Thank you for your interest in the Zero Bleeds platform made available as a piece of software (the “Software”). This Software is owned by Shire plc with address at 5 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Shire”), and operated by Shire and/or ENSO Studios Pty Ltd with the address 4 Kyabra Street, Newstead, Queensland 4006, Australia or other service provider as listed on the Zero Bleeds website (https://zerobleeds.com.sg) (hereinafter: “Service Provider”, “our” or “us”), and is provided to you on behalf of your hospital or other healthcare establishment ("Establishment"); your Establishment is responsible for any information entered into the Software.
The Software assists healthcare professionals (“Users” or "You") in monitoring patient bleed incidents, medication infusions and treatment regime. The Software provides a mobile app and web interface for patients to record their treatment information and share these with the Establishment. In order to use the Software, each User needs to set up a personal account. Users can log-in to his/her account by using an assigned User ID and password.
Shire, with the address referred to above, is the data controller of the User's personal data including Personal Information (defined below) collected through a User's registration for and use of the Software, and stored and processed in a data file notified, if applicable, with the competent Data Protection Agency.
Overview of Information we Collect and How we Use It:
Use of the Software requires the User to enter the following information about himself/herself: (i) first, middle (optional) and last name; (ii) salutation; (iii) email; and (iv) phone number. This information is collectively referred to herein as “User Personal Information.”
Use of the Software also requires patients to share their personal and treatment information (“Patient Information”). Specifically, the patient may opt to share (i) first name; (ii) middle name (optional); (iii) last name; (iv) email; (v) phone number; (vi) bleed related information (time, date, site of bleed, image of bleed, severity of pain etc.); (vii) infusion/treatment related infusion (time, date, product used, dose administered, product information such as lot number, etc.); and (vii) schedule and treatment regime and goals (schedule for infusions, Annual Bleed Rate, etc.). The requirements for the above data may vary by country (depending on which country the User accessing the Software is established) but shall not exceed the above listed information. Shire obtains patient consents for Patient Information through the Software. Patients may also opt through the Software to share their Patient Information with the Establishment.
How Information is Collected
Active Information Collection
At certain information collection points, You will be asked or have the possibility to provide User Personal Information or certain Patient Information as described herein. By providing such Patient Information, You are confirming that You will use such Patient Information in compliance with applicable law. By providing such User Personal Information, You are confirming that (a) You have consented to the Acceptance Statement in compliance with applicable law; and (b) such Acceptance Statement shall be consistent with the form and content of the sample authorization that SHIRE makes available to your Establishment upon Establishment registration.
User Personal Information is collected by at the following information collection points:
- User Profiles: User Personal Information is collected through a User's registration form and use of the Software or through the Practice Administrator's request for a User to access the Software. For this purpose, the following information regarding each User needs to be provided: (i) first, middle (optional) and last name; (ii) salutation; (iii) email; and (iv) phone number. Patient Information is collected at the following information collection points:
- Patient Profiles: Patients who choose to participate in the use of the Software can create profiles containing personal information and share their treatment data with the Establishment. For this purpose, the following information needs to be provided by the patient: (i) first name; (ii) middle name (optional); (iii) last name; (iv) date of birth; (v) email; (vi) phone number; (vii) body weight; (viii) bleed and infusion related information, including but not limited to, site of bleed/infusion, date and time of bleed/treatment, images, product and dosage information). The requirements for the above data may vary by country (depending on which country the User accessing the Software is established) but shall not exceed the above listed information.
Passive Information Collection: Cookies
For additional information on cookies, we recommend clicking on the following http://www.allaboutcookies.org/manage-cookies/index.html.
Internet Protocol (IP) Addresses Your use of the Software indicates your consent to the viewing and collection of the Internet protocol (IP) addresses (including date and time) of the devices You use to utilize the Software. IP addresses are unique identifiers automatically assigned to each electronic device when logging onto the Internet. IP addresses allow us to identify your individual computer network and enable us to collect much of the same information we collect through cookies, including browser-type, what pages You visit, and how long You stay on the Software. In general, IP addresses allow us to provide basic functionality, identify problems with our servers, and improve the functions of this Software.
Users may allow, block or remove cookies installed on their computer or device by changing the configuration of the used browser. For information on how to manage your cookies please see https://www.shire.com/legal-notice/cookies.
