What if Doctors had more Time to listen?

We are transforming the waiting room experience to give time back to clinicians and patients.

Privacy & Data Policy

Privacy & Data Policy

Data Protection Policy for Wavescope Ltd

1. Introduction

Wavescope Ltd ("we", "us", or "our") is an Irish company based in Dublin, Ireland. We are committed to protecting the privacy of individuals ("you" or "your") whose data we collect in connection with the development and testing of our Class II medical device, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable Irish and European Union law. This Data Protection Policy explains the types of data we collect, how we use it, and the steps we take to protect it.

2. Types of Data We Collect

We will only collect the minimum amount of personal data necessary to fulfill the purposes outlined in this policy. The types of data we may collect include:
  • Personal Data: This includes information that can be used to identify an individual directly or indirectly, such as name, contact information (email address, phone number), and date of birth (limited to year of birth for clinical trials).
  • Technical Data: This includes information about your device that interacts with our medical device, such as IP address, operating system, and browser type. We will never collect data that can be used to identify you through your device.
  • Usage Data: This includes information about how you interact with our medical device, such as the features you use and the anonymized data it collects about your health condition (with your explicit consent).

3. How We Use Your Data

We will only use your data for the following purposes:
  • To develop, test, and improve our Class II medical device, in accordance with relevant regulatory requirements.
  • To provide you with technical support related to our medical device.
  • To comply with legal and regulatory requirements applicable in Ireland and the European Union, such as those related to product safety and pharmacovigilance.
  • To conduct research and development activities to improve our medical device, but only after anonymizing your data unless we have your explicit consent.

4. Lawful Basis for Processing Data

We will only process your data where we have a lawful basis to do so under the GDPR. The lawful basis will depend on the specific type of data and how we are using it. The lawful bases we rely on may include:
  • Consent: We will collect your personal data with your explicit consent for a specific purpose, such as participating in a clinical trial. You have the right to withdraw your consent at any time.
  • Contract: We may process your data to fulfill our contractual obligations to you, such as providing technical support for our medical device.
  • Legal Obligation: We may need to process your data to comply with a legal obligation, such as reporting a safety issue with our medical device to the regulatory authorities.
  • Legitimate Interests: We may process your anonymized data to pursue our legitimate interests, such as improving the safety and efficacy of our medical device. However, we will only do this if your interests and fundamental rights do not override our legitimate interests.

5. Data Minimization

We are committed to the principle of data minimization and will only collect and process the minimum amount of data necessary for the purposes identified in this policy.

6. Data Security

We take appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include:
  • Implementing strong access controls to limit who can access your data.
  • Encrypting your data at rest and in transit.
  • Regularly reviewing and updating our security measures.

7. Data Retention

We will retain your data for no longer than is necessary for the purposes for which it was collected. We will then delete your data securely in accordance with best practices.

8. Your Rights under the GDPR

You have a number of rights under the GDPR in relation to your data. These rights may include:
  • The right to access your data and obtain a copy of it.
  • The right to rectify any inaccuracies in your data.
  • The right to erasure of your data (also known as the right to be forgotten), unless we are required to retain it by law.
  • The right to restrict the processing of your data.
  • The right to object to the processing of your data, including for marketing purposes.
  • The right to data portability (to receive your data in a machine-readable format and transfer it to another controller).
For more information about your rights under the GDPR, you can visit the website of the Irish Data Protection Commission https://www.dataprotection.ie/.

9. Children's Privacy

We do not knowingly collect data from children under the age of 13.

10. International Transfers

We will not transfer your data to countries outside of the European Economic Area (EEA) unless there are adequate safeguards in place.