// multi-language support script //
ASA Group website background Abstract

Privacy

Policy

1. Ownership and Data Controller

The ASA Health & Wealth mobile application is owned and operated by ASA Health a subsidiary of ASA Group, and Forspace d.o.o. ASA Health & Forspace acts as the Data Controller under the Law on Protection of Personal Data of Bosnia and Herzegovina (Official Gazette 12/25).

2. Data Collection and Usage

Medical Data: We process identification data to facilitate appointment bookings and medical history visualization via the hospital's Dedalus information system.

Wealth Data (Read-Only): The app provides a secure, read-only visualization of your Interactive Brokers (IBKR) portfolio.

Zero-Persistence Policy: Financial data is fetched via secure API and held only in the device's volatile memory (RAM). It is never stored on ASA Health & Forspace servers.

Notifications: We use Firebase for service notifications. These tokens are randomly generated and device-specific; they do not contain names, emails, or any Personally Identifiable Information (PII).

3. Security Protocols

Encryption: All data transmissions between the app and servers are protected using TLS 1.2+ cryptographic protocols.

Session Termination: To protect sensitive information, the app enforces a 1-minute inactivity timeout.

Data Purge: Upon session termination (60 seconds), all displayed health and wealth data is immediately purged from the device's memory. Users must re-authenticate via biometrics or secure credentials to regain access.

4. Patient Consent for Research

By using the ASA App, you agree that your medical data and accompanying materials (e.g., X-ray images) may be used in an anonymized form for scientific research, professional, and educational purposes. This process ensures that your data cannot be traced back to your identity in any form.

5. Account Deletion and the "Right to be Forgotten"

Digital Account: Users may delete their app account via the Profile dashboard at any time. This action immediately purges all app registration data, health programs, and active security tokens, and permanently revokes the IBKR link.

Legal Retention: Clinical patient records within the Dedalus hospital system are subject to mandatory legal archiving requirements for healthcare providers. These records are maintained by the hospital and are not deleted when the mobile app account is removed.

6. Medical Disclaimer

The ASA App is for appointment management and wellness tracking purposes only. It does not provide medical diagnoses or treatment. Always seek the advice of a qualified physician for any medical concerns.

7. Your Data Rights

Under the Law on Protection of Personal Data of BiH and the General Data Protection Regulation (GDPR), users of the ASA App are entitled to the following rights regarding their personal information:

Right of Access: You have the right to request a copy of the personal data we hold about you, including your appointment history and profile details.

Right to Rectification: You can update or correct your personal information, such as your email, phone number, or date of birth, directly through the Profile dashboard.

Right to Erasure ("Right to be Forgotten"): You may delete your app account at any time. This will purge all app-specific data, including health programs, health status, and active security tokens, and will revoke your IBKR link.

Right to Withdraw Consent: You may withdraw your consent for data usage (such as wealth dashboard visualization or anonymized research) at any time.

Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Object to Processing: You have the right to object to the processing of your personal data for scientific or educational research, even if initially consented to via the anonymized research clause.