Privacy Policy


1. Introduction

Hy5 Bionics AS takes privacy seriously and therefore complies with all applicable laws and regulations in connection with it. That includes the new EU Regulation (GDPR).

The purpose of this Privacy Statement is to make it as easy as possible for you to get an overview of how we collect, use, store, share, transfer, delete, or otherwise process (further known as “processing”) your personal data. Our measures to protect and secure your personal data are also covered by the statement. Finally, our statement contains contact information so that you can easily get in touch with us regarding questions, requests and/or complaints related to data protection.

2. Covered parties and definitions

This Privacy Statement-statement refers to “you” and “your”, which includes any covered individual. “We”, “us”, “our” and ”Hy5 Bionics AS” include Hy5 Bionics AS and all associated entities.

“Personal Data” is defined as data pertaining to an identified/identifiable person or a person who can be identified using funds that are highly likely to be used.

3. Scope of the privacy statement

The Privacy Statement-statement applies to the organization of Hy5 Bionics AS for all objectives and activities in the geographical areas where we operate and where the GDPR is applicable.

Furthermore, the Privacy Statement applies to the processing of personal data collected by us, directly or indirectly, from all individuals. This includes, but is not limited to, our current, past, or potential: job seekers, employees, consultants, users, consumers, children, suppliers/subcontractors, shareholders, and third parties. 

4. Collection and processing of Personal Data

4.1 In accordance with GDPR and local laws

Your personal data is processed in accordance with the provisions of the GENERAL DATA PROTECTION REGULATION (GDPR) and potential and relevant local legislation.

4.2 Legal, fair and transparent

We guarantee that your personal data is processed in a lawful, fair, and open manner. This means that we do not process personal data without a legal basis (for more information, see the section “Legal basis for storage”).

Please note at the same time that there may be a need to process your personal data when necessary for the performance of a contract/service you are a part or recipient of, when necessary to comply with legal obligations we are subject to, or other cases where it will be necessary, of course, then with your prior consent. Unless your rights and freedoms are set aside, we may also process personal data for our legitimate interests. In cases where we process your personal data, we will inform you of this through a notice or privacy statement. The information will include, among other things, who is responsible for the processing of your personal data, for what purposes the personal data is processed, who the recipients are, what your rights are, and how you can exercise them (unless it is impossible or requires disproportionate efforts for us to implement this).

Where required by applicable law, we will seek prior approval of you before we collect sensitive data. For example, by checking “I consent to the processing of the personal information that I leave for the above use” on our website, you agree that the personal information that you fill in/provide us may be used for the use formulated in your consent.

4.3 Legitimate purpose, limitation, and data minimization

We warrant that your personal data will only be collected for specific, explicit, and legitimate purposes and will not be processed in a manner that is incompatible with these purposes. The personal data shall also be adequate, relevant, and not too comprehensive in relation to the legitimate use for which it is facilitated.

Among other things, we collect information by contractual agreement on services with suppliers and business customers, filling in contact information on our website, contacting us by email, telephone, website, and social media, registering for education, or participating in information matches. Please also note that if you visit our website, this will generate data, as well as, for example, IP address, device type, operating system, and browser type used.

When we process personal data for our own purposes, these are mainly used, but not limited, to the following: customer care, sales, and marketing activities, statistics and analysis, user customization of the website, recruitment management, HR and administration, accounting, financial management and associated controls and reporting, tax management, risk management, HSE, directory services (such as Active Directory), IT tools or internal websites and other digital solutions or collaboration platforms, IT support (including infrastructure, system management, applications, health and security management, administration of information security, management of customer relationships, bids, internal and external communications and event management, compliance with anti-money laundering obligations or other legal obligations, data analysis, legal corporate governance and implementation of compliance processes).

4.4 Correctness and time limit

We guarantee that your personal data is up to date and correct. We will take all expected measures to ensure that incorrect information is deleted or corrected. 

We store your personal data with us only for as long as necessary for the purpose for which the personal data was processed or in accordance with statutory procedures. It includes any legal, accounting or reporting requirements, as well as if it is necessary for us to assert or defend ourselves against legal claims. The personal data will then be stored until the end of the relevant storage period or until the relevant requirements have been settled. To read more about our specific time limits for storing personal data, please contact us at personal.information@Hy5.no. 

We also guarantee that your personal data is not stored in a format that allows you to identify yourself for longer than is necessary for the use for which the data is facilitated. Upon expiry of the storage period, we will securely delete your personal data, in accordance with applicable laws and regulations.

