We take privacy and data protection seriously

Welcome to our Privacy Policy! It’s great that you’d like to know more about how we keep your information safe. This policy will give you information about how we look after your Personal Data when you visit or use our Dawn Health Platform (Hereafter ‘the Platform’). The Privacy Policy also tells you about your privacy rights and how the law protects you.

This Privacy Policy is issued on behalf of Dawn Health A/S (Dawn Health)
where Dawn Health is the data controller (the entity responsible for and in
charge of your Personal Data). 

You can read more about Dawn Health here.

Dawn Health collects your Personal Data as you share it with us within our Applications, Web Portals, on websites operated in connection with a specific Application, and through our customer support as we support your use of our Platform. 

For each activity mentioned below, we note the purpose for which we use your Personal Data, whom this Personal Data concerns, the categories of Personal Data being used, the legal bases we rely on for our use, the source from which we received the Personal Data, and for how long we keep the Personal Data.

Purpose

Dawn Health will process your Personal Data for the purpose of providing you with access to our Mobile Applications (hereafter ‘Applications’)to assist you in managing your condition, to optimize your experience and the functionality of our Applications, keeping the Applications operational and secure, and to comply with regulations. 

Who the Personal Data regards (Data Subjects)

Users of our mobile Applications.

Categories of Personal Data

1. Identity and contact Data. Such as first name, last name, e-mail address or similar unique identifiers, and date of birth
2. Technical data. Such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in and version, operating system and platform user ID, MAC ID and other technology on the device that access the Application.
3. Usage Data. Such as information about how you use our websites and Applications
4. Location Data. Such as information about preferred language and country
5. Health Data. Such as information about conditions and diseases, symptoms, diagnosis, treatment, consultation dates, laboratory results, quality of life and optional survey responses
6. Other Data. Includes information that you as a user decides to store within the Application or feedback about the Application provided to Dawn Health

Source

You as a user of Applications provide your Personal Data.

Recipients

To operate our Application and keep your Personal Data secure we use trusted third parties with whom we may share your Personal Data. Whenever possible your data will be shared with third parties in pseudonymized form. Additionally, these parties may only process your Personal Data in accordance with the instruction provided by Dawn Health, and a signed data processing agreement.

HEALTH DATA OF EU CITIZENS WILL ONLY BE HOSTED WITHIN THE EEA, MEANING THERE WILL BE NO TRANSFER OF PERSONAL HEALTH DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA (AUCUN TRANSFERT DE DONNÉES DE SANTÉ À CARACTÈRE PERSONNEL VERS UN PAYS TIERS À L’ESPACE ÉCONOMIQUE EUROPÉEN).

To the extent Dawn Health discloses or transfers your Personal Data to third parties, who may use your Personal Data for their own purposes, such disclosure or transfer will only take place if it is in accordance with applicable law, or after first obtaining your consent.

Retention

You may withdraw your consent and have your Personal Data deleted from our Dawn Health Platform by using the “delete my account” button on the settings page. In certain circumstances, we may be required to retain some of your Personal Data after you have requested deletion to satisfy regulatory, legal or contractual obligations. Uninstalling our Application on your device will stop future collection of your Personal Data, however already collected Personal Data will be stored in accordance with our retention policy, or until you request for your Personal Data to be deleted. 

If you are inactive in our app for 5 years your Personal Data will also be deleted.

Legal Bases

For the processing of your Personal Data Dawn Health relies on the legal bases of necessity for the performance of our agreement (Article 6(1)(b), GDPR), or your consent (Article 6(1)(a), GDPR) to provide you access to our Application, to optimize your experience and provide you with support using our Application.

For the processing of your health information Dawn Health relies on the legal bases of explicit consent (Article 9(2)(a), GDPR) from you to assist you with managing your condition or disease within our Application. 

Additionally, Dawn Health relies on our legitimate interest (Article 6(1)(f), GDPR). to secure the Applications, maintain regular operation and improve functionality and personalise our service. 

Lastly, Dawn Health may need to process your information to comply with legal or regulatory obligations (Article 6(1)(c), GDPR). 

Sharing your information with a health care professional

You may choose to share the information within the Applications with your healthcare professional or any other third party. If you decide to share your information from the Applications with a third party the third party is separately responsible for processing your information, and for using your information to provide your treatment and care. This Privacy Policy will not apply in such case. 

