- The Information we Collect;
- How we Use the Information we Collect and the legal basis for our processing;
- Information Sharing and Disclosure;
- Online Analytics and Tailored Online Marketing;
- Information Access and Retention;
- How we Protect Information;
- How to Contact Us; and
- Changes to this Policy.
1. The Information we Collect.
How we collect, and store information depends on your relationship with us (e.g., whether you visit the Site only, or whether use the Product and Services). Several categories of information are collected from you, as described below.
Information You Provide
We may collect information about you during your use of the Product, including your name, organization, medical specialty, username, password, email address, postal address, phone number, mobile phone number, payment information, device model and serial number, and other information you enter, provide us, or allow us to access when you do certain things (collectively, “User Information”), such as:
- Acquire a Product (e.g., purchase, rent, or try a Product);
- Provide us with feedback or reviews;
- Request certain features or information from us (e.g., newsletters, updates, and other products);
- Contact customer support;
- Apply for a job posting;
- Use our Product;
- Connect with the Services or otherwise allow us to access certain information about you via a social networking service.
When you use the Product and our App, examination information (e.g., ultrasound images, cineloops, measurements, findings, annotations, statistics, examinations, calculations, impressions, indications) will be generated (“Examination Information”). Examination Information is stored initially in the App and may be exported or securely uploaded to your internal system.
Automatically Collected Information
When you use the Services, there is some information that we collect automatically, as discussed in this section.
Usage and Analytics Information
We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Product or Services. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
- Website Data. When you use our Site, we may collect and analyze information such as your Internet Protocol (IP) address, browser types, browser language, operating system, the state or country from which you accessed the Services, referring and exit pages and Uniform Resource Locators (URLs), platform type, user interactions (keypresses, and mouse events such as movement, location, and clicks) domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services and upload or post content, error logs, and other similar information.
- Product Usage Data. We collect certain analytics information about your use of the Product and App (such as models, types or settings of the Products used, workflows used, indications selected, log files, buttons pressed, boot logs, temperature information, usage statistics, or support requests and results). We collect and use most of this information solely in anonymous and aggregate form but maintain log files in identifiable form for a period of time for troubleshooting and other purposes. This information helps us improve our Product and Services, troubleshoot bugs, and analyze device errors.
Cookies and Other Electronic Technologies
Information from Third-Parties
To help us make emails more relevant to you, we (may) receive a confirmation when you open e-mail from Biim Ultrasound AS if your computer supports such capabilities. This is based you consenting to send us such confirmations through accepting this in your e-mail program.
When purchasing our Services we may send you marketing e-mails about our products and services. You always have the option to decline to receive such e-mails.
2. How we Use the Information we Collect and the legal basis for our processing.
We use the information that we collect in order to:
- Provide you with the Product and Services you have purchased or requested and send you information about your relationship or transactions with us;
- Notify you about new features of the Product or Services, special events, and send you newsletters;
- Generate and review reports and data about our user base and Product and/or Services usage patterns;
- Analyze the accuracy, effectiveness, usability, or popularity of the Products and/or Services (for example, we may monitor and analyze traffic and usage of our Site and App);
- Provide you with support and improve the content and features of the Product or Services, or develop new products or services;
- Personalize the content and marketing that you see on the Services;
- If you have provided us your consent, send you marketing communications (e.g., via mail, e-mail, text message, telephone, push notifications, or other means to which you have consented) about Biim Ultrasound AS products, software updates, (e.g., in digest form), and third-party products, software, and services that we believe may be of interest to you. If you do not wish to receive direct marketing, you may choose to opt-out pursuant to the instructions in Section 7 below;
- Help prevent fraud and enforce the legal terms that govern your use of the Product and Services; and
- Administer and troubleshoot the Product and/or Services.
Legal basis for processing (for residents of the European Union):
If you are a resident of the European Union (EU), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Product and Services, including to operate the Services and provide customer support and personalized features. The legal basis is our agreement with you (Art. 6 (1) (b) GDPR). For health data being special categories of data as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to protect the safety and security of the Product and Services and to market and promote the Product and Services and to protect our legal rights and interests. The legal basis is our legitimate interest Art. 6 (1) (f) GDPR, and our legitimate interest is to improve and develop our Services;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect the legality of any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer or medical facility) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Product or Services.
