GET IN TOUCH

CALL US

+43 720 90 23 90

CONTACT

[email protected]

Privacy Policy

Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data in short and in a more detailed form.
The controller is the Medicus Group (“we/us/our” or ” Medicus“) consisting of

Medicus AI Gmb

 

Mariahilfer Str. 27, 1060 Vienna, Austria
Firmenbuchnummer: FN 458726y
Medicus AI Deutschland GmbH Mohrenstr. 34, 10117 Berlin, Germany
 andelsregisternummer HRB 194896 (Amtsgericht Charlottenburg)
Galenic Technologies FZ-LLC Dubai Media City Blg. 8, 523 Dubai, UAE
 Registration number: 94068

 

We offer services to our users’ (the “User/you/your“) on our website www.medicus.ai (“Website“) as well as the Medicus application available for certain mobile telephones or other mobile devices (“Medicus App“) (the Website and Medicus App each and jointly the “Service“) and as further described in our Terms of Service available in its current version at www.medicus.ai/terms or more/terms within the Medicus App (“Terms of Service“).

IN SHORT:

 

Controller / Data Protection Officer The controller is Medicus AI GmbH
We have appointed a data protection officer who may be reached via dataprivacy@medicus.ai.
Purpose and Legal Basis of Processing Data; Provision and Recipients of Data

In general, we do not need personal data (that may be tracked back to you) for our Service. Usually, all personal data provided by you in the Medicus app is stored on your phone only and never transferred to or processed by us or any other third parties. If so, your personal data will be used for the following purposes:

  • to provide the functioning Website and/or Medicus App,
  • to implement this privacy policy and carrying out the contractual relationship and our Service,
  • to analyze your use of our Service and improve our Service with our legitimate interests of marketing and fraud prevention, or
  • as otherwise explained in this privacy policy or by any communication by us.

We as well as our external service partners receive your data in order to process the data for providing our service. You provide data if this is necessary for the aforementioned purposes. In the event, you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Service.

Transfer of Data outside of the EU In course of data processing by us data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third-party providers such as cloud services and external service partners which process data on our behalfs.
Your Rights You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based on your consent. You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.
You are entitled to request the erasure of your data.
You are entitled to receive information about the stored data (in a structured, current and machine-readable format)at any time and to request the correction or deletion of the data in case of incorrect data storage.
You have also the right to lodge a complaint with a supervisory authority at your choice. An overview of the European National Data Protection Authorities may be found here:http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Period for Storing Data; Deletion The data are deleted if such data are no longer necessary for the purpose of processing.
Automated Decision making („profiling”) In general we do not process any data via “profiling” or inform of automated decision making via the Website. However, such profiling may happen by third-party providers through the Website or Medicus App. We will inform you about such fact if possible.
Data Security Medicus App and Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.

 

 

MORE DETAILED INFORMATION:

 
1. What are Personal Data?

Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g.name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed by someone else. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed.

 

We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.Consent of the data subject means any freely given, specific, informed and unambiguous indication of the person’s (data subject) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Applicable legal provisions are in particular those of the regulation (EU)2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“GeneralData Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the GermanTelemedia Act (Telemediengesetz, TMG).

 

2. How are my Data processed when visiting the Website and you contact us?

 

Visiting the Website

If you browse our website www.medicus.ai the provider of the website collects and stores information automatically in so-called”server-log-files” that your browser transfers to us. These are:
type/version of the browser, system software used, referrer URL, hostname of the device, time of the server request, IP-address or other unique device identifier

 

If you are using a mobile device the following data are collected additionally through the Website as well as the Medicus App:
country code, language, hostname of the device, name and version of the operational system

 

We use these data only for statistical analysis for the purpose of  operation, security and optimization of our Website. However, we reserve the right to check these data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data is thenstored because this is the only way to prevent the misuse of our Website and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person  responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes. This data processing is based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

 

3. How are my Data processed when using the Medicus App?

 

Registration for the Medicus App

We will use your submitted data when/after downloading the Medicus App(such as your device ID) to implement this privacy policy and the Terms of Service and carrying out the contractual relationship based on Art. 6 (1)b. GDPR or §§ 14, 15 TMG.

