FAQs - Promptly Health FAQs. How we can help?

This platform was created and is managed by Promptly Health Analytics (“Promptly”) and its use is subject to these Terms and Conditions. Please read the Terms and Conditions of Use presented here carefully.

Acceptance of Terms and Conditions of Use

The platform User acknowledges that, by registering and regularly using this Platform, they are accepting and agreeing to these Terms and Conditions of Use.

Using the Platform through the "Patient" Profile

In order to use the Platform, the User must register as a “Patient” and expressly and in writing give their consent to the collection, access, or other processing of their personal data that meets the legitimate purposes that govern the collection of data in the terms described below, in a place specifically indicated on the Platform, for its use and access, while additionally being aware of the Privacy Policy adopted by Promptly.

Promptly and its Privacy Policy comply with the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter additionally GDPR), and other applicable legal standards on the protection of personal data.

Data that are marked with an asterisk (*) on the forms and/or questionnaires made available on the Platform are mandatory and correspond to the data strictly necessary for the purpose intended and which governs the data collection as follows, without which Promptly will not be able to comply with the request for registration or access.

By virtue of the consent given at a location specifically indicated on the Platform, Promptly considers that all personal data provided by the User has been entered by the data subject and/or authorised legal representative, in particular in the case of Users under the age of eighteen, the same data being truthful and accurate. Promptly shall not, therefore, be held liable for any irregularity, inaccuracy, or error in the insertion and/or collection of such data or processing thereof, subject to the provisions of applicable law. The data subject may request Promptly to correct, rectify, or update the data.

By registering through the "patient" profile and associating the reported disease(s) to the health care facility in which they are being followed, the User is giving their consent to the professionals in that institution who are responsible for ensuring the continuity of the health care provided or to be provided to them, with the adoption by the health institution of the appropriate security measures and only for the strict purpose of providing healthcare which the User needs, to access the data entered by the User with the "Patient" Profile strictly necessary for that provision of healthcare and for as long as that provision continues.

By using the Platform, the User may consent to their physician's access, for healthcare purposes, to the individual data contained in their electronic medical records, and may at any time revoke the consent of access by that physician.

Access to the data by other entities for scientific research purposes will always depend on the User's autonomous, specific, informed, and written consent, as well as on the adoption by such entities of appropriate security measures, including the anonymisation of data where research purposes are likely to be achieved without the identification of the data subjects.

Using the Platform through the “Physician” Profile

By registering as a "Physician", the User will expressly and in writing give their consent for the collection, access, or other forms of processing of the respective personal data that comply with the legitimate purposes for which the data are collected under the terms described below, in a place specifically indicated on the Platform, with a view to its use and access, while additionally being aware of the Privacy Policy adopted by Promptly. By registering through the “Physician” Profile and only on this condition, the User will further consent to the personal data entered by them, whether personal data relating to themselves, or personal data of another data subject, specifically the Patient, who has previously given informed consent for the inclusion of their personal data on the platform and for access by other users with a “Physician” Profile under those terms, to be accessed by other Users, provided that they are registered with the “Physician” Profile and associated to the same Patient(s) as the User, provided that this is previously accepted by the Patient(s).

Promptly and its Privacy Policy comply with the General Data Protection Regulation, the GDPR, and other applicable personal data protection legal standards.

The User declares and guarantees that the information entered by them, whether personal data, their own or that of another data subject, or data relating to third parties, is truthful, accurate, and correct and that it can be transferred to Promptly by the User. The User declares that the transfer of personal data from other data subjects to Promptly is based on a legitimate cause for the processing of personal data, pursuant to articles 6 and 9 of the GDPR, and that the processing done by them is and will be lawful. Therefore, Promptly considers that all information provided by the User is lawful, truthful, and accurate, and Promptly cannot be held liable for any unlawfulness or lack of grounds for the processing of data and its legality, irregularity, inaccuracy, or error in the insertion and/or collection of such data or processing thereof, either regarding the data subject or third parties, without prejudice to the provisions of applicable law.

The termination of the healthcare relationship between the user Physician and the patient ceases the processing of data by that User, and the Physician or the institution where the User performs the activity shall immediately inform Promptly of such termination.

Without prejudice to the consent of the Patient and Physician to collect and use their data for normal use through the Platform, all information contained in the patients' medical records will remain accessible only to themselves and their General Practitioners, and none of the Physicians are in any way exempt from complying with the duties of privacy and confidentiality, regarding the health data entered in the Platform, to which they were already deontologically bound.

