Privacy Policy

Last updated: February 2, 2023

Who are we?

Welcome to the website of Infermedica Sp. z o.o., with its registered office in Wrocław at Plac Solny 14/3, 50-062 Wrocław, Poland ("Infermedica", “we”, “us”, “our”). Infermedica is a Polish company entered into the Register of Entrepreneurs of the National Court Register, kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0000429183. Infermedica owns the Infermedica API software and the website, under the domain developer.infermedica.com (“Website”), including all of its content, as well as acting as a personal data controller for any personal data collected and processed in connection with the usage of the Website and API account.

All of our activities connected with the administration of the API account and the Website comply with the applicable data protection legislation, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

The main goal of this Privacy Policy is to inform you of how, and for what purpose, we process personal data in connection with your visit to, and use of, the Website and/or API account.

Why do we collect data?

We collect and process your data to be able to provide and improve the functioning of the Website and/or API account. We collect and process your personal data, i.e. information that identifies, or at least makes it possible to identify you as a natural person, when you voluntarily decide to actively communicate with us, when you request and use an API account, or when you subscribe for information we provide via the Website. Furthermore, we also collect and process certain technical data that is created as a result of you visiting the Website. This may also be considered personal data. Processing means any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use.

What personal data do we collect and process and what is the legal basis for it?

We collect several different types of information for various purposes in order to provide, protect, and improve the functioning of our Website. The type of information that we collect and process depends on the type of service that is provided by the Website. We collect and process your personal data:

  • when you submit a request for an account on our Website to access and use our services

  • when you subscribe for a newsletter, including commercial information

  • when you contact us

  • when you browse the Website

Providing your personal data is voluntary but necessary to: set up an account, contact us, get the newsletters you requested, or get any commercial information about our products and services. Without it, we will not be able to set up your account and provide you the services, contact you, provide you with commercial information, or share the newsletter with you.

1. Get in touch

The collection and processing of your personal data for contact purposes has the following legal bases:

  • to contact you – based on your voluntary consent (legal basis under Article 6(1)(a) of the GDPR);

  • to establish, assert, or defend ourselves against claims – the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR).

2. Request for the account and use of our services

If you request an account (by clicking the “Get in touch” button on our Website or using the “Request an account” form), we will collect and process the data you provide in the request form, including the: name, surname, email, company name, job title, and country.

Collection and processing of your personal data by us when requesting or using an account on our Website has the following legal bases and purposes:

  • to set up an account and provide you with our service - the processing is necessary to prepare and perform the agreement concluded between you and Infermedica (legal basis under Article 6(1)(b) of the GDPR;

  • to establish, assert, or defend ourselves against claims – the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert, or defend ourselves against claims.

3. Newsletter subscription

You may voluntarily opt-in to receive e-mails containing information prepared by us, including commercial information, by clicking on the corresponding checkbox at the time of account registration.

Collection and processing of your personal data by us when subscribing for our blog shall have the following legal bases in particular purposes:

  • to provide you with a newsletter, including commercial information – the basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR) and, in terms of providing commercial information, also Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means);

  • to manage newsletter undertakings – it is in our legitimate interest and it helps us to timely and efficiently provide you with a newsletter and to keep records regarding the efficiency and time until when your data is processed (legal basis under Article 6(1)(f) of the GDPR);

  • to establish, assert, or defend ourselves against claims – the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert, or defend ourselves against claims.

4. Security

When you browse our Website and use our services, we collect and process your IP address and other technological data derived from logs, which may be considered personal data, for security purposes. We do not process such data in order to identify you as a natural person, but only to increase the level of security of the Website and the service in order to be able to react - for example - to the activity of automatic mechanisms.

In such a case, your personal data is collected and processed for purposes related to:

  • ensuring the security and functionality of the Website and the service, and the legal ground for processing is legitimate interest (legal ground under Article 6(1)(f) of GDPR) understood as a necessity to ensure the secure use of the Website and our services.

  • establishing, asserting, or defending ourselves against claims – the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert, or defend ourselves against claims.

5. Marketing

Additionally, we take advantage of marketing services in order to analyze your behavior for the purposes of optimizing the functionality of the Website, as well as for the purposes of optimizing our advertising activities. In particular, we take advantage of technologies such as Google Analytics.

In such a case, the data is collected and processed for:

  • marketing purposes, and the legal grounds for processing is legitimate interest (legal ground under Article 6(1)(f) of GDPR) understood as the desire to reach as many users and customers as possible, to promote our Website and services and thereby develop our business;

  • establishing, asserting, or defending ourselves against claims – the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert, or defend ourselves against claims.

How long do we process your personal data?

We will retain and use your personal data for as long as we need to fulfill the purposes we have collected and processed it for or as long as required and/or possible as stated by the retention requirements specified in the provisions of law.