Sharing your information with a support programme

Some of our Applications allows for sharing your Personal Data with a patient support program offered by a pharmaceutical company partnered with Dawn Health. Sharing your data with a patient support program will be performed on your request and based upon your approval. Dawn Health will share your contact details to facilitate the contact. Dawn Health is only responsible for transmitting your information to this third party. The third-party managing the patient support program is independently responsible for using your information to deliver the services. Please refer to their Privacy Policy for details on how they process your data.

Representation of Guarantees (HDS)

Business name of the actor: Dawn Health A/S

Role in the hosting service (Host/Processor of Host): Host

HDS certified: Yes

SecNum Cloud 3.2 qualified: No

Hosting activities in which the player is involved: Activity 3, 4, and 5 of the HDS:2024 Framework

Access to personal data from countries outside the European Economic Area, by the Host or one of its processors (Requirement No 29 of the HDS framework): No

Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law (Requirement No 30 of the HDS Framework: No

Purpose

Dawn Health will process your Personal Data for the purpose of providing you with access to our Web Portals to assist you in managing your patients’ conditions, to optimize your experience with the Web Portals and the functionality, keeping the Web Portals operational and secure, and comply with regulations. 

Who the Personal Data regards (Data Subjects)

Users of Dawn Health Web Portals

Categories of Personal Data

1. Identity management data. Such as information to manage your Web Portals profile
2. Communication information. Such as information you provide to us if you contact us
3. Service and maintenance Information. Such as information necessary to secure and maintain the Web Portals e.g. audits logs and monitoring information
4. Usage Data. Such as Web Portals usage data
5. Other Information. Such as Information you provide about your Applications users

Source

You as a user of our Web Portals will provide all the information.

Retention

Personal Data is retained until the Web Portals user requests their Personal Data to be deleted by our Support Team.

Legal Bases

For the processing of your Personal Data Dawn Health relies on the legal basis of necessity for the performance of our agreement (Article 6(1)(b), GDPR),

Purpose

Dawn Health will process your Personal Data for the purpose of continuously improving our Platform. To create, validate and test new concepts and solutions that will be offered to our potential customers and end-users, and to contact you in context of a user research project or when you agreed to us keeping your contact details in our user research contact list. 

Who the Personal Data regards (Data Subjects)

Participants in Dawn Health managed user research.

Categories of Personal Data

1. Identity and contact Data. Such as first name, last name, e-mail address or similar unique identifiers, and date of birth
2. Location Data. Such as information about preferred language and country
3. Health Data. Such as information about conditions and diseases, symptoms, diagnosis, treatment, consultation dates, laboratory results, quality of life and optional survey responses
4. Other Data. Such information that you as a user decides to share with Dawn Health or the Research Results created by Dawn Health based on the user research.

Source

Participants in Dawn Health managed user research.

Retention

Dawn Health will retain your information for as long as necessary to fulfil the purposes described above and to adhere to retention periods as per applicable laws. If a user research project is conducted to support medical device design and development, retention periods specified by relevant medical device regulations may be applicable. Upon the conclusion of the retention period, Personal Data will be either deleted or anonymized. 

Legal Bases

We process your Personal Data based on the necessary performance of a contract (Article 6(1)(b), GDPR) or your consent (Article 6(1)(a), GDPR). As some of our user research is focused on specific disease areas, we will ask you to allow us to process your health-related data based on your consent (Article 9(2)(a), GDPR). We may also process Personal Data to comply with a legal obligation to which we are subject (Article 6(1)(c), GDPR), such as regulations applying to medical devices.

Purpose

We will use your information for the purpose of recruitment to analyze your application, candidacy, and assess whether we can offer you a work position now or in the future. We will also use your information to contact you in the context of our recruitment process. 

Who the Personal Data regards (Data Subjects)

Job applicants.

Categories of Personal Data

1. Identity and contact Data. Such as first name, last name, e-mail address or similar unique identifiers, and date of birth
2. Employment and education information such as your work experience, qualifications and education
3. Test Information Such as information related to tests and questionnaires during employment
4. Other information such as information you provided to use as part of your job application.

Source

From job applicants.

Retention

If your candidacy has not been successful, your data will be deleted within 6 months after the job position is filled. In some cases, we may ask to keep your data after this period, in particular if we believe that your profile might match future positions. We do so with your consent and for an additional 6 months.

Legal Bases

This processing of your information is based on our legitimate interest in maintaining our human resources operations, including identifying and evaluating candidates for potential employment and maintaining records in relation to recruiting and hiring (Article 6(1)(f) GDPR). We also rely on your consent when we keep your data for future positions (Article 6(1)(a) GDPR).

