Data Privacy Policy

Last updated 04 Aug 2022

Below we provide you (“you” or “User”) with an overview of what data we process on this website medicus.ai (the “Website”) and how we ensure the protection of your data.


The controller is Medicus AI GmbH, an Austrian company, having its registered office at Wehleweg 9/ 53, A-1030 Vienna and being registered under FN 458726y.

Your data will be used by us to provide the service of the Website.

Personal data and applicable laws

Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g. name, email address, IP address or telephone number. Personal data also includes information about health, lifestyle or behaviors.

We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing. Consent means any freely given, specific, informed and unambiguous indication of the User’s (data subject) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR).

Data transfer outside the EU

When using our services and Website, your data may be transferred to outside the EU to the parties listed in “Data we share with 3 rd parties” section of this Data Privacy Policy. All details are listed there.

Contacting us

When contacting us via email, your details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on Art. 6 (1) b. GDPR.

Data we collect on the Website

We only process your data for the purpose of the sections ‘Get your free trial’, ‘Contact us’ and ‘Subscribe to the Medicus AI Newsletter.’ In order to submit your details for ‘Get your free trial’ and ‘Contact us’, you would need to enter the following personal data:

  • First name and last name
  • Email address
  • Phone number
  • Company name (if any)
  • Job title
  • Country


The personal data you provide when using the Website is processed based on your consent according to Art. 6 (1) a. GDPR. You can revoke your consent at any time; if you choose to do so, we’ll stop processing your data from that point forward.

For our newsletter subscription, you would need to enter only your email address. 

Also we use Matomo which is an open source web analytics platform to analyze the behavior of our website visitors to identify potential pitfalls. Matomo processing the following personal data:

  • Cookies
  • IP address anonymised 
  • User ID
  • Date and time of the request
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the page that was viewed prior to the current page
  • Screen resolution being used
  • Time in local user’s timezone
  • Files that were clicked and downloaded
  • Links to an outside domain that were clicked
  • Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user:
  • Location of the user: country, region, city, approximate latitude and longitude
  • Main Language of the browser being used
  • User Agent of the browser being used


The processing of personal data with Matomo is based on legitimate interests (Art. 6 (1) f GDPR). Processing your personal data such as cookies is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

The personal data received through Matomo are sent to: Medicus AI. We use this data to generate aggregate reports about the usage of our website, these reports do not contain information about the behavior of any individually identifiable users. After the reports are generated, we delete your individual data. The privacy policy of Matomo is available at https://matomo.org/privacy-policy

You provide data just if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face disadvantages, for example, limited or no possibility of using our Website.

Data we share with 3rd parties

This Website contains hyperlinks to websites operated by parties other than us. We provide such hyperlinks for your reference only. We do not control such websites and are not responsible for their contents or the privacy or other practices of such websites. It is up to you to read and fully understand their Privacy Policies. Our inclusion of hyperlinks to such websites does not imply any endorsement of the material on such websites or any association with their operators.

WP Cerber: We use this plugin for sophisticated inspection algorithms that screen incoming requests for malicious code patterns and traffic anomalies. Bot detection engine identifies and mitigates automated attacks. Cookies contain randomly generated alphanumeric values. No personal data is used. This website is owned and operated by Cerber Tech, Inc, located in 1732 1st Ave #20291, New York, NY 10128, United States. WP Cerber may send the IP address of a website visitor to their cloud servers to check the IP address against their database of malicious IP addresses. None of those IP addresses are sent to third-party servers or processed by third-party software.

WP 2FA: We use this to enable two-factor authentication (2FA), a type of multi-factor authentication (MFA), it is a security process that cross-verifies users with two different forms of identification, most commonly knowledge of an email address and proof of ownership of a mobile phone. It is in compliance with GDPR. They don’t share any personal information with other companies. Their web application, api, and databases are stored on secure Amazon EC2 servers, and use SSL to encrypt all web and api traffic. WP 2FA is a company located in the Netherlands. (Blaak 520, 3011TA Rotterdam).

SEOPress: The SEOPress solution is a plugin designed and developed by the company SEOPress, complementing the WordPress software. The plugin is referenced in the official directory of WordPress.org extensions. Headquarters: 26, allée de Cantau, 64600 Anglet. Registration with the RCS of Bayonne under the number 843 629 643. The SEOPress plugin allows us to manage all titles and meta descriptions for the posts, pages, post types, and terms. It also helps in boosting site traffic, creating HTML and XML Sitemaps, optimizing breadcrumbs, adding schemas / Google Structured Data Types, and managing 301 redirects.

Nitropack: NitroPack is a cloud-based performance optimization tool for speeding up the website. NitroPack provides personal data as arranged in NitroPack’s GDPR Data Processing Agreement (DPA). NitroPack plays the role of data processor, it is appointed for the provision of website optimization services. The provision of website optimization services may include processing, modifying, and hosting of the publicly accessible content of our website and storing the personal data of our end users. The only data that NitroPack stores are IP addresses.Visit NitroPack’s DPA for more information. 

