1. Data Controller
The controller of personal data is the healthcare professional or the healthcare facility that provided you with the access code to PosturalCheck and performed the postural analysis.
The technological platform is managed by PosturalCheck (hereinafter the "Platform"), with operations in Italy. For platform-related communications: privacy@posturalcheck.com
2. Data Collected
2.1 Data provided by the professional
- Personal data: first name, last name, date of birth, gender, city
- Contacts: email address, phone number
- Health information: profession, sports practiced, declared conditions (medical history)
- Photographic images and videos of the postural analysis
- Measurements, assessments and clinical observations
- Diagnostic reports and therapeutic recommendations
2.2 Data collected automatically by the app
- Push notification tokens (FCM/APNs) for in-app notification delivery
- Access logs: date/time of report viewing (view counter)
- Device type and operating system (for app compatibility only)
We do not collect geolocation data, do not install profiling cookies and do not share data with advertising networks.
3. Purpose and Legal Basis of Processing
| Purpose | Legal basis |
|---|---|
| Provision of postural analysis service | Contract performance / Consent |
| Viewing reports on the mobile app | Data subject's consent |
| Sending push notifications for new reports | Data subject's consent |
| Security and fraud prevention | Controller's legitimate interest |
| Compliance with legal obligations | Legal obligation |
4. Data Retention
Personal and health data are retained for the period necessary for the professional relationship between you and your professional, and in any case no longer than 10 years from the date of the last analysis, in accordance with medical record retention obligations required by Italian law.
Reports shared via public link expire at the date set by the professional or upon request of the data subject.
Push notification tokens are automatically deleted upon app uninstallation or consent withdrawal.
5. Data Sharing
Your data are not sold or transferred to third parties for commercial purposes.
They may be disclosed exclusively to:
- Technical service providers (hosting, cloud storage, email services) acting as Data Processors under Art. 28 GDPR, bound by confidentiality agreements
- Competent authorities when required by law or judicial orders
Main providers
- Dedicated server (VPS) located in the European Union
- Amazon Web Services (AWS) — file storage — EU region
- Firebase (Google) — push notifications (FCM) — with Google DPA
6. Data Security
We implement adequate technical and organizational measures to protect your data from unauthorized access, loss or disclosure:
- Encrypted communications via HTTPS/TLS 1.3
- Authentication through signed JWT tokens with expiry
- Credentials stored in the device's Keychain/Keystore
- Images and videos stored on cloud storage with time-limited signed URLs
- Data access limited to the professional data controller only
7. Your Rights (GDPR)
As a data subject, you have the right to:
Access
Obtain a copy of your personal data processed
Rectification
Correct inaccurate or incomplete data
Erasure
Request deletion of your data
Restriction
Restrict processing in certain circumstances
Portability
Receive data in a structured, readable format
Objection
Object to processing based on legitimate interest
To exercise your rights, contact your healthcare professional or write to privacy@posturalcheck.com. We will respond within 30 days of receiving the request.
You also have the right to lodge a complaint with the Italian Data Protection Authority.
8. Push Notifications
The app may send you push notifications to alert you of a new report. You can manage or withdraw consent to notifications at any time from the Settings of your mobile device.
Withdrawing consent to notifications does not affect your ability to access reports via the app.
9. Minors
PosturalCheck is not intended for minors under 16 years without parental or legal guardian consent. If you are a parent and believe your child has provided personal data without your consent, contact us at privacy@posturalcheck.com.
10. Changes to the Privacy Policy
We reserve the right to update this notice to comply with regulatory changes or new platform features. In case of substantial changes, users will be notified via the app or email.
The updated version will always be available at posturalcheck.com/privacy.
11. Contact
For any questions regarding this notice or the processing of your data: