Tellu has been developed based on the principles of embedded privacy. This privacy statement provides an explanation of how the privacy of users and service providers is protected when using the Tellu service. Information about the treatment of user data should be clear and easily accessible, providing users with a comprehensive understanding of how their information is handled. If users have any questions regarding this statement or the handling of their personal data, they should contact the healthcare facility responsible for the Tellu service. Detailed information on data processing and privacy measures is available to healthcare facilities through Tellu's service description and data processor terms.
Purpose of processing personal data
Tellu is a service designed to monitor events related to the use of Welfare Technology for individuals receiving healthcare services from a healthcare organization. This could include home care services or an institution that follows up on alerts and scheduled inspections. The service recipient agrees and enters into an agreement with the healthcare organization regarding usage.
Legal basis for processing personal data
The processing and conditions of processing of personal data are regulated by the following laws:
The Patient and User Rights Act grants individuals the right to necessary health and care services (which may include welfare technology) from the municipality and specialized health services. The law also gives the patient's closest relatives the right to information if the patient consents to it.
The Health and Care Services Act imposes on the municipality the responsibility to provide necessary and adequate health and care services.
The Health Personnel Act imposes on healthcare professionals a duty to document healthcare in the journal.
The Personal Data Act and the General Data Protection Regulation (GDPR) impose on healthcare providers (Data Controllers) and suppliers (Data Processors) the obligation to properly manage personal data, including the need for personal integrity, privacy, and sufficient quality of personal data.
The Patient Journal Act requires healthcare facilities to facilitate quick and efficient access to necessary information with good quality, as well as ensuring patient and user privacy, patient safety, and the right to information and involvement. The law protects against unauthorized access to health information.
Responsible for data processing
Healthcare organizations are responsible for providing healthcare and/or care services to their residents/patients and are accountable for all processing of personal data related to the service. This data responsibility entails implementing measures to ensure that unauthorized access to personal information is prevented. Healthcare organizations are also responsible for assessing the privacy implications for each individual before implementing the service.
Rights of the Individual/User
The individual/user has the right to access their own information and treatments. This includes general personal data, a log of who has accessed their personal data, a log of who provided healthcare, access logs, and more. The healthcare organization is responsible for data processing and must uphold the rights of the individual/user. The individual/user has the right to have incorrect information corrected and to have any information they believe should not have been registered deleted. If this is the case, the individual/user should contact the healthcare organization responsible for the service.
The individual/user, as the registered individual according to GDPR, interacts with the healthcare organization's privacy officer.
Personal information that is recorded or collected
The Tellu service can be used with both direct personal identifying information and based on pseudonyms. It is the healthcare organization that decides how the service should be used for its purpose and registers any personal information. The service collects an overview of all usage of the application, sensors, and cameras for the solution's event log. Tellu does not collect personal information from images or videos from the camera. Automatic image analysis, such as motion detection, is only done locally in the camera.
|Special categories of personal data: health information
|Personal information about the healthcare organization's own healthcare workers:
Username, complete name, date of birth, national identification number, personal identification number, organization, zones and roles, log of changes, log of accesses, telephone number, and email address. Location.
Personal information about the resident/user:
Well-being technology or medical equipment and services associated with residents/users in TelluCare:
Measurements, notifications, and events from medical or welfare technological equipment, including historical data:
Video and audio transmission of meetings and supervision - encrypted and not stored:
|Facial biometric data extracted from the video stream
Processing of personal data
The following provides an overview of how personal data is handled: The Tellu service can be accessed from a service phone set up by each healthcare provider. Service providers can log in using the public ID portal or other high-security login methods, such as username/password. If the service provider uses a username and password, it can only be done from pre-approved devices identified by IP address. The service has role-based access control, allowing healthcare providers to limit access to functionality and personal data according to the needs of healthcare personnel. No personal data is stored on the service provider's mobile phone. All communication with the service's central data solutions is encrypted. Communication with the camera is also encrypted. Data analysis of images/videos, such as motion detection, is done locally in each camera. Only event notifications are communicated further. All access to personal data, including camera usage, is logged in the solution's event log in Tellu Admin and is continuously accessible to healthcare providers. All personal data is stored in the EU/EEA.