3. Information Sharing and Disclosure.
- Third-Party Service Providers: We may share the collected information with our service providers who use the collected information on our behalf to assist in business activities such as delivering certain features or services, order fulfillment, payment processing, marketing, and other similar services. For example, a company such as FedEx may ship parcels on our behalf and we may provide them with your User Information. These companies may have access to personal information needed to perform their functions, but they are only provided the limited amount of information required to perform their service. When engaging these parties, we require them to safeguard personal information using strict security and privacy protections, in accordance with the law. Where Third Party Service providers are our data processors, we ensure to enter into data processing agreements in accordance with GDPR.
- Prevent Illegal Activities: We may disclose your information when we believe it appropriate in order to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms and Conditions for the Product or Services you accessed, to establish or exercise our legal rights, and/or to defend against legal claims protect our rights and property.
- Merger or Acquisition: As we continue to develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, the collected information may be among the transferred assets. Our legal basis is our legitimate interest to conduct such corporate reorganizations and Our disclosure is limited to situations where we are permitted to do so under applicable European and national data protection laws and regulations.
- App Vendor: We may provide your identity and mobile device identifier to third-party app store providers (e.g., Apple iTunes Store) to allow you to download our App.
- When we otherwise have your permission.
4. Online Analytics and Tailored Marketing.
We may use third-party web analytics services on our Services, such as those of Google Analytics. These service providers use the sort of technology described in the Automatically-Collected Information section above to help us analyze how users use the Services, including by noting the third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. We also use Google Analytics for certain purposes related to online marketing, as described in the following section. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on by clicking here.
Tailored Online Marketing
Each operating system, iOS for Apple devices, Android for Android devices, and Windows for Microsoft devices provides its own instructions on how to prevent the delivery of tailored in-application marketing content. You may review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of tailored in-application marketing. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator.
5. Your rights
You have the following rights:
You have the following rights:◦ Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved).
Right to access (Art. 15 GDPR): You have the right to request a copy of the data that we hold about you.
Right to rectification (Art. 16 GDPR): You have the right to have your Personal Data corrected. You may email us to correct or change any collected information by using the contact information below in the “How to Contact Us” section.
Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data. This right may be exercised for example: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing, including: when you contest the accuracy of your Personal Data; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds for our processing override your grounds.
Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes.
Right to lodge a complaint with the supervisory authority (Art 77 GDPR/ 15.2 d).
The applicable supervisory authority for us is Datatilsynet:
If you are a EU citizen you may also lodge a complaint with the data protection authorities at where you have your habitual residence, place of work or place of the alleged infringement.
Notice to End Users
Our Products are intended for use by medical facilities. Where the Services are made available to you through an medical facility, that medical facility is the administrator of the Services and is responsible for the accounts and/or Services over which it has control. If this is the case, please direct your data privacy questions to your medical facilities’s administrator, as your use of the Services is subject to that medical facilities's policies. We are not responsible for the privacy or security practices of an administrator's medical facility, which may be different than this policy.
6. How we Protect Information.
We have put in place commercially reasonable physical, electronic, and managerial procedures: to safeguard and help prevent unauthorized access, to maintain data security, and, to use correctly the information we collect through the Services. These safeguards vary based on the sensitivity of the information that we collect and store.
We are committed to protecting the online privacy of children. Our Product and Services are intended for individuals who are trained and certified to use the Product, and not geared towards children. In order to protect the privacy of children, children under 17 years of age are not permitted to provide any personal information to us and any users of our Product and Services are to ensure that any information of a minor (including any Patient Information and/or Examination Information) is only be provided to us with parental consent. Please email us at the contact information noted below if you believe we may have collected information from your child without proper consent and we will work to delete it.
8. How to Contact Us.
9. Changes to this Policy.
Updated on October 2, 2018