Data we collect:

• Cookie consent (do you allow us to place cookies on your device)
• Visitor ID (provided by a cookie we place on your device)
• IP address (device address on the internet used for statistical purposes only)
• Referrer (i.e. where you came from, e.g. google.com)
• Location, date, and time of visit (e.g. Denmark, DD/MM/YYYY, HH.MM)
• Information about the device you visit from (e.g. browser, operating system, )
• File downloads and content shared on social media or other available platforms (e.g. share buttons)

Marketing cookies
Marketing cookies are used to offer you personalized and more relevant advertisements, to determine how many times a specific ad has already been shown, to track data about previous visits and to share collected data with third parties involved, such as advertisers. They may used on www.oth.io and may be placed on your device by third parties.

Third party cookies
Third party cookies, which are cookies placed in the user’s browser by a third party that is not Opentelehealth ApS, may be used.

Data collected using third party cookies will not be available to Opentelehealth ApS but will be collected and used only by the third party for their own purposes. Opentelehealth ApS may e.g. embed photos and video content from websites such as YouTube, FaceBook, etc. As a result, when you visit www.oth.io with content embedded from other websites, you may be presented with cookies from these websites. Opentelehealth ApS does not control these cookies. You must visit the  third party website for more information.

Opentelehealth ApS may use “share” buttons to enable users to easily share our content with friends through a number of popular social media. These sites may set a cookie when you are also logged in to their service. Opentelehealth ApS does not control these cookies. You must visit the  third party website for more information.

Cookies used on www.oth.io
We use the cookies that are described in detail via the cookie consent  banner on www.oth.io.

Cookie management
As a user of www.oth.io you must choose if to allow cookies to be placed on your device or disable the use of certain types of cookies. 

If you do not accept the use of certain cookies, some features or services of www.oth.io may not work.

If you wish to limit and / or block the use of cookies, you must choose your preferences on the cookie banner  on www.oth.io. You may also limit the use of cookies through your browser settings. The Help function within your browser should tell you how.

Alternatively, you can visit www.aboutcookies.org, for information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.

Please be aware that restricting cookies may impact the functionality of www.oth.io.

Data privacy
When you accept cookies for analytics, we collect data such as, for example general information about your computer and its location as well as the website you came from.

This information cannot be used to identify you as an individual. It is only used in aggregate form to inform us where our visitors come from, where they read and how they react, and where the most time is spent.

Whenever we ask you for any personal information that can be used to identify you as an individual, we will ask for your consent and we will always explain why we are collecting the information, how we collect it, how we store it and how we plan on treating and using it.

We will only collect and store personally identifiable information for the purpose stated during the collecting process. When we finish processing your information for the declared purpose(s), we will erase and destroy it to ensure your privacy.

Some data are collected by using cookies based on our legitimate interest in and for the purpose of improvement of our website and your user experience, statistical purposes for our website, functional purposes for use of our website and to enable us to optimise the use of our website for marking and retargeting purposes.

For each type of cookie used to collect personal data for specified purposes, Opentelehealth ApS will only process the personal data collected via cookies for the specific purposes for which you have provided your consent in the cookie banner.

All your personal data will be treated in confidence and will only be used in compliance with the purposes stated above.

Opentelehealth ApS may engage with third party service providers, and they will have access to and process your personal data and we may transfer personal data to other Opentelehealth ApS group entities.

If a third party provider processes your personal data outside the EU/EEA, this will take place based on the EU Commission’s Standard Contractual Clauses.

According to the data protection rules you have the following rights. To exercise these rights, please contact Opentelehealth ApS on info@oth.io.

• You can get an overview of what personal data we have about you;
• You can have your personal data deleted or destroyed;
• You can have us stop or limit processing of your personal data;
• You can get a copy of your personal data in a structured, commonly used and machine-readable format;
• You can get an update or correction to your personal data;
• If you have given consent for us to process your personal data, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent;
• You can submit a complaint about how we process your personal data to a Data Protection Authority.

Under applicable law, there may be limits on these rights depending on the specific circumstances of the processing activity. Contact us as described in Section 1 with questions or requests relating to these rights.