Location tracking on service phones
Tellu is utilized on service phones in relevant healthcare facilities. The responsible party at the healthcare facility evaluates whether to use location tracking on the service phone for the following purposes:
- To show the distance and provide directions to the user's location
- To automatically register when the service provider arrives at the individual in need of assistance
Tellu only stores the timestamp when the service provider arrives at the user's location. This is achieved by defining an area within 100 meters of the user's home or current location.
Tellu's role as a supplier and data processor
Tellu serves as the healthcare facility's supplier of software and equipment and acts as the Data Processor according to the data processing agreement between Tellu and the healthcare facility. Tellu has developed the service and provides ongoing operational services, but has no access to personal data unless the healthcare facility submits a written request for technical assistance. Tellu is responsible for following up and ensuring the security of personal data with its subcontractors.
Microsoft is the owner and operator of data centers, hardware, and data backup services. Personal data is stored encrypted to ensure maximum security. Microsoft provides support for Infrastructure-as-a-Service (IaaS) with skilled personnel from various countries, but they do not have access to the encryption keys.
Amazon Web Services (AWS) is the owner and operator of data centers with backup data. Personal data is also encrypted for enhanced protection. AWS supports IaaS and has a team of professionals from different countries, but they do not have access to the encryption keys.
When utilizing Response Center Services:
Skyrespons is the owner and operator of a platform and software for response center services. They retrieve information about residents/users from Tellu for relevant healthcare facilities when following up on events. Access to this information is controlled based on roles and associated rights. The personnel at Skyrespons do not have access to personal data unless there are written requests from Tellu for support or troubleshooting on behalf of the healthcare facility.
When utilizing safety alarms and other sensors:
Legrand is the owner and operator of software for configuring and monitoring personal gateways. Various types of welfare technology are connected to the gateway and alert healthcare personnel during events. Legrand's solutions do not involve any communication or storage of personally identifiable information.
When utilizing the Mobile Safety Alarm:
Safemate is the owner and operator of software for configuring and communicating with the Mobile Safety Alarm from Safemate. Safemate's operational staff does not have access to personal information unless there are written requests from Tellu for support or troubleshooting on behalf of the healthcare facility.
When utilizing camera supervision:
Axis Communications is the provider and operator of software for camera configuration and communication. The personnel at Axis do not have access to personal data unless there are written requests from Tellu for support or troubleshooting on behalf of the healthcare facility.
Morphean is the owner and operator of a video streaming service. No personal data is stored, only transmission occurs.
When utilizing Medication Dispensers:
Evondos - Owns and operates software for configuring and communicating with the medication dispenser Evondos E300. Evondos' operational staff does not have access to personal data by default. However, for support or troubleshooting on behalf of the healthcare facility, certain Evondos employees may occasionally be granted access to personal and health information. These access instances are logged in the authorization and activity log, along with the logs of other employees.
Dignio - Owns and operates software for configuring and communicating with the medication dispensers Karie, Medido Clock, and Pilly. Dignio's operational staff does not have access to personal data by default. However, for support or troubleshooting on behalf of the healthcare facility, certain Dignio employees may occasionally be granted access to personal and health information. These access instances are logged in the authorization and activity log, along with the logs of other employees.
If you, as a citizen/user or a relative, suspect any mishandling or problematic treatment of personal data in the service, you should report it directly to the healthcare organization responsible for the healthcare in which this service is involved. The healthcare organization, as the data controller, is responsible for addressing any issues that may arise.
If you, as a service provider using Tellu in your daily work, suspect any mishandling or problematic treatment of personal data in the service, you should report it to the responsible person in your healthcare organization.
If you wish to contact our privacy officer, you can do so by using this email address: email@example.com.