Logo
AboutProductTeamContact
Get in touch

Data Protection and Privacy Policy for Allimb website and app

  1. INTRODUCTION

ALLIMB HEALTH SRL is the manufacturer of the CE marked medical device called "allimb". This privacy and data protection information applies to all treatment packages or services offered by ALLIMB HEALTH SRL for both patients and professionals.

Data protection is our top priority, as this topic is treated with great seriousness and according to the highest standards, especially in the European Union and Switzerland. With this privacy policy, we want to inform you about exactly how we process personal data. If there are any doubts, we always invite you to contact us.

We follow all data security regulations in force in the European Union and also in Switzerland. This data protection applies to our app allimb, designed to multimodally support physiotherapy and its effects on specific parts of the body, such as the shoulder or back, as well as all related services, including those from the website.

This support tool can be used at home, subject to a doctor's prescription, who will ensure that there are no risks associated with the use of allimb – as explained in more detail in our terms and conditions, accessible on our website www.allimb.com.

Information on Privacy and the protection of personal data pursuant to art. 13 of the EU GDPR 2016/679

This Privacy Policy is provided in compliance with the articles 13 and 14 of the EU GDPR 2016/679 (hereinafter GDPR) to users (hereinafter users) of the website www.allimb.com (hereinafter the Web) in desktop and mobile versions and of the allimb mobile application (hereinafter the App) which can be accessed with mobile devices as well as corporate profiles on social networks, owned by ALLIMB HEALTH SRL (hereinafter COMPANY).

Therefore, this Policy will apply to users who browse the Web and/or App, who request information by email or subscribe to the newsletter or who register as a user. THE COMPANY reserves the right to modify this Privacy Policy by informing the user.

  1. SYNTHESIS

We process your data for the following purposes:

  • for correspondence with you
  • for the management of contracts with you
  • to send our newsletter
  • to send our information materials intended for patients and doctors
  • to send the results of the exercises to your healthcare professional (HCP)
  • for quality assurance and statistics creation
  • to provide our service
  • for the improvement of our service
  • for your participation in our events and surveys
  • to consider your application
  • to submit prescriptions to your insurance as part of our prescription management service
  • to carry out studies and participate in research collaborations

The processing of your data aims to protect the following legitimate interests:

  • the improvement of our service
  • the improvement of our offer
  • protecting our systems against abuse
  • creating statistics
  • the retention of our correspondence with you, where it is mandatory
  • marketing activities of our service, such as sending flyers

For the processing of your data, we rely on the following legal bases:

  • your consent, if it has been provided to us (Articles 6 par. 1 letter a) and 9 par. 2 a) GDPR),
  • your consent, if it has been provided to us (Art. 6 par. 1 letter a) GDPR),
  • the initiation or execution of a contract with you (Art. 6 par. 1 letter b) GDPR),
  • the fulfillment of legal obligations (Art. 6 par. 1 letter c) GDPR),
  • the protection of our legitimate interests (Art. 6 par. 1 letter f) GDPR).
  1. DATA CONTROLLER

The data controller is ALLIMB HEALTH SRL, in the person of its pro-tempore legal representative Lawrence Spavieri, VAT/Tax Code SPVLRN77S26Z404J, with headquarters in Milan, Via G. Cavalcanti 1, 20127 Milan.

For any request relating to the processing of personal data, users can contact the COMPANY by sending an email to the address: dso@allimb.com 

THE DATA PROTECTION OFFICER

The Data Protection Officer can be contacted at dso@allimb.com  

  1. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

In compliance with the GDPR, the Data Controller informs that the processing of information will be carried out in compliance with the principles of correctness, transparency, as well as to protect the confidentiality and rights of interested parties. The personal data provided by users will be processed only by specifically authorized parties.

The legal basis for the use of this data is the user's consent, provided during the registration process or subsequently directly in the app.

  1. TYPES OF USERS AND DATA PROCESSED

As part of the use of the Site and the App, the following categories of users are distinguished:

  • Simple Users (patients)
    Simple users can access some services, such as reading educational articles, anonymously. To take advantage of additional services, such as starting exercises, receiving updates or booking visits, user registration is required.
  • Professional Users (Healthcare Workers)
    Professional users, after registering on the Site, can personalize the services for their patients, can publish information relating to the services offered, and other useful details to help patients during their recovery journey. Furthermore, if patients accept the sharing of their data with their healthcare provider, the latter, via the “Dr. Interface”, will be able to analyze the progress of the personalized health plan and adapt the schedule.

All products, both on the web page and on the App, are aimed exclusively at people over 18 years of age.

