AiGIA is the entity deciding for what purpose your data is being processed. If you reside in the USA, your data controller is AiGIA, Inc., while if you reside in the EU your data controller is AiGIA and other AiGIA entities in the EU. See more about who we are at https://aigia.health
For this purpose, we collect only that personal data absolutely necessary for the specified purposes, on a best efforts basis. We do not sell your data. For the collected information and data, we strive to apply adequate solutions to anonymize it, or to pseudonymize it.
AiGIA cares about protecting your right to privacy in all the regions where we operate and while complying with local laws, we are committed to implementing the personal data protection standard imposed by the General Data Protection Regulation adopted by the European Parliament and the European Council on 27 April 2016 (hereinafter referred to as the “GDPR“) across all AiGIA entities.
Our Data Protection Officer can be found at the following email address: firstname.lastname@example.org.
The following definitions of terms used in this Policy are drawn from and coordinated with Article 4 of the GDPR and are presented for informational purposes:
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. When using the Products, AiGIA and its employees or collaborators do not access meeting or messaging content (specifically, audio, video, files, and messages) unless directed by an account owner, or as required for legal, safety, or security reasons, as discussed below. Below are the specific purposes for which we use the information we collect about you.
When using AiGIA Health, we collect personal data to provide the Services to the account owner. We use personal data, including contact information, to route invitations and messages to recipients when people send invitations and messages using our Products.
We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful. We use information and collective learnings (including feedback) about how people use our Services to troubleshoot, to identify trends, usage, activity patterns, and areas for integration and to improve our Services and to develop new products, features and technologies that benefit our Customers and the public.
We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to obtain and analyze your feedback and crash information, and to repair and improve the Services. We might share information with a third party expert for the purpose of responding to support-related requests.
We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.
We use your contact information and information on how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications may be informed by audits of interactions (like counting ad impressions), and are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about our Services and any updates or new Services provided, product offers, promotions, and contests, as follows:
– Promotional Emails
– Survey Emails
– Sessions news emails
– Sessions tips emails
You may opt out of receiving promotional communications from us by updating your email notification preferences within your account settings menu.
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions.
We use personal data where you have given us consent to do so for a specific purpose not listed above, e.g. we may publish testimonials or featured customer stories to promote the Services, with your permission.
The data protection principles outline the basic responsibilities for organizations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
AiGIA collects information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
We collect information about you when you input it into the Services or otherwise provide it directly to us.
We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information (name, surname, email address) and, in some cases, billing information, when you register for the Services. You also have the option of adding a display name, profile photo, company name and logo and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select your settings for the Services.
If you decide to log in with Google, Facebook, LinkedIn or other social media account, you consent for AiGIA to have access to your respective profile data on such a social media account.
Please note that the authentication process is being handled through aigia.health. Aigia.health is also owned by AiGIA and therefore any information collected within the registration process shall be processed in accordance with this Policy.
The Services include AiGIA Health, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Content also includes the files and links you upload to the Services. We collect feedback you provide directly to us through the product and we collect content using analytics techniques that hash, filter or otherwise scrub the information to exclude information that might identify you or your organization; and we collect clickstream data about how you interact with and use features of the Services.
The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events.
The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service or just to send us valuable feedback. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Also, when submitting feedback via our designated channels, some account and system information will be shared with us. So keep in mind not to share sensitive or personal information. In order to solve the technical problems you reported via our feedback channel, we may need to process (analyze) information regarding the way you used our product in the context that generated the issue, such as: account information, browser information, operating system, device and other technical information about the system, the artefacts you used within our Product and the way you used them. These information will be used only for improving our services and for solving the technical issues you reported. ,
When using Sessions, the Owner can choose to record the teleconsultation with all the video and audio content (including the public chat).
We do not store the recordings. Only the Owner of the session can access the recording by downloading it from their account and saving it on their device. However, the recording can be made available to be seen by the participants by uploading it manually as a resource to the session. If you choose to download the recording, you are responsible for storing and processing it according to all recording laws and data processing regulations.
The Owner is responsible for getting the consent from all participants prior to starting the recording.
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services.
We also collect information about the teams and people you work with and how you work with them, such as with whom you collaborate with and communicate with most frequently.
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
2. Collecting Data from publicly available information and other sources (e.g. from other platforms such as Google, Facebook, LinkedIn)
We receive information about you from other Service Customers, from third-party services, from our related companies, social media platforms, public databases, and from our business and channel partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalized advertising and suggest services that may be of interest to you.
Other Customers of our Services may provide information about you when they submit content through the Services. We also receive your email address from other Service Customers when they provide it in order to invite you to the Services. Similarly, an organization may provide your contact information when they designate you as the billing or technical contact on your company’s account or when they designate you as an administrator.
We receive information about you when you or your organization integrate third-party apps (Google Sign-in, LinkedIn Sign-in) or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.
We may receive information about you from companies that are owned, operated or mandated by AiGIA, in accordance with their terms and policies.
We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with our Services and online advertisements.
We may receive information about you from third party providers of business information and publicly available sources (like social media platforms), including physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), IP addresses and social media profiles, for the purposes of targeted advertising of products that may interest you, delivering personalized communications, event promotion, and profiling.
