We take the protection of our users’ (the “User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data.
The responsible authority according to applicable data protection law is Medicus AI GmbH, Mariahilfer Straße 27/10, 1060 Vienna, Austria, represented by the managing director Baher Al Hakim, registered with the Austrian commercial register (Firmenbuch) under 458726y (“we/us/our” or “Medicus”).
We offer services on our website www.medicus.ai (“Website”) as well as the Medicus application available for certain mobile telephones or other mobile devices (“Medicus App”) (the Website and Medicus App each and jointly the “Service”) and as further described in our Terms of Service available in its current version at www.medicus.ai/terms or more/terms within the Medicus App (“Terms of Service”).
How are my Data collected, stored and used?
“Personal data” means any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject), for instance name or address or a hobby relating to a person.
We may point out that the data transfer on the internet (e.g. communication via email) may cause safety issues. A complete protection of the data from third parties is not possible.
1. Our Website and App
If you browse our website www.medicus.ai the provider of the website collects and stores information automatically in so-called “server-log-files” that your browser transfers to us. These are:
type/version of the browser, system software used, referrer URL, hostname of the device, time of the server request, IP-address or other unique device identifier
If you are using a mobile device the following data are collected additionally through the Website as well as the Medicus App:
country code, language, hostname of the device, name and version of the operational system, GPS-data
We use these data for statistical analysis for the purpose of operation, safety and optimization of our services. We hereby reserve the right to check these data afterwards if particular indications for an illegal use become apparent to us.
2. Use of the Medicus App
For the use of the Medicus App you may submit certain biometric data, such as:
height, weight, age
For the further use of the Medicus App you may submit more medical data depending on the way of use of our Service, such as:
medical history details, test results, information about lifestyle, conditions, medications taken, etc.
3. Use and Analysis of Anonymous Data
We may use your anonymous data within the Medicus App according to section 2 above for statistical and research purposes. If Medicus shall be allowed to use these data for statistical and research purposes, this is only up to you: You may opt-in and ‘activate’ this function within the ‘settings’ section of the Medicus App, or when you’re prompted throughout your usage.
If you decide to activate the function that enables us to use your anonymous data for statistical and research purposes, we transform your data using our own proprietary anonymization algorithm that works in 2 steps:
• The 1st step adds random noise to the values within medically-acceptable ranges. The method applies different anonymization techniques according to the properties of the data entities (as some entities may be more sensitive to changes than others)
• The 2nd step splits your data into multiple parts, and each part is sent to a different data container that is isolated from the rest to make sure no party has the full user data set. Moreover the random-noise anonymization from the 1st step is applied differently to each part of the data after the split.
The above-described algorithm runs on the respective device of the User, hence only the anonymized data will be transferred from the User’s device to the research servers of Medicus App or the research partners.
Each user may opt-out and ‘deactivate’ the respective function within the ‘settings’ section of the Medicus App at any time. If the function is deactivated within the Medicus App, all data typed in by you from that point in time will not be subject to any analysis and use for statistical and research purposes. Your anonymous data previously typed in after you have activated this function, will still be used for statistical and research purposes.
4. Emails and Requests; Further Use of Data
We may contact you via email if you send us a request as well as for purposes related to the use of the Service. If applicable, we may also contact you via email, if any content relating to you and/or your comments possibly contains or is alleged to contain any prohibited content as set out in our Terms of Service.
Are my Data transferred to Third Parties?
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.
1. Use of Web-Tools
Your data may be transferred to Google and Fabric as set forth in section 3 and 4 below.
2. Use of Scanning Services; Consent
In the event you choose to use our ‘scanning service’ via the Medicus App your data will be transferred to our scanning team with your explicit consent for the purpose of the scanning service only. The use of the scanning service is optional for each User.
For convenience purposes you may choose the option to upload your medical reports and/or related data (“Report Data”) instead of typing these data in the Medicus App yourself. After you have clicked the button ‘I agree’ within the Medicus App the Report Data provided for scanning within the Medicus App will be uploaded and transferred in the Google Cloud located on servers in Belgium. Other companies Our employees and/or freelancers, also located outside the European Union (EU) and/or the European Economic Area (EEA) will then be able to access those Report Data through the Google Cloud, extract and verify those data and safe them in the Google Cloud with your explicit consent. You may access those Report Data through the Medicus App without having to type in those Report Data one by one.
After the Report Data have been typed in, uploaded again to the Google Cloud and received by the respective User on his/her device, all Report Data will be deleted from our servers (Google, Belgium).
