1. Introduction

The EZTrack for Atopic Dermatitis mobile application (the “Application”) is made available by Genzyme Europe B.V. (“Sanofi”, “we” or “us”), an affiliate of the French parent company Sanofi SA. For this Application, Genzyme Europe B.V. is the Data Controller (as defined below). This Application is a Class I Medical Device as defined in the Medical Device Directive 93/42/EEC.

This Privacy Policy is to inform you what Personal Data (as defined below) is processed by using this Application, how it is collected, to whom it is or may be disclosed, and how it is used. This Privacy Policy is incorporated into, and is subject to, the Terms of Use for this Application, which are shown when you create an account for the Application and are thereafter available via the Application’s “Settings” page.

By “Personal Data” we mean any information relating to an identified or identifiable natural person, as further defined in the General Data Protection Regulation (EU) 2016/679.

By “Data Controller” we mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, as further defined in the General Data Protection Regulation (EU) 2016/679.

By ticking “I have read and agree to the Privacy Policy” when you create an account, you confirm (i) that you are at least 16 years of age, and (ii) that you have read this Privacy Policy. If you do not agree with any provision of this Privacy Policy, please do not use the Application and remove it from the (mobile) device on which you have downloaded it.

This Privacy Policy was last updated on 1st August 2020.

Top of page

2. About the Application

The Application is designed for use outside the clinic or office setting by individual patients with Atopic Dermatitis. The Application is intended to give you a tool to track your symptoms, provide insights into your disease status and educate you about Atopic Dermatitis and other relevant health related topics. Your disease state can be measured with the three (3) scoring tools in the Application.

The Application is designed and intended for use by UK residents who are at least 16 years of age. Children under the age of 16 are prohibited from using this Application. We do not knowingly collect data relating to children under the age of 16.

Top of page

3. Personal Data processed by using this Application

There is a variety of Personal Data that is processed when you download and use the Application. This Personal Data may be provided by you directly or it may be information that we collect about you and your device from your use of the Application. The types of information that may be processed are listed below.

a. Login information:

in order to use the Application, you will be asked to create an account by entering your name, email address and create a password, agree to the Terms of Use and this Privacy Policy, and consent to Sanofi processing your personal data;

Top of page

b. Health information:

when you use the Application, you may enter information about your health condition or health status in the Application (e.g. daily symptom tracking by taking photos of your skin and assessing severity, itchiness and sleep loss, and skin flair triggers such as weather, air pollutants, food and stress; tracking impact of these symptoms on your daily life by completing the questionnaires or using other scoring tools available in the Application). All of this health information is processed and stored on your device only;

Top of page

c. Photo, camera, and microphone information:

when you use the Application, the Application allows you to process photo, camera and microphone data. This information is processed with your explicit consent only (i.e. you have to amend the default settings to allow the Application to process this data). All of this information is processed and stored on your device only;

Top of page

d. Precise real-time location information:

when you use the Application, the Application allows you to process precise information about the location of your mobile device. This information is processed with your explicit consent only (i.e. you have to amend the default settings to allow the Application to process this data); and

Top of page

e. Connection data:

when you use the Application, any information regarding your connection and access to this App (e.g. type of mobile device used, timestamp of your connection, IP address, screen visited, etc.) will be processed to understand the usage pattern.

Top of page

Providing any or all of the above information is voluntary. You can decide for yourself which information you want to provide. Once you have decided to provide information, be honest with the information you put into the Application. If you provide wrong information or choose not to provide certain information, that may limit the functionalities of the Application and/or the Application may not give you the right result.

4. Personal Data processed by Sanofi

The Application has a “Support” page that will allow you to submit questions, request technical guidance, or provide comments to an email address.

Sanofi will collect your Personal Data when you send a message to us. We collect any information which you include in your message.

Top of page

5. Use and Sharing of Personal Data

Use and sharing of the information listed in Section 3

The information listed in Section 3 will be used to enable you to use all the functionalities, features and benefits of the Application. Most of this information is stored only on your device with the exception of the login information. As a result, if you delete the Application or your device is lost, stolen, or upgraded, most of the information in the Application will be lost. In such cases we recommend that you reinstall the Application.

The login information is stored on a qualified 3rd party vendor server in order to manage, reset and recover your user account in case you lose the login information or the device. Sanofi has no access to your login information.

Sanofi will process your login information on the basis of your consent which you will provide when you create an account. Other than as described above, the information listed in Section 3 will not be shared with Sanofi or any third parties.

The Application does however allow you to share the information listed in Section 3, for instance with:

  • recipients, such as your healthcare provider, via email or printed PDF (e.g. your daily entries (photos, itchiness and sleep lost)); or

  • with other applications on your device (e.g. you may decide to allow the Application to provide notifications, messages, and reminders).

You will be responsible for any personal data you choose to share in this manner, Sanofi will not be responsible for this.

Use and sharing of the information listed in Section 4

We will use the information listed in Section 4 only for the purpose of contacting you and addressing your questions. We will process any Personal Data you provide on the basis that it is necessary for our legitimate interests (to respond to your request).

We may anonymize this information so that it is no longer possible to identify you as an individual and use that anonymized information for any purpose.

We will only share the information listed in Section 4 with our affiliated companies and external service providers we trust. We will not share your information about you with other persons or organizations, unless we believe in good faith that this is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, respond to a government request or otherwise exercise our legal rights or defend against legal claims, or when we believe it is necessary to share that kind of information in order to assist in an investigation regarding, or to prevent, illegal activities, suspected fraud, or situations involving potential threats to the safety of any person.

