IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE PRODUCT OR SERVICES. This Privacy Policy covers:
- The Information we Collect;
- How we Use the Information we Collect and the legal basis for our processing;
- Information Sharing and Disclosure;
- Online Analytics and Tailored Online Marketing;
- Information Access and Retention;
- How we Protect Information;
- Children;
- How to Contact Us; and
- Changes to this Policy.
1. The Information we Collect.
How we collect, and store information depends on your relationship with us (e.g., whether you visit the Site only, or whether use the Product and Services). Several categories of information are collected from you, as described below.
Information You Provide
We may collect information about you during your use of the Product, including your name, organization, medical specialty, username, password, email address, postal address, phone number, mobile phone number, payment information, device model and serial number, and other information you enter, provide us, or allow us to access when you do certain things (collectively, “User Information”), such as:
- Acquire a Product (e.g., purchase, rent, or try a Product);
- Provide us with feedback or reviews;
- Request certain features or information from us (e.g., newsletters, updates, and other products);
- Contact customer support;
- Apply for a job posting;
- Use our Product;
- Connect with the Services or otherwise allow us to access certain information about you via a social networking service.
Patient Information
When you use the Product and our App, you can enter patient health information of patients you are examining (“Patient Information”). Securing and preserving the confidentiality of Patient Information you entrust to us is a top priority for Biim Ultrasound AS Patient Information is stored securely when it is in the App. We will not collect, use or disclose any Patient Information other than as permitted by you pursuant to terms specified in the separate Product terms and conditions you agreed to when acquiring the Product (e.g., purchase, rental, or trial terms), this Privacy Policy, as required by law, or in accordance with additional applicable written agreements (e.g., for U.S. users, a Business Associate Agreement (BAA) as specified in the Health Insurance Portability and Accountability Act (HIPAA) or for E.U. users, a similar agreement constituting a Data Protection Addendum) that govern our use and disclosure of Patient Information. In the event of any inconsistency between the terms of any applicable written agreement such as the BAA and those in this Privacy Policy, the terms of the written agreement will prevail.
Examination Information
When you use the Product and our App, examination information (e.g., ultrasound images, cineloops, measurements, findings, annotations, statistics, examinations, calculations, impressions, indications) will be generated (“Examination Information”). Examination Information is stored initially in the App and may be exported or securely uploaded to your internal system.
Automatically Collected Information
When you use the Services, there is some information that we collect automatically, as discussed in this section.
Usage and Analytics Information
We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Product or Services. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
- Website Data. When you use our Site, we may collect and analyze information such as your Internet Protocol (IP) address, browser types, browser language, operating system, the state or country from which you accessed the Services, referring and exit pages and Uniform Resource Locators (URLs), platform type, user interactions (keypresses, and mouse events such as movement, location, and clicks) domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services and upload or post content, error logs, and other similar information.
- Product Usage Data. We collect certain analytics information about your use of the Product and App (such as models, types or settings of the Products used, workflows used, indications selected, log files, buttons pressed, boot logs, temperature information, usage statistics, or support requests and results). We collect and use most of this information solely in anonymous and aggregate form but maintain log files in identifiable form for a period of time for troubleshooting and other purposes. This information helps us improve our Product and Services, troubleshoot bugs, and analyze device errors.
Location Information
Cookies and Other Electronic Technologies
We use “cookies” and similar technologies, such as web beacons, to help us improve your user experience, optimize our Services, increase security, analyze use and effectiveness of our Services, and serve and measure online marketing. Cookies are alphanumeric identifiers that are placed on your computing devices. Third-parties may also place cookies and similar technologies on the Services. You can control cookies through your browser settings and other tools. Most browsers tell you how to do so in their “help” section. By accessing and using the Services, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this Privacy Policy.
