If you are a Philips employee, please reference General-Privacy-Notice-for-employees
If you are invited to use Reacts for remote customer technical and application support as well as for education and training services, this notice is an addendum to the Philips Privacy Notice
Reacts Privacy Notice
This Privacy Notice was last updated on February 23, 2022
The Reacts (“Reacts”) product which is comprised of a Windows, Web, and Mobile Applications (“Services”), which can be integrated into Philips medical devices also known as Collaboration Live, enables an integrated communication platform that allows users to remotely collaborate in real-time to help improve the efficiency and quality of interactions between members of the health care team. Depending upon the Reacts platform used and the role assigned to you, different functionalities and capabilities may be made available. This Privacy Notice is meant to help you understand our privacy practices, including what data we collect, why we collect it, and what we do with it.
In providing you Services,
a) Philips acts as a data controller when providing Education Services or Remote Support Services as outlined in your Services Entitlement Agreement.
b) Otherwise, Philips acts as a data processor to our business partners, the health care provider or the account administrator of the Organization you belong to (acting as data controller) who will provide its own privacy notice to you.
This Privacy Notice applies to personal data collected or processed through the Services, which is controlled by or under control of the Philips legal entity in which your Services Entitlement Agreement was signed by, or any of its affiliates or subsidiaries (“Philips”, “our”, “we” or “us”), as the data controller. This Privacy Notice also provides additional information regarding the processing of the personal data when Philips is acting as the data processor.
Who is the Data Controller?
Philips is the Data Controller for Personal Data processed as part of Registration and Subscription and Personal data shared by Philips in conjunction with the servicing, training, or education services provided to the Customer.
The Customer is Data Controller for any Personal Data processed as part of Peer-to-Peer usage of Reacts. The Customer is also Data Controller for Personal Data obtained from their systems through the use of Reacts when Reacts is used for Education or Remote Service purposes. For this processing of Personal Data, Philips acts as Data Processor.
We receive or collect personal data, as described in detail below, when we provide you our Services, including when you access, download and install Reacts. We may use this personal data to perform the Services requested by you based on your consent, as a contractual necessity, to operate, provide, improve, customize, support, and market our Services based on our legitimate interest, or to comply with a legal obligation to which we may be subject. If you do not want us to collect and process your personal data, you may not be able to use Reacts.
To register for Reacts, you will receive an invite which will request you to register for the Services. You will be asked to validate your country of residence, first name, last name and email address that will be associated with your Reacts Account after your registration. Your user account may be provided by the Organization that had provided you access to the Services. The personal data collected is used to ensure that you will have access to your Reacts Account and your Reacts Subscription(s). We collect your country of residence information to ensure we can comply with local regulatory requirements.
You control the use of Reacts functionalities and the personal data that may be processed or saved during its use. If you use the following features, personal data will be stored in an encrypted manner to the Reacts servers located in Canada as well as locally on your device for iOS, Android and Windows Applications:
- Chat;
- Library (if personal data is included as part of the asset); and
- User Account and User Profile.
The mentioned Reacts Functionalities can be leveraged by the Customer, but also by Philips alongside its Services:
- Remote Support Services: Reacts can be used to diagnose potential issues or questions regarding Philips equipment on-site at a customer or distributor location.
- Education Services: Reacts can be used to provide training regarding the use of the Philips equipment.
To use the Reacts platform, a Philips employee, such as a remote service engineer, a remote clinical engineer, a technical support specialist or a trainer, will set a collaboration with one or more participant(s), which can be invited directly or by setting an appointment.
Audio/Video data
As it pertains to the Audio/Video functionality, which is encrypted streaming and volatile data, you control the use of this functionality and the personal data that may be processed. For environments where Peer to Peer (“P2P”) connections are not possible, the streams will transmit by the Reacts servers located in Canada. Streaming data is not stored at any time during the processing.
