Privacy Policy
for Patient Onboarding to the Neptune Platform

As of January 2022

I. Identity and contact details of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:

Orbit Health
Mangfallstrasse 16
82061 Neuried
Germany
hello@orbit.health

II. Contact details of the data protection officer

We have appointed the following data protection officer:
DataCo GmbH

Dachauer Str. 63

80335 Munich

Germany

info@dataguard.de

III. Data processing while onboarding for the Neptune platform

Neptune is a platform for the treatment of Parkinson’s disease. It is provided by Orbit Health GmbH, Mangfallstrasse 16, 82061 Neuried, Germany, +491607564836, hello@orbit.health, https://www.orbit.health. This present Privacy Policy informs about the usage of personal data during the onboarding process only. Please find more information about further processing in the Orbit Privacy Policy can be found here: https://orbit.health/…

Physicians can use Neptune to monitor patients’ health and motor fluctuations using a smartwatch and smartphone with the Neptune app to evaluate symptoms and optimize necessary medications for the disease.

To use Neptune, physicians need to add patient’s data to their Neptune dashboard to monitor their treatment of Parkinson’s disease. To do so, patients must declare consent to their attending physician who is classified as controller according to Art. 4 No. 7 GDPR. By adding a patient, the following personal data of the patient are usually processed on the Neptune platform:

First Name Last Name Email address
Date of Birth Height (cm) Weight (kg)
Diary entries Sense of wellbeing entries Sense of symptom control entries
Motor state distribution Medication plan and compliance Time zone
Email address Mobile phone number Clinic / Medical Group Name
Patient Clinic ID National ID Smartwatch ID

IV. Legal basis for processing

Your attending physician obtains your consent for processing activities involving personal data. Article 6 (1) (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of special categories of personal data, (e.g. health data) Article 9 (2) (a) will be used as legal basis. In giving your consent, you are doing so to both the physician and the provider of the platform.

V. Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.

VI. Objection, withdrawal and removal options

You can opt out the consent to processing your data at any time by addressing it to the attending physician or the provider of the platform. By this your data will be deleted unless legal requirements require retention as mentioned above.

VII. Data subject’s rights

You have the right to information, to access, to rectification, to restriction of processing, to erasure, to data portability, to object and to complain to a supervisory authority.

VIII. Recipients or categories of recipients of personal data

As part of the processing of personal data your attending physician will pass on your data to the provider mentioned above.

This privacy policy has been created with the assistance of DataGuard.