Information from Third-Parties
We may obtain additional information about you from third-parties such as marketers, partners, researchers, and others. We may combine information that we collect from or about you with information we obtain about you from such third-parties and affiliates and information derived from any other subscription, product, or service we provide. If you connect to a third-party network, platform, app, or service through the Services, you are authorizing us to collect, store, and use in accordance with this Privacy Policy any and all information that you agreed the social network or other third-party could provide to us based on your settings on the third-party social network or platform. Your agreement takes place when you connect with the third-party network, platform, or service via our Services, and/or when you connect with one of our applications through one of these services.
E-mail Communications
To help us make emails more relevant to you, we (may) receive a confirmation when you open e-mail from Biim Ultrasound AS if your computer supports such capabilities. This is based you consenting to send us such confirmations through accepting this in your e-mail program.
When purchasing our Services we may send you marketing e-mails about our products and services. You always have the option to decline to receive such e-mails.
2. How we Use the Information we Collect and the legal basis for our processing.
We use the information that we collect in order to:
- Provide you with the Product and Services you have purchased or requested and send you information about your relationship or transactions with us;
- Notify you about new features of the Product or Services, special events, and send you newsletters;
- Generate and review reports and data about our user base and Product and/or Services usage patterns;
- Analyze the accuracy, effectiveness, usability, or popularity of the Products and/or Services (for example, we may monitor and analyze traffic and usage of our Site and App);
- Provide you with support and improve the content and features of the Product or Services, or develop new products or services;
- Personalize the content and marketing that you see on the Services;
- If you have provided us your consent, send you marketing communications (e.g., via mail, e-mail, text message, telephone, push notifications, or other means to which you have consented) about Biim Ultrasound AS products, software updates, (e.g., in digest form), and third-party products, software, and services that we believe may be of interest to you. If you do not wish to receive direct marketing, you may choose to opt-out pursuant to the instructions in Section 7 below;
- Help prevent fraud and enforce the legal terms that govern your use of the Product and Services; and
- Administer and troubleshoot the Product and/or Services.
Legal basis for processing (for residents of the European Union):
If you are a resident of the European Union (EU), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Product and Services, including to operate the Services and provide customer support and personalized features. The legal basis is our agreement with you (Art. 6 (1) (b) GDPR). For health data being special categories of data as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to protect the safety and security of the Product and Services and to market and promote the Product and Services and to protect our legal rights and interests. The legal basis is our legitimate interest Art. 6 (1) (f) GDPR, and our legitimate interest is to improve and develop our Services;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect the legality of any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer or medical facility) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Product or Services.
3. Information Sharing and Disclosure.
We do not rent, sell, or share any collected information with third-parties except as described in this Privacy Policy. We may share your information for the following purposes:
- Third-Party Service Providers: We may share the collected information with our service providers who use the collected information on our behalf to assist in business activities such as delivering certain features or services, order fulfillment, payment processing, marketing, and other similar services. For example, a company such as FedEx may ship parcels on our behalf and we may provide them with your User Information. These companies may have access to personal information needed to perform their functions, but they are only provided the limited amount of information required to perform their service. When engaging these parties, we require them to safeguard personal information using strict security and privacy protections, in accordance with the law. Where Third Party Service providers are our data processors, we ensure to enter into data processing agreements in accordance with GDPR.
- Legal Reasons: We release personal information when we believe release is reasonable and permitted by law, including if it is appropriate to comply with subpoenas, court orders or other legal processes, for health and safety reasons, or otherwise clearly in the interests of the individual and consent cannot be obtained in a timely way. This does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Policy.
- Prevent Illegal Activities: We may disclose your information when we believe it appropriate in order to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms and Conditions for the Product or Services you accessed, to establish or exercise our legal rights, and/or to defend against legal claims protect our rights and property.
- Merger or Acquisition: As we continue to develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, the collected information may be among the transferred assets. Our legal basis is our legitimate interest to conduct such corporate reorganizations and Our disclosure is limited to situations where we are permitted to do so under applicable European and national data protection laws and regulations.
- App Vendor: We may provide your identity and mobile device identifier to third-party app store providers (e.g., Apple iTunes Store) to allow you to download our App.
