Last Updated: September 29, 2025
This Privacy Policy describes how we collect, use, store, and share your personal information when you use our continuous glucose monitoring product (hereinafter referred to as "CGM Product") and its associated Anytime View Web Service (the "Web Service"). We are committed to protecting your privacy and ensuring your personal data is handled in accordance with the applicable Data Protection Law and applicable country-specific data protection regulations.
Anytime View ("we", "us", or "our") provides a web service that enables licensed doctors to access relevant service functions. Based on the service model, doctors do not determine the purposes or means of processing personal data related to Doctor Users within the Service. Accordingly, for the processing described in this Privacy Policy we act as:
• Controller for Doctor User account data (see Section 3.1) and technical/usage data generated by Doctor Users (see Section 3.2);
• Doctors are the main users of the Service and shall comply with this Policy when using the Service.
l Ÿ Legal entity name:Zhejiang POCTech Co.,Ltd.
l Ÿ Registered address: Building 11, No. 1633 Hongfeng Road, Huzhou City, Zhejiang Province
l Ÿ Contact email: helpdesk@yuyue.com.cn
l Ÿ Data Protection Officer (if appointed): zhangxiaoyu@yuyue.com.cn
For country-specific DPO/ data protection responsible person requirements, see Section 14 Country-Specific Provisions.
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Anytime View (the "Service"). It applies only to doctors and clinic staff who register for and use the Service ("Doctor Users"); the privacy policy for patients will be separately formulated and published.
For country-specific rules applicable to your use of the Service, see Section 14 Country-Specific Provisions.
To ensure identity verification and basic account operation, we collect the following mandatory information when a healthcare professional creates an account:
l Ÿ Email address (for login/authentication)
l Ÿ Full name and professional title (for service identity confirmation)
l Ÿ Clinic name
l Ÿ Clinic telephone number
l Ÿ Clinic address
These items are personal data relating to you as a professional contact and do not include special categories of data about you.
Optional data provided at Doctor User’s discretion:
l Ÿ Gender
For country-specific mandatory fields for Doctor User account data, see Section 14 Country-Specific Provisions.
When you use the Service, we may collect the following data related to your usage behavior:
• Log and usage data: timestamped service access records, login status, device model used for access, and IP address
• Security and audit data: records of privileged operation behavior, login failure logs, and system access traces
For country-specific requirements on technical data categories, see Section 14 Country-Specific Provisions.
Ÿ Data you provide directly (e.g., information filled in during Doctor User registration)
Ÿ Data generated by your use of the Service (e.g., service operation logs, security/audit events)
Ÿ Data provided by your affiliated clinic for account verification (e.g., professional qualification certification materials, subject to your prior consent)
Type of Information | Purpose of Processing | Legal Basis (GDPR (or corresponding article in UK GDPR)/ country-specific basis) |
User Information (Required) | We use this information to: • Create and manage your Web Service account • Verify your professional identity and authenticate service access • Provide technical support and service consultation for you | Art. 6(1)(b) GDPR (or corresponding article in UK GDPR): Processing is necessary for the performance of a contract (our Terms of Service with you to provide the Web Service)Art. 6(1)(f) GDPR �C Legitimate interests (ensuring service security and compliance with medical industry regulations)For Poland: Doctor User data must include "professional license number" to verify medical qualification (see Section 14.2)For Thailand: Doctor User data must include "medical council registration number" (see Section 14.7) |
User Information (Optional) | You may choose to provide this information voluntarily. We use it to: • Personalize your service interface and usage experience | Art. 6(1)(a) GDPR �C Consent (you may withdraw at any time)For Malaysia: Optional data requires explicit opt-in consent (see Section 14.8) |
Ÿ Operate, maintain, and optimize the Service (including troubleshooting and performance improvement): Art. 6(1)(f) GDPR
Ÿ Ensure service security (including anti-fraud, access control, and incident response): Art. 6(1)(c) GDPR (compliance with legal obligations for information security)
Ÿ Conduct compliance auditing and regulatory reporting: Art. 6(1)(c) GDPR
We host and store Doctor User personal data in the EU on servers provided by AWS located in Frankfurt.We host and store Doctor User personal data in the EU on servers provided by
For country-specific data storage restrictions (e.g., mandatory local storage for Doctor User data), see Section 14 Country-Specific Provisions.
Except as permitted by country-specific regulations (detailed in Section 14), we do not transfer your personal data outside the European Economic Area (EEA) without meeting applicable cross-border transfer requirements (e.g., standard contractual clauses, adequacy decisions).
