Privacy Policy of Aignostics GmbH

Version 20th August 2020

Please read this policy carefully before using the services of Aignostics GmbH.
(To use our services, you must be 16 years of age or older.)

In the following, Aignostics GmbH (“Aignostics”, “us”, “our” or “we”) gives you an overview of what data we collect for what purpose and how we ensure the protection of your data when using our website and services. We take the protection of your privacy and personal data very seriously and treat them strictly confidentially in accordance with the statutory data protection regulations and this data protection guideline.

Your data is encrypted using the latest technology and can generally only be associated with you if you provide us with your personal access passwords.

When you visit our website at www.aignostics.com or one of our subdomains, in particular portal.aignostics.com or annotation.aignostics.com (our “Website”) and use our applications in the login area (our “Services”), you will be asked to confirm your acceptance of and consent to the practices described in this Policy.

Responsible is Aignostics GmbH, Schumannstraße 17, 10117 Berlin, registered in the commercial register of the local court Charlottenburg (Berlin, Germany) under HRB 215748 B, represented by Viktor Matyas.

Contact

For inquiries and further questions regarding the processing of personal data, please contact info@aignostics.com. Our data protection officer is Viktor Matyas.

Personal data and processing purposes

Personal data is any information about an identified or identifiable natural person, such as a name or e-mail address.

Personal data will only be collected, used and/or passed on by us if this is legally permissible or if you explicitly give your consent. In particular, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the repeal of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) apply.

Your data will be used for the following purposes:

  • to provide you with the functionality and benefits of our Services,
  • to answer any questions you may have,
  • to implement this Privacy Policy and to fulfill the contractual relationship with you,
  • to analyze your use of our Services and improve our Services with our legitimate interests in quality assurance, technical and content development, and marketing,
  • when patient data is processed, to provide you with Aignostic’s Services and to analyze that data with your explicit consent to improve our products and for research purposes, or
  • as otherwise explained in this Privacy Policy or in a notice from us.

Registration and use of services

When using our Services, we collect the personal data described below in order to enable convenient use of the functions. If you wish to use our Services, we collect the following data, which is technically necessary for us to be able to offer you the functions and guarantee stability and security (legal basis is Art. 6 (1) f. GDPR): IP address, unique device ID, country and region, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, app usage data, operating system and its interface language.

To avoid associating this information with your identity (including your email address), we create a random and unique identifier that we cannot associate with your account.

In addition, for some of our Services we need your name, organisation and your e-mail address to create and manage your account, provide you with the Services, process your requests and contact you if necessary. The legal basis for our data processing of personal data is Art. 6 (1) b. GDPR on the basis of the existing contract with us. The processing of this data is carried out on the basis of your expressed consent to the use of the services and their analysis for the improvement of our products and for research purposes on the legal basis of Art. 9 (2) a. GDPR.

You can delete and change the data entered in your account at any time by contacting us.

Further use of the services

During your continued use of the Services, you will also be asked to provide us with certain additional information. This information includes the following: Your feedback about our services, your billing information and any information you create and submit to us while using our Services (e.g. creating annotations in our annotator).

If the data processed for the purpose of providing the “Services” are considered personal data, such data processing is based on Art. 6 (1) b. or f. GDPR for the purpose of providing our Service and analyzing such data on the basis of our legitimate interest in improving our products and for research purposes. Any patient data will be processed on the basis of your expressed consent only. Their analysis is used to improve our products and for research purposes on the basis of Art. 9 (2) a. GDPR.

You have the right to revoke your consent to the use of this data at any time with effect for the future. For such a revocation please send us an e-mail to info@aignostics.com. However, we would like to point out that in this case you will no longer be able to make full use of the functions of the services on this website.

Analysis of data

We use the information collected, including your personal data, to track your use of our services on the basis of Art. 6 (1) b. and f. GDPR or TMG, to ensure the technical operability of our services and to fulfill contractual or pre-contractual obligations (based on Art. 6 (1) b. GDPR or TMG and as otherwise stated in this Privacy Policy). With regard to the data processing according to Art. 6 (1) f. GDPR, we pursue the legitimate interests of quality assurance and marketing.

