Privacy policy

Thank you for downloading the VKC&ME App mobile application (hereinafter referred to as the “App”) that offers patients suffering from Vernal keratoconjunctivitis (VKC)(hereinafter referred to as “User(s)”, “you” or “your”) a range of functionalities to assist you in providing increased disease awareness, symptom tracking, eye drop intake tutorials and a suite of calendar reminders for your doctor appointments and treatments/medication.

This App has been developed and is technically supported and maintained, by Buzzera [website: buzzera.com] on behalf of Santen UK Limited [Salisbury Hall, St Albans, AL2 1BU, UK | website: www.santen.uk] (hereinafter referred to as “Santen” or “we”, “us”, “our”).

Your privacy and the security of your personal data is important to us. This Privacy Policy (hereinafter referred to as the “Policy”) will explain to you in a clear and comprehensive way how and why we collect, store, use and disclose your personal information (hereinafter referred to as “Personal Data”), as well as describe the controls and options at your disposal in how you choose to share your personal data.

For more information on how Santen handles your Personal Data in general, please visit our corporate website and read our general Privacy Policy here.

Your Personal Data:

The App requires no registration with Santen or the creation of an account on the part of the User. You may use the App solely for informative purposes to benefit from the materials and instructions included in the various sections of the App and we will only collect information on your usage of the App.

Data collected directly from user: Should you decide to use the optional features of the App, you will have the choice to input additional data depending on your desired use, including, but not limited to:

  1. Age, medical conditions, medication usage for VKC;
  2. questionnaires to assess VKC symptoms;
  3. medicine or treatment related data;
  4. date, time and location of doctor’s appointments; and
  5. any personal notes, questions or photos you may input in the relevant sections of the App.

Data collected directly from parent/parental guide: If the patients are younger than 13 years old, they need parental/guardian consent in order to proceed with using the application. The parent/guardian shall download the App into their phone and request specific code to give to their child. Once the young patient will download the application, he or she will enter the code provided by his/her parent/guardian and it is equivalent to their consent on behalf of the young patients. If you are a parent of such patient(s), once you download the application in your device the only data that will be collected are the Technical Data and Usage Data which are collected automatically via cookies and other tracking technologies. For further information regarding this data please read below the relevant section.

All the above data about your condition, your risk factors, your symptoms, your medication and your doctor appointments will be stored locally on the mobile device that you use to access the App. This means that neither Santen nor any third party will have access to your Personal Data.

Data collected automatically via cookies and other tracking technologies: Regardless of your use of the App, Santen may also automatically collect the following data through your device’s network connectivity and access to an Android/iOS app store. As you interact with the App, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns:

Google Analytics for Firebase

The App makes use of Google Analytics for Firebase to collect analytical data on the use of the App to monitor how people our using our Application and to track and improve its performance. The following data will be automatically collected through your device’s network connectivity and access to an Android/iOS app store:

  1. Number of users and sessions;
  2. session duration;
  3. operating systems;
  4. device Information/models;
  5. geography;
  6. app first launches/opens/updates;
  7. language; and
  8. app store/version.

Regarding these data, which will be collected via Android/iOS Advertising ID, we will receive only aggregated data on usage statistics, that will not include any of your Personal Data nor will we be able to identify any App users from these aggregated data reports.

This Privacy Policy does not, however, cover the Personal Data that will be potentially collected and processed by the Google Play Store or Apple Store, as each application store may have its own terms and conditions to which you must agree before downloading apps.

Please note that in addition to this Privacy Policy, the Google Analytics for Firebase Terms of Service and Use Policy are also applicable to the processing of your Personal Data including the use of cookies.

The information generated by the cookie about your use of the application will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the application, compiling reports on application activity for application operators and providing other services relating to application activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate data collected via the application with any other data held by Google.

You may choose to reject analytical cookies through the applicable user settings of the App or your device. For more details on how Google processes your data, please visit Google’s Privacy Policy. To opt out of being tracked by Google Analytics across all websites visit this page (compatible with Chrome, Internet Explorer 8–11, Safari, Firefox and Opera).