We do not sell your personal data. We disclose data only to:
Ÿ Service providers / sub-processors (e.g., cloud hosting, technical support, identity verification) who act under contract and process data on our instructions; such sub-processors shall comply with data protection obligations consistent with this Policy
For Russia: Sub-processors must be registered with Roskomnadzor (see Section 14.12)
For Malaysia: Sharing with sub-processors must be notified to JPDP 14 days in advance (see Section 14.8)
Ÿ Legal and regulatory authorities (e.g., medical regulatory agencies, data protection authorities) where required by law (e.g., responding to regulatory inquiries, investigating violations of laws/regulations)
For South Africa: Disclosure to authorities must be notified to you within 7 days (see Section 14.11)
We will notify you in advance before adding or replacing a sub-processor (subject to country-specific notification requirements, see Section 14).
We retain your personal data only as long as necessary for the purposes described:
Ÿ Doctor User account data: For the duration of your account validity + [1 year] after account cancellation (for legal/audit purposes), unless a longer retention period is required by law
For Colombia: Doctor User professional qualification data must be retained for at least 5 years (see Section 14.9)
For Russia: Doctor User account logs must be retained for 3 years (see Section 14.12)
Ÿ Technical and usage data: [12 months] (for service maintenance and security auditing)
For Thailand: Access logs must be retained for 24 months (see Section 14.7)
For Poland: Audit trails must be retained for 18 months (see Section 14.2)
When data is no longer needed, we will delete it, anonymize it, or aggregate it (to ensure it cannot be used to identify you).
We implement appropriate technical and organizational measures to protect your personal data, including:
l Ÿ Encryption of data in transit (using TLS 1.3 protocol) and at rest (using AES-256 encryption algorithm)
l Ÿ Role-based access controls and multi-factor authentication for privileged accounts
l Ÿ Regular security vulnerability scans and penetration testing
l Ÿ Network isolation between production and test environments
l Ÿ Incident response plans for data security breaches
For Russia: Mandatory use of Russian-certified encryption tools (e.g., CryptoPro) (see Section 14.12)
For Singapore: Annual security audits by PDPC-accredited firms (see Section 14.10)
For Malaysia: Daily encrypted backups of Doctor User data (see Section 14.8)
Subject to conditions and exemptions under the GDPR/UK GDPR, you have the right to request:
l Ÿ Access to your personal data held by us
l Ÿ Rectification of inaccurate or incomplete personal data
l Ÿ Erasure of your personal data (where applicable, "right to be forgotten")
l Ÿ Restriction of processing of your personal data
l Ÿ Data portability (for data you provided, in a commonly used machine-readable format)
l Ÿ Objection to processing based on our legitimate interests
For country-specific additional rights or response time requirements, see Section 14 Country-Specific Provisions
For UK: "Right to erasure" excludes data retention for public health research; you may request a "summary of processing activities" (see Section 14.1)
For Czech Republic: Correction requests must be responded to within 10 working days (see Section 14.6)
For Malaysia: You may withdraw consent at any time, and we will cease processing within 7 working days (see Section 14.8)
To exercise these rights, contact us at [CONTACT EMAIL]helpdesk@yuyue.com.cn or your local data protection responsible person (if applicable, see Section 14). We may verify your identity before responding to ensure data security.
You also have the right to lodge a complaint with your local data protection supervisory authority:
• EU: https://edpb.europa.eu/about-edpb/about-edpb/members_en
• UK: https://ico.org.uk
• For other countries, see Section 14 for local supervisory authority information
The Service is intended for professional healthcare use and is not directed to children. Patient access, where provided, is mediated by clinics/Doctor Users and governed by clinic policies and applicable law. If we become aware that we have collected personal data from a child without appropriate authorization/consent, we will delete it.
We may update this Privacy Policy from time to time. We will notify you by NOTICE in-app and update the "Last Updated" date.byand update the "Last Updated" date.
For Malaysia: We will provide at least 30 days’ advance notice of material changes (see Section 14.8)
For Thailand: We will provide 15 days’ advance notice of material changes and publish updates on the DPCC’s public portal (see Section 14.7)
Please review the updated Policy carefully. Your continued use of the Service after the update takes effect constitutes your acceptance of the changes.
Questions or requests regarding this Privacy Policy can be sent to:
Ÿ Global contact email: [CONTACT EMAIL]helpdesk@yuyue.com.cn
This section sets out rules that differ from GDPR and apply to Doctor Users located in the following countries. These provisions supplement and prevail over other sections of this Policy to the extent of any conflict, with a focus on Doctor Users’ data subject rights and content that differs from GDPR (and affects the exercise of rights).
