Privacy Policy – mQoL Lab app

This privacy policy covers the use of the “mQoL Lab” app for iOS and Android.

Who we are

“We” are the Quality of Life Technologies Lab (QoL Lab). QoL Lab is part of the University of Geneva (UNIGE), Switzerland.

Our website address is http://qol.unige.ch.

Read more about the organization of QoL Lab and the people responsible at http://qol.unige.ch/qol-lab/.

The QoL Lab operates the mQoL Lab app platform. mQoL Lab is used by researchers to collect, store, and manage data for research purposes. The cloud-based services are operated by the University of Geneva.

The legal entity responsible for processing your personal data is:

Université de Genève
Centre Universitaire d’Informatique
7, route de Drize
Battelle A
CH-1227 Carouge
Suisse

Email: qol-study@unige.ch

Contact details for UNIGE’s data protection officer are:

L’Université de Genève
24 rue du Général-Dufour
CH – 1211 Genève 4
Suisse

Tel.: +41 (0)22 – 379 71 11

As a data controller, the QoL Lab is committed to giving the utmost attention to the security and protection of your privacy. The QoL Lab processes your personal data in compliance with applicable privacy and personal data laws according to the European General Data Protection Regulation (GDPR).

This Privacy Policy explains how we process your personal data when you use the mQoL Lab app that gathers, stores, and processes data as part of our research. This data may also provide you with insights and services to help you lead a healthier and better life.

Informed Consent

All data collected by the mQoL Lab app is done as part of a Research Study (“Study”). A Study will always have a researcher who is responsible for the Study (“Researcher”).

Participation or enrolment (“Enrolment”) in a Study is always voluntary and you can leave the Study and uninstall the mQoL Lab app at any time and without providing any reason.

When you enroll in a Study, you will be guided or walk through an informed consent flow (“Informed Consent”), which will inform you about:

  • The purpose of the Study and the name of the Researcher in charge.
  • What data is being collected.
  • What privacy measures are taken to protect your data in the Study.
  • What data is used for (“Purpose”).
  • Your time commitment.
  • The tasks you need to do in the Study.
  • How you can withdraw from the Study.

Before enrolling in a Study in the mQoL Lab app, you need to read, understand, and sign that Informed Consent. The signed informed consent document is stored by the QoL Lab team (either in a physical or digital format).

What data we collect

Depending on the Study you are part of, the mQoL Lab app may collect the following types of data from you:

  • Identity data that can directly identify you, such as your email address, username, name, phone number, and address.
  • Demographic data provide information about your socio-economical status, such as sex, gender, birth date, employment, education, and diagnosis.
  • Location and Activity data are measures of your physical activities, such as the number of steps, distance traveled, visited locations, number of calories burned, type of activity, level of activity, and activity duration.
  • Physiological data correspond to a measurement of your physical features and your body activity. This may include your weight, muscle, fat, water percentage, heart rate, blood pressure, blood glucose, electrocardiogram, heart sound, temperature, and sleep cycles.
  • Health data include exercise-, smoking- and alcohol habits, stress, mental health, well-being, sleep quality, cognitive performance, nutrition habits, and mental states.
  • Environmental data are measures of your environment or surroundings, such as noise level, light level, temperature level, CO2 concentration, weather, air quality, nearby devices, IP address, and geolocation.
  • Phone usage data are measures of your use of the phone, such as active screen time.
  • Technical data such as technical logs, battery measurement, and debugging technical information.

The Informed Consent for a Study will always list in detail what data is being collected as part of the Study and why (the “Purpose”).

How we use data

The data collected through the mQoL Lab app is processed by the QoL Lab for the following specific purposes.

  • Conduct Research. Personal data processed are accessible by the Researcher conducting a Study for the research purpose stated in the Informed Consent. This will include the processing of the personal data collected as part of the Study. Personal (person-identifiable) data will never be disclosed as part of a research study (see below).
  • Provide Insight and Services. Personal data processed are stored on your user account and high-level summaries are accessible in the mQoL Lab app. This will be available for you for personal health insight and service. Personal data may be indicated as raw data (number of steps, weight, etc.) or as a result of specific processing (heart rate, respiration, movement which produces your sleep patterns, etc.).
  • Improving the QoL Lab Applications and Services. We may use your anonymous personal data to improve our Applications and Services and to correct or modify software settings.

Who we share your data with

We do not share your personal data with anyone unless you give us an Informed Consent to do so.

In the case that a Study wants to share your data with another organization outside UNIGE – for example, a Hospital – a data processing agreement will be made with this organization prior to the start of the Study (“pre-Study”). You will then give your informed consent to sharing your data with this organization as part of the informed consent flow before participating in the Study.

In the case that a Study wants to share your data with another organization outside UNIGE after a Study is finished (“post-Study”), a data processing agreement will be made with this organization. You will then be contacted to give your informed consent to share your data with this organization. If you do not consent to sharing of your data, your data will not be shared.

How we publish your data

Your personal data will not be published.

As part of our research, your data will be subject to data processing and analysis, and the result of such analysis will be part of scientific dissemination in academic journals, conferences, and public data sets.

However, any such results will only be published in anonymized formats with no person-identifiable data. Anonymization will be done by statistical aggregation and by removing all person-identifiable data from such research dissemination.

How long we retain your data

We will keep your data as long as it is relevant to the research purpose of the Study from which it was collected.

What rights do you have over your data

You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How we process your data

The QoL Lab processes data in three places:

  • In the mQoL Lab app on your smartphone (both iOS and Android).
  • In a web application (only accessible by the QoL Lab team).
  • On the QoL Lab server.

Data processed on the smartphone is done using a pseudonym and data is not linked directly to you. No data is stored on the smartphone, except when an internet connection is not available and a local buffer of information is used to store data until upload (being erased from local storage after uploading).

All communication between the smartphone and the Qol Lab server is encrypted.

All data is encrypted on the QoL Lab server.

The QoL Lab server is hosted in Switzerland.

What third parties do we receive data from

A Study might include data collected from connected devices. Such devices may need the creation of a service account at the device manufacturer (“Third Party”). The device may send the collected data to the Third Party’s service account, from which the QoL Lab will collect it. Examples of such Third Party Service accounts include Withings.

The processing of data from such third parties in the QoL Lab will always be subject to your authorization (using, e.g., OAuth).

Your use of the Third Party’s service is subject to the User Terms and Privacy Policy of this Third Party.

The use of a Third Party Service is always voluntary in a Study.