The processing of patient data in ProEmpower is based on the freely given informed consent of the patient.

The processing of personal data in ProEmpower is necessary for the purpose of care delivery by means of the ProEmpower diabetes management solutions.

The request for consent shall be presented to the patient in a manner which is clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language.

The patient has the right to withdraw consent at any time.* The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the patient shall be informed thereof. It shall be as easy to withdraw as to give consent.

*See Right to object.

The patient shall be provided information relating to:

• the identity and the contact details of the controller (ProEmpower) and, where applicable, of the controller’s representative;
• the purposes of the processing of data as well as the legal basis for the processing;
• whether there is an intention to transfer their data to a third country or international organisation;
• the categories of data concerned;
• whom their data has been or will be disclosed to;
• the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request the rectification or erasure of data or restriction of processing of personal data;
• the existence of the right to withdraw consent at any time:
• the right to lodge a complaint with a supervisory authority;
• the source providing the data, where the data are not collected from the patient directly;
• whether their data will be subjected to automated decision-making,* including profiling.

This information shall be provided to the patient in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means.

The patient has the right to request for the information to be provided orally.

*See Right to not be subject to a decision based on automated processing.

The patient has the right of access to their data.

The patient has the right to obtain without undue delay and, in any event, within one month of their requests, a copy of the data undergoing processing. The period of one month may be extended by two months depending of the complexity of the request. The patient shall be informed of any such extension within one month of their request.

The copy of the patient’s data shall be provided in a commonly used electronic form, unless otherwise requested.

The patient has the right to request to access their data either verbally or in writing.

The patient has the right to obtain without undue delay the rectification of inaccurate or incomplete data.

The patient has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

The patient has the right, provided the legal conditions for this are met*, to obtain the erasure of their data without undue delay if they withdraw consent for the processing of their data.

*The further retention of the data “should be lawful where it is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.” [Link]

The patient has the right to obtain the restriction of processing of their data if:

• they contest the accuracy of the data and consequently the accuracy needs to be verified;
• the processing of the data is unlawful (consent has been withdrawn) and the patient opposes the erasure of the data
• the data is no longer required for the purposes of the processing but required by the patients for the establishment, exercise or defence of legal claims

A patient who has obtained the restriction of processing shall be informed if the restriction of processing is lifted.

The patient has the right to receive their data from the data controller, in a structured, commonly used and machine-readable format.* They have the right to transmit those data without hindrance to another data controller. Patients have the right to have their data transmitted directly from one data controller to another, where technically feasible.

*See Right of access.

The patient has the right to object, on grounds relating to their particular situation, at any time to processing of their data. In ProEmpower this right can be exercised through the withdrawal of consent.

The right to object to the processing of data and to withdraw consent shall be brought to the patient’s attention at the time of the first communication with the patient and presented clearly and separately from any other information.

The patient has the right not be subject to a decision based solely on automated processing, including profiling.

The patient has the right to be informed of the existence of automated decision-making, including profiling, where it produces legal effects concerning them or similarly significantly affects them.

Meaningful information on automated techniques shall present the logic involved, as well as the significance and the envisaged consequences of such processing for the patient.

The processing of patient data in ProEmpower does not involve automated processing, including profiling, which produces legal effects concerning the patient or similarly significantly affects the patient.