Last updated: August 25, 2022
MobileODT Ltd. and its affiliates (“MobileODT”, “we”, “us” or “our”) highly value and respect the privacy of the users of the Services (“User(s)”, “you” or “your”) and therefore we invest great efforts and resources in order to optimize your privacy.
Therefore, if you are not a User – for example, if you are a patient of our Users (i.e. your healthcare provider) – but nonetheless believe that we may have in our possession personal information pertaining to you, please be advised that all data processing activities with respect to your personal information are conducted in accordance with our Users’ instructions. Our engagement terms provide our Users with sole and ultimate discretion to determine the purposes and manner in which your personal information is processed by MobileODT.
If you are a patient of our Users and have any requests concerning your personal information or any questions about the processing of your personal information, please contact your healthcare provider.
We will collect information that identifies you if such data is:
- Provided by you with your explicit consent;
- Required for rendering the Services to you;
- Required for complying with legal obligations, such as a court or regulatory order or in response to the authorities;
- Required for our legitimate purposes (or the legitimate purposes of those acting in our behalf) which will be broadly described below under the “How We Use the Data We Collect and Store and for what Purposes” section.
This Policy specifically outlines:
- What Data Do We Collect?
- How Do We Use the Data We Collect and Store and For What Purposes?
- Sharing of Information
- Your Rights
- Data Retention
- How Do We Secure Your Information?
- External Links and Third-Party Services
- Transfer of Data
- Protection of Children’s Privacy
- Changes to The Policy
1. What Data Do We Collect?
A. Information you provide us or give us permission to obtain.
When you register to the Services, whether directly or indirectly through your organization, you may be required to submit certain details about yourself. This may include, among others, your name, phone number, email address, name of organization, your position in the organization and location and billing information.
The Data Processing Agreement (“DPA”) is available at https://www.mobileodt.com/data-processing-agreement/ and the Standard Contractual Clauses therewith shall govern your relationship with MobileODT in connection with third-parties’ information you provide MobileODT. To avoid any doubt, in the event of discrepancies between these Terms of Service and the DPA, the DPA shall prevail.
B. Information we collect from your use of the Services.
Technical information: we collect information about the mobile device and applications you use to access the Services, such as your Internet Protocol (IP) address, the type of the mobile device you are using the Services on, mobile device ID, hardware model, operating system version, your mobile device and hardware settings, unique mobile device identifiers, and crash data.
This collection of information is subject to your approval upon installation of the App. You are entitled at any time to revoke your consent to our ongoing ability to collect such information (i) by changing the settings on your mobile device, if your mobile device offers that option; or (ii) by simply deleting our App from your mobile device – but please note that this may prevent us from providing the Services in whole or in part.
Further, our web servers keep log files that record data each time a device accesses those servers and those log files contain data about the nature of each access. We may also access and collect usage data about you when you interact with the Services, such as the nature of each access, your communication with other Users and third parties, access times, cookies data, and additional related metadata, such as the time, date, and place of your usage.
Aggregated information we may also gather statistical and aggregated information originating from our users which may be combined with additional non-identifiable information collected from other sources, regarding the use of the Services. This information will be anonymous and will not allow, by reasonable means, to identify – or to be attributed to – a specific user.
We may use non-personal aggregate information for internal, research, development or commercial purposes, and we may also share such information with our business partners, affiliates or other third parties, including advisors, for the purpose of conducting a general business analysis.
For the avoidance of doubt, the Processor will not access patient Data and associated image scollected by Users who are defined in a Sexual Assault Nurse Examination (SANE) scenario or their equivalent, unless technical support is requested. The Processor will only access data on a case by case basis when explicit, written permission only is given.
For the avoidance of doubt, any non-personal information connected or linked to any personal information shall be deemed as personal information as long as such connection or linkage exists.
2. How Do We Use the Data We Collect and Store and for what Purposes?
We and our processors will store and process your information for the following purposes:
A. For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (GDPR Article 6(1)(b)). We do this by:
- fulfilling our obligations
- providing technical and other support;
- to contact you in order to provide the most efficient support.
B. On the basis of legitimate interests of ours, of our data subjects or of a third party (GDPR Article 6(1)(f)) including:
- ensuring ongoing operation and performance of the Services and our internal course of business;
- recognizing you as a User of MobileODT;
- tracking effectiveness of clinical processes to enable us to optimize them;
- internal research for the purpose of evaluating the use of the Services, developing new features for the Services and improving user experience;
- marketing to you or advertising of the Services; -we may send you newsletters, updates, marketing materials and other information that may interest you by e-mail or via mobile devices.
- ensuring the protection of our rights, security and property (and those of our partners, contractors and users);
- for compliance Preventing or addressing technical or security issues;
- fulfilling our commitments to our partners or other third-parties;
C. To comply with a legal obligation to which we are subject (GDPR Article 6(1)(c)):
- compliance and audit purposes, such as meeting our legal obligations in our various jurisdictions, including protection of your privacy, and for crime prevention and prosecution in so far as it relates to our staff, facilities etc.;
- if necessary, we will use personal data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent and respond to fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding;
- To protect MobileODTs’, MobileODT users’ and their patients’ rights as well as other third-parties’ rights;
- for security purposes and to identify and authenticate your access to the parts of the facilities;
- we may collect personal data of our business partners’ personnel, which will be used for the purposes set out above.
