Effective Date: 16-10-2023 

The Untire® Now application (hereinafter, “Untire Now”) has been created by Tired of Cancer B.V. (hereinafter, “ToC”, “we”, “our”), registered at Koningin Wilheminalaan 5, 3527 LA, Utrecht, Netherlands. ToC BV is a data controller in accordance with the European General Data Protection Regulation (hereinafter, “GDPR”). 

Untire Now is intended for use by cancer patients and survivors to help reduce their cancer-related fatigue (“CRF”) and improve their quality of life through programs. 

In this Privacy Policy, we explain what personal data we take from you and how we use it when you use the Untire Now application. We also explain why we process this data, the legal bases for processing, what interest we have, and what rights you have thereafter. 

We attach great importance to protecting your data. For this reason, your personal and sensitive health data are treated with care, protected, and adjusted to relevant legal warnings. We are certified for our high level of information security (ISO 27001: 2013). 

By using Untire Now, and by accepting the terms of use and privacy policy, you unequivocally authorize ToC BV to record and process your personal and sensitive health data in accordance with the purposes set out in this privacy policy. We recommend that you carefully read this privacy policy so that you know what type of personal data we take and why we process it. 

If you have any questions about your data or about the protection of your privacy, please contact us at support@untire.com. 

Purpose of Processing 

When you use Untire Now, ToC collects, stores, and uses personal, non-personal, and sensitive health-related data (hereinafter, “data”). We collect this data for the following purposes: 

• For the intended use of Untire Now, to provide our services in accordance with our user agreement (terms and conditions). 

• For contractual purposes. 

• To scientifically evaluate our services. 

• For quality and statistical purposes, technical functionality assurance, ease of use, and to improve our services. 

Legal Basis for Processing Your Personal Data 

ToC will only process your data if allowed based on one of the GDPR bases. We rely on the following bases: 

• Consent – Art. 6 § 1 lit. a GDPR 

• Contract – Art. 6 § 1 lit. b GDPR 

• Legal obligations – Art. 6 § 1 lit. c GDPR 

• Our legitimate interest – Art. 6 § 1 lit. f GDPR 

Consent 

When you create an account for Untire Now, you must unequivocally accept the following: 

• The Terms and Conditions. 

• The privacy policy and, therefore, the processing of your personal (health) data. 

• Reading the contraindications indicating that they do not apply to you. 

If you do not agree with the collection and processing of your data, we recommend that you withdraw your consent by ceasing to use Untire Now, deleting your user account in the application, and uninstalling it. When you delete your account, all your personal data will also be deleted. 

You can voluntarily consent to: 

• Processing your data to ensure the technical functionality, usability, and further development of Untire Now. 

• Receive reminders in the form of internal notifications. 

• Receive reminders via email. 

This voluntary consent can be revoked at any time through the application settings. 

Data Collection 

Through this privacy policy, ToC aims to be fully transparent. Therefore, we offer you an overview of the information we collect: 

Data Collection at the Time of Download 

Certain information is processed automatically when you download Untire Now from the App Store or Play Store, including your: 

• Username 

• Email address 

• Customer number of your account 

• Download time 

• Individual device identifier 

The processing of this data is carried out exclusively through the respective App Store or Play Store, with Apple or Google being responsible for processing in this case. Therefore, this processing is beyond ToC’s control. 

Data Collection When Using Untire – Mandatory 

All data we collect with Untire Now is necessary for ToC BV to offer the services you use (except optional consent). The amount of data we collect is minimized to the maximum to protect your privacy. You are the only person who has access to your personal data. 

Account 

Account data: to create your Untire account, we need some of your personal data, such as your email address (username), date of birth, password, and PIN code. 

Email address: your email address will also be used to communicate with you through your account. For example, a welcome email or a password change. 

Personal information 

Name: we will ask for your first name or a pseudonym so that we can use it for personalizing Untire communication. 

Device information 

We process information about your mobile phone, specifically the model, name and identifiers, device settings, application identifier, and information about failures or errors. 

