This is the in-app privacy policy for the “Nutri-IBD” app (the “app” or “application”), developed by the Weizmann Institute of Science (“Weizmann”). This in-app privacy disclosure explains which personal data the application collects, the purpose of collecting the data, how we handle the data, including how your data is collected, accessed, used, shared and stored. Users of this application are participants in clinical research into Crohn’s Disease, led by the Weizmann Institute of Science (“Weizmann”) in Israel, in collaboration with several medical institutions globally (the “Study”). Weizmann is the controller of the personal data in the application (the “Data”).

1. WHAT IS THE PURPOSE AND LEGAL BASIS OF THE DATA COLLECTION BY THE APP?
This Data is collected for the purpose of the Study, or future studies, including for improvement of the application. The Data is collected based on the General Data Protection Regulation Article 9(2)(j) legal basis of Weizmann’s conducting scientific research.

2. WHICH DATA DOES THE APPLICATION COLLECT AND TRANSMIT?
This application collects personal data submitted by the user. This includes sensitive personal data. The Data collected is: fecal details (stool characteristics), food intake diary frequency, symptoms, days the user calls in sick, sleep diary, physical activity, medication and food supplement intake frequency and stress level.

3. HOW IS THE DATA USED?
The Data will be used to advance scientific and clinical research in the Study, as well as for medical treatment. It may also be used to improve the application as part of the Study or other future studies. Data provided through the application will be associated with other data provided by Study participants through other means. The Data will be analyzed by researchers.

4. HOW THE APPLICATION COLLECTS PERSONAL DATA ON USERS
This application collects data from your inputting the Data into the application (self-reporting). App usage data will be collected automatically.

5. SHARING DATA WITH THIRD PARTIES
Data input through the application is pseudonymized, and may be shared with your local health center physician and team, and with Study researchers, all in accordance with the terms of the Study protocol and your consent. Re-identification is possible only at the user participant’s local health treatment center. Data may be processed by sub-processors of Weizmann, but is not otherwise shared with any third parties.

6. WHERE DO WE STORE YOUR DATA? HOW LONG DO WE RETAIN IT?
We store your Data on secure servers located in Israel. Your Data is encrypted and strictly access-controlled. Data will be retained for 15 years for research purposes.

7. INTERNATIONAL DATA TRANSFERS
Your Data will be sent by the application to Israel. Israel has been recognized by the EU Commission as adequate for data protection purposes.

8. SECURITY AND STORAGE OF INFORMATION
The Data is transferred in pseudonymized form to servers in Weizmann and is subject to technical and organizational security measures, including: access limitation, password protected access, access logging, confidentiality, firewall, encryption

9. DATA SUBJECT RIGHTS, GENERAL
If your Data is governed by GDPR or other applicable law, you have data subject rights, such as the right to erasure, right to rectification, right to portability, and other such rights. For more details and to exercise your rights, visit https://www.weizmann.ac.il/pages/privacy-policy There you can also find a full data protection notice and policy, to which this notice is subject. You have a right to lodge a complaint with a supervisory authority. You may contact our data protection officer at: dpo@weizmann.ac.il.