In order to understand the navigational trends related to our Services, we use third-party analytics tools which collect information which your browser sends when you visit our web page. Here are tools which we use and information about their privacy policies:
When you use the Services, we share certain information about you with other Service Customers.
You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your organization (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service Customers when you share or interact with specific content. For example, when you comment in a session, we display your profile picture and name next to your comments so that other Customers with access to the page or issue understand who made the comment.
You can confirm whether certain Service properties are publicly visible from within the Services or by contacting the relevant administrator.
If you register or access the Services using an email address with a domain that is owned by your employer or organization or associate that email address with your existing account, and such organization wishes to establish an account or site, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service Customers sharing the same domain. If you are an administrator for a particular site or group of Customers within the Services, we may share your contact information with current or past Service Customers, for the purpose of facilitating Service-related requests.
We work with third-party service providers (e.g. advertising, market research, conferencing ) to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you.
We work with third parties who provide consulting, sales, support, and technical services (e.g. Hubspot, CookieBot, Hotjar) to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with these third parties where you have agreed to that sharing of information.
We share information about you with third parties when you give us consent to do so. For example, we can display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect AiGIA, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
We use industry standard technical and organizational measures to secure the information we store. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is safe from intrusion by others.
If you use your server or data center, responsibility for securing storage and access to the information you put into the Services rests with you and not with AiGIA. We strongly recommend that server or data center users configure SSL to prevent interception of information transmitted over networks and to restrict access to the databases and other storage points used.
How long we keep information we collect about you depends on the type of information, as described in further detail below.
After such time, we will either delete or de-identify your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services or have the servers located. Whenever we transfer your information, we take steps to respect the legal requirements laid down by the GDPR.
We make enquiries and require third parties to respect the security of your personal data and to treat it in accordance with the applicable laws and regulation. Third-party service providers might use your personal data for their own purposes but only by respecting their Privacy Policies and the GDPR related principles. We will ensure our best efforts to permit them to process your personal data only for specified purposes and in accordance with our instructions.
Some of our external third parties or contractors are based outside the European Economic Area (EEA) so the processing of your data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission through adequacy decisions – the official list of countries that have been recognized to grant a standard of personal data protection compliant to that of the GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
In addition, UK will also be subject to an adequacy decision to replace the current interim solution, agreed under the EU-UK Trade and Cooperation Agreement, which allows for companies and organisations to transfer personal data from the EU to the UK up until 30 June 2021.
Where we use certain service providers, we may use standard contractual data protection clauses which may have been approved by the European Commission which give personal data the same protection it has in Europe.
AiGIA offers European Union Model Clauses, also known as SCCs, to meet the adequacy and security requirements for our Consumers that operate in the European Union and the United Kingdom, and other international transfers of data.
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you that we receive from the EU, the UK, and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
To learn more about the Privacy Shield Program, please see www.privacyshield.gov.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
According to the GDPR, the Data Subjects shall have the right to access to data, rectification, erasure, restriction on processing, objection to processing and right to data portability, as follows:
For exercising these rights, you may send a written request, dated and signed and send it to the above mentioned Trencadis headquarters or via email to the data protection officer at email@example.com.
You also have the right to lodge a complaint with a competent supervisory authority on data protection.
1.Notices to data subjects
At the time of collection or before collecting personal data for any kind of processing activities including but not limited to selling products, services, or marketing activities, the Company is responsible to inform data subjects of the following: the types of personal data collected, the purposes of the processing, processing methods, the data subjects’ rights with respect to their personal data, the retention period, potential international data transfers, if data will be shared with third parties and the Company’s security measures to protect personal data. All such information is provided through this Policy.
Whenever personal data processing is based on the Customer’s consent, the Company is responsible for retaining a record of such consent. The Company is responsible for providing data subjects with options to provide the consent and must inform and ensure that their consent (whenever consent is used as the lawful ground for processing) can be withdrawn at any time.
When requests to correct, amend or destroy personal data records are received, the Company must ensure that these requests are handled within a reasonable time frame. The Company must also record the requests and keep a log of these.
Personal data must only be processed for the purpose for which they were originally collected. In the event that the Company wants to process collected personal data for another purpose, the Company must seek the consent of its data subjects in clear and concise writing. Any such request should include the original purpose for which data was collected, and also the new, or additional, purpose(s). The request must also include the reason for the change in purpose(s).
Whether acting as a controller or as a processor, will have as a lead supervisory authority the Romanian Data Processing Authority (firstname.lastname@example.org) or any other relevant data protection agency in a state where AiGIA operates (including but not limited to the US or other EU country).
When the Company learns of a suspected or actual personal data breach, it must perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of data subjects, the Company must notify the Romanian Data Processing Authority or for that matter, any other relevant data protection agency without undue delay and, when possible, within 72 hours after having become aware of the personal data breach.
This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which the Company operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.
The Customers can raise their questions in relation to their rights or to address any questions in relation to this Policy by:
Directly at the address: 10 Fabrica de Gheata St. Sector 2 Bucharest 022503 Romania
Each request will be reviewed as soon as possible, but no later than 30 days since its submission.