We will never share your personal information (or any other information you provide to us) with third parties, but we reserve the right to share information that has been anonymized and/or aggregated. You acknowledge and agree that we are the owner of all rights, title and interest in and to any derived data or aggregated and/or anonymous data collected or generated by us.

Contact; sending messages

When you contact us, your data will be processed with your consent for the purpose of processing the request and, if applicable, subsequent questions on the legal basis of Art. 6 (1) a. GDPR or the fulfilment of your request on the basis of Art. 6 (1) b. GDPR.

On the basis of Art. 6 (1) b. or f. GDPR, TMG or UWG, we may also contact you by e-mail if this is important for the use our Services or similar services and if you have not objected to these messages.

Detailed overview of the data we process

Below you will find a detailed overview of the exact data we process, their use and the legal basis:

  • First name, last name, organization, e-mail address
    • Use of data: To provide you with access to our Website, Services and other information you request from us, and to use our Services.
    • Reasons for use: Fulfilment of contract
  • Information generated when using our Services, feedback survey
    • Use of data: To administer our services and internal operations, including research, data analysis and statistics, and to generate derived, anonymized and aggregated data to improve our services.
    • Reasons for use: Legitimate interest (in managing and improving our services).
  • First name, last name, e-mail address
    • Use of data: To notify you of changes to our services.
    • Reasons for use: contract fulfillment, legitimate interest (to update our services at the respective time).

Your rights

You have certain rights with regard to the use of your personal data, which you can apply at any time and without any disadvantages:

You have the right to revoke your consent to the use of data at any time with effect for the future if such data processing is based on your consent.

You have the right to access the data stored by us and the right to correct your data if it is incorrect.

You have the right to object to the processing of your personal data, e.g. if your personal data is used for direct marketing purposes.

You have the right to request the deletion of your data.

You have the right at any time to request information about the stored data (in structured, up-to-date and machine-readable form) and can demand the correction or deletion of the data in the event of incorrect data storage.

You also have the right to file a complaint with a supervisory authority of your choice (e.g. for Berlin https://www.datenschutz-berlin.de/kontakt.html). An overview of the European national data protection authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Third party providers used by us

When using the website and services, data may be processed by third parties commissioned by us, e.g. cloud service providers.

For example, we use a hosting service provider Google LLC. Google complies with the data protection standards applicable in the EU.

You can find an overview of all third-party providers we use here

  • Infrastructure service provider:
    • Google LLC (Cloud)
  • Analytics and tracking:
    • Google LCC (for Google Analytics)

In addition, your personal data will only be passed on to third parties within the scope of the statutory provisions, i.e. if we are obliged to pass on your data due to an official or court order or if necessary due to statutory provisions or if you give your express consent.

Deletion of data; retention periods

We will retain the above data for as long as necessary to provide the services to you, to address specific issues that may arise, or as otherwise required by law or by a responsible regulatory authority. As soon as your account is terminated or deactivated, we will delete the personal data relating to your account within one month. Some personal information may need to be retained longer to ensure that we can comply with applicable law and internal compliance procedures, including storing your email address to suppress marketing communications if you choose not to receive further marketing communications.

Storing periods are based on business requirements, and your data that is no longer needed is either irrevocably anonymized (and the anonymized data can be retained) or securely deleted.

Data security and encryption

We have taken adequate measures to ensure data and IT security. The website services are operated via a secure TLS connection which encrypts the connection from your device to our servers.

Information on cookies, analytics and social media

Cookies

We uses cookies to differentiate you from other users. Please see our Cookie Policy.

Social media & networks

We also use social networking sites such as Twitter and LinkedIn to provide you with more ways to contact us. However, we never share data or information with these networks. We would therefore like to point out that we have no influence on the terms of use and data processing of these providers when you interact with our pages there.

Changes to this Privacy Policy

We reserve the right to change the provisions of this Privacy Policy at any time, subject to applicable laws and data protection provisions.