The Neckcare Company
Last updated: September 13, 2021
Privacy is a priority to NeckCare and we place great emphasis on respecting the rights of individuals and the protection of personal data.
This notice concerns the processing of personal data when:
- You use our measuring equipment and software (hereafter “NeckSmart system”), whether with analysis and/or treatment at a healthcare worker or directly with a NeckCare specialist
- You make an account and sign in to our NeckSmart system, either as a professional or individual user
- You communicate with us, whether through e-mail, phone, or social media
- Visit our website, www.neckcare.com, or social media
What personal data does NeckCare collect about you?
NeckCare only processes personal data that is necessary for achieving the purpose of the data collection. In some cases, the personal data collected can be considered as sensitive personal data (as defined by the European Union’s General Data Protection Regulation, GDPR) and then your explicit consent is requested before processing starts.
NeckCare currently collects the following personal data:
- Encrypted access information as in e-mail address and username
- Information related to the usage of our NeckSmart system, such as:
- Name, age, gender, contact information
- Background information before the system is taken into use
- Data regarding mobility and motion control
- Identification and communication information of business contacts, e.g., name and address, identification number, email, and telephone number
- Technical information, e.g., IP address
- Payment information, however only to the extent that our payment service provider can process the payment. Financial information is not stored by NeckCare
- Communication when an individual contacts us
For what purpose does NeckCare process your personal data?
NeckCare processes personal data solely for the purpose of:
- Allowing you to use our NeckSmart system
- Communicating with you and to provide customer support
- Conducting research and development to improve our products and services
- Conducting marketing
- Responding to inquiries from individuals
- Communicating with business contacts and contractors
When you use our website www.neckcare.com we collect information about your use, i.e., the IP address, type, or version of the browser you use, the timing and duration of the visit as well as the subpages you visit within the NeckCare website.
The legal basis for the collection and processing of your personal data
NeckCare collects and processes personal data based on the following basis:
- When you have provided us with explicit consent. This basis is particularly applicable regarding data that is generated by the usage of our NeckSmart system.
- For the performance of a contract with an individual
- Regarding the legal obligation to which NeckCare is subject. This authorization is particularly concerning data that is subject to the Accounting Act No. 145/1994.
- To protect the legitimate interests of NeckCare. This basis is particularly applicable when an individual contacts us through social media.
How long do we store your personal data?
If an individual user terminates a NeckSmart account, we will keep the personal data for additional three years to allow users the possibility to make use of their past data at a different stage in life, for instance, if a new assessment or rehabilitation therapy is needed. Users always have the right to request their personal data to be deleted earlier.
From whom do we collect your personal data?
We collect personal data from users (professional and individual) through our NeckSmart system. In certain instances, personal data are collected automatically, for example, by your usage of our website.
Who do we share your personal data with and why?
NeckCare will not sell or share your personal data with third parties for marketing purposes. NeckCare only discloses personal data to third parties where this is required by law or in the case of a service provider, agent, or contractor hired by Neckcare to do predetermined work, for instance, in services in connection with information technology. If a third party, with which NeckCare shares personal data, is a processor, NeckCare concludes a Data Processing Agreement with the relevant party in accordance with GDPR. Such Data Processing Agreements include, inter alia, the obligation of the processor to keep personal data secure and not use it for any other purpose than to fulfill the agreement.
NeckCare could also share personal data with third parties when it is necessary to protect our legitimate interests, such as collecting overdue claims.
For users (professional and individual) in Europe, NeckCare may contract with third parties that may receive, store, and process your data outside the European Economic Area (EEA). In such cases, NeckCare will ensure that there is a relevant legal basis for such processing and, via a Data Processing Agreement described above, that the processing entity provides an adequate level of protection for personal data.
NeckCare points out that when you enter or contact us through our social media, it is possible that the social media providers get access to information and we encourage you to read their respective privacy notice carefully.
Security of personal data and the notification of a data breach
Security in the processing of personal data is important to NeckCare and we have taken appropriate technical and organizational security measures to ensure the protection of your personal data in line with our security policy, including appropriate access controls.
If there is a data breach regarding your personal data, and if the breach is considered to create a serious risk to your freedom and your rights, we will notify you immediately. A data breach is considered an event that causes your personal data to be lost or deleted, altered, disclosed, or if unauthorized parties gain access to the information.
Subject to the conditions set out in data protection legislation, you, as a data subject maintain ownership and control over your data and enjoy the following rights:
- The right to obtain confirmation as to whether or not your personal data are being processed as well as the purpose for processing, the categories of personal data concerned, the categories of recipient of the data, and the envisaged period for which the data will be stored and of the criteria used to determine the period.
- The right to rectification of your personal data.
- The right to the erasure of your personal data if there is no objective or legal obligation to preserve them.
- The right to objection to the processing of your personal data.
- The knowledge of any existence of automated decision-making, including profiling.
- The right to withdraw your consent for NeckCare to collect, file, process or store your personal data, when the processing is based on consent.
If you would like to exercise your right, you can send a written inquiry to NeckCare. We will confirm receipt of the request and respond to it within one month. If we are unable to respond within a month, we will notify you of the delay. No fee is charged when individuals exercise their rights in accordance with the above, except in cases where a request is considered excessive or obviously gratuitous.
You also have the right to file a complaint to the Data Protection Authorities (Persónuvernd) in Iceland. Contact information can be found on their website www.personuvernd.is.
If you would like more information on how we handle your personal data, or if you want to exercise your rights, you may contact us at firstname.lastname@example.org.
NeckCare privacy notice is reviewed regularly and updated if required. The last update was performed September 13 2021.