Top of page

6. Third Party Analytics

When the Application is downloaded and used, we may automatically collect information on the usage of the Application by its users. For instance, what kind of functionalities are used, how long users spend on each page in the Application, how users arrived at the Application and where they downloaded it from. We use this information to analyze the usage of the Application and identify opportunities for further development and optimization of the Application. We also use this to understand the effectiveness of our awareness campaigns for the Application across channels. In general, the (third party) analytical tools (e.g. Google Analytics, Crashlytics) that we use to collect and analyze this kind of information do so without collecting and processing any information that can identify the identity of the users of the Application. However, in some instances the tools (e.g. Adjust, Firebase) may collect certain “online identifiers” relating to you or your device, such as your hashed IP address or a mobile identifier. Although this data will not be combined with any other data that identifies you, it is your Personal Data. This information will be shared with the third-party providers of the tools in question, such as Adjust and Firebase, who will only use it for the purposes described above. It may also be shared with the providers of the channels on which we carry out our awareness campaigns for the Application, such as Facebook and Google, but only for the same purposes. However, Sanofi will not have access to this information and it will not be shared with any other persons or organisations. This information will be processed on the basis of the consent you provide when you create an account.

Top of page

7. International Transfers

Some of our affiliated companies and external service providers may be based outside of the European Economic Area (EEA), such as the United States. This means that information about you may be transferred outside of the EEA to countries that may provide a lower standard of protection for your information. When we transfer information about you outside the EEA, we do so in compliance with applicable data protection laws and will ensure that this information is kept secure and the recipient has an adequate level of security. We will rely on appropriate contracts or suitable safeguards with recipients in countries outside the EEA to ensure this information is properly protected. Please contact us using the details below should you wish to find out more information on the contracts and suitable safeguards.

Top of page

8. Your Rights and Choices

In accordance with the General Data Protection Regulation, you have the:

Right of access. You may contact us to get confirmation as to whether or not we are processing Personal Data concerning you. Where that is the case, we will inform you about the categories of Personal Data we process, the processing purposes, the categories of recipients to whom Personal Data have been or will be disclosed and the envisaged storage period or criteria to determine that period.

Right to correction. You have the right to have inaccurate or incomplete Personal Data we store about you, corrected.

Right to object. In case our processing operations are based on the legitimate interests of Sanofi, you have the right to object at any time to these processing operations. We will then no longer process your Personal Data, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to restriction of processing. You have the right to ask us to restrict the processing your Personal Data in specific situations as foreseen by applicable data protection law (e.g. when the accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data).

Right to erasure. You have the right to ask us to erase your Personal Data from our systems if your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed. Furthermore, you have the right to erasure if you successfully exercise your right to object as described above, unless we have an overriding legitimate ground to not erase the relevant data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.

Right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit such data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided to us.

Right to withdraw consent. Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You also have the right to file a complaint before your local data protection authority if you believe that Sanofi has processed your Personal Data unlawfully. In the UK this is the Information Commissioner’s Office ((www.ico.org).

Top of page

9. Data Retention

The information listed in Section 3 above will only be stored on your device (with the exception of your login information, as described in Section 5 above). This information will be retained until you delete it or delete the Application. Your login information will be retained until you delete your account. If you do not use your account for 12 months, we will automatically delete your account.

The information listed in Section 4 above and the third party analytics information listed in Section 6 above will be not be kept in an identifiable form for longer than necessary. We determine the retention period of this information on the basis of the following criteria: (a) the purpose for which we use the information: we keep the information as long as necessary for that purpose; and (b) legal obligations: various laws and regulations impose minimum retention periods we are obliged to comply with.

Top of page

10. Security

We are concerned about safeguarding your Personal Data against unauthorized access, use and loss. We have appropriate administrative, technical, and physical measures in place to safeguard your login information as well as the information specified in Sections 4 and 6 above.

The information listed in Section 3 (with the exception of your login information, as described in Section 5 above) is stored on your mobile device only and keeping that information secure is your responsibility. Please consult your device’s documentation on how to manage local storage and how to apply appropriate security controls to the device for the protection of such information. We urge you to use caution when storing information in the Application or transmitting information over the Internet, especially information related to your health. Please keep your login details confidential. Please be aware that, although we endeavor to provide reasonable security as part of the functioning of the Application, no security system can prevent all potential security breaches.

Top of page

11. Third Party Sites and Services

The Application may contain links to websites, other apps and other online services operated by third parties that are not under our control. We are not responsible for the collection, use, and disclosure of your Personal Data on those websites, apps and other online services by those third parties. We encourage you to review the privacy policies of each website, app and other online services you visit before you submit any Personal Data.

Top of page

12. Updates to this Privacy Policy

If we update this Privacy Policy, we will post the updated version in the “Settings” page of the Application. If we make any revisions that materially change the ways in which your Personal Data is processed, we will inform you about such changes prior to applying such changes.

Top of page

13. Contact and Questions

In order to exercise the above mentioned rights, or if you have any questions about our privacy practices or our use or disclosure of your Personal Data while using the Application, please contact our Privacy Officer at:

Genzyme Europe B.V.
Paasheuvelweg 25
1105 BP Amsterdam
+31 (0)20 245 4000
Privacy.NL@sanofi.com

Top of page