Q-ID WEB APP 

PRIVACY NOTICE

Last updated [07-03-2022]

1. SCOPE OF THIS PRIVACY POLICY

Your privacy is of utmost importance to IPOPI, the International Patient Organisation for Primary Immunodeficiencies (hereinafter “we”, “us”, “IPOPI”). We have created the Q-ID web app (the “Web App”) to improve education about primary immunodeficiencies.

When you are using the Web App, certain personal data about you is processed. This Privacy Notice is provided to you in order to adequately inform you about the personal data that we collect, the purpose, the way we use it, with whom we share it and the rights you have with regard to the processing of such data in the context of your use of this Web App.

This Privacy Notice is applicable to you if you engage with us in connection with the Web App. If you interact with IPOPI for other purposes than the Web App, our general privacy policy (available at www.ipopi.org/privacy-policy) will cover your situation.

Please read this Privacy Notice carefully. If you have any questions in relation to this notice, do not hesitate to reach out to us by making use of the contact details of IPOPI as provided below.

 

2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

We, IPOPI, an international non-profit organisation registered in Belgium under enterprise number 0761.784.055 and having its registered offices at Avenue Louise 367, B-1050 Brussels, Belgium, are responsible for the processing of your personal data in relation to the Web App and will act as the “controller” under applicable data protection laws.

 

3. HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data:

  • Directly from you whenever you provide it to us e.g. by registering in the Web App;
  • If we receive it from third parties, e.g. if you connect the Web App with a provider of social media or other electronic communication networks such as Facebook or Gmail;
  • Automatically when you engage with the Web App e.g. by placing cookies.

 

4. WHICH PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSE?

The Web App is an educational tool that can be used to test your knowledge on primary immunodeficiencies (PID). IPOPI provides this Web App to users for the purpose of improving education about PID. In order to make the Web App available to you, we ask you to register with your (user) name, country and email address. At this time, you can also include a picture of yourself. We will ask you whether you identify as a healthcare professional or a patient so as to get a better understanding of the users engaging with our Web App. The Web App also retains the scores you obtain in the Web App so you can come back to it in the future. Lastly, the Web App automatically collects certain information such as your IP address, your operating system version, device type and system performance by using tracking technologies such as cookies in order to ensure the full functionality and improve the performance of the Web App. You can find more information on what cookies and tracking technologies we use in the Cookie Policy. You can also choose to proceed using the Web App without registration. In this case, personal data about you will only be collected through tracking technologies.

 

5. ON WHAT LEGAL BASIS DOES IPOPI PROCESS YOUR PERSONAL DATA?

We process your personal data on the basis of our legitimate interest in making this educational tool available to you. We only process your personal data on the basis of our legitimate interest to the extent such interest is not overridden by your interests, fundamental rights or freedoms.

When necessary, we will process your personal data in order to comply with a legal obligation.

In addition, we ask your consent if we place other cookies than functional and strictly necessary cookies. Your consent will also be sought for the collection of health-related information, namely whether you identify as a patient of PID.

 

6. WITH WHOM DO WE SHARE YOUR PERSONAL DATA? 

We will share your personal data with our affiliates located in the EU and the UK. Both IPOPI and its affiliates may incidentally also share your personal data with third parties that provide services or advice to them.  If your personal data is shared with third parties that are located outside the European Union in a country not providing adequate data protection, IPOPI will ensure that appropriate additional safeguards are adopted, which may include but are not limited to the conclusion of the Standard Contractual Clauses. If you would like to receive more information about the measures that we take to protect your personal data globally, please do not hesitate to reach out by making use of the contact information set out below.

Please note that the Web App allows you to share your scores with third party social media and electronic communication networks such as Gmail and Facebook (“Third-Party Networks”). Please be aware that if you decide to share your personal data with such Third-Party Networks, IPOPI has no control over nor are we responsible for the processing of personal data by such Third Party Networks. Please carefully read the privacy notice of such Third-Party Networks and only share your personal data if you are comfortable with the data protection practices of such third parties.

 

7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA? 