Notwithstanding the foregoing, the Patient may, under the law, consult information that concerns them directly and only that which has been recorded or entered by the Physician with whom that Patient is associated. Pursuant to Article 40, no.4 of the legally approved Deontological Code of the Medical Association, “whenever the provision of information from the medical file is intended, the physician has the right to purge his personal notes and the duty not to provide information subject to the privacy of a third party and not to communicate circumstances which, if known to the patient, would endanger their life or would be likely to cause serious harm to their health, either physical or mental".

Using the Platform through the "Patient Manager" Profile

By registering as a “Patient Manager”, the User declares and guarantees that all personal data entered therein has been collected from the respective data subject in strict compliance with the applicable data protection standards, and consent has been obtained for this purpose and the right to information has been previously complied with. The User “Patient Manager” further declares that he has informed the data subject of the latter's possibility of accessing and validating the data entered by the User, however, access to the data subject's personal data is not dependent on validation. The User declares that the transfer of personal data from other data subjects to Promptly is based on consent as a legitimate cause of the processing of personal data, pursuant to Article 6 no.1, a) and Article 9 no.2, a) of the GDPR, and that the processing done by Promptly is and will be lawful. The User will further consent to the collection, access, or other forms of processing of their personal data that meets the legitimate purposes that govern the collection of the data as described below, in a place specifically indicated on the Platform, with a view to its use and access, while additionally being aware of the Privacy Policy adopted by Promptly.

Promptly and its Privacy Policy comply with the GDPR and other applicable legal standards regarding the protection of personal data.

Data that are marked with an asterisk (*) on forms and/or questionnaires made available on the Platform are to be filled in for the intended purpose, without which Promptly will not be able to comply with the request for registration or access.

Accuracy and integrity of information

While all means at our disposal have been used to ensure the accuracy and integrity of the information on this Platform, Promptly is in no way liable if the information provided contains errors, inaccuracies, or imprecisions, especially the information that has been provided by partners.

The contents contained in this Platform do not constitute and can never be interpreted as a advice, guarantee, commitment, or suggestion given to Users by Promptly, and the latter shall not be held liable.

Users may request Promptly, in accordance with applicable legal standards, to correct, rectify, or update the personal data provided. Promptly adopts the security, technical, and organisational measures that are deemed appropriate to guarantee the integrity and confidentiality of the data made available through the Platform.

Users and their passwords that allow for the access to and use of the Platform are personal and non-transferable, and the data subjects must maintain their confidentiality and integrity, and Promptly cannot be held liable for the misuse of the Platform due to the use of the password by a third party as a result of the transferring or making available of said password by the User.

If the User loses their password or are concerned that it has been accessed by a third party, they must immediately and without delay notify Promptly of this issue and proceed in accordance with Promptly's security rules and instructions, to prevent and/or minimise security incidents that result or may result from them.

Access to the platform

Promptly always reserves the exclisuve right to suspend, restrict, or cancel, in whole or in part, access to the Platform or any feature incorporated in this Platform, in particular due to maintenance, upgrade, or repair of the Platform, and may additionally shut the Platform down, definitively or provisionally, at its discretion and without prior notice, without prejudice to contractual commitments entered with third parties.

Intellectual Property Rights

All copyright and other intellectual property rights inherent in the texts, graphics, questionnaires, images, and other content made available on this Platform, regardless of how they are graphically represented on this Platform, are the property of Promptly or are used by the latter with the authorisation or license given by the respective owner or third party with legitimacy for that purpose.

The User acknowledges that all content on this Platform is protected by intellectual property rights, or similar rights, and undertakes to respect such rights.

The User is not authorised to reproduce, transfer, disclose, modify, copy, sell, use, or distribute in any way the texts, images, logos, questionnaires, layout, or other information contained on the Platform without Promptly's prior written permission.

The use or transfer, as well as the making available of trademarks, logos, or other content contained on this Platform, neither grants nor can be interpreted as granting the Users any intellectual property rights that may be registered, licensed, authorised, or other similar rights on them.

Any attempt to alter, reproduce, transfer, disclose, copy, sell, or otherwise distribute the contents contained on the Platform and protected by this provision, as well as any action that may cause damages to Promptly and put into question the integrity of the Platform are strictly prohibited and shall be punished in accordance with applicable law.

Liability

Promptly shall not be held liable in any way for direct and/or indirect, reputational, property and/or non-property damages, emerging damages and/or lost profits, or any other damages, charges, expenses and/or costs resulting from errors, irregularities, lack of legitimacy, content, use, access, or registration on this Platform.

Promptly shall not be held liable in any way for direct and/or indirect, reputational, property and/or non-property damage, emerging damages and/or lost profits, or any other damages, charges, expenses and/or costs resulting from misuse and/or inaccuracy or falsity of information entered by Users or third parties on this Platform.

Changes to the Terms and Conditions of Use

Promptly reserves the right, at any time, to modify, update, and/or eliminate, in whole or in part, these Terms and Conditions of Use, such changes being duly disclosed on this page or another section of the Platform and made available to Users for validation.

The User should periodically visit this page containing the Terms and Conditions of Use to review the information contained herein and be aware of any additional information.

Validity of Terms and Conditions of Use

If any provision of these Terms and Conditions of Use is in breach of the applicable law, that provision shall be deemed unwritten and shall not affect the validity of the remaining provisions or these Terms and Conditions of Use.

Applicable jurisdiction and law

These Terms and Conditions of Use are governed by Portuguese Law.

Any dispute, litigation, or issue arising from the use of this Platform will be settled exclusively by the District Court of Trofa, Portugal, with express waiver of any other.

Clarification

If you have any questions about these Terms and Conditions of Use, please send your request for information to Promptly through Promptly's helpdesk at the following email address: support@promptlyhealth.com

Promptly guarantees Platform Users the respect for their privacy as well as the protection and security of their personal data.

Visiting this Platform does not, by itself, imply the automatic registration of any personal data that identifies the User. However, registration and access by logging into the Platform implies the processing of personal data by Promptly, therefore the User should read this Privacy Policy carefully and decide, freely and voluntarily, whether to provide their personal data to Promptly.

This Privacy Policy is an integral part of the Platform's Terms and Conditions of Use and governs the processing of personal data provided by Users, as well as the exercise of rights belonging to the data subjects pursuant to Regulation (EU) 2016/679 European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR hereafter) and other applicable data protection legislation.

Data Processing and Accountability

This Privacy Policy applies to all personal data contained on the Platform managed by Promptly.

The processing of personal data by Promptly is governed by the following principles in accordance with the GDPR: a) lawfulness, fairness, and transparency in the processing of data; b) purpose limitation; c) data minimisation; d) accuracy; e) storage limitation; f) integrity and confidentiality; g) accountability.

Promptly Software Solutions for Health Measures, Lda. (“Promptly”) is the entity responsible for the processing of Users' personal data and may, in some exceptional cases and respecting the duty of information, act as a subcontractor of health entities and/or units. Promptly acts as a subcontractor for the use of the Platform through the "Physician Profile" with regard to the accountability of the personal data of patients entered by the Physician, and the accountability for the processing lies with the institution where the physicians carries out their activity or with the latter if in a private medical practice.

Purposes of data processing

Data processed regarding the use of the Platform is collected at the time of registration on the Platform by the User and each time the User accesses the Platform through their login.

Promptly will process the User and/or data subject's data, either manually or automatically, for the following specific purposes:

Registration on the Promptly Platform;
To improve access to the User's information regarding the reported disease;
To improve services related to health, namely the reported disease;
To ensure continuity of care and treatment guides for the reported disease(s) and the monitoring of the services provided by healthcare providers;
To increase scientific knowledge in the results reported by the User, comparing and compiling common patterns of responses, using anonymised data for this purpose and whenever it is appropriate to be done.
The data subjects data will not be processed for any other purpose that does not fulfill the purposes herein described.

Promptly processes User identification data and health-related data within the scope of this Platform. Promptly recognises the special nature of health data and applies the security, technical, and organisational measures appropriate for their protection.

The processing of personal data contained in the Platform is based on the prior consent of the data subject, consent which may be withdrawn at any time via the email address support@promptlyhealth.com or upon written request to Promptly - Helpdesk to the address Rua das Condominhas, nº. 15, 4150-222 Porto. The withdrawal of consent does not affect the lawfulness of prior processing carried out on the basis of prior consent.

Rights of data subjects

As data subjects, the User may, at any time and for free, exercise their rights of access, rectification, or deletion, restriction, portability, and opposition of their data through the email address support@promptlyhealth.com or upon written request to Promptly -Helpdesk at nº. 15 das Rua das Condominhas, 4150-222 Porto.

In the event that you exercise any of these rights, Promptly will analyse the case and respond within one month. The period may be extended up to two months, subject to the provisions of Article 12 no.3 of the GDPR, where necessary, taking into account the complexity of the request and the number of requests, in which case the data subject is to be informed of the extension and the reasons for the delay within one month of receipt of the request. If the data subject's request is not replied to, the latter must be informed, without delay and at the latest within one month of the date of receipt of the request, on the reasons for the delay and the possibility to submit a complaint to a supervisory authority and take legal action.