3. Sharing of Information
Your Sharing of Data
The Services allow you to share information within the Services or through third-Party’s platforms. Any such sharing is ultimately controlled by you and you will bear all risk and liability with respect to this sharing. We encourage you to exercise discretion before any such sharing.
Our Sharing of Data
We will not share your Data with third parties, except in the following instances:
A. When we have received your permission. This includes sharing information as described in this Policy or otherwise with third party services when you have chosen to use our Service features which interact with these third party services.
B. When we engage third parties to process Data on our behalf. Such third parties’ use will be subject to our explicit instructions and in compliance with this Policy.
C. With our affiliates. This relates to entities that are legally part of the same group of companies that we are part of, or that become part of that group.
D. In case of a change of control. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, we may transfer the information to our new owner.
G. Non-Personally Identifiable Information. We may also share aggregated or non-personally identifiable information that we collect and share as broadly described above under “what data we collect” section.
4. Your Rights
Right of Access – since most of your personal information is provided by you or your organization you have full access to your Data directly through the App or through your organization.
Right to Rectification – you are entitled to correct/update your Data at any time by editing your Account details. You are responsible to make all necessary changes to correct any information in your Account which is inaccurate, incomplete or outdated. Please keep in mind that false, incorrect, or outdated information may prevent you from registering to the Services and impair our ability to provide you with Services. If you have a reason to believe we possess incorrect Data relating to you, you may also request the amendment of such Data.
Right to Erasure – you may contact us at all times with a request to delete your Data. We will comply with this request and delete any Data which is associated with you, to the extent possible. However, you should be aware that we use backup systems in which your Data is stored without the ability to delete it immediately upon request. Therefore, we may require an additional short period of time until we are able to fully delete all traces of your Data.
Nonetheless, for legal reasons, organizational reasons or in order to prevent fraud, we may retain certain specific information relating to you. In any event, your request for deletion will be recorded and will not be deleted.
In addition, under certain circumstances you may have the right to object to the processing of the Data and to export certain Data to another service.
5. Data Retention
We only retain your Data while your Account remains active or for as long as it is necessary to achieve the purposes mentioned in this Policy. After discontinuation of the respective purpose or if you have terminated your Account, the corresponding Data may be deleted. In addition, Data may also be deleted upon your request (see above).
Please note that we may need to retain certain information about you for legal and internal business purposes even if you delete your Account with us. This includes, among others:
- Data which is required to prevent fraud or abuse of the Services;
- Data which is required for our internal security purposes;
- Data which needs to be retained for bookkeeping and accounting purposes, in order to comply with legal or regulatory requirements or to exercise any legal right.
We will retain the minimum Data required for those purposes.
6. How Do We Secure Your Information?
We consider data security a top priority and we do our best to keep your Data secured. For that purpose, we practice administrative, technical, and physical security procedures to help protect the information you provide us.
Although we do our best to protect your Data, unfortunately, no method of transmitting or storing electronic data is ever completely secure. Therefore, you cannot reasonably expect, and we cannot promise or guarantee that such information will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. Please be aware that we may use third-party cloud service providers that provide hosting, data storage and other services pursuant to their standard terms and conditions that are generally non-negotiable, and accordingly, we may be unable to impose contractual obligations on them with respect to the measures they use to protect personal information.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below.
7. External Links and Third-Party Services
The Services may contain integration with third-party service providers and links to third party sites or other apps or services that are not owned or operated by MobileODT. Similarly, it is possible that you will use other services to interact or interface with the Services (for example, by accessing the Services via your social network account). This Policy only applies to MobileODT’s Services and does not apply to any third-party sites, apps, platforms or any other services. The use of these technologies by these third parties is subject to their own privacy policies and is not covered by this Policy.
WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OR TERMS OF ANY THIRD PARTIES.
8. Cross-Border Transfer of Data
In the course of providing the Services, we transfer of Data to countries outside of your country of residence or the country where the Data is collected, which may have different data protection rules than in your country.
If the Data is collected by a user and synced, then such collected Data is stored by the Processor on servers located in the United States alone.
If you reside in, or are accessing the Services from, the European Union, you should know that our servers are located in the United States and that we may also transfer, process and store your Data in territories which have yet to be recognized by the EU Commission as providing adequate protection to your Data. However, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Data.
In addition, please note that your Data is stored on servers maintained by third party service providers. We ensure the compliance of these third parties with the requirements of the appropriate privacy protection regulations.
9. Protection of Children’s Privacy
IF YOU ARE UNDER 18 YEARS OF AGE, YOU MAY NOT USE OR ACCESS THE SERVICES AT ANY TIME OR IN ANY MANNER.
Whilst the EVA system is not ordinarily used on children, this is the purview of the customer clinician. All data subjects are within a doctor/patient relationship going through a personal procedure which may make them inherently vulnerable. This is particularly true of those patients who are victims of sexual assault.
10. Changes to The Policy
We are constantly seeking to improve our privacy practices. Accordingly, we may amend, change, update or modify this Policy from time to time.
Please take a look at the “LAST UPDATED” legend at the top of this page to see when this Policy was last revised. Any such revision or modification will become effective immediately upon posting of the revised Terms on our website.
If you have any questions (or comments) concerning these Terms, you are welcome to send us an email at: email@example.com and we will make an effort to reply within a reasonable timeframe.
You may also:
- Contact our Data Protection Officer (DPO) at firstname.lastname@example.org
- Lodge a complaint with your local data protection authority for any inquiry or complaint.