top of page

Privacy Policy for MedThings WhatsApp integration

Last updated: 08.09.25

​

1. Introduction

MedThings AS ("we," "our," or "us") develops and operates the Mobili smart medication dispenser system. This privacy policy explains how we collect, use, and protect your personal data when you use our WhatsApp notification service and related web application.
This policy applies to family members, caregivers, and healthcare personnel who receive notifications about medication adherence and device status through our WhatsApp integration.

​

2. Data Controller

MedThings AS
Mosseveien 109

1624 Gressvik

post@medthings.no

+47 400 29 262

​

3. What Personal Data We Collect

We collect and process the following categories of personal data:​

3.1 Contact Information

  • Phone numbers (for WhatsApp notifications)

  • Names (for identification purposes)

  • Relationship to patient (family member, healthcare provider, etc.)
     

3.2 Medication Adherence Data

  • Timestamps when medications are missed

  • Device malfunction alerts

  • Basic medication compliance status
     

3.3 Technical Data

  • Device identifiers for the Mobili dispenser

  • Access logs for the web application

  • WhatsApp message delivery status
     

4. How We Use Your Personal Data

We process your personal data for the following purposes:

4.1 Primary Care Notifications

  • Sending WhatsApp alerts when medications are missed

  • Notifying about device malfunctions or errors

  • Providing access to detailed information via our web application
     

4.2 System Operation

  • Maintaining secure access to the web application

  • Ensuring reliable message delivery

  • Technical support and troubleshooting
     

5. Legal Basis for Processing

We process your personal data based on:

  • Legitimate interests (Article 6(1)(f) GDPR): Ensuring medication safety and proper device functioning

  • Consent (Article 6(1)(a) GDPR): Where explicit consent is obtained for specific processing activities

  • Vital interests (Article 6(1)(d) GDPR): Where processing is necessary to protect someone's health or safety

 

6. Data Sharing and Third Parties
6.1 WhatsApp/Meta

We use WhatsApp Business API to send notifications. WhatsApp processes message content and metadata according to their privacy policy.

​

6.2 Make.com

We use Make.com as an automation platform to facilitate WhatsApp message delivery. Make.com may process and temporarily store message data according to their privacy policy.

​

6.3 Other Third Parties

We do not share your personal data with other third parties except:

  • Where required by law

  • With your explicit consent

  • To protect vital interests of the patient
     

7. Data Retention

  • Contact information: Retained until you request deletion or the service relationship ends

  • Web application logs: Logs are retained for 12 months.

  • Device logs: Logs are retained for 12 months.

  • WhatsApp messages: Logs are retained for 30 days

We regularly review our data retention practices and delete data that is no longer necessary for the purposes outlined in this policy.

​

8. Data Storage and Security
8.1 Data Location

Your data is processed and stored:

  • Within the European Economic Area (EEA)

  • Sweden
     

8.2 Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest

  • Access controls and authentication systems

  • Regular security assessments

  • Staff training on data protection
     

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

You can request information about what personal data we hold about you.
 

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.
 

9.3 Right to Erasure

You can request deletion of your personal data in certain circumstances.
 

9.4 Right to Restrict Processing

You can request that we limit how we use your personal data.
 

9.5 Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format.
 

9.6 Right to Object

You can object to processing based on legitimate interests.
 

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.
To exercise these rights, contact us at post@medthings.no.
 

10. International Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission

  • Standard contractual clauses

  • Binding corporate rules
     

11. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects or significantly affects you.
 

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

  • Updating the "Last updated" date

  • email, WhatsApp message, etc.
     

13. Complaints

If you have concerns about how we handle your personal data, you can:

  1. Contact us directly at post@medthings.no

  2. File a complaint with your local data protection authority:

    • Norway: Datatilsynet (datatilsynet.no)

    • Portugal: CNPD (cnpd.pt)

    • Other EU countries: [Respective national authorities]
       

14. Contact Information

For any questions about this privacy policy or our data processing practices, contact:
MedThings AS
post@medthings.no

+47 400 29 262

Mosseveien 109

1624 Gressvik

Norway

This privacy policy is available in multiple languages. In case of discrepancies, the English version shall prevail.

MEDTHINGS AS © 2024

bottom of page