Sooma App Privacy Policy

Dear user,

The proper functioning of the system requires your personal data to be collected and processed. This will be done only with your consent. Here, we describe how your personal data is used.

Only data that is strictly necessary for the functionality of the system is collected. The personal data is used to connect you to your clinic and to your treatment device. In addition, your health information is collected to allow the clinic to remotely monitor your progress and to view your treatment history.

Personal data collected through mobile application:

1. Health questionnaire results
2.  Treatment schedule and compliance status for each treatment session
3. The treatment clinic you are connected with may collect the following personal data
4. Contact information such as your name, phone number, and email
5. Basic information such as language, year of birth, and gender
6. Treatment-related data such as diagnosis and other ongoing treatments
7. Depression-related characteristics such as the number of depression episodes and length of the current depression episode

The data can be accessed by the clinical personnel at your treatment clinic. Your personal data will not be disclosed to third parties. All data is transferred and processed pseudonymized. Both technical and organizational measures are taken to ensure the confidentiality, integrity and availability of your personal data and to protect against accidental or unlawful destruction, loss, alteration, disclosure, access or other unlawful forms of processing. The data is controlled and processed by Sooma Oy, Atomitie 5C, 00370 Finland, according to the requirements of the General Data Protection Regulation (GDPR). The data is stored on Amazon Web Services cloud servers in Europe.

Anonymized data, meaning data that is not linked to personal information, may be used in statistical and scientific data analysis to fulfill the regulations.

You may request access to your personal data, request corrections, object to the processing of your data, and withdraw your consent at any time when you are not undergoing an active treatment period. For this purpose, please contact your healthcare facility. This will disable your account and prevent any further data collection. Some data is collected for medical purposes and cannot be removed. The collected data is archived as required by the local healthcare regulations. If you suspect unlawful processing of your data, you may lodge a complaint with a supervisory authority.