If the data subject submits the request electronically, and unless otherwise requested by the data subject, the information must be provided in a commonly used electronic format.

However, the User is hereby informed that if it is considered that Promptly has violated or may have violated their data protection rights, the User may file a complaint with the National Data Protection Authorities.

The User may additionally contact Promptly's Data Protection Officer or “DPO” regarding all matters relating to the processing of their personal data and the exercise of their rights through the email address protecaodedados@proef.com or by written request addressed to Promptly - for the attention of Marco Carvalho at the following address Marco Carvalho, Rua das Condominhas nº. 15, 4150-222 Porto.

In regards to the right of data deletion and in view of the identified purpose of clinical investigation under Article 89 of the GDPR, this may be restricted under Article 17 no.3, d) of the GDPR, only insofar as such deletion of data is likely to make it impossible or seriously impair the achievement of the purposes of such processing.

Retention period

Promptly will retain personal data only for the period necessary for the identified purposes, specifically, as long as the User's login remains active and the purposes that governed the collection continue; they may only be retained for longer periods, provided that they are processed solely for scientific research or statistical purposes, subject to the application of appropriate technical and organisational measures, in order to safeguard the rights and freedoms of the data subject. Such measures may include pseudonymisation provided that the intended purposes can be achieved in this way. Where such purposes may be achieved by further processing which does not permit, or no longer permits, the identification of data subjects, such purposes shall be achieved in this way.

Communication of data

Promptly may communicate the User's personal data in compliance with the rules set forth in the GDPR provided that:

Promptly has unequivocally obtained the User's consent to do so; the transfer is made in compliance with a legal obligation, a decision by the National Data Protection Authority, or a court order; or the communication is intended to protect the vital interests of Users or any other legitimate purpose provided by law.

Whenever Promptly communicates the data to third parties, the User will be duly informed and the identity of the recipients and the purpose of the processing for which the data was transferred will be communicated.

Subcontractors

The processing of Users' personal data may be carried out using reputable service providers, carefully selected by Promptly in accordance with the GDPR, as they adopt sufficient guarantees in the implementation of technical and organisational measures appropriate to the processing of data that meets the requirements of the GDPR and ensure the defense of data subjects' rights. Service providers will only process personal data for the purposes defined by Promptly and in compliance with the instructions issued by Promptly, ensuring and complying with the standards set forth in the GDPR and other applicable data protection standards.

Promptly's platform is hosted on Amazon Web Services (AWS), consequently meeting Amazon's guaranteed security and compliance.

The following is a list of other Promptly subcontractors for the optimisation of their services and platform features:

Mailgun: service used for sending emails through the platform.
Messente: service used for sending SMS messages through the platform.
Hotjar: service used to analyse platform usage from an end-user perspective, with the aim of analysing and understanding the users' difficulties in order to promote continuous product improvement.
Mixpanel: product analytics tool to get valuable insights on how our users use the platform, in order to make smarter decisions and act faster.
Sentry: service used for error capture and handling. This service is connected in privacy mode, i.e. there is no personal data storage by the subcontractor.
Onesignal: service used for for mobile push notifications, web push, SMS, email & in-app messaging.
Twillio: service used for automatic voice calling.
WhatsApp: service user for mobile messaging.
Mailjet: newsletter sending service.
Automated decisions
Promptly does not make automated decisions based on the automated processing of Users' personal data, including profiling.

Security measures

In its commitment to protect the security of the Users' personal data, Promptly takes the most appropriate measures to protect the personal data contained in the Platform against its unauthorised and/or illegal dissemination, loss, destruction, misuse, alteration, or processing:

Restricted access to the User's personal data based on the “need to know” criterion and only for the purposes communicated;
Use of SSL (Secure Sockets Layer) certificate to ensure security and privacy in data transfer between the server and the user;
Authentication mechanisms for entering the system and performing specific acts for the uploading of health-related information;
A validation email and/or code is sent directly to the User's personal contact so as to ensure security of the identification;
Protection of information technology systems through the use of secure servers, such as the AWS server, which ensures compliance with data protection standards, firewalls, and encryption in communication and data access;
Adoption of the practices of the ISO 27001 standard, which is the international reference and standard for information security management and the structure for excellence in information protection;
Adoption of data encryption and pseudonymisation practices with special security measures regarding health-related data;
Access to health-related data only by health professionals bound by the duty of confidentiality;
Logical and physical separation of health-related data from other personal data and distinct access profiles due to the nature of the data;
Duty of confidentiality by all Promptly professionals or those who provide services for the same and maintenance of the duty of confidentiality even after the termination of activity for Promptly;
Adoption of a code of conduct/rules of procedure or standards binding the company regarding the protection of personal data;

Anonymisation (where its adoption does not preclude the pursuit of a lawful, legitimate, and specific purpose).