  1. DATA REQUIRED FOR REGISTRATION

The personal data requested varies depending on the type of user:

  • To register a Simple user (patient):
  • Name
  • Surname
  • E-mail address
  • Mobile number
  • Country/City
  • Year of birth
  • Sex
  • To register a professional user (e.g. doctor, physiotherapist, or other healthcare professional):
  • Name
  • Surname
  • Professional email address
  • Country/City

This data is necessary to open an account, verify the correctness of the information provided, use the contact information for approved communication, verify whether there are absolute contraindications that exclude the use of the app, and finally provide the service through the app and the site.

The data is kept only for the time strictly necessary to guarantee the service. Once this purpose has been achieved, the data will be deleted as soon as the legal obligation to retain the data ceases.

The legal basis for the use of this data is the consent expressed by the user during the registration process, in accordance with the GDPR and Articles 6 I(a) and 9 II(a) of the GDPR.

  1. USE OF THE APP

To work at its best, the app requires some key data, in particular profile data, user status, exercise performance, completed therapies, exercise metrics, questionnaires, usage statistics and usage times, email address and push tokens.

These data are necessary to improve the user experience: in particular, they help to increase adherence to therapy and the overall quality of the app. The data are used to remind you to practice regularly and to adapt the exercise program to your progress. Furthermore, these data allow us to offer a multimodal approach to improve the quality and knowledge related to the service and/or the general health status of people with comparable problems.

Thanks to these data, we can share the results of the exercises with the user's doctor, where requested by the healthcare professional and permitted by law. Sharing requires in any case the acceptance of data sharing by the user. Furthermore, users have the option to download or export the results for personal use.

These data are kept only for the time strictly necessary to guarantee the service and/or achieve the expected objectives, except for any legal obligations that require allimb to keep it for longer.

The legal basis for the use of these data is the express consent of the user, provided during the registration process or at a later stage directly via the app.

  1. SECTION FOR PATIENTS

PURPOSE OF DATA PROCESSING AND LEGAL BASIS

The data requested during the registration procedure on the app (name, email address, mobile number, etc.) are necessary for the regular provision of services and will be processed solely for the purposes of executing the contract, as well as for sending communications by ALLIMB . The data will not be communicated to third-party companies, with the exception of those directly involved in the technical management of the site or the management of online visits.

ALLIMB acquires personal data provided by the user by the following means:

  1. visiting or using the Web and/or the App;
  2. through the user registration form in the App or on the Web;
  3. through the information that the user provides for the various services offered on the site or in the App;
  4. through the request for information or contact made through the Contact Form;
  5. through the user's registration in the App as a patient to use the services offered for mobile devices;
  6. cookies and similar technologies for the Apps, as provided in the cookie information.

The provision of data is always optional. Everything that is not marked as "optional" must be provided correctly, otherwise the functioning of the service cannot be guaranteed or there is a risk of malfunctioning. Failure to provide optional data, however, may only make the service less easy and user friendly. If mandatory contracts for operation are not accepted, such as terms, the service will not be able to function completely and in some cases it might even block access to the services.

ALLIMB informs the user that the personal data provided on the Web and/or App will be used for the following purposes necessary for the execution of the services requested by the user:

  1. Allow you to register by completing the registration and authentication procedure by the user. The aforementioned processing is necessary for the execution of a contract of which the user is a party (art. 6, paragraph 1, letter b) GDPR)
  2. Allow access to the services of the Web and/or App; invoice and charge the related services requested via the web. The aforementioned processing is necessary for the execution of a contract (art. 6, paragraph 1, letter b) GDPR).
  3. Management of support requests, customer care and customer contact. The aforementioned processing is necessary for the execution of a contract of which the user is a party (art. 6, paragraph 1, letter b) GDPR).
  4. Promotion of statistical research services by sending, via email, communications and information material and newsletters, offers and satisfaction surveys by ALLIMB in line with the provisions of the art. 130 Legislative Decree no. 196/2003 and subsequent amendments. The processing is necessary for the pursuit of a legitimate interest by ALLIMB (art. 6, paragraph 1, letter f) GDPR).
  5. Use of the location of the mobile device to provide geolocalized services requested by the user. The aforementioned processing is necessary for the execution of a contract of which the user is a party (art. 6, paragraph 1, letter b) GDPR)
  6. Analyze the data and prepare reports for statistical purposes on the use of the App services, after having anonymized them. The dissociated data do not identify the user individually but allow us to analyze patterns within a group of people, personalize and improve the tools and functions of the Web or App; customize and improve the tools and features of the Web or App; guarantee the technical functioning of the Web and the App. The processing is necessary for the pursuit of a legitimate interest by ALLIMB (art. 6, paragraph 1, letter f) GDPR).
  7. Fulfill the legal obligations to which ALLIMB is subject and other obligations that arise on the basis of instructions received from the authorities. Fulfillment of a legal obligation to which the data controller is subject (art. 6, paragraph 1, letter c) GDPR) .