Purpose

We process your data to conduct our business, to service current customers and potential customers, to invite you to events or promotional meetings, and to maintain communication. 

Categories of Personal Data

1. Contact Details. Such as first name, last name, e-mail address or similar unique identifiers, and date of birth
2. Business information such as meeting transcripts or recordings, meeting and visit information
3. Other information such as information you share with us during our joint course of business

Source

Business partners and individuals contacting us through our contact form.

Retention

Dawn Health will store your information as long as necessary to fulfil the purpose as described above.

Legal Bases

The processing of your information is based on our legitimate interest in maintaining business relationships, we process your information based on article 6(1)(f), GDPR

Keeping your Personal Data secure is a top priority. We adhere to internationally recognised security standards and store your Personal Data on secure services. All Personal Data will be treated as confidential by those who are allowed to process it. Furthermore, we limit access to your Personal Data only to those people who require it. We regularly perform internal audits to review that our measures are appropriate and to ensure continued compliance with our policies and with recognized security standards

To operate our Applications and keep your Personal Data secure we use trusted third parties with whom we may share your Personal Data. Whenever possible your data will be shared with third parties in pseudonymized form. Additionally, these parties may only process your Personal Data in accordance with the instruction provided by Dawn Health, and a signed data processing agreement.

HEALTH DATA OF USERS OF OUR APPLICATIONS AND USER RESEARCH MARKETED FOR EU CITIZENS WILL ONLY BE HOSTED WITHIN THE EEA, MEANING THERE WILL BE NO TRANSFER OF PERSONAL HEALTH DATA TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA (AUCUN TRANSFERT DE DONNÉES DE SANTÉ À CARACTÈRE PERSONNEL VERS UN PAYS TIERS À L’ESPACE ÉCONOMIQUE EUROPÉEN).

You have the following rights with regard to your Personal Data that we process: 

Request access to your Personal Data. You have the right to access the Personal Data we are keeping about you. Applications and Web Portals users will, in many cases, already have this information directly available in our Platform. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for our business practices, confidential information and internal assessments.

Request correction of incorrect or incomplete data. If the data we have pertaining to you are incorrect or incomplete, you are entitled to have the data corrected, with the restrictions that follow from legislation.

Request erasure. You have the right to request deletion of your data when: (i)the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you withdraw your consent to the processing and there is no legitimate reason for processing, (iii) you object to the processing and there is no justified reason for continuing the processing, or (iv) the processing is unlawful

Limitation of processing of Personal Data. You have the right to request that we restrict the processing of your Personal Data. When processing is restricted, we will store your data but not use it for other purposes without your consent, except as legally required.

Object to processing based on our legitimate interest. You can always object to the processing of Personal Data about you which is based on legitimate interest. If we are processing your data for direct marketing and profiling in connection to such marketing, your objection will always be sustained. For objections to processing for other purposes, we will conduct a legitimate interest balancing test and consider whether to support your objection.

Data portability. You have a right to receive Personal Data that you have provided to us in a machine-readable format. This right applies to Personal Data processed only by automated means and on the basis of consent or of fulfilling a contract.

Other rights. You have the right to lodge a complaint with The Danish Data Protection Agency, if you are dissatisfied with the way we process your Personal Data. You will find the Danish Data Protection Agency’s contact information at www.datatilsynet.dk

If you want to exercise any of the above rights, you can send an email to our support or contact the data protection officer [email protected]

Aggregated and anonymized data is information from which there cannot be identified an individual. Dawn Health collects, uses and shares aggregated and anonymized data with our partners. 

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this policy you can contact us using the following details:

Dawn Health A/S

CVR-nr: 37683264

Sundkaj 153 

2150 Copenhagen

Denmark

[email protected]

In the United Kingdom and Switzerland, we have appointed local representatives:

United Kingdom

Data Protection Representative (UK) Limited (”DataRep”)

107-111 Fleet Street London

EC4A 2AB United Kingdom

E-mail address: [email protected]

Online webform: www.datarep.com/data-request

Website: www.datarep.uk

Switzerland 

Dawn Health Zürich AG 

Bleicherweg 10 

Zürich 8002 

Switzerland

E-mail Address: [email protected]

Please include your name, country and specific platform to which your inquiry relates. 

Any changes to this Privacy Policy will be posted on this page and, where appropriate, notified to you. Please check back frequently to see any updates or changes to this