- When we otherwise have your permission.
4. Online Analytics and Tailored Marketing.
Online Analytics
We may use third-party web analytics services on our Services, such as those of Google Analytics. These service providers use the sort of technology described in the Automatically-Collected Information section above to help us analyze how users use the Services, including by noting the third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. We also use Google Analytics for certain purposes related to online marketing, as described in the following section. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on by clicking here.
Tailored Online Marketing
Third-parties whose products or services are accessible or marketed via the Services may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about your use of the Services in order to (i) inform, optimize, and serve marketing content based on past visits to our websites and other sites and (ii) report how our marketing content impressions, other uses of marketing services, and interactions with these marketing impressions and marketing services are related to visits to our websites. We may also allow other third-parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) to serve tailored marketing to you on the Services, and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Services. We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Services by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third-parties. Those parties that use these technologies may offer you a way to opt out of targeted marketing. For example, to opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent marketing technology is integrated into the Services, you may still receive marketing content even if you opt-out of tailored marketing. In that case, the marketing content will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
Each operating system, iOS for Apple devices, Android for Android devices, and Windows for Microsoft devices provides its own instructions on how to prevent the delivery of tailored in-application marketing content. You may review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of tailored in-application marketing. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator.
5. Your rights
You have the following rights:
You have the following rights:◦ Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved).
Right to access (Art. 15 GDPR): You have the right to request a copy of the data that we hold about you.
Right to rectification (Art. 16 GDPR): You have the right to have your Personal Data corrected. You may email us to correct or change any collected information by using the contact information below in the “How to Contact Us” section.
Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data. This right may be exercised for example: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing, including: when you contest the accuracy of your Personal Data; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds for our processing override your grounds.
Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority (Art 77 GDPR/ 15.2 d).
The applicable supervisory authority for us is Datatilsynet:
www.datatilsynet.no
If you are a EU citizen you may also lodge a complaint with the data protection authorities at where you have your habitual residence, place of work or place of the alleged infringement.
Notice to End Users
Our Products are intended for use by medical facilities. Where the Services are made available to you through an medical facility, that medical facility is the administrator of the Services and is responsible for the accounts and/or Services over which it has control. If this is the case, please direct your data privacy questions to your medical facilities’s administrator, as your use of the Services is subject to that medical facilities's policies. We are not responsible for the privacy or security practices of an administrator's medical facility, which may be different than this policy.
6. How we Protect Information.
We have put in place commercially reasonable physical, electronic, and managerial procedures: to safeguard and help prevent unauthorized access, to maintain data security, and, to use correctly the information we collect through the Services. These safeguards vary based on the sensitivity of the information that we collect and store.
Although we take appropriate measures to safeguard against unauthorized disclosures of information, these measures cannot be guaranteed to be 100% secure. As a result, we cannot ensure or warrant the security of any information you transmit to us or that such information will never be disclosed in a manner that is inconsistent with this Privacy Policy.
7. Children.
We are committed to protecting the online privacy of children. Our Product and Services are intended for individuals who are trained and certified to use the Product, and not geared towards children. In order to protect the privacy of children, children under 17 years of age are not permitted to provide any personal information to us and any users of our Product and Services are to ensure that any information of a minor (including any Patient Information and/or Examination Information) is only be provided to us with parental consent. Please email us at the contact information noted below if you believe we may have collected information from your child without proper consent and we will work to delete it.
8. How to Contact Us.
If you have any questions, comments, or concerns regarding our Privacy Policy or practices, please send an email to support@biimultrasound.com to the attention of our Privacy Officer, and we will attempt to resolve them quickly.
9. Changes to this Policy.
We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Product and/or Services, or advances in technology. Please check this page periodically for changes. Your continued use of the Product and/or Services following the posting of changes to this policy will mean you accept those changes. If we make any material changes to this Privacy Policy, we will post the updated Privacy Policy here and notify you by email or by means of a notice on our website prior to the changes becoming effective.
Updated on October 2, 2018