Some services provided on the Web and in the App may contain particular conditions of use with provisions regarding personal data protection, which prevail over this Privacy Policy. For this reason it is important that users pay attention to the warnings he will receive and carefully read the General and Specific Terms, the User Manual and all other legal documents.

With reference to the purposes highlighted, the provision of the user's personal data possibly marked as "mandatory" is necessary for the use of the services. Partial or incorrect transfer of the mandatory personal data could result in ALLIMB being unable to execute the contract, totally or partially.

For the processing of personal data, users may interrupt, at any time, the sharing of data or the receipt of communications. This denial can be done directly from the app.

The interruption of the communication permission has no effects on the past, but will make it impossible for ALLIMB to send the user future communications.

Any new processing of personal data, unrelated to the purposes stated above, will be implemented only following new information and after obtaining the user's consent where required by the processing.

Doctors, physiotherapists or other healthcare professionals can only access the data if there is clear consent from the patient.

  1. METHODS OF PROCESSING AND STORAGE OF PERSONAL DATA

The personal data provided by the user by filling out the appropriate form are processed in full compliance with the GDPR.

The data collected and processed will be protected with methods that minimize the risks of unauthorized access, dissemination, loss or destruction of the data, pursuant to articles 25 and 32 of the GDPR.

The processing of data will last no longer than is necessary to fulfill the purposes for which they were collected.

Users authorize allimb to publish anonymously on social networks, on the allimb website, on the websites of doctors/physiotherapists or on any other platform, all the evaluations that will be created or shared in online surveys on the quality of service and assistance received from healthcare workers. Furthermore, users authorize the use of data in anonymous mode to demonstrate the positive effect of the therapy.

All users can, at any time, pursuant to art. 7, paragraph 3 of the GDPR, obtain the revocation of consent by contacting the data controller indicated at the bottom of this document.

If the Data Controller does not receive a cancellation request, the personal data will be retained for a period not exceeding 6 months and in any case for the minimum time required by law.

  1.  TECHNICAL DATA RELATED TO THE MEDICAL DEVICE

We collect and process the following data to ensure the correct functioning of the app and provide necessary updates and information notices to the user. To do this, we need information about the operating system, app version and anonymized IP address.

These data are retained only for the time strictly necessary to fulfill the service and/or objective for which they were collected, unless there are legal obligations that require longer retention. Doctors or physiotherapists can only access the data with prior explicit consent from the patient.

The legal basis for the use of these technical data is provided by the user's consent, expressed during the registration process or subsequently directly in the app, in accordance with the GDPR and in particular Art. 6 par.1a and Art. 9, par. 2a GDPR.

  1. SUPPORT AND HELPDESK

To respond to any questions or concerns sent by users, you must use the information shared and contact details provided, at least those indicated as necessary. These data will be used to communicate with users and, where appropriate, to verify the functionality of the app.

The data will be stored only for the time strictly necessary to provide the service and/or achieve the purpose of the service itself, except for legal obligations that require longer storage.
The legal basis for the use of these technical data is the user's consent, provided during the registration process or subsequently directly in the app, in accordance with the GDPR, Art. 6 Ia and Art. 9 IIa of the DSGVO.

  1. ADAPTATION TO YOUR PREFERENCES

    In the user settings you can change the default privacy & data security functions at any time and adapt them to your preferences. This could include, for example, the use of push notifications, communication via email or other communication methods.
  2. RIGHTS OF THE INTERESTED PARTY

At any time, users can exercise, pursuant to articles 15 to 22 of the GDPR n. 2016/679, the right to:

a) request confirmation of the existence or otherwise of personal data

b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period

c) obtain the rectification and deletion of data

d) obtain the limitation of processing

e) obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments

f) object to processing at any time and also in the case of processing for direct marketing purposes

g) oppose an automated decision-making process relating to people, including profiling

h) ask the data controller to access personal data and to rectify or cancel them or limit the processing that concerns them or to oppose their processing, in addition to the right to data portability

i) revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation

j) lodge a complaint with a supervisory authority. For information on the competent authority, kindly contact DSO@allimb.com specifically requesting the institution's address and email.

