ONCOCHAIN PRIVACY POLICY

 

When using our services, you entrust us with your most personal information. We understand this is a big responsibility and work hard to protect your information and put you in control.

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information

By using our website or our web platform, you agree to the collection, processing, and transfer of your data as described in this privacy policy.

Please visit this section regularly as the policy may be subject to change or update. Any significant changes to this policy will be notified.

In addition to this notice, please read our Terms and Conditions and our Cookie Policy

Who are we?

We, ONCOCHAIN SOLUTIONS NL B.V. and ONCOCHAIN SOLUTIONS SRL, owners of oncochain.com website and the OncoChain web app, (hereinafter referred to as OncoChain, we, us, our, the platform, or the website), are a Romanian startup  that aims to improve the quality of medical care for oncologic patients by creating a framework to facilitate the provision of patient-centered health services.

OncoChain provides an innovative integrated web-based oncology EHR that also acts as a software platform that connects the patient with care providers, CROs, pharmaceutical companies and research centers.

Harvesting Blockchain technology and integrating AI Solutions, OncoChain EHR will be capable of providing: data-driven, personalized and effective oncological care, with measurable results at individual and populational levels.

 

Information about OncoChain:

ONCOCHAIN SOLUTIONS NL B.V.

Paasheuvelweg 25, Tower D5

1105 BP

Amsterdam Zuidoost

The Netherlands​

info@oncochain.com

Tel: +40 726 277 354

ONCOCHAIN SOLUTIONS S.R.L.

Virtutii 12

Timișoara, Timis

300126

Romania​

info@oncochain.com

Tel: +40 726 277 354

Using our web platform

Accessing or using any part/function of our website, you agree to accept and comply with the terms, conditions and policies mentioned and/or available through hyperlink and you admit having the minimum legal age according to the applicable national law. If you do not accept the terms, conditions and policies set forth in this documentation, then you should not continue to access our website and/or use our services.

Where do we take your data from?

Generally, we collect data about you when you contact us by email, telephone, through forms or the chatbot of the website, when you visit our website or when you visit us at one of our offices. We will also collect data about you through your doctor, if you have given your consent.

Occasionally, when we are conducting a recruitment process, we may collect your data from specialized online platforms (eg LinkedIn) or from the information you send us through our contact form or by email (including your CV).

In addition, when you interact with us on social networks (i.e. likes, shares, comments, reviews, etc.), we will inevitably have access to your information, especially data that you have made public on your social media profile.

How do we use your personal data

Please find below the purposes for which we process your data, the persons who have access to your data, and how we store it.

1. Collecting patient data

OncoChain is a data-driven platform that relies on oncology patients' data to become an important tool in the decision-making process regarding their treatment. But to achieve this we need a large volume of medical data.

The data collection is made only through the partner medical institutions, more precisely through the authorized medical staff and only on the basis of your explicit consent, which you can withdraw at any time.

Your data is safe! All your data will be encrypted and can only be accessed by doctors authorized by the medical institution of which you are a patient.

We will use all collected medical data to perform anonymized statistical analyzes, using state of the art technologies such as ML, Blockchain & QLDB.

 

Personal data

Identification and contact details: Last name, first name, phone number, email address, internal identification number (ID set by the clinic)

Historic data: clinical gender (male / female), date of birth, smoking status (current-smoker / former smoker / non-smoker), hereditary pathologies

Case details: type of cancer, diagnostic, comorbidities, clinical studies, analysis reports, monitoring reports, treatment plan

 

Lawfulness of processing

We process your data based on your explicit consent, in accordance with art. 9/2/a of Regulation (EU) 2016/679

 

Who can we share your data with?

All your data will be encrypted and can only be accessed by doctors authorized by the medical institution of which you are a patient.

Our data hosting, storage and backup service providers have access to encrypted data without being able to access it.

We will share anonymized statistical data with CROs, pharmaceutical companies and research centers, to help them study this disease and develop new, more effective and less intrusive treatment methods.

 

How long will we store your data?

We will store your personal data (including medical data) strictly for the time necessary to fulfill the purpose for which they were collected, or for the time required by the fulfilment of legal obligations, if applicable.

We have considered 60 months from the date of obtaining your consent as a storage period, in order to be able to analyze the evolution of the disease over time.

On completion of this term, we will offer you the opportunity to update your consent, in order to continue to benefit from the facilities offered by the OncoChain platform.

If your consent is not updated, your personal data will be deleted when the retention period expires.

 

Where is the data stored?

The data registered through our website will be stored on Amazon's servers, located in Europe or the United States of America.