Who to contact
Your privacy

Contact us if you:

• have any questions about this policy or other privacy notices on this website
• want to obtain insight in any personal data held about you, or
• have any concerns regarding Novo Nordisk’s use of your personal data

Please contact us via info@oth.io

Scope and acceptance
This Privacy Statement applies to all business processes in OpenTeleHealth and to all OpenTeleHealth websites, domains, mobile solutions, cloud services and communities as well as OpenTeleHealth-branded websites and third party social networks (e.g. Facebook) (OpenTeleHealth Sites).

The Statement provides information about data processing carried out by OpenTeleHealth when OpenTeleHealth determines the purpose and means of the processing (OpenTeleHealth as data controller), and data processing we do on behalf of our Customers based on their instructions (the Customer as data controller and OpenTeleHealth as data processor).

Personal data is information that can identify you as a person, such as an email address, street address or phone number. Processing your personal data is necessary for us to serve you or our Customers. By providing us with your personal data, you accept the practices and terms described in this Privacy Statement. Please do not use OpenTeleHealth Sites or provide your personal data if you do not agree.

Whose data we process
OpenTeleHealth process data about jobseekers, contact persons and software users among our Customers, including persons representing potentially new Customers that approach us via OpenTeleHealth Sites or other channels. Our statement in these regards is to be found in the data controller section. We also process data about our Customers’ employees and other persons’ data of which the Customer controls. Our statement in these regards is to be found in the data processor section. In this Statement data subjects may also be referred to as persons or you.

OpenTeleHealth as data controller
When a OpenTeleHealth determines the purpose and means of processing your data, OpenTeleHealth acts as data controller. OpenTeleHealth control personal data that we collect in the context of you being a jobseeker, you are employed by a Customer that has or may have a business relation to OpenTeleHealth, or you declare that you want to receive information from us based on your own or your employer’s interests. When you represent a Customer of OpenTeleHealth, your rights are the same as if you were a private person only representing yourself.

Why we process your personal data
To manage our Customer relations in general and to meet our Customer commitments, OpenTeleHealth requires some information about you in your role as Customer contact person or user of a service. Our aims with this are:

1. Provide offers on programs and services that Customers or prospective customers have requested
2. Inform about and present program and service offers that are closely related to the services and programs the Customer already uses
3. Perform deliveries in accordance with a customer agreement
4. Offer support to users of our programs and services
5. Improve the quality of our programs, services and OpenTeleHealth Sites
6. Detect and prevent security threats and perform maintenance and debugging
7. Prevent abuse of our programs and services
8. Communicate information that is relevant for our deliveries in particular and our customer relations in general
9. Process orders, invoicing, payments and other financial follow up of Customers
10. Payment of programs and services purchased through OpenTeleHealth Sites
11. To manage your access to our web-based services (cloud services)

Processing according to the above listed purposes (a to j) is necessary for us to manage our customer relations. Therefore OpenTeleHealth do not, as additional ground ask for your consent to process your personal data. We do not consider that the processing disadvantages you in any way.

In addition, we will also collect information about you as a contact person or user of a service, for the following purposes:

1. To promote new products and services

If you are a jobseeker, we gather information in order to:

1. Analyse your skills and background
2. Evaluate your potential as an OpenTeleHealth employee

The basis for OpenTeleHealth’s processing of personal data for the above purposes (l to n) is based on your voluntary consent. Your consent may be given freely on OpenTeleHealth software solutions when applicable. Please note that the collection of individual personal data is required in order to gain user access to many of our programs and services. To protect your security and ours we will also store information about you when you visit our premises. You will be informed of your rights in this context when you register in our electronic visitor system.

How we collect your personal data
In general, OpenTeleHealth collects data directly from you or other persons linked to the Customer company where you are employed. These persons may be a manager or colleague. If the Customer you work for purchases OpenTeleHealth programs and services via an OpenTeleHealth partner company, we may collect information about you from the partner company.

We will also, with your consent, use cookies and other tracking technology when you use OpenTeleHealth Sites in order to optimize your experience of these. Please see the paragraph describing automatic data collection tools for more information about these technologies and your rights in this context.