 

Contacting us / Feedback through the Medicus App

When contacting us via the ‘feedback’ button in the Medicus App or by email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on Art. 6 (1) b.GDPR.

 

Further Use of Date

We may contact you via email if you send us a request as well as for purposes related to the use of the Service based on Art. 6 (1) b. GDPR or§§ 14, 15 TMG. We also use the information collected in order to improve and analyze your use of our Service based on §§ 14, 15 TMG, Art. 6 (1) b. and f.GDPR) and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations (based on §§ 14, 15TMG or Art. 6 (1) b. GDPR and as otherwise explained in this privacy policy. Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of quality insurance, marketing and fraud prevention.
 

Health Data for the Use of the Medicus App

For the use of the Medicus App you may enter certain biometric data, such as:
height, weight, age

 

For the further use of the Medicus App you may enter more medical data depending on the way of use of our Service, such as:
medical history details, test results, information about lifestyle, conditions, medications taken, etc.
 
You may change and delete these data any time within Medicus App. All biometric, medical and further entered data will stay on the respective device of the User and will not be transferred to our servers or any third party. Therefore, these data are only stored, processed and used on the respective device used and are not transferred to Medicus or any other third party, except as set forth in this privacy policy (see “Use of Scanning Services” below). If such data are considered personal data, Medicus may process those data based on Art. 6(1) b. or f. GDPR or for health data Art. 9 (2) b. GDPR with your explicit consent. You have the option to download any entered and personal data in a structured, current and machine-readable format from within the Medicus App at anytime.

 

4. What Third Party Services, Cookies, Analytics and Social Plugins does the Website and Medicus App use?

 

Cookies


In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies“)containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website. The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.

OPT-OUT: You can deactivate the use of Cookies in the settings of your browser at any time. To find out how to change the settings, please consult the help function of your browser. Users may also deactivate and manage a lot of online Cookies by different businesses on the US-websitehttp://www.aboutads.info/choices/ or the EU-websitehttp://www.youronlinechoices.com/uk/your-ad-choices/. However, we want to point out that without Cookies the use and comfort of use of our services may be restricted.

 

Use of Google Firebase for the Medicus App

In order to track information related to the use of the Medicus App we use the tool “Google Firebase“, a real-time database offered by Firebase Inc., 22 4th St. Suite 1000 (10th Floor), San Francisco, CA94103, USA (“Firebase“), a company related to Google LLC,Mountain View, CA, USA (“Google“). Google Firebase is a real-time database, which may embed real-time information on our Medicus App. Data (such as device information, gender, age) are hereby only transferred and used in anonymized form to Firebase to servers that are for example located in the USA. If the IP address is not anonymized (which should not be the case) the processing of data is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art.6 (1) f. GDPR. Google LLC, USA is certified according to the EU-US agreement “privacy shield”, which guarantees the level of data protection applicable in the EU. The data processed by Google may be affected by an automated decisionmaking via “profiling”. The privacy policy for Firebase is available athttps://www.firebase.com/terms/privacy-policy.html. The privacy policy of Google is available at https://policies.google.com/privacy?hl=de.

 

Use of Google Fabric for the Medicus App

We use “Fabric“, a software-related crash reporting, analytics and monitoring service offered by Google LLC, Mountain View, CA, USA. Fabric uses User’s data for the purpose of stabilizing our Service via creating and analyzing crash-reporting as well as analyzing and monitoring user behavior in order to optimize our Service. Data collected are transferred and used by Fabric and send to servers located in the USA. If the data are not anonymized the processing of data is based on our legitimate interests of a statistical analysis of the User relationship quality assurance purposes according to Art. 6 (1) f. GDPR. Google LLC, USA is certified according to the EU-US agreement “privacy shield”, which guarantees the level of data protection applicable in the EU.
The data processed by Google may be affected by an automated decisionmaking via “profiling”. The terms of Fabric are available athttps://fabric.io/terms?locale=en-us&utm_campaign=fabric-marketing&utm_medium=natural. The privacy policy of Google is available athttps://policies.google.com/privacy?hl=de.

