Antibiogo
privacy policy
Jump to section
Why write a privacy policy?
Privacy policies are rarely written to be read by people. Writing our own, we tried to make it as accessible and comprehensive as possible. By providing its service, the Antibiogo mobile app deals with data, sometimes personal identifiable information, and sometimes health data. This privacy policy aims to explain why and how we process data of any form.
Disclaimer: the Antibiogo mobile app is currently under clinical evaluation and in vitro Diagnostic Medical Device (IVDD) certification (98/79/EC). This means that the app is not yet available publicly, nor is in its final clinical use form. Thus, this privacy policy is subject to change accordingly.
Updated on May 18, 2022
Our mission
Antibiogo is a mobile app that supports non-expert laboratory technicians in low resource settings in measuring and interpreting Antibiotic Susceptibility Tests (AST), to help clinicians prescribe accurate antibiotics.
We aim to be available to most contexts. The app is and will remain free. And, can fully work offline.
On a global level, Antibiogo aims to help tackle antimicrobial resistance, following the World Health Organization’s Global Action Plan​.
Our key principles on data privacy
Type of data collected and usage
There are 3 distinct types of data collected through use of the application.
AST data
Usage: Data that pertains to the main diagnosis flow of the Antibiogo. These are all used as input to generate the AST results.
This data is mostly anonymous, except for:
The other data types cannot be used to identify the patient on their own. Nevertheless, they can be combined with others to facilitate with identification.
Lab technician names do not follow the 30 days deletion rule. They are locally saved as long as one of the AST present in the app use the name. Any AST deletion, app uninstall or storage reset will remove this data from the app.
Note: When sending results to the clinician, the user is invited to enter the associated patient ID. This ID is printed on the PDF that is generated to be sent, but the app does not store patient ID.
Legal basis of the processing: the processing is necessary in order to protect the vital interests of the data subject, namely the patient.
App usage and interactions
Usage: These are data that relates to user interactions with the app user interface (UI), such as clicking on a specific visual element or visualizing a screen of the app. This data is used to understand how the app is being interacted with and whether the features work as intended for users.
This data is anonymous (no user identifier).
Legal basis of the processing: the processing is necessary for the purposes of our legitimate interests, taking into account the interests or fundamental rights and freedoms of the data subject.
Technical data
Usage: Data that reflects the software performance of the application and helps the development team ensuring a healthy state throughout the app evolution.
This data is anonymous (no user identifier).
Legal basis of the processing: the processing is necessary for the purposes of our legitimate interests, taking into account the interests or fundamental rights and freedoms of the data subject.
Data hosting
Data hosting
Our data are stored on Google Cloud Platform. Their service claims that GDPR compliance is a top priority for them, and detail how they do it here.
Google Cloud is also a HDS-certified host, meaning that companies that work with and in the French healthcare industry and that comply with France's General Security Policy for Health Information Systems (PGSSI-S) can confidently exchange, store data, and run workloads pertaining to French PHI on Google Cloud Platform.
Our data is hosted in European Union. Servers hosting them are located in the Netherlands and Finland.
Services accessing to data
We use external services to provide our own. This means that partners can access some data that we choose to communicate with them. These transfers can only occur in the context of operations that we mentioned earlier. These operators are bound by their own privacy policies and subject to GDPR as contractors of Antibiogo.
Security measures
Local app storage is secured using Room native Android service. The system prevents other apps from accessing these locations, and on Android 10 (API level 29) and higher, these locations are encrypted.
When a network connexion is available, data collected from the app is transferred to the server. It serves for optional features such as AST approval, and to improve the operation of the app. In this context, we add extra layers of security:
Your rights on the data
For any questions concerning the security and processing of personal data, or to allow you to exercise your rights of access, rectification, deletion, withdrawal of consent, limitation of processing, objection to processing or right to portability, you can contact us and our Data Protection Officer (DPO) at hello@antibiogo.org.
If you feel like your rights haven’t been properly addressed, you have the right to complain to a data protection authority of your choice.