5. Legal basis for storage

Regardless of the processing of personal data, Hy5Pro AS shall always support at least one of the consequences of legal terms (cf. the Data Protection Data Protection Act, Article 6(1) (a-f) GDPR):

  • the data subject has consented to the processing of their personal data for one or more specific purposes,

  • processing is necessary to fulfil an agreement in which the data subject is a party, or to take action at the data subject’s request before a conclusion of an agreement;

  • processing is necessary to fulfill a legal obligation that is required by the controller,

  • treatment is necessary to protect the vital interests of the data subject or another physical person;

  • processing is necessary to carry out a task in the public interest or exercise the public authority required by the controller;

  • the processing is necessary for purposes related to the legitimate interests pursued by the controller or a third party, unless the data subject’s interests or fundamental rights and freedoms precede and require the protection of personal data, especially if the data subject is a child.

6. Security measures

We guarantee that your personal data is protected from accidental or unlawful alteration or loss, or against unauthorized use, disclosure, or access in accordance with our data security policies. To ensure such protection, we have implemented appropriate technical and organizational measures.

We ensure, where appropriate, that all reasonable security measures based on built-in privacy and privacy as the default setting is in place to protect the processing of your personal data. Depending on the risk level of the processing of personal data, we also carry out data protection impact assessments (DPIA). We also have additional security measures for data that are considered sensitive.

7. Sharing of personal data

We are very strict on who will access your personal data. This is in line with the privacy and confidentiality applicable to the healthcare sector, and only persons who need access to such information will receive this.

Personal data processed in connection with assignments (including potential) is provided to the principal in accordance with the laws and regulations that we are required to follow. Other recipients receive this information only as a result of legal requirements, or other constitutional or government allotments. 

We share your personal data under the following circumstances:

  • with Hy5 Bionics AS devices for the purposes described in this Privacy Statement

  • with third parties, including certain service providers we have retained for the purposes described in this Privacy Statement and the services we provide

  • to government agencies to which we transfer certain data due to legal obligations

  • with courts, law enforcement authorities, supervisory authorities, government officials or lawyers, and other parties where it is reasonably deemed necessary to establish, exercise, or defend a legal or fair claim, or for a confidential alternative dispute resolution process

  • with service providers that we engage in or outside Hy5 Bionics AS, domestically or abroad, e.g. shared service centers, to process personal data for one of the purposes listed on our behalf and only in accordance with our instructions

  • if we sell or purchase business or assets, we may share your personal data with the potential seller or buyer of such business or assets which are then assigned or assign some of our rights and obligations

8. Children

There are separate procedures for personal data belonging to children. This is a group that requires specific protection, as minors are less able to understand and understand the risks, consequences, security measures and rights associated with sharing their information. Children also do not have the opportunity to give consent on an equal basis with the legal age. 

Such specific protection shall particularly apply to marketing, personality or user profiles, as well as services offered to children directly. We do not process children’s personal data without the consent of guardians or guardians where necessary. We do not direct our marketing to children, except for specific services and by the consent of the parent responsibility holder. If you believe that we have improperly processed a child’s personal data, please contact us directly at support@hy5-bionics.com.

9. Data transfer

In accordance with the GDPR, it is not permitted to transfer personal data to third countries outside the EEA that do not have the ability to guarantee an adequate and satisfactory level of data protection. Some third countries outside the EEA where Hy5 Bionics AS operates do not offer the same level of data protection as your country of residence and are therefore not recognized by the European Commission as an adequate level of protection for privacy rights.

As data transfer to such countries will be required in certain cases, either to devices inside or outside Hy5 Bionics AS, we have adequate security procedures in place to protect your personal data. More information about such transfers will be made available to you at the time of collection.

If you would like more information or documentation on data protection procedures, please contact us at support@hy5-bionics.com.

10. Cookies

Our website supplier uses cookies. A cookie is a small text file that is stored on your computer, mobile or tablet by the website you are visiting. The file contains the address of the website and the codes that your browser sends back to this website every time you visit a page. The goal is to recognize your device and store information about your preferences or past activities. That way, your visit can be adapted to your needs and create a better user experience for you. For more information, visit our Cookie Policy.

11. Consent

We have several forms on our website, where you can get directly in contact with one of our employees.