• Data Subject Rights: The "right to erasure" does not apply to data retention required for public health research (broader than GDPR exceptions). You may request a "summary of your data processing activities" (additional to GDPR rights), and we will respond within 1 month (no extension for complex requests).
• Supervisory Authority: Information Commissioner’s Office (ICO) �C https://ico.org.uk
• Data Subject Rights: You have the right to request verification of the authenticity of your stored professional qualification data; we will respond within 15 working days (shorter than GDPR’s 1 month).
• GDPR Differences: Your account data must include "professional license number" (mandatory for identity verification); your service access audit records must be retained for 18 months (longer than Section 8’s 12 months).
• Supervisory Authority: Inspector General for Personal Data Protection (UODO) �C https://uodo.gov.pl
• Data Subject Rights: You have the right to request a list of all third parties with whom your account data has been shared (additional to GDPR rights).
• GDPR Differences: Cross-border transfer of your data requires prior approval from ANSPDCP (stricter than GDPR’s SCCs).
• Supervisory Authority: National Supervisory Authority for Personal Data Processing (ANSPDCP) �C https://www.anspdcp.ro
• Data Subject Rights: You may request free copies of your stored personal data (no administrative fees); we will respond within 20 working days.
• GDPR Differences: Your clinic’s verification data (e.g., qualification certificates) must be re-verified annually (additional to GDPR’s verification requirements).
• Supervisory Authority: Commissioner for Information of Public Importance and Personal Data Protection �C https://www.infostan.rs
• Data Subject Rights: You have the right to object to automated decision-making related to your service access permissions (even if it does not produce legal effects).
• GDPR Differences: Processing of your professional identity data must prioritize GDPR Article 9 (special category data rules) over Article 6.
• Supervisory Authority: Italian Data Protection Authority (Garante) �C https://www.garanteprivacy.it
• Data Subject Rights: Requests to correct your professional title or clinic information must be responded to within 10 working days (shorter than GDPR). You may object to algorithm-based suggestions for service function permissions.
• GDPR Differences: Cross-border transfer agreements must include a clause requiring the recipient to notify UOOD of data breaches within 72 hours.
• Supervisory Authority: Office for Personal Data Protection (UOOD) �C https://www.uood.cz
• Data Subject Rights: You have the right to request a detailed explanation of how your login logs are used for service security; we will provide the explanation within 15 working days.
• GDPR Differences: Your account data must include "medical council registration number" (mandatory); access logs must be retained for 24 months.
• Supervisory Authority: Thai Data Protection Committee (DPCC) �C https://www.dpcc.or.th
• Data Subject Rights: You may withdraw consent for optional data processing at any time, and we will cease processing within 7 working days (faster than GDPR’s "without undue delay").
• GDPR Differences: Optional data (e.g., gender) requires explicit opt-in consent (GDPR allows implicit consent in some cases); we will notify you 30 days in advance of Policy changes.
• Supervisory Authority: Personal Data Protection Department (JPDP) �C https://www.pdp.gov.my
• Data Subject Rights: You have the right to request written proof of the consent you provided for data processing (additional to GDPR rights); we will provide the proof within 15 working days.
• GDPR Differences: Your professional qualification data must be retained for 5 years (longer than Section 8’s general retention); access to your data is free of charge (no fees for copies).
• Supervisory Authority: Superintendence of Industry and Commerce (SIC) �C https://www.sic.gov.co
• Data Subject Rights: You have the right to request deletion of your account data that is no longer necessary for service provision (more explicit than GDPR’s "right to erasure"); we will respond within 30 working days.
• GDPR Differences: Our security measures for your data must be audited annually by a PDPC-accredited firm (mandatory under local law).
• Supervisory Authority: Personal Data Protection Commission (PDPC) �C https://www.pdpc.gov.sg
• Data Subject Rights: You have the right to request an explanation of how your data complies with South African medical laws; we will respond within 21 working days.
• GDPR Differences: If we disclose your data to regulatory authorities, we will notify you within 7 days (GDPR does not mandate this timeline); your data must be stored locally in South Africa.
• Supervisory Authority: Information Regulator �C https://www.inforegulator.org.za
• Data Subject Rights: You have the right to request deletion of any personal data stored outside Russia; we will confirm deletion within 3 working days (additional to GDPR rights).
• GDPR Differences: Your data must be stored on Russian servers (offshore storage is prohibited); we must use Russian-certified encryption tools (e.g., CryptoPro) to protect your data.
• Supervisory Authority: Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) �C https://rkn.gov.ru