The scanning service uses a SSL connection. System logins by our employees and/or freelancers also located outside the EU/EEA include a 2-factor authentication to ensure that only verified persons may gain access.
Via clicking the button ‘I agree’ you give your explicit consent to use your uploaded medical reports and related data for the purpose of our scanning service. This means you give your consent to (i) transferring and saving, processing and using those data in the cloud (Google, Belgium), (ii) displaying those data to our employees and/or freelancers also located outside the EU/EEA, who will then use this data to extract and verify and send the data back to the cloud server and to your account.
The use of this service is optional, you may also type in your data by yourself. You may revoke your consent anytime, for example via email to: [email protected]
Instead of using those scanning services you may also type in those Report Data yourself without uploading any reports, data and/or information.
You may revoke your consent in regard to the use, processing and transfer of these Report Data anytime via notice to us, for example via email to [email protected].
In the event of revocation, if not already done so, we will delete your data stored without hesitation.
3. Transfer of anonymous Data
Your aggregated and anonymous data may be used and transferred to third parties for statistical and research purposes. For details please see section 3 above.
What Third Party Services, Cookies, Analytics and Social Plugins does the Service use?
1. Services and Content by Third Parties
It may be possible that content by third parties, such as videos by YouTube, maps by Google, RSS-Feeds or graphics from other websites than our Website and/or Medicus App, is integrated in our services on our Website and/or Medicus App. This usually requires providers of these contents (“Third-Party-Providers”) tracking the IP-address or other unique device identifier of the Users. Without the IP-address or other unique device identifier these Third-Party-Providers cannot send any content to the browser of the respective User. Therefore, the IP-address or other unique device identifier is necessary for the display of those content. We try to use only such content whose providers use the IP-address or other unique device identifier for delivery of these contents only. However, we have no effect to control if Third-Party-Providers store the IP-address or other unique device identifier, for example for statistical purposes. In the event this comes to our knowledge, we will inform our Users accordingly.
Users may manage a lot of online Cookies by different businesses on the US-website http://www.aboutads.info/choices/ or the EU-website http://www.youronlinechoices.com/uk/your-ad-choices/.
3. Google Firebase
In order to track information related to the use of our Service we use the tool “Google Firebase”, a real-time database offered by Firebase Inc., 22 4th St. Suite 1000 (10th Floor), San Francisco, CA 94103, USA (“Firebase”), a company related to Google Inc., Mountain View, CA, USA (“Google“).
Google Firebase is a real-time database, which may embed real-time information on our Website and/or Service. Data are hereby only transferred and used in anonymized form to Firebase to servers that are for example located in the USA.
We use “Fabric”, a software-related crash reporting, analytics and monitoring service offered by Google Inc., Mountain View, CA, USA.
Fabric uses User’s data for the purpose of stabilizing our Service via creating and analyzing crash-reporting as well as analyzing and monitoring user behavior in order to optimize our Service. Data collected are only transferred and used by Fabric in anonymized form and may be send to servers located in the USA.
We have installed technical and organizational measures in order to safeguard our Website and/or Medicus App against loss, destruction, access, changes or the distribution of your data by unauthorized persons. However we cannot guarantee a complete protection for data transmitted to us against all dangers at all times, because information via the internet is not completely secure.
We are based in Austria. The applicable legal provisions, such as those under Austrian and German law as well as European directives and regulations govern the information we collect and use.
Your Rights; Information and Contact Details
You have the right to revoke your consent in regard to the use, processing and transfer of your personal data anytime via notice to us, for example via email to [email protected].
In the event of revocation we will delete your data stored without hesitation. However, this does not apply if these data are necessary to process your request. We are allowed to process and/or use your data despite your revocation if this happens in the area of the purpose of a legal obligation or quasi-legal relation of trust (e.g. for processing your request), and/or for protection of our legitimate interests and if after considering a balance of interests there is no reason to believe that your legitimate interest in the exclusion of the processing and/or use predominates. For this please contact us, for example, via [email protected].
You have the right to information free of charge at any time about your personal data stored by us, their source and recipient and the purpose of the data processing as well as the right to correct, block or delete these data. For this please contact us, for example, via [email protected].
For your own security, please understand that in the event of a request for information or a change we have to verify your data.
For this and additional questions about the issue of personal data please contact:
Medicus AI GmbH
Mariahilfer Straße 27/10, 1060 Vienna, Austria
email: [email protected]