In case you contact us, we process the following categories of data, for example:

  • Contact information

  • First name, last name

  • Address (private, practice or business address, customer number)

  • Email address

  • Content of your inquiry

  • Inquiry specific information

Mandatory data in contact forms, which are absolutely necessary to answer your request, are marked with an asterisk *.

If you send us an email at support@hy5-bionics.com, you also agree to us processing the information you provide us in that inquiry.

 The purpose of storing this information is described in this document.

12. Your rights

You have a number of rights when it comes to your personal data, and you have the opportunity to influence your information and what is stored. Among other things, you have the right to obtain information about what information we have stored. You may also require us to correct incorrect information or delete your information. You can contact us at any time and request that your information be deleted or that the use of the information be restricted. Below is a table that summarizes your various rights:

Right to insight and correction
You can request a copy of the information we have stored on you. You can also request that we correct errors or update incomplete data.

Right to deletion
You are entitled to request the deletion of your personal data in cases where:

  • data is no longer necessary for the purpose for which it was collected;

  • you choose to withdraw your consent;

  • you object to the processing of your personal data;

  • your personal data is unlawfully processed;

  • it is a legal obligation to delete your personal data;

  • deletion is necessary to ensure compliance with applicable laws.

Right to restriction
You may request that the processing of your personal data be restricted in cases where:

  • you dispute the accuracy of your personal data;

  • we no longer need your personal data for processing purposes;

  • you have opposed processing for legitimate reasons.

  • there are exceptions to the right to erasure, ref. article 17.3 and article 9.

Right to data portability
Where applicable, you may request to provide the personal data you have provided to us. This data has the ability to transfer to another data processor, if possible. This applies to the case where:

  • the processing of your personal data is based on consent or a contract

  • processing is automated.

You may also request that your personal data be transferred to a desirable third party (where technically possible).

Right to protest
You may object to the processing of your personal data. Keep in mind that in cases where your personal data is processed on the basis of consent you have given, it is possible for you to withdraw such consent at any time.

Right not to be subjected to automated decision
You have the right not to be subject to a decision solely based on automated processing, including profiling, which has a legal implication for you or adversely affects you.

Right to appeal
You can choose to file a complaint with the supervisory authorities where you live, where you work, or where you feel the violation of your rights has taken place. This can be done regardless of whether it has/has not resulted in personal injury or loss.

You also have the right to lodge a complaint with the courts where the Hy5 Bionics AS entity has a business or where you live normally.

 

If you wish to withdraw your consent or require an overview of information, correction, or deletion, please contact us at the email address we have provided under the contact information section. At the same time, we ask that you fill out our complaint and post this as an attachment in the email, or that you fill out the complaint form on the website. Should you have any questions about the complaints process, you can find many answers in our complaints and requests statement.

If you believe that your rights are not respected, feel free to contact us (see contact information below) or the Norwegian Data Protection Authority.

13. Updates

Updating this Privacy Statement may take place from time to time when there are changes in operation or otherwise. If any material changes are made, we will post information about this on our website when the changes take effect and, if applicable, communicate directly with you the change(s).

14. Contact us

For any questions, comments and/or requests associated with this Privacy Statement, please contact the privacy statement by emailing support@hy5-bionics.com. You can also send a letter to the following address:

 

Hy5 Bionics AS
v/Data Protection Officer
Løkkegata 9
2615 Lillehammer
NORWAY

 

The Hy5 App

Hy5 Bionics AS built the Hy5 App app as a Free app connected to external resources to form a SERVICE. This SERVICE is provided by Hy5 Bionics AS at no cost and is intended for use as is together with a MyHand prosthetic hand device.

This page is used to inform visitors regarding our policies regarding the collection, use, and disclosure of Personal Information if anyone decides to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are accessible at Hy5 App unless otherwise defined in this Privacy Policy.

Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to support@hy5-bionics.com. The information that we request will be retained by us and used as described in this privacy policy.

The app does use third-party services that may collect information used to identify you.

Link to the privacy policy of third-party service providers used by the app

●      Google Analytics for Firebase

●      Firebase Crashlytics

Log Data

We want to inform you that whenever you use our Service, in the case of an error in the app we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third-party code libraries and URLs that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

●      To facilitate our Service;

●      To provide the Service on our behalf;

●      To perform Service-related services; or

●      To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Security

We value your trust in providing us with your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s Privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to take the necessary actions.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 2023-08-01

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact our security officer at support@hy5-bionics.com.