BambooHR: Candidates applying to job openings on Medicus website will have their personal data stored in Medicus’ employee self-service HR system: BambooHR. Bamboo HR LLC, BambooHR Payroll LLC, 335 South 560 West, Lindon, UT 84042-1911USA. BambooHR provides tools for its customers to maintain and manage all of the data required by human resources departments, including employee related data. Use of Personal Information collected through the BambooHR Services shall be limited to the purposes of providing the Services for which the User or Client has engaged BambooHR, as described in the Privacy Policy, and otherwise with your consent. Some information provided to us that may, either alone or when connected with other information to which we may have access, individually identify a Visitor, User or employee of a client and that information may be referred to in this Privacy Policy as “Visitor Personal Information,” “User Personal Information,” or “Data” (collectively, “Personal Information”).https://www.bamboohr.com/ 

Mailchimp: We use “Mailchimp”, a software that provides the ‘Get in touch’ plugin on the Website and stores the entered personal data accordingly. Mailchimp is offered by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. To that end, your personal data is sent to servers located in the USA. The processing of data is based on your consent to receive email notifications from our service according to Art. 6 (1) a. GDPR and governed by our Data Processing Agreement with the Rocket Science Group, LLC. This agreement includes EU Standard Contractual Clauses to ensure an EU equivalent level of protection for the data transferred outside the EU. The privacy policy of Mailchimp is available at https://mailchimp.com/legal/privacy/.

Privacy Policy of other websites

The Website may contain links to other websites. Our privacy policy applies only to our App, so if you click on a link to another website, you should read their privacy policy or related Terms and Conditions. 

Your Rights

Right to Access (Art. 15 GDPR)

You have the right to be informed at any time and free of charge about the personal data stored about you. For further information, you can contact e.g. [email protected].

This right of access includes confirmation as to whether or not personal data is processed on you and, if so, the detailed information about such processing.

The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organizational measures.

Right to withdraw consent (Art. 7 GDPR)

You have the right to withdraw your consent regarding the use, processing or transmission of your data at any time with effect for the future when such data processing is based in your consent. For this purpose, the User can contact [email protected].  

In the event of withdrawing the consent, we will no longer process and immediately delete your stored data. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights, and freedoms of the respective User or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

Correction and completion of data (Art. 16 GDPR)

You have the right to demand that we immediately correct any incorrect personal data concerning you. For this purpose, you can contact [email protected] at any time.

Erasure ("right to be forgotten ", Art. 17 GDPR)

You have the right to have us delete any personal data concerning you that we store. For this purpose, you can delete all data yourself or contact [email protected].
Immediate deletion shall be effected in the following cases:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You revoke your consent on which the processing was based and there is no other legal basis for processing;
  • You object to the processing operation and there are no overriding legitimate reasons for the processing operation;
  • The personal data was processed illegally;
  • Deletion of personal data is necessary to fulfill a legal obligation under the law of the European Union or the law of the Member States to which we are subject;
  • The personal data have been collected in relation to information society services directly from a child under the age of sixteen, or rather without consent of the parental responsibility.

In the event of termination of the User relationship, your data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.

In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the User in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.

Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.

Restriction of processing (Art. 18 GDPR)

You also have the right to demand that the processing be restricted. For this purpose, you can contact [email protected]. You can only successfully enforce the right to restrict processing if one of the following prerequisites is met:

  • You contest the accuracy of the personal data; in this case processing is restricted while we verify the accuracy of the data;
  • Processing is unlawful and the data subject refuses to allow the deletion of the personal data and instead requires a restriction on the use of the personal data;
  • The data controller no longer needs the personal data for the purpose of processing, but the data subject needs it for the purpose of asserting, exercising or defending legal claims; or
  • The data subject has lodged an objection to the processing until it has been established whether the legitimate grounds of the data controller outweigh those of the data subject. In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted. In certain cases, the processing may also be restricted instead of the data being deleted. See also, in particular, the previous point “Erasure (“right to be forgotten”)”.

Right to data portability (Art. 20 GDPR)

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose, you can contact [email protected].

You also have the right to data portability vis-à-vis another controller, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

When exercising your right to data portability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible. This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

Right to lodge a complaint

You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Time Limit to Respond

If you make a request to exercise your rights or an enquiry about our services, we will aim to get back to you as soon as possible but will respond within one month, depending on the complexity of the request.

Data Security

The Website is operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that are transferred by you to us. Your data are only stored on servers within the EU except as set forth in this privacy policy.

Updates to This Privacy Policy

Any changes we may make to this Privacy Policy in the future will be posted on this page. The date when the document was last updated is shown at the top of this Privacy Policy. 

Contact Details; Data Protection Officer

For any inquiries and additional questions about processing personal data please contact [email protected]. We have appointed a data protection officer who may be reached via [email protected].