Oleena® Privacy Policy

Last modified: March 2024

1. Introduction

Aptar Digital Health and its affiliates (hereinafter “ADH,” “our” “we” or “us”) own or control Oleena®, a mobile application (the “App”) and web portal (including Oleena.com, the “Site”) that provides health care providers and their adult patients with cancer an aid for the management of symptoms experienced during the oncology treatment phase.

Please read this privacy policy carefully as it explains how your personal data are used and how to exercise your rights. This privacy policy supplements any documents or notices that may refer to this privacy policy (i.e Terms of Use which users are required to accept at the time of their first login to the App or the Site).

You cannot use Oleena without consenting to the use of your personal information described in this Policy.

A Special Note about Children and Minors. ADH does not allow healthcare providers to create accounts for individuals under the age of 18. If you are below the age of 18 you are not permitted to use Oleena.

Should you have any questions, you may directly contact ADH by sending an email to [email protected].

2. Who is the Data Controller of your personal data?

Your medical center is the data controller of your personal data to the extent that it determines the purposes and means of the processing related to Oleena’s services.

ADH is the data processor of your personal data to the extent it ensures, on behalf of your medical center and under its documented instructions, the implementation of processing related to Oleena’s services.

ADH acts as the data controller of your personal data:

  • when it operates personal data processing in order to comply with its legal and regulatory obligations, in particular regarding the materiovigilance obligations; and
  • when it operates personal data processing in order to improve the App, the Site and/or its services.

3. What does our Privacy Policy Include?

 

This Policy describes how ADH collects, uses and shares information about you through Oleena. Please read this Policy carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to contact us as described at the top of this Policy. This Privacy Policy applies only to information we collect through the App and the Site. Oleena also contains links to third party sites that are not owned or controlled by ADH. We are not responsible for the privacy practices of such other sites. ADH does not share Personal Information (defined below) with those sites. We encourage you to be aware when you leave Oleena and to read the privacy statements of each and every website that collects personal information.

4. What Information ADH collects?

 

ADH collects two types of information: (1) information received from you, and (2) information received from others.

Find below the detailed list of all personal data provided by you via Oleena or generated by Oleena (also Oleena automatically collects data via cookies and other trackers)

Type of Data Examples of Data
Identification data Fist name, last name, gender, age, medical record number, photoprint or fingerprint
Contact details Email address, phone number
Health data Symptoms (time, symptom type, pain intensity, etc.), symptom history, medical recommendations, healthcare team
Preferences information Used unit of measure and language, notifications settings (thresholds and recipients).
Exchanges with ADH Date, hour, and subject of your exchanges with ADH
Electronic network activity information (1)(Traffic data) Date and time of the visit, IP address, device unique identifier, device type, browser type, operating system, system configuration data, referring URLs, viewed pages and files

 

 

(1) These data are necessary for the proper functioning of Oleena, as well as internal analytics purposes.

The provision of certain types of personal data may be necessary or optional, depending on your requests. Mandatory data will be marked as such at the moment of collection of your personal data. If you refuse to provide mandatory data, ADH may not be able to process your request (e.g., creation of your patients account, provision of the requested Oleena’s service).

5. For what purposes does ADH use your personal data?

 

As data processor acting on the behalf of your medical center, ADH processes your personal data for the following purposes only:

Purposes Examples of use of your Personal Data Legal Bases
Creating and managing your Oleena’s account
  • to create your patient account
  • to enable you to sign in on Oleena
  • to provide you with the Oleena’s services
  • to enable you to update your patient account
Performance of the contract
Providing Oleena’s services
  • to provide symptom management
  • to facilitate your Provider’s use of Oleena in connection with your treatment and care.
  • to provide educational coaching messages
  • to receive medication reminders
Performance of the contract
Managing after-sales service (call support)
  • to contact you
  • to answer your questions
  • to solve your technical issues
Performance of the contract
Compliance with legal and regulatory obligations
  • to comply with legal and regulatory obligations (i.e for billing and/or health care reimbursement)
  • to process your requests to exercise your rights
Legal and regulatory obligations to which ADH is subject as data processor

As data controller, ADH processes your personal data for the following purposes only:

Purposes Examples of use of your Personal Data Legal Bases
Improving the Oleena’s services
  • to evaluate and improve Oleena
  • to facilitate your use of Oleena
  • to take steps designed to protect the security of the Oleena
Legitimate interest of ADH to improve Oleena and the patient experience
Pre-litigation or litigation management
  • to take action against any identified breach
  • to manage any dispute or litigation
Legitimate interest of ADH in defending its rights and interests
Compliance with legal and regulatory obligations 
  • to comply with legal and regulatory obligations, in particular regarding the materiovigilance obligations
  • to process your requests to exercise your rights
Legal and regulatory obligations to which ADH is subject as data controller

6. Who can access your Personal Data ?

 

ADH will not sell or rent your Personal Data. Your personal data may be transmitted to the following recipients when you use Oleena and the services it provides :

Recipients Purposes
ADH and its duly authorized employees Exclusively for the purposes detailed in the Section 5 of this privacy policy
Your medical center and its duly authorized employees Exclusively for the purposes detailed in the Section 5 of this privacy policy
Companies of the ADH Group and their duly authorized employees Exclusively for administrative, operational and technical purposes related to the management of Oleena and its services
ADH’ service providers(hosting provider, IT service providers, etc.) Exclusively for operational and technical purposes related to the management of Oleena and its services
Administrative or judiciary authorities Exclusively in the case of an express and justified request or in case of an alleged violation of legal or regulatory provisions
Lawyers and all interested parties Exclusively in the case of the management of possible disputes and other legal matters where appropriate
Other third parties Following or during a restructuring, reconstitution,  acquisition, debt financing, merger, sale of assets of ADH or a similar transaction, as well as in case of insolvency, bankruptcy or receivership where personal data are transferred to one or more third parties as assets of ADH

7. What are your rights regarding your Personal Data ?

 

If you have any questions or wish to exercise your rights, you may directly contact ADH by sending an email to [email protected].

 

  • you can request the access to your personal data in order to obtain clear, transparent and understandable information on how ADH processes your personal data and on your rights (as provided in this policy), as well as a copy of your personal data (you can access certain information relating to your account (name, contact information and preferences) by signing into your account and going to the “PROFILE” section of our mobile or web application).
  • you can request the rectification of your personal data in order to obtain the modification of your personal data if they are obsolete, inaccurate or incomplete.
  • you can request the closure of your online account. If you close your account, we will no longer use your online Personal Information or share it with third parties. ADH may, however, retain a copy of the information for legal purposes and to avoid identity theft or fraud.
  • you have a right to ask to get an Accounting of Disclosures of when and why your health information was shared.
  • you may decide if you want to give your authorization before your health information may be used or shared for certain purposes, such as for marketing.
  • you have the right to receive your information in a confidential manner.
  • you have a right to restrict who receives your information.

 

Under certain circumstances, ADH may ask you for specific information in order to confirm your identity and ensure the exercise of your rights. This is another appropriate security measure to ensure that personal data is not disclosed to an individual who does not have the right to receive it.

If needed, you may also lodge a complaint with your national data protection authority. This right may be exercised at any time and free of charge, at the exclusion of potential postal fees or expenses related to legal representation or assistance should you choose to engage third party assistance for the procedure.

You may:

–         Print and mail the completed complaint and consent forms to:

Centralized Case Management Operations

U.S. Department of Health and Human Services

200 Independence Avenue,S.W.

Room 509F HHH Bldg.

Washington, D.C. 20201

–         Email the completed complaint and consent forms to [email protected]

–         or directly use the OCR online portal.

8. How is your Personal Data protected?

 

DH has implemented technical and organizational measures in order to protect your personal data, in particular against potential data breaches likely to cause, either by accident or unlawfully, the destruction, loss, modification, unauthorized access or divulgation of your personal data. These measures will guarantee a level of security adapted to the data and will take into account the state of the art and the cost of implementation in relation to the risks and nature of the data to be protected.

In particular, your health data are stored on servers operated by duly certified hosting providers (“HDS”). This is a French-specific certification standard mainly based on the ISO 27001 standard on the management of information security systems.

ADH also guarantees that all members of its personnel and any other person processing your personal data will respect the internal rules and procedures related to the processing of personal data, including the technical and organizational security measures put in place to protect your personal data. In this context, ADH reviews and updates its practices regularly to enhance your privacy and ensure that its internal policies are followed.

However, even with these safeguards, ADH cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that e-mails and other communications you send to [email protected]. are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

If you have found a vulnerability or would like to report a security incident, you may send an email to [email protected] or call +1 (800) 326 1448.

9. Where and how long will your Personal Data be maintained?

Oleena mobile and web applications are hosted and managed on servers located within the United States. By using and accessing Oleena, you agree and consent to the transfer to and processing of Personal Information on servers located in the United States, even when you travel outside the United States, and you recognize that the protection of such information may be different than required under the laws of any location that you visit.

As a general rule, your personal data will only be retained for the period necessary for the accomplishment of the purposes for which said data was collected, or as necessary to fulfill legal or regulatory obligations.

In the absence of applicable exceptions:

  • the personal data processed in order to comply with ADH’ materiovigilance obligations will be kept ten (10) years after the end of Oleena’s commercialization;
  • your traffic data will be kept for a period of thirteen (13) months from the connection date.

10. How will you know if this Policy changes?

 

This Privacy Policy may be amended from time to time, in particular to reflect the changes in the services provided by Oleena or the applicable regulations. Any revised version of the Privacy Policy will be posted on this page and at other places deemed appropriate.

11. How  can you contact ADH if you have questions?

 

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, please email our Data Protection Officer at [email protected] or call +1 (800) 326 1448.

In the event of a dispute, you may lodge a complaint with the US data protection authority (OCR) as described in section 7