal claims.

Specific statements in this Privacy Notice or legal requirements for the retention and deletion of personal data, in particular data that we are obligated to retain for tax or commercial law reasons, remain unaffected.

Your rights as a data subject

Right to information

You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.

Right to correct data

You have the right to demand that we immediately correct the personal data concerning you if it is incorrect. Within the app, you can manage and edit your personal information in your profile yourself at any time.

If you have any further questions or wish to exercise your right to rectification, please contact us using the contact addresses provided or use the data protection web form.

Right to deletion

You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 GDPR. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section 5 of this privacy policy.

To exercise your right of deletion, you can request the deletion of your account in the app at any time under Profile Management/Interests or please contact us at the indicated contact addresses or use our data protection web form.

Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses provided.

Right to data portability

You have the right to receive from us the personal data concerning you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses provided.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

Right to lodge a complaint

You also have the right to lodge a complaint with the respective supervisory authority according to Art. 77 GDPR.

Contact

If you have any questions or comments about our handling of your personal data, or if you wish to exercise the rights as a data subject set out in sections 6 and 7, please contact:

Chief Compliance Officer at the following contact information: [email protected].

Our point of contact for data protection issues and questions regarding data protection for the European Union as well as the United Kingdom is our European branch:

Our point of contact for data protection issues and questions regarding data protection for the European Union as well as the United Kingdom is our European branch:

Abiomed Europe GmbH
Neuenhofer Weg 3
52074 Aachen
Germany
Tel: +49 241 8860 -0
Fax: +49 241 88660 - 111

or contact us via Abiomed's privacy webform.

If you have any questions or comments about the practical use and operation of the app, or if you have any support requests, please contact:
[email protected]

Changes to this privacy policy 

We always keep this privacy policy up to date. The current version of the privacy policy is always available within the app .