Event and usage data 

We process data when you use Untire: 

• Which page you have opened to track your progress. 

• Which task you have completed to track your progress. 

• Which buttons you have pressed to track your progress. 

• Which tasks you have liked to track your progress. 

Location and language information 

We use the regional settings of the App Store or Play Store in combination with your phone’s country and language settings to determine your location and language settings. We use location for country-specific requirements, such as legal framework conditions and requirements. 

Health and sensitive data 

We process your health data, which includes application tasks: 

• “How are you feeling?”, which includes measuring fatigue, happiness, and energy. 

• “What is your goal?”, including goal setting and progression. 

• “How do you manage your energy?”, including the Energy Jar with input, output, and leaks. 

• “What are you going to do?”, which includes an explanation of topics, physical activity, and relaxation. 

Data Collection

When Using Untire Now – Optional 

Various components are optional, meaning you can choose whether or not to give permission. You can always withdraw this permission through the application settings. 

Email Services 

We occasionally send emails to remind, motivate, and inform you to (continue) using Untire Now. 

Push Notification Services 

We occasionally send push notifications to remind, motivate, inform you to (continue) using Untire Now. 

Service Improvement 

We collect additional data to continue improving our services. For these specific data, we request additional consent: 

• Age 

• Gender 

• Location (postal code or equivalent) 

All this data will be processed anonymously. 

Data Processing 

How Do We Process Your Data? Security and Compliance 

We do our utmost to protect ToC and the Untire Now application from unauthorized access, disclosure, or destruction of the data we hold. 

We comply with the standard (ISO 27001: 2013). This standard sets specific requirements for security measures and prescribes how security risks should be assessed and addressed. 

We have implemented appropriate technical and organizational measures and procedures to ensure the protection of your rights, always in accordance with applicable data protection legislation. 

In the event of a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data, ToC will inform you of the breach without delay, including a brief description of the potential impact and a recommendation on measures to mitigate the potential adverse effects of the breach. 

Data Storage and Transfer 

Your data will be encrypted on your phone and on our secure servers, which only you as a user can access. This allows us to offer you our services and enables you to have an online backup and synchronize your data between devices. 

Your data is hosted on AWS. AWS complies with ISO 27001, ISO 27017, ISO 27018, ISO 9001 standards and has prepared ISAE 3402 type I and II reports. All standards aim to protect your data. 

Your data is hosted on Chino. Chino complies with ISO 27001, ISO 13485, NEN 7510 standards and has prepared ISAE 3402 type I and II reports. All standards aim to protect your data. 

Our servers run daily incremental backups and weekly full backups, allowing us to keep your data safe in case of unforeseen events where your data may be lost, deleted, corrupted, etc. 

Your data is transferred from your device to our server using HTTPS and TLS for encryption. This means that all information sent remains confidential and unreadable by third parties. 

We will automatically delete your account (when available) and your personal data after one year of not using the App. You will receive a request to act (to keep your account) or not (to delete your account) one month before deletion. 

Sharing & Third Parties 

Untire Now DOES NOT automatically share your data with third parties, except with the following subcontractors as a third party or in the following situations: 

• Storage, and non-personal and non-health-related data backup services are subcontracted to Amazon. 

• Storage and backup services for personal, sensitive, and health-related data are subcontracted to Chino. 

• Email services are subcontracted to Spotler BV. Email messages can be enabled through optional consent. 

• ToC may share certain information in specific situations only when you explicitly authorize it. You will be thoroughly explained in each situation if you agree and what information is involved. 

ToC DOES NOT sell your data to third parties, nor allows third parties to use your data for their own purposes. 

Your data is not processed for any other purpose than that clearly indicated in this privacy policy. Processing is necessary for the administration of our business and to provide you with our services. Subcontracted third parties, as data processors, receive the assignment to process the data only for the agreed purposes and are prohibited from processing the data for any other purpose. 

ToC, as the data controller, will ensure at all times that the service providers contracted are subject to an appropriate agreement in accordance with applicable data protection legislation and will ensure at all times that your data remains protected in accordance with, at least, the same standards as under this privacy policy. 

ToC will disclose information in good faith to comply with applicable laws, regulations, legal processes, or governmental requests. If ToC engages in a merger or acquisition, we will continue to ensure the confidentiality of your personal information and notify users before personal information is transferred or subject to a different privacy policy. 

Transfer of Data to Third Countries 

Your data is transferred to the EU for processing. 

Your Rights 

You own your data. Always. 

You can always contact us to exercise your rights. In some cases, you can do so independently, as indicated below. Please note that you will need to provide identification. Our goal is to respond to you within one month if you contact us. If we do not satisfactorily resolve your request or concern, you can contact the local data protection authority. 

Right to Rectification 

You can always review and modify your name and email address through the application settings. It is not possible to modify your Username due to technical complications. The only option is to delete your Personal Data (see below). 

Task 

How is it modified? 

“How are you feeling?”, including measuring fatigue, happiness, and energy. Activated weekly. 

“What is your goal?”, including goal setting and progression. Activated through your profile. 

“How do you manage your energy?”, including the Energy Jar with input, output, and leaks. Activated through your profile. 

All reflection exercises throughout Untire Now. At any time. 

You can always review and modify your subscriptions: 

In some cases, it is not possible to modify the data. 

Right to be Forgotten 

You can delete your personal data at any time using the “Forget Me” function within the application. Upon consent, we will delete all personal data. This process cannot be reversed. After deletion, you can uninstall the application from your device. 

Please note that uninstalling the application does not delete your data. 

Right to Access and Data Portability 

You can download your personal data from the application at any time, giving you control of your own data. You could reuse it elsewhere. 

We offer you the possibility to download your data in readable PDF format and machine-readable format in .CSV and through the so-called FHIR profiles. 

Right to Restrict Data Processing 

If you believe that your data is possibly incorrect, that processing is unlawful, that we no longer need your data, or if you wish to object, please send us an email to support@untire.me. 

Right to Human Perspective in Decisions 

Untire Now app does not use automated decision-making or profiling. 

Right to Object (but also questions, comments, or complaints) 

If you have any questions, complaints, or objections regarding your rights and personal data, please contact us at support@untire.com. 

Your Responsibility 

Keeping your data secure is not solely ToC BV’s responsibility. Security is a matter for all parties involved, and that includes you. It is in your own interest to ensure that your information is processed securely, responsibly, and legitimately, so please consider the following: 

Keep your phone protected with a screen lock and a password. 

Protect Untire by creating an account and using a PIN code or fingerprint authentication to log in easily and securely. 

Make sure your devices and software are always up to date. 

Regarding your password: the more complex, the better. And, of course, make it unique. 

If you back up your device using a third-party service, such as iCloud, please note that you will transfer all personal data stored on your device to the third party. If this is the case, ToC BV refers to the third party’s privacy policy and encourages you to review it to keep your information safe. 

The Untire Now application is for adults aged 18 and over. If you become aware that a minor (under 18) accesses the application and provides personal data without parental consent, please report it to support@untire.me. 

Contact Information 

• Tired of Cancer BV 
• Koningin Wilhelminalaan 5 
• 3527 LA, Utrecht – Utrecht 
• Netherlands 
• Info@tiredofcancerapp.com 

Privacy Officer 

• Name: A. Aukes Msc. 
• Email: support@untire.me 
• Address: Koningin Wilhelminalaan 5 
• 3527 LA, Utrecht – Utrecht 
• Netherlands 

Final Note 

We reserve the right to modify this Privacy Policy from time to time to reflect changes in legislation, our data collection and usage practices, the features of ToC BV services, or technological advancements. Such modifications will come into effect two weeks after the publication of a new version thereof. Changes in the privacy policy will be available on this page, and if the changes are significant, ToC will provide a more noticeable notice and will re-request consent.