If the Software malfunctions, Shire will likely need to access Users' personal data in order to assess and fix the fault. SHIRE's use of Users' personal data is always associated with use of the Software. It is necessary for SHIRE's legitimate interests to use Users' personal data in order for SHIRE to support the provision of the Software to your Establishment and this use shall not jeopardize the fundamental rights and freedoms of individuals.
The Patient Information collected is processed, used and disclosed as indicated in the patient consent form and at the request of the Establishment.
How we share data with third parties
Except as specified and only when permitted by applicable law, neither User Personal Information nor Patient Information will be sold, leased, transferred, transmitted, shared, or otherwise accessed by or to any third parties other than to third parties who process User Personal Information and Patient Information to provide technical support services or, at the request of the Establishments, to processors on which SHIRE relies to perform certain aspects of these processing activities and to affiliates of the SHIRE Group. In addition, SHIRE may disclose such information where necessary to successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganization in which SHIRE participates; to respond to appropriate requests of legitimate government authorities, or where required by applicable laws, court orders, or government regulations; or where needed for corporate audits or to investigate or respond to a complaint or security threat.
International Data Transfers
Information may be disclosed, stored and processed in any country where SHIRE has established operations including where SHIRE may engage service providers. This may involve overseas transfers, disclosures or transmissions of your User Personal Information to countries which do not have data protection or privacy laws considered to be equivalent to those under your applicable local law. Further information about the countries and service providers where data is transferred or transmitted to can be found on the website associated with Zero Bleeds (https://zerobleeds.com.sg). Your data may therefore also be accessed by service providers who assist SHIRE in the resolution of purely technical issues. Where service providers are based outside of the country in which You reside in countries which do not have data protection or privacy laws considered to be equivalent to those under your applicable local law, such service providers are required by SHIRE to implement appropriate safeguards to ensure that your data is adequately protected. You may contact SHIRE should You wish to obtain a copy of the appropriate safeguards that are in place. SHIRE shall retain Users' personal data only for as long as the User is approved by the Establishment's Practice Administrator. Otherwise upon notification that they are not so approved, SHIRE shall securely delete or effectively de-identify Users' personal data.
Access to Information
Your User account information is accessible by using a password that You select. Each Practice Administrator is responsible for the access and maintenance of its own Establishment information, including User Personal Information and Patient Information, which can be accessed via your User ID.
We maintain reasonable and appropriate physical, electronic and procedural safeguards designed to protect User Personal Information and Patient Information. According to applicable law, SHIRE ensures that required local "basic level" security measures are implemented via the Software. While we work very hard to protect your privacy, no method of security is 100% effective, and, as far as permitted under applicable law, we cannot be responsible for the actions of those who may gain unauthorized access to your information. As far as permitted under applicable law, SHIRE makes no warranties, express, implied or otherwise, as to the ultimate effectiveness of its reasonable and appropriate safeguards.
Agents, contractors or other processors or sub-processors of SHIRE who administer the Software and have access to User Personal Information and/or Patient Information in connection with providing services for SHIRE are required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for SHIRE.
One way we protect User Personal Information and Patient Information is through User ID and password. This safety measure is only effective if You protect the secrecy of both your User ID and password. You acknowledge that You are solely responsible for any unauthorized use of the Software conducted via your personal User ID or password. If at any time You have reason to believe your User ID or password may have been compromised or subject to unauthorized use, contact us immediately.
We take other steps to secure User Personal Information and Patient Information against loss, unauthorized access, use, modification or disclosure and other misuse. For example, any User Personal Information and Patient Information You provide is sent by a secure link using encryption. Encryption is the translation of data into a secret code. To read an encrypted file, You must have the key that allows You to read it, so that even if someone were able to obtain the data, they would not be able to make sense of it.
THIS SOFTWARE IS ONLY INTENDED FOR USE BY LICENSED HEALTHCARE PROFESSIONALS AND PATIENTS.
Your rights of access, rectification, erasure, restriction and objection: You have the right to object to processing of User Personal Information and to request SHIRE to delete Your User Personal Information. If You choose to do so, You will no longer be able to use the Software. You also have the right to obtain access to the personal data we hold about You and to obtain a copy. You also have the right to require the rectification or erasure of data that is incorrect, incomplete, or outdated or to restrict the processing of your personal data. You also have the right to request to see evidence of your consent.
If You are concerned about the use of your personal data, You have a right to complain to your local data protection authority.