Philips collects information about the devices accessing the Services, such as the IP address and other information about the type of devices, operating systems and versions, the mobile Internet Services Provider (ISP) as well as your mobile device language and country. The type of device used and its settings determine the type of data we collect for troubleshooting issues.
You may provide us with information related to your use of our Services, including your interaction with Philips, and how to contact you so we can provide you customer support. We operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We also use your information to respond to you when you contact us.
Philips may contact you for Services-related Communications, such as: (i) update(s) to the Services, Terms, Notice or any other legal matter, (ii) scheduled downtime for maintenance and/or upgrades of the Services, (iii) notification(s) relating to your Reacts Account or Reacts Subscription(s) such as, Subscription expiration or Subscription renewal, (iv) Reacts Account locked do to too many failed login attempts, (v) reception of a contact invitation and/or a chat messages while you were offline, (vi) reset password, (vii) purchase confirmation or (viii) if Philips suspects a problem that could impact the security or privacy pertaining to your use of the Services. This purpose does not require an additional collection of personal data. However, in order to receive those communications in a timely manner, you have to ensure that your Reacts Account Information are accurate. Philips can leverage the notification features as available by your device to transmit you Services-related communications. Those notifications may be controlled directly via your device’s preferences.
The Services may request your permission to access your device’s storage capabilities, sensors or other features. We require access when strictly necessary to provide the Services as detailed below:
· Cellular Data/WiFi. The Services require internet connectivity to operate. You can at any time block Cellular Data/WiFi connection through the settings of the device.
· Files. The Services requires access to the device's storage to operate (e.g., manuals, graphics, media files, or other large program assets). If you delete the app, the Files will be deleted from your device.
· Media. The Services may request your permission to access your camera, your microphone or other data (e.g. photos, or documents) on your device only upon your request and consent to provide you the Services.
In some cases, your operating system may request permissions that your device needs for technical reasons, but that are not controlled or used by Philips. We will not collect any data associated with such permissions unless required to provide our Services in accordance with this notice.
You may block or revoke these permissions at any time under the settings of your operating system.
When you are purchasing Reacts Subscription(s) not in combination with other Philips products, additional personal data may be required if you are responsible for the Subscription Fees such as professional contact information, organization information, and geographical location. Please note that Philips does not directly collect any information about your methods or instruments of payments, such as your credit card number and/or other banking information. However, if you provide to the Payment Provider your credit card details, the last four digits of the credit card number are stored and associated to your Reacts Subscription(s) and will be included in your Reacts Account Information. Philips will have access to some of your financial information, such as the purchase history associated to your Reacts Account. The data collected is used to process your transaction(s). When there is a purchase related to the Services, the financial information is supplied to a third-party Payment Provider, independent from Philips. This provider may request additional information from you to facilitate the processing of your payment(s).
We do not use cookies, tags or similar technologies in Reacts. However, we use Strictly Necessary cookies for the Services, which encompasses general information concerning the Services as well as a section for you to register and/or access to Reacts or its customer dashboard.
We use aggregated data to analyse the performance of the Services. Only when strictly necessary, we may use the following Personal Data, IP address and User ID, to ensure that the Services are working as intended as well as for legal and security purposes.
Philips may disclose your personal data to third party service providers, business partners, or other third parties in accordance with this Privacy Notice and/or applicable laws.
Affiliates
Your data may be shared with other Philips affiliates who are part of the Philips Group. Only people (within Philips) who have a need to know the information will have access to the information.
Philips may use third parties to provide services for the following:
- IT Providers: These providers deliver the necessary hardware, software, networking, storage, transactional services and/or related technology required to run Reacts or the Services provided.
- Cloud Provider: This provider delivers data storage services. The personal data related to the use of Reacts and the relates Services is stored in data centers located in Canada.
- Payment Providers: These providers handle financial data in relation to the purchase of the Services related to Reacts.