Your personal data will be stored by IPOPI for as long as is necessary to achieve the purpose of the processing, namely to make the Web App available to you and to retain your account so you can come back to it in the future. From time to time, IPOPI will assess whether the personal data collected by the Web App are still relevant for this purpose and will delete the personal data as soon as that is no longer the case.

 

8. SECURITY AND CONFIDENTIALITY

We have taken appropriate technical and organizational measures to protect your personal data in the Web App against unauthorized access or loss or any unlawful processing. We have also made sure that any of our employees, contractors, service providers and other third parties that have access to your personal data are bound by obligations of confidentiality and that they will only receive access to your personal data insofar as is needed to achieve the purposes as are set out above.

Please note that any transfer of information over the internet is never one hundred percent secure and that there are measures you can take to secure your personal data, such as using a sufficiently strong password and keeping your password safe. If you suspect that someone may have accessed your account without authorization, please inform us immediately so we can help eliminate or mitigate the risk.

 

9. YOUR RIGHTS IN RELATION TO THE PERSONAL DATA

You have the following rights in relation to the personal data that we collect, process and store concerning you:

(a) Right to access: You have the right to obtain confirmation from us if, and to which extent, we process personal data about you. Unless it adversely affects the rights and freedoms of others, you can obtain a copy of the personal data we hold about you upon your request.

(b) Right to withdraw consent: If, according to Section 5 above, the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. We will cease any processing activities based on your consent as soon as we receive your revocation of consent, however, this will not affect the processing activities that occurred prior to such revocation.

(c) Right to rectification: Without undue delay, you have the right to rectify any incorrect or incomplete information we have concerning you.

(d) Right to erasure: In some instances, you will have the right to have the personal data we hold about you deleted. This right to be forgotten applies if:

(i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(ii) you withdraw your consent on which the processing is based and where there is no other legal ground for the processing;

(iii) you object to the processing and/or there are no overriding legitimate grounds for the processing;

(iv) the personal data have been unlawfully processed;

(v) the personal data have to be erased for compliance with a legal obligation; or

(vi) the personal data have been collected in relation to the offer of information society services;

 

The right to erasure will not apply if processing is necessary:

(i) for exercising the right of freedom of expression and information;

(ii) for compliance with a legal obligation;

(iii) for reasons of public interest in the area of public health;

(iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes if the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(v) for the establishment, exercise or defence of legal claims.

 

(e) Right to restrict processing: You also have the right to request restriction of the processing of your personal data in the event that

(i) you contest the accuracy of the personal data. The restriction of processing will apply for a period enabling IPOPI to verify the accuracy of the personal data;

(ii) the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;

(iii) IPOPI no longer needs the personal data for the purposes of processing as set out above, but you need it for the assertion, exercise or defence of legal claims; or

(iv) you have objected to the processing as long as it is not yet clear whether the legitimate grounds of IPOPI override your interests.

If processing of personal data has been restricted on your request, we will only store your personal data, unless you have consented to the processing of your personal data, processing is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

(f) Right to object: You have the right to object at any time, on grounds relating to your specific situation, to the processing of your personal data by IPOPI if such processing is based on the legitimate interests pursued by IPOPI. We will then no longer process your personal data, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

(g) Right to data portability: If the processing of your personal data is carried out by automated means and based on your consent, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and you also have the right to transmit such data to another controller.

(h) Automated individual decision-making, including profiling: Lastly, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly affects you, unless, the decision is necessary for entering into, or performance of, a contract between IPOPI and you, is authorised by applicable law, which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or the decision is based on your explicit consent.

 

10. DELETE YOUR ACCOUNT

In addition to the rights you have as described above, you can also always opt to delete your account, including any personal data. Please contact us by email at info@ipopi.org.

 

11. HOW TO EXERCISE YOUR RIGHTS?

If you want to exercise your rights or if you have a question or query about the processing of your personal data by IPOPI, you can contact us by email at info@ipopi.org.

If you believe that the processing of personal data by IPOPI infringes applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. You can find the contact information of the supervisory authority in the country where you live on the website of such supervisory authority. The data protection authority for Belgium is the Autorité de protection des données/Gegevensbeschermingsautoriteit and a claim can be lodged at www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint.