Data Privacy Information Remote Vital Signs Monitoring
Protecting your privacy is important to Cosinuss GmbH (herein called “cosinuss°” or “company”). This data policy document describes how cosinuss° is using data in the context of its Remote Vital Signs Monitoring solution. cosinuss° operates a web application including its servers, cosinuss° gateway devices and apps, as well as cosinuss° sensors. With these components together cosinuss° is enabling the monitoring, processing and transmission of vital signs remotely (herein called “Remote Vital Signs Monitoring Solution”). cosinuss° is thus providing an end-to-end solution to enable individuals/institutions to remotely monitor vital signs of a selected group of people (herein called “Data subjects”). With this Remote Vital Signs Monitoring system, cosinuss° has no plan and motivation to sell or transmit personal data or health data to any third parties.
cosinuss° sells its Remote Vital Signs Monitoring system and the service of operation thereof to individuals/companies/organizations (herein called “Data Controller”).
When operating its Remote Vital Signs Monitoring system, cosinuss° only processes personal data according to documented instructions from the Data Controller, and only to the extent that is necessary to fulfil the obligations of a previously signed Principal Agreement and Data Processing Agreement, unless processing is required under EU or Member State law to which cosinuss° is subject. In this case, cosinuss° must inform the Data Controller of that legal requirement before processing, unless that law prohibits this notification on important grounds of public interest, see General Data Protection Regulation article 28, section 3, paragraph a. The Data Processing Agreement is part of the Data Controller’s instructions to cosinuss°. cosinuss° processes personal data on behalf of the Data Controller, and is only allowed to use the personal data for own purposes, especially the improvement of its offering, if it has the prior written consent of the Data Controller to do so.
Personal data collected by the Data Controller
The Data Controller is solely responsible for collecting any personal data that is directly identifying the data subjects. Thus, the Data Controller is also always responsible for the delivery of the components of the Remote Vital Signs Monitoring system to the data subjects. At no point of time does cosinuss° have any directly identifying personal data of the data subjects.
The Data controller has additionally authorized access to the Health Data collected and processed by cosinuss° throughout the frontend of the Remote Vital Signs Monitoring System using a web application or an Application Programming Interface (API).
Data collected by cosinuss°
In the framework of its Remote Vital Signs Monitoring solution cosinuss° is collecting health data and other meta data described hereafter of pseudonymized individuals.
| Meta data | Description |
|---|---|
| Sensor Device (with accompanied firmware) | - MAC address - Unique Device Identification (UDI) - Firmware version - Bluetooth Device Name - Cap size |
| Gateway Device (with accompanied firmware) | - MAC address - Unique Device Identification (UDI) - Software version |
| Server (with accompanied software) | - Record id (data file id) - Person pseudonym - Timestamp record start - Timestamp record end - Timestamp upload to server - Record duration - Record timezone |
| Device Battery | Battery Level (%) |
| Quality data | |
| Quality Index | Fit of sensor indicating quality of measurement |
| Perfusion Index | Indication of the pulse strength (%) |
| RAW data | |
| PPG green | Raw Photoplethysmogram from Green LED |
| PPG red/infrared | Raw Photoplethysmogram from Red/Infrared LED |
| PPG ambient | Raw Photoplethysmogram LED turned off |
| Acceleration / Position | Information about X,Y, Z axis orientation |
| Temperature | Raw sensor temperature |
| Primary Vital signs | Calculated from RAW data |
| Core Body Temperature | Core Body Temperature (°C) |
| Heart Rate | Beats per Minute (bpm) |
| Respiration Rate | Breaths per Minute (1/min) |
| Arterial Oxygen Saturation | Blood Oxygen (%) |
| Directly derived parameters | Calculated from RAW data |
| RR-Intervall | Time between heart beats (milliseconds) |
| Server Analysis | Calculated from processed Data |
| To be defined by Data Controller | Combined Frequency Analysis |
| Server Score | Calculated from processed Dat |
| Deviation Score (DS) | Deviation Thresholds on Vital Signs |
| To be defined by Data Controller | Combined Vital Signs Scoring |
Meta data collection is necessary in order to be able to connect a pseudonym with a data stream and to be able to troubleshoot possible problems by knowing the respective firmware version of each component.
Information about battery level is used to signal the Data subject and the Data Controller the need for charging the sensor device and thus to ensure the ongoing offering.
Information regarding quality is needed in order to be able to indicate to the Data Controller which health data is reliable and which collected data needs to be questioned.
Raw Data collected is the data which is needed to calculate vital signs like: Heart Rate, Blood Oxygen Saturation, Core Body Temperature and Respiration rate. Additionally, it is used to derive further parameters like RR–Intervals, Perfusion, Heart Rate Variability. These are additionally provided to the Data Controller to fulfil the purpose of the principal processing.