The user can exercise the rights with a written request sent to allimb (details at the bottom of the document) or to the email address dso@allimb.com.

  1. RECIPIENTS OF PERSONAL DATA

The personal data collected may be processed by subjects or categories of subjects who operate as Data Controllers pursuant to art. 28 of the GDPR or who are authorized to process pursuant to art. 29 of the GDPR.

As part of the execution of the contract, the data may be communicated to subjects who carry out activities functional to those of the Data Controller, such as banks and credit institutions for the management of payments, or professional legal and tax consultancy firms, for strictly related purposes to carry out the economic activity of the Owner and with the sole intention of providing the services requested by the user. In such cases, the aforementioned subjects act as independent data controllers, and therefore the Data Controller is not responsible for their processing of the data.

Furthermore, the Owner is not responsible for the contents or compliance with the legislation on the protection of personal data by sites not managed directly by the Owner.

  1. TRANSFER OF PERSONAL DATA TO THIRD PARTY OPERATOR

allimb may hire third parties for the distribution of its services (such as, for example, maintenance, analysis, review, and development work). These third parties will have limited access to the user’s information, for the sole purpose of carrying out these services in the name of allimb and have the obligation towards allimb not to disclose or use them for other purposes, as per the GDPR. External suppliers with which allimb collaborates: Essendex, Teenvio, Selligent, OVH, Google Analytics, Google Ads, Dynatrace, Facebook, Linkedin, Instagram, Microsoft Azure, Youtrack, Twilio, Office 365/Dynamics, Omkiner, OpenTok / Vonage, Medikto, Google Play Store, Apple App Store, Mensatek e Instansend. To improve the user-friendliness of the app, Colla Studio.

15.1 Microsoft Azure

Cloud provider (https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-action-plan) with server in Switzerland for the secure and flexible provision of IT services, as all your data, except the videos, is stored here. Allimb uses encrypted SSL communication.  

15.2 Performance Management

We use several service providers to ensure that our service works well. These service providers help us with this, but only receive anonymized data for analysis, evaluation or, for example, advice on how to improve functions within the app. This includes Colla Studio. We send push notifications to increase adherence.

15.3 Payment System

We provide payments through a webform using stripe for your HCP’s health plan services (https://stripe.com/it/resources/more/gdpr-compliance-e-commerce-germany).

  1. TRANSFER OF DATA TO OTHER HEALTH INSTITUTIONS

In addition to the above, we are authorized to share data with the following parties:

  • Health insurance
  • Government institutions involved, for example, in monitoring legal obligations
  • Tax advisors, legal advisors and other professionals who support allimb's operations

The recipients mentioned above process your data independently as data controllers (Art. 4, no. 7 GDPR).

In some cases, we work with physiotherapy partners to offer you a comprehensive service, such as a physiotherapy assessment before starting treatment, especially if you do not yet have a trusted therapist. If you choose an online consultation, you can find further details on the website of the independent provider of this service.

The legal basis for processing your personal data for this purpose is your consent, pursuant to Article 6(1)(a) and Article 9(2)(a) of the GDPR.

  1. TRANSFER OF PERSONAL DATA ABROAD

The personal data collected through the Site and the App may be transferred outside the national territory exclusively to allow the provision of the requested services and in compliance with the provisions of the GDPR.

In some cases, personal data may be shared with recipients located outside the European Economic Area, such as Facebook; Meta, Apple, Micorsoft, Linkedin and/or Google (see the paragraph relating to privacy on social networks). The Data Controller guarantees that the processing of personal data by these recipients takes place in full compliance with the GDPR and in line with Art. 45 GDPR.

  1. POLICY ON PRIVACY IN SOCIAL NETWORKS

allimb informs users that it has a company profile on the social networks Facebook, Twitter, Instagram and Linkedin, the main purpose of which is to advertise its products and services.

Users who have a profile in the same Social Network and have decided to join the page created for allimb, therefore showing interest in the information advertised on the Network, provide consent for the processing of personal data published in their profile by allimb.

Users can access the privacy policies of their Social Network at any time, as well as configure their profile to guarantee their privacy. There is no link between allimb and the Social Networks, therefore users will accept their policies of use and conditions by accessing them and/or validating their notices and terms and conditions in the registration process.

Regarding the rights of access, rectification, cancellation and opposition that users have and which can be exercised against allimb, in compliance with the GDPR, the following must be considered:

Access: it will be defined based on the functionality of the Social Network and the possibility of accessing information from user profiles.

Rectification: it is only applicable in relation to information that is under allimb’s control, for example, removing comments posted on the page itself. Generally, this right must be exercised first by the Social Network.

