SmartAL – Terms of Use and Privacy Policy

This tool follows the general rules and procedures for the processing of personal data, which are collected and processed in strict compliance and compliance with the provisions of personal data protection legislation in force at any given time, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and the respective Implementing Law in the national legal order (Law 58/2019 of 8 August).

SmartAL processes your personal data for the purpose of managing the provision of services contracted with your health care provider, which is the entity responsible for the processing of Personal Data. SmartAL’s services allow you to collect, edit, add and store your health data online, enabling them to be shared with your authorized formal and informal caregivers. In the context of contracted services, our records may include one or more of the following personal data, only and restricted to the provision of SmartAL services:

Administrative data: name, gender, age, business address, nationality, email, phone number, mobile number;
Basic measurements: height, weight, BMI, blood pressure, pulse rate, glucose, SpO2, body temperature, step counter, ECG;
Clinical information: Diseases, allergies, medication, tests, exams, diagnoses, calendar of medical appointments, other routine patient activities, clinical notes and comments on the patient, social survey responses, physical activities.

The SmartAL platform is managed by MEO – Communications and Multimedia Services, S.A. SmartAL uses cookies and similar technologies to store and apply your preferences and settings when using the tool. For more information about cookies, see https://www.altice.pt/pt/gerir-cookies.

The tool will keep your personal data for the period necessary for its purposes and compliance with legal obligations.

You may at any time exercise the rights enshrined in the GDPR (namely the right of access, rectification, amendment and deletion) through [rgpd.actions@domain]. For any questions regarding your personal data, you may consult the privacy policy of “Política de Privacidade” or contact your Data Protection Officer via email [client.administrator@domain]. You may also lodge a complaint with the competent supervisory authority, which is the Comissão Nacional de Proteção de Dados (CNPD).

The mobile application may use GoogleFit, by Google, for the reading of basic measurements and physical activity, in accordance with the stated purposes. App’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including Limited Use requirements. Likewise, the application may also use Google’s Health Connect, adhering to the similar Health Connect Permissions Policy, including the Limited Use requirements.

What information do we collect?

The purpose of this section lets you know what information we collect about you when you use our mobile application, how that information is used, and the ways in which we use the additional information you provide.

Below are the permissions we request in our smartphone and tablet app, and how the information is handled:

Bluetooth and Location: SmartAL may use your Bluetooth and Location services to scan, find and connect to nearby authorized devices, in order to retrieve health information provided by them.
Camera and Microphone: SmartAL may use your Camera and Microphone during video calls, if the user chooses to initiate them, or accept them. The Microphone may also be used to record your voice messages and send them to other SmartAL users in the app’s contact list.
Storage (photos, media, and files): SmartAL may access your device’s storage to read files you choose to upload and share with other users in the app’s contact list, or with your caregiver. SmartAL may also write temporary files when you open a remote file sent to you, or when sending a voice message.
Google Fit: If enabled, SmartAL may access your Google Fit account to synchronize activities, and retrieve health measurements.
Health Connect: If enabled, SmartAL may access your Health Connect account to retrieve health measurements.
Push Notifications: We may request to send you personal push notifications regarding your account or certain features of the application(s) such as: health alerts, task reminders, new features, etc. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.

Below are the permissions we request in our watch (Wear OS) app, and how the information is handled:

Location: SmartAL uses Location services to collect your location through GPS, WiFi, or wireless network triangulation in order to obtain your location for the purposes of providing the SmartAL Service.
Health: SmartAL uses Health services to retrieve your health measurements collected by the smartwatch.

The location and health information are both collected in the background, so that you don’t need to worry about interacting with the app, or remember to open the app. Once configured, the app runs automatically in the background, providing up-to-date alerts to the user’s caregivers.

How do we use the non-personally identifiable information we collect?

In addition to those uses set forth above, we use non-personally identifiable information in the aggregate to determine how much traffic the app receives, to statistically analyze app usage, to improve our content, and to customize the app’s content, layout and services.

We automatically collect device information (such as your model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, and Internet Protocol (IP) address (or proxy server). This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

How do we keep your information secure?

Communications between the app and the server are protected with Secure Socket Layer (SSL) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your personal information using commercially reasonable efforts.

SmartAL’s profiles are restricted, and can only access what is strictly necessary. Only caregivers can access sensitive information (health and location) about patients, and they can only do so to patients that have been assigned to them.

We limit our employees’ access and ability to enter or view information based upon their role. Firewalls, passwords, encryption, and audit trails are further used to safeguard your information. We will identify the records released and note the time and date of access each time anyone accesses SmartAL.

When and with whom do we share your information?

Your information may be disclosed to or collected by third-party suppliers and service providers specifically involved in the processing of your information received via the app and as otherwise necessary to manage our platform and provide the services you request. We may also use third party service providers to host the app and website, and gather and use on our behalf your personal information as contemplated by this Privacy Policy and applicable law. All such third parties are subject to confidentiality obligations in an attempt to protect your information as much as is commercially reasonable.

Except as stated in this Privacy Policy, we do not sell, distribute, or release to a third party your personal information without notice to you.

The third parties we use are: Firebase Analytics and Firebase Push Notifications.

For how long do we keep your information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, medical history, or other legal requirements) or when requested by your healthcare provider.