If agreed on in the Data Processing agreement further processing of derived parameters can be conducted on the server in order to fulfil the principal purpose. One example of such processing is the calculation of the Deviation Score (DS).
Special Note regarding Bluetooth and Android
If the Remote Vital Signs Monitoring solution includes a mobile app running on an Android mobile device, cosinuss° may have an access to the coarse location of the person. This is due to the Bluetooth connection on the Android system: When the user enables Bluetooth to connect to the in-ear sensor, Android is forcing the user to enable ‘Locations’ as well. This obligation is coming from Android, not from the app. cosinuss° is not collecting or using this data.
Storage and disclosure of personal data
cosinuss° generates, processes and stores the data listed above in order to fulfil the purpose defined with each Data controller individually. Collected and processed data is stored on servers located in Nuremberg, Germany by Hetzner Online GmbH, which is a server provider audited by TÜV and complying with the GDPR. cosinuss° has a data processing agreement with Hetzner, according to the Art. 28 GDPR. If not explicitely agreed upon differently, cosinuss° will hand back and delete personal data when data processing under the Principal Agreement with the Data controller ceases or at the written request of the Data Controller. cosinuss° ensures that only employees, sub-processors, business partners, external consultants and temporary workers etc who need to know have access to the personal data covered by the Data Processing Agreement and that they all are bound by professional confidentiality or are subject to a relevant statutory duty of confidentiality. If cosinuss° is involved in the sale or transfer of some or all of its assets, personal data may be disclosed to the acquiring organization but only to an extent permitted by law. In this process the acquiring organization will be directed to agree to protect the privacy of your Personal data in a manner consistent with this declaration and applicable law.
Security
cosinuss° uses commercially reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal data collected. Whenever health data is transmitted, it is encrypted. So even, if the transmission protocol is accessed by an unauthorized third party, they can't use the transmitted information. However, cosinuss° can’t fully eliminate security and/or privacy risks associated with Personal data created, stored or transferred using the internet and internet technologies. cosinuss°, as the Data processor, shall not be liable for any breach, unauthorized disclosure or unlawful use of Personal data or Health data that was, at the time of the breach, under the control of the Data processor.
Cryptographic techniques
Authentification
cosinuss° only collects and processes data of pseudonymized Data subjects and limits access to this data to the authorized persons who need to know and are bound to confidentiality.
Bluetooth
The Bluetooth LE data transmission uses traffic encryption. Additionally, cosinuss° offers a 1-1 pairing mode including authentication.
Hypertext Transfer Protocol Secure (HTTPS)
The Hypertext Transfer Protocol Secure is using the latest TLS Certificates to ensure secure communication in the World Wide Web. Also, the Advanced Encryption Standard (AES) and Block Ciphers are protecting the data transmission true to highest classification. HTTPS is used in the WebInterface as well as between the communication gateway device/lab app and server.
Server Location
Servers are located in two different data centers (Nuremberg & Falkenstein / Germany) from Hetzner Online GmbH.
Certification
- Hetzner Online GmbH has its business address at Industriestraße 25, 91710 Gunzenhausen, Germany and is certified according to DIN ISO/IEC 27001
- cosinuss° has a data processing agreement with Hetzner, according to the Art. 28 GDPR
Data Protection
- redundant data storage at different data centers
- video-monitored high security fence around the entire data center park
- access only via access control terminals with transponder or access cards
- state-of-the-art surveillance cameras for 24/7 monitoring of access roads, entrances, security gates and server rooms
- modern early fire detection system with direct connection to the local fire department
Availability of Services
- redundant web services running at different data centers
- emergency power supply
- redundant USV systems
- battery operation: approx. 15 minutes
- temperature monitoring of room air and in server/distribution cabinets
- DDOS protection
- suppressed botnet communication
Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is required under the GDPR any time you begin a new project that is likely to involve “a high risk” to other people’s personal information. With Remote Vital sign monitoring this may be the case if the type of processing in particular is:
- Using new technologies
- Tracking people‘s behaviour
- Processing data concerning health
- Processing used for automatic decisions
- Processing children‘s data
cosinuss° recommends preparing for a DPIA before beginning any data processing activity. Ideally, the DPIA should be conducted before and during the planning stages of a new project. If you have a Data Protection Officer you must consult with that person, and any other key stakeholders involved in the project, throughout the course of the DPIA. It should contain the following elements:
- A systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes
- An assessment of the risks to the rights and freedoms of data subjects
Access, Comments, and Questions
To get the best use of the Remote Vital Signs Monitoring solution, all responsible parties keep their information accurate, current, and complete by routinely updating each other. If you have any questions, comments, or concerns regarding this Privacy Policy, please contact our Privacy Officer:
Cosinuss GmbH, Kistlerhofstrasse 60, 81379 Munich, Germany Tel.: +49 89 740 418 32 E-mail: dataprivacy@cosinuss.com