2. Processing the data of the authorized medical staff

We will process the medical data of the medical staff authorized by the partner medical institution in order to generate the access credentials in the OncoChain platform.

 

Personal data

Identification and contact details: Last name, first name, phone number, email address, medical specialization, the department within the medical institution where he works

Technical data: IP address (internet protocol), login details, browser type and version, location and time zone settings, browser plug-ins and their versions, operating system, information on the use of the platform.

 

Lawfulness of processing

We process your data for the performance of a contract to which the data subject is party, in accordance with art. 6/1/b of Regulation (EU) 2016/679

Who can we share your data with?

IT service providers for our company (hosting and data storage), providers to whom we outsource certain technical support services for our web platform. We use Amazon Web Services (AWS) for cloud storage.

Regulatory and other state authorities, if required by legal or statutory provisions.

How long will we store your data?

We will store your personal data during the partnership between us and the medical institution you represent. At the end of the contract, all your data will be deleted.

Where is the data stored?

The data will be stored on Amazon's servers, located in Europe or the United States of America.

3. To provide you with technical support

We will process the information you provide to us in order to provide you with our technical support in the use of OncoChain platform

 

Personal data

Identification and contact details: Last name, first name, phone number, email address, medical specialization, the department within the medical institution where he works

Technical data: IP address (internet protocol), login details, browser type and version, location and time zone settings, browser plug-ins and their versions, operating system, information on the use of the platform.

 

Lawfulness of processing

We process your data for the performance of a contract to which the data subject is party,  in accordance with art. 6/1/b of Regulation (EU) 2016/679

We will process the data collected during the process of providing technical assistance in pursuit of our legitimate interest in improving the operation of the platform and in improving the user experience, in accordance with art. 6/1/f of Regulation (EU) 2016/679

 

Who can we share your data with?

IT service providers for our company (hosting and data storage), providers to whom we outsource certain technical support services for our web platform. We use Amazon Web Services (AWS) for cloud storage

Regulatory and other state authorities, if required by legal or statutory provisions.

 

How long will we store your data?

We will store information about your request for technical assistance for a period of 12 months from the time your request is resolved

 

Where is the data stored?

The data will be stored on Amazon's servers, located in Europe or the United States of America.

4. Enhancing an easy and pleasant navigation on our website 

When you access the OncoChain platform, we collect data about you through online identifiers (cookies and IP), stored in log files.

We use this information to be able to design our platform according to the needs of our users. We may also use your IP address to diagnose any malfunctions of our servers and to manage our platform, analyse trends, track visitor movements, and collect general demographic information that helps us identify user preferences.

You can find more information about cookies, as well as how to delete cookies and deactivate their tracking system by accessing the Cookie Policy available on our website.

Personal data

Internet Protocol (IP), computer general location, device (country level), website viewing history, timestamp, request/action

 

Lawfulness of processing

  • We use cookies pursuing our legitimate interest, in order to make your experience on our platform easy and pleasant, (Art. 6/1 / f of Regulation (EU) 2016/679)

  • Non-essential cookies are not used without your consent (Art. 6/1 / a of Regulation (EU) 2016/679)

Who can we share your data with?

  • IT service providers for our company (hosting and data storage), providers to whom we outsource certain technical support services for our website.

  • Regulatory and other state authorities, if required by legal or statutory provisions.

We will only disclose your personal data to the extent that this is strictly necessary to achieve our specified purpose. 

 

How long will we store the data?

There are session cookies and persistent cookies. While the session cookies are deleted when the browser is closed, the persistent cookies may have a different lifetime, depending on the cookie’s purpose.

You may find more information about the lifetime of the cookies we use in our Cookies Policy.

Where data is stored?

Data is stored on servers located in the EU or the United States of America.

Is the data processed by OncoChain safe?

OncoChain pays close attention to protect your data and applies appropriate technical and organizational measures to ensure the protection of personal data processed, appropriate to the risks and categories of data protected. In particular, we protect your data by limiting the access to authorized persons, respecting the applicable laws, as well as taking measures against data change, loss, damage or destruction.

Remember, however, that no data processing is guaranteed 100% secure!

If you suspect a breach of the confidentiality of your data, please contact us immediately at dpo@oncochain.com.

Important: After the data retention period ends, your data will be deleted. We will continue to use this data only after its irreversible anonymization, in case we believe it could help us improve the quality of our products or services.