Nonetheless, it is the User's responsibility to ensure that the computer equipment through which they access the Platform is adequately protected against harmful software and computer viruses, or other forms of improper access by third parties.

Use of Cookies

Promptly's Cookie Policy is available as a standalone document which can be found at Privacy policy.

Cookies

As is the case with most websites, so that the sites promptlyhealth.com and Platform: promptly.health ( hereinafter “Sites”) can function properly, Promptly duly installs small files called cookies on your computer or mobile device.

What are cookies?

A cookie is a small text file that a website installs on your computer or mobile device when you visit the site. These files allow the website to "remember" actions and preferences, such as the username, chosen language, character size, and other display settings for a certain period. This is why when you go through the pages of a site, or return to a site you have already visited, as a rule, you do not have to indicate your preferences again.

How do we use cookies?

Promptly uses the cookies on the Sites that are strictly necessary for the improvement of navigation and the efficient uploading of the contents, which allows us to, specifcally, identify the location of the content.

Promptly additionally uses personalisation cookies to gather anonymous statistical data about users' browsing activity and routines for the purpose of analysing and making improvements to the Sites and, therefore, improve user access and experience. These cookies are installed by third parties. We use Google Analytics to measure traffic on our site. Google has its own Privacy Policy. If you do not wish your website visits to be detected by Google Analytics, please go to http://tools.google.com/dlpage/gaoptout.

It should additionally be noted that cookies will store the collected information for the time periods that you can consult in your browser settings.

Cookies are stored locally in the browser as long as the User keeps the session active. Its storage ensures the smooth running of the platform and the optimisation of navigation flows such as authentication token storage, user profile identification, preferred language, site navigation control object.

How can cookies be controlled?

Promptly will not collect any personal data from users without their prior consent. The User, the data subject, can control and/or delete the cookies as desired. The User can delete all the cookies already installed on their computer or mobile device or activate an option available in most navigation programmes that prevents them from being installed. In order to remove cookies and activate the navigation option that prevents their installation, the User may have to manually configure certain preferences whenever visiting a website and the risk of disabling certain services and features and experiencing difficulties when using the Platform should not be disregarded.

The User may accept or refuse these Sites from installing cookies on their computer or mobile device by clicking on one of the following links: I accept the installation of cookies / I refuse the installation of cookies.

If the User wishes to obtain any clarification on this Policy and modify or simply revoke any prior consent given for the use of ‘cookies’ on these Sites, they should contact us at protecaodedados@proef.com, which is the contact of the Data Protection Officer or “DPO”, by placing in the subject field “Cookie Policy” or upon written request addressed to Promptly - Helpdesk, at Rua das Condominhas, nº. 15, 4150-222 Porto

DPO

Data Protection Officer

A Data Protection Officer (DPO) bears the responsibility of upholding your business's compliance with GDPR regulations. This role involves continuous oversight of all data processing activities. The requirement to designate a DPO arises when your primary operations encompass any form of data processing.

The DPO ensures necessary adjustments are implemented to align operations with regulatory standards. This includes supervising the development of privacy policies and pertinent documents, along with offering guidance on required modifications to the organization's data collection methods.

You can contact our data protection officer as follows:

Email address: dpo@promptlyhealth.com

Subprocessors

Partner authorizes the use of the following subcontractors (sub-processors) following an agreement in accordance with Article 28 (2) to (4) of GDPR:

Sub-processor	Country	Service	Sub-processor measures
Amazon Web Services	Germany	Cloud Service Provider	Shared Responsibility Measure
Mailgun	Europe	E-mail notifications	GPDR Commitment
Messente	Germany	SMS notifications	Data Handling Policy
Hotjar	Ireland	User experience	GDPR Commitment
Sentry	Europe	Application monitoring and error tracking	Security and Compliance Commitment
Mixpanel	Netherlands	Product analytics	GDPR Commitment
Onesignal	Europe	App notifications

_{Last update on September 4^th, 2023}

Who we help

Real World Evidence Network

Data Solutions

Company