Cancellation and/or Opposition: it is only applicable in relation to information that is under allimb’s control.

allimb will perform the following actions:

  1. access public profile information;
  2. publish all the information already published on the allimb page in the user's profile;
  3. send personal and individual messages through Social Network channels;
  4. update the "status" of the page that will be displayed in the user's profile.

Users can always control their connections, delete content that does not interest them and decide who to share their connections with by accessing the privacy configuration section.

If you use the connection with Facebook, Linkedin, Instagram, Google+, Apple, Meta or Microsoft (so-called Social Media Providers, hereinafter "SMP") to register on the Web and/or App, allimb processes and stores data transmitted only for the purposes of registration. Use of the connection via SMP is subject to the privacy policies and terms of use of the various SMPs. When using the connection with an SMP, the profile on the SMP and the publicly available data on the SMP platform will be transferred from the SMP to allimb. You can obtain information on the purpose and scope of the data collection and the further processing and use of the data by the SMPs, as well as your rights and configuration options in order to protect your privacy in the various statements of the SMPs , such as Facebook at the link Facebook data protection policies. If you do not agree to the data transfer, you may use your allimb account to log in instead of connecting via the SMP.

Obviously, allimb does not know your identification data with the SMP.

For further information, we invite you to read our Cookies Policy which you can find on our website www.allimb.com.

  1. Special Provisions for Professionals (HEALTH WORKERS)

In addition to the general data protection principles applicable to ordinary users, professionals are subject to specific provisions which prevail in case of differences. These points have been defined to ensure data management compliant with professional needs:

  1. Professional data processing
    The data provided by professionals, such as VAT number, company details or data relating to end customers, will be processed exclusively for purposes related to the provision of the requested services and to fulfill specific legal obligations.
  2. Confidentiality of commercial information
    All information shared by professionals, including business strategies, economic data or projects in development, will be treated with the highest degree of confidentiality and will not be shared with third parties without explicit consent.
  3. Advanced security for sensitive data
    For professionals who process sensitive data (e.g. healthcare, legal, financial), we adopt advanced security measures, including end-to-end encryption and access limited to authorized users only.
  4. Compliance with industry regulations
    We ensure that the data processed comply with professional sector-specific regulations, such as the GDPR, and other applicable local or international regulations.

The personal data provided on the Web, App and/or on sites offering telemedicine will be used for the following purposes which will vary depending on their use:

  1. activity of insertion of personal data of professional operators and/or of the practice/clinic on the website www.allimb.com, in the App or third-party sites that offer telemedicine services;
  2. activation of the call assistance system, online appointments and use of the cloud electronic agenda;
  3. In case the doctor provides your cv, your data will be processed to manage your adherence to the allimb program. The aforementioned processing is necessary for the execution of a contract (art. 6, paragraph 1, letter b) GDPR);
  4. fulfill the legal obligations to which allimb is subject and other obligations that arise on the basis of instructions received from the authorities.

The processing is necessary for the execution of a contract of which the professional is a party (art. 6, paragraph 1, letter b) GDPR).

The processing referred to in 4) is the fulfillment of a legal obligation to which the data controller is subject (art. 6, paragraph 1, letter c) GDPR).

Consent to the processing of Data is necessary for the regular provision of services and will be processed solely for the purposes of executing the contract, for administrative-accounting reasons, as well as for sending communications.

The professional user also guarantees to comply with all the rules contained in this document, in the Terms & Conditions and in all other documents contained on the site www.allimb.com thus ensuring the maintenance of the very high level of data protection used by allimb.

  1. AMENDMENTS TO THIS AGREEMENT


We reserve the right to update this privacy policy periodically, in particular to reflect any changes in our services, legal obligations or relationships with our partners.

  1. CONTACTS OF THE MEDICAL DEVICE AND DATA PROCESSING MANAGER

ALLIMB HEALTH SRL

Via Guido Cavalcanti 1

20127 Milan

CEO: Lawrence Timothy Spavieri

Contacts:

dso@allimb.com 

Registered in Italian Chamber of Commerce:

VAT number: 08453000963

Updated February 2025

Company

AboutProductTeamContact

Legal

Privacy Policy & Data SecurityTerms & ConditionsCookie PolicyLegal Information
Get in touch

Medical
Device

Allimb Sárl - Rue de l'Industrie 23, 1950 Sion, Switzerland
ALLIMB HEALTH SRL - Via Cavalcanti 1, 20127 Milan, Italy
Copyright © 2024
All rights reserved