Thru My Eyes Privacy Statement
Version: January 14, 2019
1. General Purpose of this Privacy Statement
We at ProQR Therapeutics N.V. (ProQR) want to deliver you a simulation of various visual diseases, based on various preconfigured settings representing different visual impairments, which you as user can adjust yourself. By using the app Thru My Eyes data is processed by (and on behalf of) us. Some of this data can be qualified as Personal Data: data which is related to an identified or identifiable living person.
This privacy statement explains how ProQR processes your Personal Data.
2. Who We Are
ProQR is a publicly traded company. Our headquarters is located at Zernikedreef 9, 2333 CK Leiden, The Netherlands.
ProQR has a Data Protection Officer (DPO) who can help you with any questions related to your privacy. You can reach our DPO at: dpo@proqr.com
3. What Personal Data Is Collected from You?
The following categories of data are processed by Thru My Eyes, some categories of data include Personal Data:
Automatically generated data: By using the app, various automatically generated data are provided by your device, including information on your device (including the type of device, operating system and the browser used) and various meta-data (including IP-address, device ID, MAC address). Which information is provided by your device, depends on your device, its operating system and setting(s). Using ad-blockers or disabling the use of cookies will limit some information being processed.
Contact details: If you contact ProQR (for example customer service or the Data Protection Officer) in relation to your use of Thru My Eyes, any information that helps us to contact and correctly address you and will help you with your questions, is processed to enable us to help you.
4. For What Purposes Do We Process Your Personal Data?
a) Analytics: Automatically Generated Data is processed for the purpose of generating aggregated statistical information that helps us improve the app (including identifying technical issues and improving compatibility) as well as business purposes (including market analysis, business reporting and identifying business opportunities).
b) Customer service: Any Contact details you provide us are used to enable us to respond to your questions.
5. Legal Grounds
a) If you contact us for customer support, we process your Contact Information upon your request.
b) For Analytics, we aggregate Automatically Generated Data. The processing required to aggregate the aforementioned data, we do based on our legitimate interest of providing a commercially viable and correctly functioning application, for which the privacy impact is limited as we only analyze data which has limited privacy impact and has been aggregated in a way they are (no longer) identifiable to a specific person.
6. Recipients of Your Personal Data
a) Internally: Our employees will only access your Personal Data if they are required to do so in the line with their job, only when necessary to do so and any such Personal Data will be bound by confidentiality. Technical developers can access Automatically Generated Data entered into the system due to the nature of their job. Communication/customer support can only access your Contact Information in order to be able to answer your questions. Analytics based on statistical analysis of Automatically Generated Information is only shared after it is aggregated and thus no longer Personal Data.
b) Externally: Automatic Generated Information is stored on the servers of our hosting provider. Employees of our hosting provider can access aforementioned data, but will only do so in line with their job and only when necessary to do so. All employees at this company are also bound to strict confidentiality.
7. International Transfers
Automatic Generated Data for Thru My Eyes are stored with ProQR’s hosting provider, which is located in The Netherlands.
8. Storage Duration
Contact details are stored for at least the time required to answer your questions.
9. Data Subject Rights
You have certain rights related to your Personal Data, as is mentioned here. To request for the use of any of your data subject rights, you can contact our Data Protection Officer at dpo@proqr.com.
It is possible, that, due to legal requirements, we are not always able to fully comply with your request, for example: erasing Personal Data which we are required to retain due to legal obligations, in which case we will indicate this (unless we are not legally allowed to do so).
We will handle all requests related to data subject rights within 30 days, this period can be extended to an additional 30 days because of the amount of complexity of requests, and if this extension will apply, we will provide an announcement and the reasons during the initial 30 day term. Any regular requests related to your data subject rights will be handled free of charge to you.
If you feel we have not correctly handled your privacy, you have the right to lodge a complaint to a competent European data supervision authority. Please click here to find information on all data supervisory authorities in Europe.
You may exercise the following rights:
Right to Access: You may request information on the content of your Personal Data that is processed by us, why they are processed and to what end, as well as the period of processing and retention. In many cases, we will refer you to this Privacy Statement for some of this information, as a large amount of this information is included here.
Right to rectification, erasure and restriction: In case of inaccurate Personal Data, you may ask this data to be corrected, amended or supplemented; you also have the right, under certain circumstances, to demand that your Personal Data will be erased, or restricted from being further processed. Be aware though, that having your Personal Data erased or restricted could result in us being unable to further or correctly provide you a fully functional app.
Right to data portability: You have the right to receive your Personal Data, under certain circumstances, in a structured, commonly used and machine-readable format and you can transfer it to another controller.
Right to object and opt-out: You have the right to object to the processing of your Personal Data. For Personal Data processed for marketing purposes (in our case: mailing lists subscription), opt-out will be made available at any time, and opt-out links are included in any e-mail send to you.
Personal Information of Minors
Thru My Eyes is not intended for minors (children under the age of 16) and we do not knowingly collect information related to minors. Minors should only use Thru My Eyes with their parent’s or guardian’s permission. If you are the parent or guardian of a minor who you believe has submitted Personal Data using Thru My Eyes without your permission, you can contact our Data Protection Officer at dpo@proqr.com.
Security
We have implemented the necessary technical and organizational measures to ensure the protection of Personal Data processed by Thru My Eyes.
As mentioned at Recipients of your personal data above, both internal and external parties which receive your Personnel Data are bound by confidentiality and obligated also to apply all necessary technical and organizational measures to ensure protection of your Personal Data.
Furthermore, our personnel receives regular training on data protection, including basics on information security.
The servers on which your Personal Data is stored are protected by both using technical measures (including firewall technology, regular patching and vulnerability scanning) and as well physical security (including access control) and also backups are regularly made.
Questions?
For any remaining questions, you can always contact our Data Protection Officer, at dpo@proqr.com.