Links to other websites

Our platform may contain links to other websites that are not owned or controlled by us. Please note that we are not responsible for the privacy practices of other websites or third parties. We encourage you to be aware of this fact when you leave our website and to read the privacy policies of each website that may collect your personal data.

Exemption of liability

The content included on our website is shown for information purposes only and it is made available in good faith. If the published content or any other information falls under the copyright laws or related laws, please let us know at info@oncochain.com, in order to take legal action.

OncoChain assumes no responsibility and cannot be held liable for any damages caused by the improper use of the products/services contracted through this website.

We do not assume the liability for malfunctions, viruses, damage caused by system errors caused when accessing our online platform.

However, we will do our best to keep the information provided updated.

Processing minors’ data

OncoChain will process the data of minor patients, under the age of 16, only based on the explicit consent of the holder of parental responsibility over the child, in accordance with art. 8 of Regulation (EU) 2016/679

International data transfers

Your personal information will be transferred to recipients established outside the European Economic Area, including the United States of America. We will ensure that all transfers take place in accordance with applicable data protection laws.

If the country in which we will transfer your data is outside of the EEA and has not been recognized as providing adequate protection by the European Commission, the transfer shall be made based on agreements using standard contractual clauses or other appropriate guarantees, under the applicable law.  We will authorize the international transfer of data only to controllers/processors who offer adequate guarantees, provide opposing rights and effective remedies for the data subjects.

This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA under the GDPR including:

  • Having a GDPR-compatible Data Processing Addendum with sub-processors in third countries;

  • Making sure that such sub-processors have adequate security procedures in place.

 
Your rights

As a data subject, you have specific legal rights with respect to the personal data we collect and process. OncoChain respects your rights and upholds your interests.

  • Withdraw consent: If the processing is carried out based on your consent, you can always withdraw it.

  • Data rectification: If you notice that we have stored your personal data with any error, you can always request its rectification. We make reasonable efforts to keep personal data – that is used continuously and is in our possession or control - accurate, complete, current, and relevant, based on the latest available information we have.

  • Restriction of data processing: If you find yourself in one of the following situations, you can ask us to restrict the processing of your data:

    • You contest the correctness of personal data for the period in which we must verify its accuracy;

    • The processing is illegal and you request the restriction of processing rather than deletion;

    • We no longer need your personal data, but you request it to state, exercise, or defence a right; or

    • You object to the processing while we verify that our legitimate reasons overtake your rights.

  • Access your data: You can require information about the personal data we process, including information about what categories of data, what they are used for, where we collected them, if they are not collected directly from you and to whom they were disclosed (if any). You can obtain a copy from us, free of charge, with the personal data that we keep about you. We reserve the right to charge a reasonable fee for abusive requests.

  • Data portability: Upon request, and where technically possible, we will transfer your personal data to another controller, provided that processing is necessary for the performance of a contract. Instead of receiving a copy of your personal data, you may request the transfer of your data directly to another controller specified by you.​

  • Right of deletion: You may obtain the deletion of your personal data if:

    • data are no longer needed for purposes for which they were processed;

    • you object to the further processing of personal data (see Right of Opposition below);

    • personal data have been processed illegally;

    • you withdraw your consent based on which the processing takes place

      Unless the processing is necessary:

          - to fulfil a legal obligation that requires us to process those data;

          - according to the legal provisions regarding data retention;

          - to state, exercise, or defence a right in court.

  • Right of opposition: You can object to the processing of personal data at any time due to your special condition. In this case, we will no longer process your personal data, unless we can prove a well-founded, legitimate reason, a major interest for the process, or to state, exercise, or defence a right. When you object to the processing, please specify whether you wish to delete your personal data or to restrict its processing.

 

  • Right to file a complaint: In case of an alleged violation of the data protection legislation, you can file a complaint to the national supervisory authority for data protection.

Remember!

Time period: We will try to answer your request within 30 days. However, the period might be extended regarding the request's complexity.

Restricting access: In certain situations, we may not be able to grant you access to all or part of your personal data due to restrictions provided by law. If we refuse your request to access your data, we will inform you of the reason for the refusal.

Impossibility of identification: In some cases, we may not be able to identify personal data due to the lack of identification elements provided in the application you send us. In such cases, if you do not provide additional information to identify you, we will not be able to comply with your request and allow you to exercise your legal rights, as described in this section.

 

Exercising your legal rights

To exercise your legal rights, or should you wish any other additional information on how we use your data, please contact our Data Protection Officer, in writing at dpo@oncochain.com

Thank you for reading our privacy notice! For more information contact us at dpo@oncochain.com

 

Last updated on 19th of January 2021