4. Are my Data transferred to Third Parties? Are my data transferred outside the EU?

 

We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent. Your data may be transferred outside the EU as follows:

 

Medicus Group and Cloudappers FZ-LLC

When using our Service, your data may be transferred to outside the EU to the controllers of the Medicus Group as set forth above and to CloudAppersFZ-LLC, Dubai Media City Blg. 8, 523 Dubai, UAE, registration number 16778. All companies belonging to Medicus as well as CloudAppers FZ-LLC have agreed to comply with data protection standards applicable in the EU via EU standard contractual clauses.

 

Use of Google Firebase and Fabric

Your data may be transferred to Google Firebase and Google Fabric as set forth above.

 

Use of Scanning Services; Consent

In the event you choose to use our ‘scanning service’ via the Medicus App your data will be transferred to our scanning team with your explicit consent for the purpose of the scanning service only based on Art. 6 (1) a.GDPR or Art. 9 (2) a. GDPR. The use of the scanning service is optional for each User. For convenience purposes, you may choose the option to upload your medical reports and/or related data (“Report Data“) instead of typing these data in the Medicus App yourself. After you have clicked the button ‘I agree’ within the Medicus App the Report Data provided for scanning within the Medicus App will be uploaded and transferred to theGoogle Cloud located on servers in Belgium. CloudAppers FZ-LLC, our employees and/or freelancers, also located outside the European Union (EU)and/or the European Economic Area (EEA) will then be able to access those Report Data through the Google Cloud, extract and verify those data and safe them in the Google Cloud with your explicit consent. You may access those Report Data through the Medicus App without having to type in thoseReport Data one by one. After the Report Data have been typed in, uploaded again to the Google Cloud and received by the respective User on his/her device, all ReportData will be deleted from our servers (Google, Belgium).

The scanning service uses a SSL connection. System logins by our employees and/or freelancers also located outside the EU/EEA include a 2-factor authentication to ensure that only verified persons may gain access.

“Via clicking the button ‘I agree’ you give your explicit consent to use your uploaded medical reports and related data for the purpose of our scanning service based on Art. 6 (1) a. GDPR. This means you give your consent to (i) transferring and saving, processing and using those data in the cloud (Google, Belgium) on behalf of Medicus AI GmbH, (ii)displaying those data to our employees and/or freelancers also located outside the EU/EEA, who will then use this data to extract and verify and send the data back to the cloud server and to your account.
The use of this service is optional, you may also type in your data by yourself. You may receive information about such data and withdraw your consent for sending such data for the future anytime, for example, via email to: dataprivacy@medicus.ai. We will delete such data after we have provided them to you in the Medicus App. For further information please refer to our privacy policy.

 

Instead of using those scanning services you may also type in those ReportData yourself without uploading any reports, data and/or information. We will delete such data after we have provided them to you in the MedicusApp.

 

OPT-OUT: You may withdraw your consent in regard to the use, processing and transfer of these Report Data (of there are considered personal data) anytime via notice to us, for example via email to hello@medicus.ai. In the event of withdrawing your consent, if not already done so, we will delete your data stored without hesitation.

 

Data Processing by other Third Party Providers outside the EU

Third party providers we work with for the Medicus App process data of Users, such as your device type, outside the EU on our behalf for providing our services, i.e. we remain the controller of such data. A list of such data processing by third party providers for the Medicus App is set forth here:

Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA Zendesk Inc. is certified according to EU-US-Privacy-Shield and complies with data protection standards applicable in the EU.
https://www.zendesk.co.uk/company/customers-partners/privacy-policy/
Instabug, Inc. 855 El Camino Real St., Suite 13A-111 Palo Alto, CA. 94301, USA Instabug Inc. has agreed to comply with EU data protection standards via standard contractual clauses.
https://instabug.com/privacy

 

 

5. Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint

 

Right to Access

Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact e.g. dataprivacy@medicus.ai.
This right of access includes confirmation as to whether or not personal data is processed on the data subject and, if so, the detailed information about such processing.
The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures.

