GroAssist India App

 

GroAssist^TM Privacy Policy

Last Updated:  June 2021

Pfizer Inc. and Pfizer Limited (“Pfizer”, “we”, “us”, “our”) respect your privacy. This Privacy Policy applies to the use of the GroAssist^TM mobile application (the “App”) and describes our practices in connection with the information collected through the App.

By using the App, you affirmatively consent to be bound by this Privacy Policy, and the use of your personal information as stated herein. If you do not agree to the terms of this Privacy Policy in its entirety, or have objections to the use of your User Information (as stated herein), you may not access or otherwise use the App and its offerings.

1. PURPOSE

The App allows for the monitoring and tracking of Growth Hormone injections administered by parents, legal guardians, or caregivers of patients under the age of 18 (the “Patient”). Permitted users of the App are the parents and legal guardians of the Patient (the “Primary Users”) and other caregivers designated under the sole responsibility of the Primary User (“Caregivers”) (hereinafter collectively referred to as “Users”, “you”, “your”) using the App within India.

The App is intended to be installed only on a device belonging to the Primary User and/or the Caregiver and to be used by the Users or under Users’ supervision. For more information about the functionality and use of the App, please see the Terms of Use and “Intended Use” section in the App.

2. PERSONAL DATA

“Personal Data” for the purpose of this Privacy Policy, means all personally identifiable information i.e. any information relating to a person, which, either directly or indirectly, in combination with other information, capable of identifying such person.  When you use the App, the App collects and processes Personal Data of both the User and the Patient. Some Personal Data is required in order for the App to function (such as for the creation of an account). Other Personal Data is optional and is collected only if you choose to provide it in the App, such as when you choose to designate a Caregiver or use additional functionality of the App (for instance setting reminders for injections, entering diary notes, appointment reminders or entering height and weight of the Patient to track progress).

Please note that we may also collect Sensitive Personal Data like passwords, for processing, or to be stored or processed under a lawful contract.

We are committed to keeping all Personal Data and Sensitive Data collected by us, safe at all times and ensure that such data/information is only stored in secure SQL servers that are digitally encrypted, and provide the highest possible degree of care available under the technology presently in use. Pfizer will not use your Sensitive Data for any purpose other than for such specific purposes as you have expressly consented to.

The Personal Data and the Sensitive Data of the Users and the Patient shall hereinafter be collectively referred to as “User Information”.

While most information we collect can be shared at the discretion of the Users, some User Information is required to be shared to enable the User to access certain services provided on the App (such as setting up injection timings on the profile). If you do not provide the information required by Pfizer to provide you with a specific service or feature, you will not be able to access such service or feature of the App.

3. COLLECTION AND USE OF USER INFORMATION

The App collects the User Information you choose to provide, which may include:

Primary User / Caregiver	Purpose	Patient	Purpose
Email address*	For registration, communications, updates, notifications to Users.	First name*	To personalize the app User experience.
Password*	To secure access to the App	Photo	To personalize the app user experience.
Name*	To personalize the User experience on the App.	Injection schedule (time of injection, location on body and mood of the Patient)	For scheduling and reminder functionalities offered by the App
Rewards given by the Primary User / Caregiver to the Patient (photo and/or free text field)	To allow Caregivers to designate rewards/incentives for the Patient	Height	Plotting growth on the App’s growth charts and similar tracking aids to track the progress of the Patient.
Phone number	For password reset (links, one time passwords, etc.)	Weight	Plotting growth on the App’s growth charts and similar tracking aids to track the progress of the Patient.
Rewards received by the Child (photo and/or free text field)	To allow Caregivers to designate rewards and/or incentives for the Patient	Date of birth	Plotting growth on the App’s growth charts and similar tracking aids to track the progress of the Patient.
Injection details (time, etc.)*	For scheduling and reminder functionalities offered by the App	Appointments with physician (date, time, and free text field)	For scheduling and reminder functionalities offered by the App
Diary entries (free text field)	For scheduling and reminder functionalities offered by the App using the on-device calendars, if any.	Refill time	To indicate the approximate time for dosage procurement using the native calendar of the User’s device operating system

(Please note that fields marked [*] above indicate mandatorily required information)

We use the health data you provide for the purposes we disclose to you when we request such data within the App.

If you as a Primary User invite others to be part of the Caregiver network, you represent that you have the authority to (i) permit such Caregivers to access the data collected and stored through the App, and (ii) permit Pfizer to collect and use the information pertaining to Caregivers, including to invite them (through an email or text message) on your behalf to use the App as part of the Caregiver network and further process this information as described in this Privacy Policy.

Further, when you as a Primary User or Caregiver provide any personal information of the Patient in the App (including pictures), to be processed as described in this Privacy Policy, you represent that you have the authority to do so also on behalf of any other legal representatives of the Patient, and shall be personally liable for a breach of this fundamental representation. You represent that no authorizations from third parties in relation to your authority to enter into this Privacy Policy are required, and further represent that you have obtained any such authorisations (if required) in writing, which are in force and must be provided to Pfizer at any time upon request.

4. USER INFORMATION TRANSFER AND DISCLOSURE

We will not disclose or transfer any of your Personal Data or Sensitive Data to any third parties except as expressly provided in this Privacy Policy or where we have your consent to do so. We will only share your User Information with third parties in the following circumstances:

1. To provide services such as data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, troubleshooting, data maintenance and other services. These services are primarily carried out by support teams appointed by Pfizer Inc. that are bound by strict confidentiality obligations when handling your User Information for any purpose. To ensure data security, all personally identifiable information remains masked when the information is accessed by the support teams. It is also clarified that to the extent that User data is shared for App data analytics, we will anonymize, de-identify or aggregate your data such that the data shared cannot be classified as Personal Data.
2. When necessary or appropriate: (a)To comply with applicable laws and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), (b) to respond to requests from public and government authorities (which may include authorities outside your country of residence), (c) to cooperate with law enforcement, or for other legal reasons (d) to enforce our terms and conditions, (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others, and (f) to allow us to pursue available remedies or limit damages that we may sustain.
3. in connection with any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

If you contact a local Pfizer entity either in relation to an adverse event or for support with the App (for both of which you will find the contact details in the “About” section of the App), you are not required to provide any personal information. The respective Pfizer entity you are contacting will not have access to any of the information generated or collected through the App. The Pfizer entity may ask you for specific information in relation to the Pfizer product you are using or any issue you experience with the App.

The information we collect through the App may be accessed, stored and processed in any country where we have facilities, or in which we engage service providers, and by using the App, you consent to the transfer or storage of information to countries outside of India, which may have different data protection rules than those of India.

Where we transfer or store a copy of your Sensitive Data outside India, we will ensure that it is (i) transferred basis your express consent obtained via this Privacy Policy in such form as prescribed under applicable law.

5. NON-PERSONAL/AGGREGATED DATA

We also collect certain information automatically on an aggregate basis (i.e., the information will not be identifiable to you as a Primary User or Caregiver or to the Patient), such as: 

1. Data about your device, such as screen resolution, operating system, device manufacturer and model, and language. We use this data to ensure that the App functions properly. 
2. Data about your use of the App, including content viewed, features used, number of users and sessions, and session duration.  We use this data to understand how users engage with the App and to customize and improve the App experience.
3. Analytics information is collected through a tool for mobile apps, proprietary Adobe Inc., which is embedded in the App to measure user interactions. We use this aggregated information for statistical analytics purposes only, which helps us to better understand and optimize general user engagement with the App. For more information, please go to www.adobe.com/privacy.html. 
4. User-session, your partially-masked IP address, which is automatically assigned to your device by your internet service provider.  An IP address may be identified and logged when you access the App, along with the time of the visit.  We use the partially-masked IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the App.  We may also derive your approximate location (on a city or region-level) from your partially masked IP address (which would serve to de-identify you).

We may use and disclose this non-personal and aggregated data for the purposes set out under the section ‘User Rights’ below, except where we are prohibited from doing so under applicable law. If you do not want to share aggregated and non-identifiable information for analytics purposes (including location information) with Pfizer, you can turn off this functionality in the App setting. Turning off this functionality will not affect the normal operation of the App.

6. USER RIGHTS

We do not keep your data for longer than is necessary unless we are required to do so under applicable law.  We will use your User Information only for so long as is necessary:

1. to achieve the purposes that have been specifically identified in this Privacy Policy or such purposes as having been identified in any agreement entered into with you;
2. to operate our business to comply with our legal obligations and to meet our legitimate interests in maintaining our business, including: (a) to conduct data analysis (at an aggregated level and without any processing of personal information) and audits, (b) to identify usage trends in the use of the App and analyze the effectiveness of our communications, (c) to detect, prevent, and investigate fraud, including cybersecurity monitoring and incident prevention, (d) to develop new products and services, (e) to enhance, improve, or modify our products and services, (f) to validate your ability to access or use certain products or services, (g) to better understand how our products and services impact you, (h) to track and respond to concerns, including engaging in regulatory monitoring and reporting obligations related to adverse events, product complaints, and patient safety, and (i) to operate and expand our business activities;
3. as required by applicable laws and regulations, or as may be required for evidentiary purposes;
4. as deemed necessary for tax, fraud control, or mitigation, and to conduct or aid the defence of any disputes, or claims whether potential or actual (taking into account statute of limitations under applicable laws).

You may stop all collection of data by the App by uninstalling the App and/or withdraw your consent from allowing us to collect, process or transfer your User Information.

If you would like to request to access, review, correct, update, suppress, restrict or delete any Personal Data that you have provided to us through the App, or if you would like to request to receive an electronic copy of such Personal Data for purposes of transmitting it to another company, you may access or edit your App account or use certain tools in the App (such as to delete a Caregiver and all of his/her data from the App, to delete all of the data generated with the App from Pfizer’s systems or to turn off the collection of aggregate statistical information as stated above).

If you are unable to manage your information through the App, please contact our Grievance Officer (defined below) through the contact details provided in the “Contact Us” section of the Privacy Policy. We will respond to your request consistent with applicable law.  In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it.    Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. 

7. DATA STORAGE AND SECURITY

All your User Information is stored in our data centers controlled by Pfizer Inc. in Ireland in an encrypted format and can only be accessed only by authorized individuals within Pfizer having a valid business reason to access the data. However, the data logged in the “Diary” feature of the App is only stored on the User’s device and once lost cannot be retrieved.

In the interest of the security of the data generated by and accessible through the App, the App comes with an auto-log out option. As a default, Users will be automatically logged-out of the App after 1 day, which means a daily log-in with your username and password is required in order to access the App. Users are given the option to set a longer period of the auto log-out option or to disable the auto log-out option altogether. You are advised to only consider changing the default auto log-out settings if you have a general security login for your device (e.g. through a password or fingerprint authentication).

We store all your data in an encrypted format in our data centers in Ireland and is transmitted via encrypted transmission. A periodic back up of the User Information is stored on our server in India. We maintain reasonable organizational, technical and administrative measures to protect the information you provide to us within the App. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us.

Please note that we cannot control and are not responsible for the security of your device or other apps you use on your device. The above-mentioned security measures only relate to the App and do not apply to anything you do outside of the App. When you use the option to generate a compiled report, you are advised to treat the report with care and security, for instance by only viewing the report on your device or printing the report directly from the device.

8. RETENTION PERIOD

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Policy.  The criteria used to determine our retention periods include:  (i) the length of time we have an ongoing relationship with you and provide the App to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the App Terms of Use, applicable statutes of limitations, litigation, or regulatory investigations).

If you as a Primary User or Caregiver do not access the App for 12 months, the system will email you and inform you of the inactivity. If you do not subsequently access your account within 30 days from the date of the email, all of your data will be removed from our system, including your account details. Once the data has been removed, we will send an email to you stating the data and account details that have been removed from the system.

9. THIRD-PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the data collection, use, disclosure or security practices, or other practices, of any third party, including any third party operating a service to which the App links.  The inclusion of a link within the App does not imply our endorsement of the linked service. 

10. USE BY MINORS

This App is intended to be installed and used only on a device belonging to a Primary User and/or Caregiver who are above the age of 18. Children below the age of 18 using the App (i.e. users who are minors  must only access the App under the supervision of a Primary User. As a Primary User, you represent and warrant that you have legal custody over the Patient using the App (and can demonstrate such authority to Pfizer upon request) and you consent to any personal information of the Patient collected and processed through the use of the App.

11. UPDATES

From time to time, we will update this Privacy Policy.  Any changes will become effective when we post the revised Privacy Policy in the App.  We will provide you notice of amendments to this Privacy Policy, as appropriate,  and update the “Last Updated” date at the top of this Privacy Policy. Your continued use of the App following these changes means that you accept the revised Privacy Policy, as amended. You are encouraged to review this Privacy Policy from time to time. 

12. CONTACT US

The company responsible for determining the collection, use, and disclosure of your Personal Data under this Privacy Notice is Pfizer Inc (as the data fiduciary) and Pfizer Limited (as the primary data collector). If you wish to (i) request deletion of the User Information you have provided to us, from our records, (ii) correct or update the User Information, (iii) raise any queries or concerns regarding the purpose of retention, end-use(s) of the User Information, or (iv) report a breach of this Privacy Policy, please contact our grievance officer Samir Kazi (“Grievance Officer”)  at samir.kazi@pfizer.com, or write to the following address:

Pfizer Limited
The Capital,
1802, 18th Floor
Plot No. C-70, ‘G’ Block
Bandra Kurla Complex, Bandra East
Mumbai – 400051.

Our Grievance Officer is accessible between 9 AM to 5 PM IST on weekdays (except public holidays) and will address Your queries or grievances within one month from the date of receipt of such queries or grievances.

To the extent you are exercising any of your rights under applicable law, we will respond as soon as possible, and in any event within 30 days or in accordance with the timeframe permitted under applicable law. You have the right to file a complaint with the Data Protection Authority once constituted, against the refusal to hear a complaint or dissatisfaction in the manner in which the complaint was resolved. For your protection, we may only implement requests with respect to the Personal Data associated with the email address that you use to send us your request, and we may need to verify your identity before implementing your request.

Copyright © 2021 Pfizer Inc. All rights reserved