For what purposes do we process your Personal Data:

The Personal Data collected by Santen will be used exclusively for the following purposes:

The legal bases for the processing activities above are (a) the necessity of taking steps prior to offering you the services of the App (b) the overriding legitimate interest of Santen for business development of its products and services.

With whom do we share your Personal Data:

In principle, we do not share or disclose your Personal data with any third party. As an exception, we may disclose your Personal Information to other Santen affiliates and certain third parties, acting for and on our behalf as data processors (such as Buzzera) who provide us with various business services, including but not limited to: professional services, information technology services and related infrastructure, customer service, e-mail delivery.

The app uses Sentry [Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105] to send details about errors that occurred during use of the app. These details include information related to the error/problem, which are used to diagnose technical problems.

We also use Expo [650 Industries, Inc. (“Expo”), 624 University Ave Floor 1, Palo Alto, California 94301] as the basic ‘framework’ for the app. It provides common functionality for mobile apps that we can use to implement features.

All Santen affiliates and any third-party service providers are only permitted to use such data only to the extent strictly necessary for the purpose of performing services on our behalf and in accordance with all applicable data protection legislation.

Some of our affiliates and of the third parties who provide services to us may be located outside the UK, and/or outside the EU/European Economic Area (EEA) or your country of residence; they may also store and process your data in data centers located outside the UK or the EU/EEA. As a result, your Personal Data could be transferred to third countries where the local privacy laws may not provide an adequate or essentially equivalent level of data protection as the one afforded in your country of residence, the UK or the EU/EEA.

We will ensure that any third party recipients located in countries outside the UK or the EU/EEA will comply with applicable local privacy laws and regulations and require such parties to implement appropriate safeguards e.g. by executing the Standard Contractual Clauses adopted by the European Commission, as amended or replaced at any time, or any other legally approved transfer mechanism, as well as implement any supplementary measures, as may be required by law or deemed necessary by Santen, to ensure the security of the processing as well as to ensure that an adequate or essentially equivalent level of data protection is afforded by the importing entity, taking into account the factual circumstances of the transfer(s) in question.

To receive a detailed list of our third party recipients and a copy of the adopted data safeguards, where applicable, you may contact our EMEA Privacy Office via email at privacy-emea@santen.com.

How long will we keep your Personal Data:

Personal Data entered into the App is stored locally on the user’s device. Data is not automatically erased, but can be edited or erased by the user (using a button in the App), and can be also erased if the user deletes the App from their phone.

We will keep your Personal Data only so long as we need it to provide the relevant services to you and to fulfill the purposes described in this Privacy Policy. This is also the case for anyone that we share your information with and who carries out services on our behalf. When we no longer need to use your information or at your request, your Personal data will be securely and permanently disposed or rendered completely anonymous.

Please note that to the extent your data are shared with third party controllers, such as the Google or Apple platforms, such data will be retained and processed in accordance with such party’s privacy policies.

What are your data protection rights and how to exercise them:

You have the right to request from us to:

  1. provide you with further details on the processing of your Personal Data;
  2. provide you with access to your Personal Data that we have stored and request to obtain copies thereof;
  3. update any inaccuracies in your Personal Data we have stored that is demonstrated to be inaccurate or incomplete;
  4. delete any Personal Data for which we no longer have a lawful basis of processing;
  5. provide you or a third party, with a copy of your data in a digital format (data portability);
  6. cease any processing based on the legitimate interests or public interest to process information, unless our reasons for undertaking that processing outweigh your data protection rights; and
  7. restrict certain aspects of the processing of your information.

If you wish to exercise any one of your privacy rights, or request additional information or make a complaint about the processing of your data, you may contact our EMEA Privacy Office by email at privacy-emea@santen.com; alternatively, you may contact our UK office in writing at the following address: Santen UK Limited, Salisbury Hall, St Albans, AL2 1BU, UK | website: www.santen.uk.

If you are not satisfied with our response to you or have a concern about the way we handle your personal data, you have the right to file a complaint with the data protection authority of your country of residence or place of work. In the UK the competent data protection authority is the Information Commissioner’s Office. For further information and to submit your complaint, you can visit the AP website at ico.org.uk.

Effective as of: October 2023.