Last updated 27 July 2022
Below we provide you (“you” or “User”) with an overview of what data we process in the Medicus Smart Reports App on mobile and web("App") and how we ensure the protection of your data. This application is only for informative use and is not intended to provide therapeutic support or diagnosis assistance. It is not a medical device, and it doesn’t do any automated data processing.
The controller is the Medicus Group ("we/us/our" or " Medicus") consisting of:
|
Medicus AI GmbH |
Wehleweg 9/53, 1030 Vienna, Austria |
Registration number: FN 458726y |
|
Medicus AI Middle East Ltd. |
2480, 24, Al Sila Tower Abu Dhabi Global Market Square Al Maryah Island, Abu Dhabi United Arab Emirates |
Registration number: 000002499 |
|
Medicus AI France SAS |
48 rue du Château d’Eau 75010 PARIS France |
Registration number: 843 961 319 |
|
Medicus AI Deutschland GmbH |
Mohrenstraße 34 10117 Berlin Germany |
Registration number: HRB 194896 B |
Your data will be used by us to provide the service of the App.
Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about health, lifestyle or behaviors.
We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing. Consent means any freely given, specific, informed and unambiguous indication of the User's (data subject) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR).
When using our services and App, your data may be transferred to outside the EU to the controllers of the Medicus Group as set forth above, and also to our affiliated processors, Medicus Software, Building no 16A, 2nd Floor Freezone Damascus, Jamarek Damascus, Syria, registration number 1953, and EOS Health SARL, Bshara El Khoury Street, Berytech Building, BDD 1294, Beirut, Mount Lebanon, 1100, registration number 1026304. All companies belonging to the Medicus Group as well as Medicus Software and EOS Health SARL comply with data protection standards applicable in the EU via EU standard contractual clauses. Data can also be transported to outside the EU to the parties listed in “Data we share with 3rd parties” section of this Data Privacy Policy, details are listed there.
When contacting us via email, your details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on Art. 6 (1) b. GDPR.
We process your data for the purpose of providing the services of the App. Such data may also include health data. The purpose of the Medicus Smart Reports App is to demo how Medicus’ product Smart Reports can be used. For that purpose, you have access to pre-filled exemplary data sets of unreal users. In case such user data is being amended by you, we collect detailed personal and medical data in the App:
The personal and health data you provide when using the App is processed based on your consent according to Art. 6 (1) a. and Art. 9 (2) a. GDPR. You can revoke your consent at any time; if you choose to do so, we’ll stop processing your data from that point forward.
You provide data just if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face disadvantages, for example, limited or no possibility of using our App.
The App does currently allow you to share data with others, such as a carer or family member, as a feature. Any data you share is done so entirely at your own risk.
The data might be shared with your healthcare provider. Other than that no data is processed or shared.
If You would like to opt out of any or all of the processing activities mentioned in this Privacy Policy please get in touch with Us using the email [email protected]. It may not be possible to opt out of a processing activity if We are required to keep it by law or if We hold it in connection with a contract with You.
What happens if wrong data is entered?
When you input your own measurements, and profile details should make sure that this is accurate since this will affect the content generated in the Smart Report.
Medicus will retain any personal data it collects for 3 months, unless we should keep it for a longer period by law. After this period, your data will be permanently deleted using best practice data deletion standards.
To provide the services of the App, we have to share parts of your data with the following 3rd parties:
Mailchimp: We use "Mailchimp", a software to send emails related to info about the App to Users’ email addresses, offered by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. To that end, your email address is send to servers located in the USA. The processing of data is based on your consent to receive email notifications from our Service according to Art. 6 (1) a. GDPR. The Rocket Science Group, LLC, USA is certified according to the EU-US agreement "privacy shield", which guarantees the level of data protection applicable in the EU. The privacy policy of Mailchimp is available at https://mailchimp.com/legal/privacy/.
Google Firebase, Google Cloud Service and Google Firebase Crashlytics: We use the services “Google Firebase” for push notifications, generation of universal links, gathering of analytical data and statistical testing, “Google Cloud Service” to host databases and application servers to provides the services of the App, and “Google Firebase Crashlytics” to report malfunctions in the App. All three services are offered by Google LLC, Mountain View, CA, USA. Data collected are sent to servers located in the USA. If the data are not anonymized the processing of data is based on our legitimate interests of a statistical analysis of the User relationship quality assurance purposes according to Art. 6 (1) f. GDPR. Google is certified according to the EU-US agreement "privacy shield", which guarantees the level of data protection applicable in the EU.
In addition, other users can access your profile and lab reports upon your permission, and you can still revoke your permission at any time using the App.
The App may contain links to other websites. Our privacy policy applies only to our App, so if you click on a link to another website, you should read their privacy policy or related Terms and Conditions.
You have the right to be informed at any time and free of charge about the personal data stored about you. For further information, you can contact e.g. [email protected].
This right of access includes confirmation as to whether or not personal data is processed on you and, if so, the detailed information about such processing.
The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures.
You can also view the latest Personal Data We hold on Your Member Account by logging into Our platform and viewing the “Profile” section.
You have the right to withdraw your consent regarding the use, processing or transmission of your data at any time with effect for the future when such data processing is based on your consent. For this purpose, the User can contact
In the event of withdrawing the consent, we will no longer process and immediately delete your stored data. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights, and freedoms of the respective User or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.
You have the right to demand that we immediately correct any incorrect personal data concerning you. For this purpose, you can contact [email protected] at any time.
You have the right to have us delete any personal data concerning you that we store. For this purpose, you can delete all data yourself or contact [email protected].
Immediate deletion shall be effected in the following cases:
In the event of termination of the User relationship, your data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.
In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the User in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.
Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.
You also have the right to demand that the processing be restricted. For this purpose, you can contact [email protected]. You can only successfully enforce the right to restrict processing if one of the following prerequisites is met:
You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose, you can contact [email protected].
You also have the right to data portability vis-à-vis another controller, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.
When exercising your right to data portability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible. This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.
You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
If you make a request to exercise your rights or to report support issues, we will aim to get back to you as soon as possible but will respond within one month, depending on the complexity of the request.
The App is operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that are transferred by you to us. Your data are only stored on servers within the EU except as set forth in this privacy policy.
System logins to our servers by our research team and any 3rd parties involved, also located outside the EU/EEA, include a 2-factor authentication to ensure that only verified persons may gain access.
Any changes we may make to this Privacy Policy in the future will be posted on this page and will be notified to you to let you know about changes in how we collect and process your information in the App. The date when the document was last updated is shown at the top of this Privacy Policy.
For any inquiries and additional questions about processing personal
data please contact [email protected]. We have appointed a
data protection officer who may be reached via [email protected]
We also welcome Your comments, suggestions and feedback
about our App. You can reach out to us by email: [email protected]