Philips requires its service providers to provide an adequate level of protection to your personal data similar to the level that we provide. We require our service providers to process your personal data only in accordance with our instructions and only for the specific purposes mentioned above, to have access to the minimum amount of data they need to deliver a specific service, and to protect the security of your personal data.
Other third parties
Philips may also work with third parties who process your personal data for their own purposes. Please read their privacy notices carefully as they inform about their privacy practices, including, what type of personal data they collect, how they use, process and protect them.
If Philips shares personal data with a third party that uses your personal data for their own purposes, Philips will ensure to inform you and/or obtain your consent in accordance with applicable laws before we share your personal data.
Philips sometimes sells a business or a part of a business to another company. Such a transfer of ownership could include the transfer of your personal data directly related to that business, to the purchasing company. All of our rights and obligations under our Privacy Notice are freely assignable by Philips to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your personal data to any of our affiliates, successor entities, or new owner.
When required by law, or as necessary to protect our rights, we may share your data to public and governmental authorities that regulate or have jurisdiction over Philips.
The Services are controlled, operated and administered by Philips from its offices in Montreal, Quebec, Canada and the related information is hosted in data centers located in Canada. We may require your consent to the transfer (if any) of information to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.
If you are located in the EEA, your personal data may be transferred in non-EEA countries that are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm]. For transfers from the EEA to countries not considered adequate by the European Commission, such as United States, Philips ensures that it has in place adequate measures, such standard contractual clauses adopted by the European Commission to protect your personal data.
We will retain your personal data for as long as needed or permitted in light of the purpose(s) for which the data is collected. The criteria we use to determine our retention periods include: (i) the length of time you use the Services; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
You control the data you process within Reacts and its deletion. Except for the chat data, the data is deleted either when you specifically perform an action to delete such data or when your Reacts Account is deleted.
As it pertains to the chat functionality:
- Chat data storage: The chat messages are stored until all parties have deleted their Reacts Accounts. As it pertains to Reacts Windows, Reacts iOS and Reacts Android, the chat messages are stored on an encrypted database on the device and the copy will remain there as long as the device or the datebase are not wiped.
- Chat data access: Reacts Windows, Web App, iOS and Android: The chat data will be accessible until the users delete the conversation. The counterparts will still have access to the conversation until they also delete the conversation.
You can exercise some of your choices and rights directly through your Reacts Account as well as manage the personal information you want other Users to have access when using Reacts. As per the Cookies, you can control them directly from your browser(s) settings.
If you would like to submit a request to access, rectify, erase, restrict or object to the processing of personal data that you have previously provided to us, or if you would like to submit a request to receive an electronic copy of your personal data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), please select your country using the following link and contact us as mentioned in your country’s Privacy Notice located at the bottom of the page. We will respond to your request consistent with applicable law.
In your request, please make clear what personal data you would like to access, rectify, erase, restrict or object to its processing. For your protection, we may only implement requests with respect to the personal data associated with your account, your email address or other account information, that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that if you make use of (some of) your choices and rights, you may not be able to use, in whole or in part, of our Services anymore. Where we rely on consent to process your personal data, you may withdraw your consent at any time without any consequence for you. Where we rely our legitimate interests to process your data we do so when we’ve concluded that the processing will not outweigh your privacy rights and interests.
We take seriously our duty to protect the data you entrust to Philips against accidental or unauthorized alteration, loss, misuse, disclosure or access. Philips uses a variety of security technologies, administrative, technical and organizational measures to help protect your data. For this purpose we implement, among others, access controls, firewalls and secure protocols.
For purposes of article 27 of Regulation (EU) 2016/679, Philips International B.V. (High Tech Campus 5, Eindhoven, 5656 AE, the Netherlands) acts as our Representative in the European Union.
If you have any question about this Privacy Notice or about the way in which Philips uses your personal data, you may contact us (including our Data Protection Officer and/or Representative) here. Alternatively, you have the right to lodge a complaint with a supervisory authority competent for your country or region