In some cases, we may also collect information about you from other legitimate sources if you have given your consent that the party collecting the personal data may share this with others. These sources may be third party data aggregators, OpenTeleHealth”s marketing partners, public sources or third party social networks. OpenTeleHealth will be able to combine personal data about you obtained from one source with data obtained from another source. This gives us a more complete picture of you as contact person, which also gives us the possibility of serving you in a more relevant way with a greater degree of personalization.

Automatic data collection tools
OpenTeleHealth use a variety of technologies to collect information about your movements on the web as well as interest and preferences you freely have made available.

Cookies
Cookies are small text files that contain a string of characters and uniquely identify a browser. They are sent to a computer by website operators or third parties. Most browsers are initially set up to accept cookies. You may be, however, able to change your browser settings to cause your browser to refuse third-party cookies or to indicate when a third-party cookie is being sent. If you would like to know more about cookies and how they work, please visit www.allaboutcookies.org.

Marketing Automation Tools
OpenTeleHealth uses digital marketing software that employs cookies in order to recognize a return visitor as a unique user. The cookies placed by this software are readable only by the vendor of the software, and cookies cannot access, read or modify any other data on your computer. We do link the information we store in cookies to any personally identifiable information you submit while on our Site.

Google
Google Analytics: This cookie allows us to see information on user Website activities including, but not limited to page views, source and time spent on a Website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics we can see what content is popular on our Website, and strive to give you more of the things you enjoy reading and watching. Google Analytics Remarketing: Places cookies on your computer which means that after you leave our website, Google can show you advertisements about OpenTeleHealth that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable. Google AdWords: By using Google AdWords code, we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget. This information is not personally identifiable. Google Adwords Remarketing: Places cookies on your computer which means that after you leave our website Google can show you advertisements about OpenTeleHealth that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable. You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at http://tools.google.com/dlpage/gaoptout.

What personal data we process
OpenTeleHealth may process sensitive personal data about you.

The type of data that OpenTeleHealth process about you may be:

• Your health related measurements such as weight, temperature, blood pressure, blood glucose, electrocardiogram and similar
• measurements.
• Your answers to questions about your health.
• Your personal id such as social security number.
• Unique user information such as login ID, username, password and security question
• Your own and the Customer’s contact details such as name, address, telephone number and email.
• Employment information about you at the customer company such as job title, position including preferences and interests in
• professional context
• Feedback, comments or questions about OpenTeleHealth as a supplier, or concerning our programs and services
• Content you have uploaded such as photos and video
• Traffic information as provided by your web browser such as browser type, language and the address of the website from which you
• arrived and other traffic information such as IP address
• Clickstream behaviour such as which links you click and when
• Other personal data contained in your profile on third party social networks (Facebook etc.)

We may also in some cases compare a collected IP address with a geographic map service to derive your general location. If you make a post, comment or similar on any public forum or OpenTeleHealth Site, such information can be read and used by anyone with access to Site and used for purposes over which neither OpenTeleHealth nor you have control. OpenTeleHealth is not responsible for any information you submit on such forums or OpenTeleHealth Sites. OpenTeleHealth will not post any comment, testimonial or similar made by you without your prior consent.

How we share your personal data
OpenTeleHealth does not share your personal data with third parties who intend to use the data for marketing purposes if you have not given your consent to this. OpenTeleHealth may share your personal data with third parties for other purposes but only in the following contexts:

Business partners
OpenTeleHealth may share your personal information with our partners in the event this is legitimate from a business perspective. For example, if you purchase a program or service that we provide through one of our certified partners.

Public Authorities
The police and other authorities may demand the handover of personal information from OpenTeleHealth. In these cases, OpenTeleHealth will only hand over the data if there is a court order to do so.

M&A
In connection with mergers, acquisitions or divestiture of all or parts of OpenTeleHealth’s business, the acquiring entity as well as its consultants and OpenTeleHealth’s will obtain access to data managed by the OpenTeleHealth entity/entities involved and this may in some cases include personal data. In which case such external parties will enter into a NDA with OpenTeleHealth, which will also cover potential disclosure of personal data.

Your rights
Right to opt-out of marketing communications

You have the right to opt-out of receiving marketing communications from OpenTeleHealth and can do so by:

• Following the instructions for opt-out in the relevant marketing communication,
• Change your opt-in/opt-out preferences under the relevant edit account section if you have an account with OpenTeleHealth, or
• Contacting us via e-mail

Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from OpenTeleHealth, such as order confirmations and notifications about your account activities (e.g. account confirmations and password changes).