 

Right to withdraw consent

Every user has the right to withdraw his or her consent regarding the use, processing or transmission of his/her data at any time with effect for the future when such data processing is based in your consent. For this purpose, the user can contact dataprivacy@medicus.ai.
In the event of withdrawing the consent, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights, and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

 

Correction and completion of data

The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact dataprivacy@medicus.ai at any time.

 

Erasure (“right to be forgotten”)

Medicus does not store any personal data that the User has entered in the Medicus App except for the Scanning Feature described above. The user has the right to have us delete any personal data concerning him/her that we store. For this purpose, the user can delete all data by him/herself or contact dataprivacy@medicus.ai.
Immediate deletion shall be effected in the following cases:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The data subject revokes his or her consent on which the processing was  based and there is no other legal basis for processing;
  • The data subject objects to the processing operation and there are no overriding legitimate reasons for the processing operation;
  • The personal data was processed illegally;
  • Deletion of personal data is necessary to fulfill a legal obligation under the law of the European Union or the law of the Member States to which the data controller is subject;
  • The personal data have been collected in relation to information society services directly from a child under the age of sixteen, or rather without consent of the parental responsibility.

In the event of termination of the user relationship, the user’s data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.
In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the Employee in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.
Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.

Restriction of processing

You also have the right to demand that the processing be restricted. For this purpose, you can contact dataprivacy@medicus.ai. You can only successfully enforce the right to restrict processing if one of the following prerequisites is met: (ii) processing is unlawful and the data subject refuses to allow the deletion of the personal data and instead requires a restriction on the use of the personal data; (iii) the data controller no longer needs the personal data for the purpose of processing, but the data subject needs it for the purpose of asserting, exercising or defending legal claims; or (iv) the data subject has lodged an objection to the processing until it has been established whether the legitimate grounds of the data controller outweigh those of the data subject. In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted. In certain cases, the processing may also be restricted instead of the data being deleted. See also, in particular, the previous point “Deletion (“right to be forgotten”)”.

 

Right to data portability

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose, you can contact dataprivacy@medicus.ai. You also have the right to data portability vis-à-vis another controller, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures. When exercising your right to data portability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible. This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

 

Right to lodge a complaint

Each user has a right to lodge a complaint vis-á-vis a supervisory authority of his/her choice. An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

 

Duration of the storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with theGerman Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code ( Abgabenordnung, AO).
Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.
 

6. Data Security

 

We have installed technical and organizational measures in order to safeguard our Website and/or Medicus App against loss, destruction, access, changes or the distribution of your data by unauthorized persons. However, we cannot guarantee a complete protection for data transmitted to us against all dangers at all times, because information via the internet is not completely secure.
The Website and Medicus App are operated through a safe SSL-connection. If a SSL-connection is activated, third parties are prevented from reading any data that are transferred by you to us.
We will store your data on servers, which are located within the European Union. However, your biometric and medical data collected in the MedicusApp will only be collected, stored, processed and used on your device, except as set forth in this privacy policy.

 

7. Access and Changes to this Privacy Policy

 

This privacy policy is accessible via our Website www.medicus.ai/privacy as well as the Medicus App more/privacy and may be downloaded and printed anytime.
We reserve the right to change the regulations of this privacy policy at any time, taking into account currently applicable data protection provisions. In case of any changes, you will be notified and you will have to agree to the modified provisions.

 

8. Contact Details; Data Protection Officer

 

For any inquiries and additional questions about processing personal data please contact us via hello@medicus.ai
We have appointed a data protection officer who may be reached via dataprivacy@medicus.ai.

Our Locations

Vienna
Paris
Dubai
Beirut
Berlin