Privacy Policy

隱私權條款

最後更新日期:2026 年 5 月 2 日

【博醫科技有限公司「智透析 IQThrill」隱私權條款】

本應用程式「智透析 IQThrill」(以下稱「本應用程式」)係由博醫科技有限公司(以下稱「本公司」)所提供之軟體服務。使用者下載、安裝、註冊、登入或實際使用本應用程式,即視為已完整閱讀、理解並同意本隱私權條款之全部內容。

本公司就使用者個人資料之蒐集、處理及利用,悉依《個人資料保護法》及相關法規辦理。

一、特種個人資料之蒐集同意

本公司因提供本應用程式服務之必要,將蒐集您之醫療相關特種個人資料(包含但不限於透析通路資訊、生理參數紀錄、影像資料等)。依《個人資料保護法》第 6 條第 1 項第 6 款規定,本公司須取得您之書面同意。

您於首次註冊本應用程式時,須勾選「我已閱讀並同意本隱私權條款,並書面同意博醫科技有限公司為提供本應用程式服務之必要範圍內,蒐集、處理、利用本人之醫療相關特種個人資料」之選項,完成電子文件形式之同意(依《電子簽章法》第 4 條規定)。

您得隨時撤回前述同意,撤回後本應用程式之相關功能將無法繼續使用,但不影響撤回前已合法蒐集處理之資料效力。

二、個人資料蒐集之類別

本公司基於本應用程式之運作需要,得蒐集下列個人資料:

(一) 識別類資料

姓名、出生日期、聯絡電話、電子郵件地址。
(註:身分證字號僅於您主動填寫時蒐集,非註冊必要欄位)

(二) 醫療相關特種資料

血液透析通路資訊、生理參數紀錄(包含但不限於血流速、靜脈壓、透析前後血壓、體重、血紅素、血比容)、通路維護資料、通路設計圖或病灶影像、醫師醫囑、麻醉藥使用紀錄等。

(三) 系統紀錄資料

登入紀錄、使用者操作行為、IP 位址、裝置識別資訊、作業系統版本、錯誤紀錄等技術資料。

如使用者拒絕提供前述資料,本應用程式之部分或全部功能將無法正常運作。

三、個人資料蒐集、處理及利用之目的

本公司蒐集之個人資料,將於下列目的範圍內使用:

  • 提供、維運及改良本應用程式之各項功能(透析紀錄、趨勢分析、雲端備份等)
  • 供您與您指定之醫療人員進行資料傳遞及健康資訊管理
  • 驗證身分、資訊安全維護、系統監控、錯誤追蹤及風險管理
  • 履行法令規定、主管機關要求或司法程序之必要義務
  • 於法令許可範圍內之統計、分析或系統改善用途,並以去識別化或匿名化方式使用

本公司不會將個人資料用於與蒐集目的無關之其他用途,亦不會用於行銷推廣或販售。

四、個人資料之利用期間、地域、對象及方式

(一) 期間

自您註冊本應用程式之日起,至您刪除帳號或停用本應用程式後依本條款第九項所定期間止;但法令另有保存義務者,依其期間。

(二) 地域

主要儲存於台灣境內之伺服器。為提供雲端備份服務,部分加密後之資料可能傳輸至本公司委外之雲端服務供應商所在地。

(三) 利用對象

  • 您本人
  • 您於本應用程式內主動指定之醫療機構或醫療人員
  • 依法具調查權限之主管機關
  • 本公司委外之資料處理廠商(於契約規範下,並負保密義務)

(四) 利用方式

以自動化或非自動化方式進行蒐集、儲存、處理、傳輸、分析或利用。

五、第三方服務供應商

為提供本應用程式之完整功能,本公司使用以下第三方服務:

  • 雲端儲存:Amazon Web Services / Google Cloud Platform
  • 推播通知:Apple Push Notification Service / Firebase Cloud Messaging
  • 客服通訊:LINE Official Account
  • 應用程式分析:(若使用,請填寫實際使用之分析工具)

上述供應商均依其各自之隱私政策處理資料,本公司已要求其於合約範圍內使用資料並負保密義務。涉及跨境傳輸時,本公司確保接收國具備充分之資料保護水準。

六、個人資料之保護與安全措施

為保障個人資料安全,本公司採取符合法規要求之技術及管理措施,包括但不限於:

  • 資料傳輸採 TLS 1.2 以上加密協定
  • 資料儲存採 AES-256 加密
  • 權限控管與帳號驗證機制
  • 操作與存取日誌完整保存
  • 系統定期備份與還原機制
  • 防護惡意入侵、定期弱點掃描與滲透測試
  • 員工資料保護教育訓練