Access and rectification
You have the right to request a copy of your personal data. You may send us a request for this. You also have the right to request that OpenTeleHealth correct any inaccuracies in your personal data.

Data security and retention

How we keep your personal data secure
OpenTeleHealth takes the trust you place in us seriously. OpenTeleHealth is committed to prevent unauthorized access, disclosure or other deviant processing of your data. Further, OpenTeleHealth is committed to ensure proper use of the information, to maintain data integrity and to secure data availability. As part of our commitment, we utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the information we collect and process. OpenTeleHealth has implemented a number of security measures, including:

• Secure operating environments – OpenTeleHealth stores your data in secure operating environments that are only accessible to OpenTeleHealth employees and subcontractors on a need-to-know basis. OpenTeleHealth also follows generally accepted industry standards in this respect.
• Encryption of payment information – OpenTeleHealth uses industry-standard encryption to provide protection for sensitive information, sent over the Internet (e.g., when you make upload health measurements and answers through OpenTeleHealth’s online tools).
• Prior authentication for account access – OpenTeleHealth requires its registered users to verify their identity (e.g. login ID and password) before they can access or make changes to their account in order to prevent unauthorized access.

Please note that these protections do not apply to the personal data that you choose to share in public areas such as community websites.

How long we store your personal data
OpenTeleHealth will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.

This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymized.

OpenTeleHealth as a data processor
OpenTeleHealth provides many different services to our Customers. These services involves processing of the Customers’ data and may include processing of personal data. The purposes of this processing is determined by our Customers and not by OpenTeleHealth. The Customer is then the data controller for the data subject’s data. OpenTeleHealth do in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. When acting as data processor, OpenTeleHealth is in accordance with the requirements in applicable data protection legislation always committed to enter into a data processing agreement (DPA) with the Customer. The Customer has agreed and guaranteed that:

• The Customer is the owner of or otherwise has the right to transfer the data to OpenTeleHealth for processing and that he has the responsibility for the accuracy, integrity, content, reliability and legality of the personal data
• It is the Customer’s duty as data controller to notify, to the extent required by applicable law, the relevant supervisory authorities and/or the data subject in the event of any breach or unauthorized disclosure of personal data

When acting as data processor, OpenTeleHealth is responsible for providing technical and organizational security measures in order to safeguard your privacy on behalf of our Customer – the data controller. As data processor, OpenTeleHealth will not process personal data in any other manner or for any other purpose than as authorized in the agreement with the data controller.

Data subjects having questions, comments, claims or any other issues regarding their personal data that OpenTeleHealth is data processor for, must submit these to the data controller. As data processor, OpenTeleHealth will not give any data subjects access to their personal data without instructions given by the data controller to do so. If governmental authorities or the police request disclosure of personal data, OpenTeleHealth will promptly notify the data controller and we will disclose such data only to comply with a court order.

OpenTeleHealth will provide non-public information about internal systems and routines for data processing to Customers and collaboration partners upon request. This may be contingent upon a non-disclosure agreement.

Subcontractors and export of personal data
In some cases, OpenTeleHealth will use subcontractors to process personal data, and we may export your or our Customers data outside the EU. These subcontractors are typically vendors of cloud services or other IT hosting services. When using subcontractors, OpenTeleHealth will always enter into a data processing agreement (DPA) in order to safeguard your privacy rights and/or to fulfil our obligations towards our Customers.

If the processing of data is performed outside of the EU, we will make sure that the DPA is based on the EU Standard Contractual Clauses or that the data importer is certified according to the EU/US Privacy Shield framework, if located in the US. In such cases, we will also inform our Customers about the export of data. OpenTeleHealth is not responsible for providing such information to data subjects whose data is controlled by our Customers.

Changes to this Statement
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. We encourage you to review the Statement regularly. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.

The last update of this Privacy Statement was January 1st 2018.

How to contact us
We value your opinion. If you have any comments or questions about our Privacy Statement, any unresolved privacy or data use concerns that we have not addressed satisfactorily, or concerning a possible breach of your privacy, please send them to privacy@OpenTeleHealth.com. We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.