七、資料外洩通報

依《個人資料保護法》第 12 條規定,本公司於發生個人資料遭竊取、洩漏、竄改或其他侵害事件時,將於查明事實後,以電子郵件、應用程式內推播或其他適當方式,於合理期間內通知受影響之使用者,並說明事件原因及本公司之因應措施。

八、使用者依個資法享有之權利

依《個人資料保護法》第 3 條、第 10 條及第 11 條等相關規定,您就您之個人資料,得向本公司行使下列權利:

  • 查詢或請求閱覽
  • 請求製給複製本
  • 請求補充或更正
  • 請求停止蒐集、處理或利用
  • 請求刪除

您得透過下列方式行使上述權利:

  • 於本應用程式內「個人資料 > 帳號設定」操作
  • 來信至本公司客服信箱:broadmed.tw@gmail.com
  • 透過本應用程式內之 LINE 客服

本公司收到您之請求後,將於 15 日內回覆並依法處理;必要時得延長 15 日,並書面通知您延長原因。

九、資料保存與帳號刪除

  • 您得隨時於本應用程式內「個人資料 > 刪除帳號」提交刪除請求,或透過客服信箱申請。
  • 本公司將於收到刪除請求後 30 日內,完成主資料庫之資料刪除;備份系統之資料將於 90 日內完成清除。
  • 法令另有保存義務者(例如《醫療法》病歷保存規定、稅務法規等),本公司將於該等保存義務範圍內保留必要資料,期滿後刪除。
  • 經完全去識別化處理後之統計資料,不屬於個人資料,本公司得繼續保留供研究與系統優化使用。

十、未成年人之保護

  • 本應用程式建議由 18 歲以上之成年人使用。
  • 未滿 18 歲之未成年人欲使用本應用程式者,須由其法定代理人(父母或監護人)閱讀、理解並同意本條款,並以法定代理人之身分代為註冊及操作。
  • 本公司不會主動為未滿 13 歲之兒童蒐集個人資料(若上架美國市場,此條符合 COPPA 規定)。

十一、本條款之修改

本公司得視營運需要或法令變更隨時修訂本條款。修訂後之內容將於本應用程式內公告,重大變更將另以推播或電子郵件通知。您於變更生效後仍繼續使用本應用程式者,即視為同意修訂內容。

十二、聯絡方式

如您對本條款或個人資料相關事宜有疑義,請透過以下方式聯絡本公司:

  • 博醫科技有限公司(BroadMed Technology Co., Ltd.)
  • 個人資料保護聯絡人:宋柏毅
  • 客服電子郵件:broadmed.tw@gmail.com

十三、準據法及管轄

本條款之解釋及適用,以及您與本公司因本應用程式所生之爭議,均以中華民國法律為準據法,並以台灣[公司所在地]地方法院為第一審管轄法院。

【BroadMed Technology Co., Ltd. — IQThrill Privacy Policy】

This application, "IQThrill" (hereinafter referred to as the "Application"), is a software service provided by BroadMed Technology Co., Ltd. (hereinafter referred to as the "Company"). By downloading, installing, registering, logging in to, or otherwise using the Application, the user is deemed to have fully read, understood, and agreed to all contents of this Privacy Policy.

The Company collects, processes, and uses personal data in accordance with Taiwan's Personal Data Protection Act ("PDPA") and other applicable laws and regulations.

I. Consent for Sensitive Personal Data Collection

The Company collects medical-related sensitive personal data (including but not limited to vascular access information, physiological parameters, and image data) as necessary for providing the Application's services. Pursuant to Article 6, Paragraph 1, Item 6 of the PDPA, the Company must obtain your written consent.

Upon initial registration, you must check the consent option: "I have read and agreed to this Privacy Policy, and I consent in writing, in accordance with the PDPA, to BroadMed Technology Co., Ltd.'s collection, processing, and use of my medical-related sensitive personal data within the necessary scope of providing the Application's services." This electronic acknowledgment constitutes valid written consent under Taiwan's Electronic Signatures Act, Article 4.

You may withdraw such consent at any time. Upon withdrawal, the Application's relevant functions will become unavailable, but withdrawal does not affect the validity of data already lawfully collected and processed prior to withdrawal.

II. Categories of Personal Data Collected

For the operation of this Application, the Company may collect the following categories of personal data:

(1) Identification Data

Name, date of birth, contact telephone number, email address.
(Note: Government-issued identification number is collected only if you voluntarily provide it; it is not a required field for registration.)

(2) Medical-Related Sensitive Data

Hemodialysis vascular access information, physiological parameter records (including but not limited to blood flow rate, venous pressure, pre/post-dialysis blood pressure, body weight, hemoglobin, hematocrit), access maintenance records, anatomy diagrams or lesion-related images, physician notes, and anesthesia records.

(3) System and Technical Data

Login records, user operation behavior, IP address, device identifiers, operating system version, error logs, and other technical information.

If the user refuses to provide the aforementioned data, part or all functions of the Application may not operate properly.

III. Purposes of Collection, Processing, and Use

The personal data collected shall be used solely for the following purposes:

  • To provide, operate, maintain, and improve the Application's functions (dialysis records, trend visualization, cloud backup, etc.)
  • To enable data transmission and health information management between the user and the medical professionals designated by the user
  • Identity verification, information security maintenance, system monitoring, error tracking, and risk management
  • To fulfill obligations required by applicable laws, competent authorities, or judicial proceedings
  • Statistical analysis or system optimization within the scope permitted by law, using de-identified or anonymized data only

The Company shall not use personal data for purposes unrelated to the original purpose of collection, nor for marketing or sale.

IV. Duration, Area, Subjects, and Methods of Use

(1) Duration

From the date of your registration until your account deletion or discontinuation of use, subject to the retention periods specified in Section IX, unless retention is required by applicable laws.

(2) Area

Primarily stored on servers located in Taiwan. For cloud backup services, encrypted data may be transmitted to locations of the Company's outsourced cloud service providers.

(3) Subjects

  • The user
  • Medical institutions or personnel designated by the user within the Application
  • Competent authorities with legal investigative authority
  • The Company's outsourced data processors (under contractual confidentiality obligations)

(4) Methods

By automated or non-automated means for collection, storage, processing, transmission, analysis, or use.

V. Third-Party Service Providers

To provide the Application's full functionality, the Company uses the following third-party services:

  • Cloud Storage: Amazon Web Services / Google Cloud Platform
  • Push Notifications: Apple Push Notification Service / Firebase Cloud Messaging
  • Customer Service: LINE Official Account
  • Application Analytics: [if used, specify the actual analytics tool]

These providers process data according to their respective privacy policies. The Company requires them to use data only within the contractual scope and to maintain confidentiality. For cross-border transfers, the Company ensures the receiving jurisdiction has adequate data protection standards.

VI. Protection and Security Measures

To protect personal data, the Company implements technical and administrative measures compliant with legal requirements, including:

  • TLS 1.2 or higher encryption for data transmission
  • AES-256 encryption for data at rest
  • Access control and account authentication
  • Comprehensive operation and access logs
  • Regular system backup and recovery mechanisms
  • Protection against malicious attacks, regular vulnerability scanning and penetration testing
  • Employee data protection training

VII. Data Breach Notification

In accordance with Article 12 of the PDPA, in the event of theft, leakage, alteration, or other infringement of personal data, the Company shall, after ascertaining the facts, notify affected users through email, in-app push notifications, or other appropriate means within a reasonable period, and explain the cause of the incident and the Company's response measures.

VIII. User Rights Under the PDPA

Pursuant to Articles 3, 10, and 11 of the PDPA, you may exercise the following rights regarding your personal data:

  • Inquire about or request access
  • Request copies
  • Request supplementation or correction
  • Request cessation of collection, processing, or use
  • Request deletion

You may exercise these rights through:

The Company will respond within 15 days of receiving your request and process it according to law. Extensions of up to 15 additional days may apply, with written notice of the reason for extension.

IX. Data Retention and Account Deletion

  • You may submit a deletion request at any time via "Profile > Delete Account" within the Application, or via the customer service email.
  • The Company will complete primary database deletion within 30 days of receiving the request; backup system deletion will be completed within 90 days.
  • Where retention is required by applicable laws (e.g., medical records retention under the Medical Care Act, tax regulations), the Company will retain necessary data only within the scope of such legal obligations and delete it upon expiration.
  • Fully de-identified statistical data does not constitute personal data, and the Company may continue to retain it for research and system optimization purposes.

X. Protection of Minors

  • The Application is recommended for use by adults aged 18 or above.
  • Minors under 18 wishing to use the Application must have their legal representative (parent or guardian) read, understand, and agree to this Policy, and register and operate the Application on their behalf.
  • The Company does not knowingly collect personal data from children under 13 (in compliance with COPPA, if marketed in the United States).

XI. Amendments to This Policy

The Company may revise this Privacy Policy at any time due to operational needs or changes in laws and regulations. Revised contents shall be announced within the Application; significant changes will be additionally notified via push notification or email. Continued use after the effective date of changes constitutes acceptance of the revised Policy.

XII. Contact Information

For any questions regarding this Policy or personal data matters, please contact:

  • BroadMed Technology Co., Ltd.
  • Data Protection Officer: 宋柏毅 (Po-Yi Sung)
  • Customer Service Email: broadmed.tw@gmail.com

XIII. Governing Law and Jurisdiction

This Policy and any disputes arising between you and the Company in connection with the Application shall be governed by the laws of the Republic of China (Taiwan), with the [Company location] District Court as the court of first instance.