When it comes to setting up an account and using our services, your data will be processed:

  • to set up the account and use our services until the termination or expiration of the agreement;

  • to establish, assert, or defend ourselves against claims – until such claims become time-barred.

When it comes to newsletter subscriptions, your data will be processed:

  • to provide you with a newsletter, and maintain undertakings related to it – until you withdraw consent, until you object to our processing of your personal data, or for a period of up to 3 years from the date of your last activity;

  • to establish, assert, or defend ourselves against claims – until such claims become time-barred.

When it comes to contact requests, your data will be processed:

  • to contact you - until the purpose of the contact request is met or until the withdrawal of the consent, in any case, no longer than for a period of 3 years from the last activity;

  • to establish, assert, or defend ourselves against claims – until such claims become time-barred.

When it comes to security matters, your data will be processed:

  • until you object to our processing of your personal data, or no longer than 30 (thirty) days from the date they were collected;

  • to establish, assert, or defend ourselves against claims – until such claims become time-barred.

When it comes to online marketing matters, your data will be processed by us:

  • until you object to our processing of your personal data for marketing purposes, or until you change the ad settings on your Google profile as well as directly on the webpages of other internet marketing services providers;

  • to establish, assert, or defend ourselves against claims – until such claims become time-barred.

With whom do we share your personal data?

We work with some third parties and they may have access to some of your information that was collected and processed by us. The recipients of your personal data may include:

  • entities authorized by law on the basis of a proper request (courts, state authorities);

  • entities providing accounting, IT, marketing, communication, and analytical as well as legal services, including HubSpot, Google, LinkedIn;

  • subcontractors with whom we cooperate.

Your information, including personal data, may also be transferred to — and maintained on — computers located outside of the European Economic Area, where the data protection laws may differ from those enacted in the provisions of the GDPR.

If we transfer personal data outside of the European Economic Area, i.e. to third countries, the transfer of the personal data will be based on appropriate legal mechanisms, such as a Commission Implementing Decision, standard contractual clauses, or other similar legal instruments provided for in the GDPR.

To ensure that you have adequate control over your personal data that was transferred outside of the European Economic Area, you have the right to obtain a copy of your personal data that was transferred to third countries at any time.

Your rights concerning personal data

In accordance with the GDPR provisions, you have the following rights:

  • the right to request access to your data and to receive a copy of your data: whenever possible, you can access, update, or request deletion of your personal data;

  • the right to rectify (correct) your data: you have the right to have your information rectified if that information is inaccurate or incomplete;

  • the right to erasure: you have a right to erasure regarding data that is no longer required for its original purposes or that was processed unlawfully;

  • the right to data portability: you have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format;

  • the right to object: you have the right to object to our processing of your personal data – upon your justified objection, we will cease any further processing under Article 6(1)(f) of the GDPR;

  • the right to withdraw consent: you also have the right to withdraw your consent at any time where we relied on your voluntary consent to process your personal information;

  • the right to lodge a complaint to the competent supervisory authority - about our collection and use of your personal data.

In order to exercise your rights, you may send a request to the following e-mail address: support@infermedica.com or send a letter to the correspondence address indicated above. Please note that before responding to such requests or exercising your rights, we may ask you to verify your identity. In order to withdraw the consent for personal data processing that you have given us, you can also click the unsubscribe hyperlink in the e-mail correspondence. The withdrawal of your consent does not affect the lawfulness of our previous processing that was based on your consent before its effective withdrawal.

Security

The security of your data is a very important issue for us. We strive to conscientiously and perpetually protect your personal data from loss, destruction, distortion/falsification, manipulation, and unauthorized access or unauthorized disclosure by adopting the appropriate technical and organizational measures in our company.

However, please be informed and always keep in mind that no method of transmission over the Internet or method of electronic storage is 100% secure. Due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care will be safe from any intrusions made by third parties, such as hackers.

Cookies

We use cookies to track your activity on our Website and we hold certain information resulting from such tracking.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from our Website and stored on your device. They are used to collect and track information and to improve and analyze the services rendered through our Website.

Detailed information can be found in our Cookies policy.

Services rendered by third-parties

Certain services offered to you through the Website contain links to websites hosted and operated by companies other than us, in particular the webpages of our partners or software hosting webpages. We do not share your personal information with these third parties, but you should be aware that any information you disclose to these third parties once you access their websites is not subject to this Privacy Policy.

Based on the legitimate interest in the analysis, optimization, and economic operation of our activities, as well as in analyzing your behavior in order to optimize both our Website and our advertising, we use certain online marketing services such as Google Analytics, LinkedIn, and HotJar. These services can change over time. You can check the current list of technologies used in CookieYes - the tool we use to manage cookies. You can also examine the web page in the settings of your browser or contact us for the details.

Our Website mostly uses Hubspot, but also Google Analytics from Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). Google Analytics uses cookies that are stored on your terminal device as well as your IP address with an active IP anonymization feature. On our behalf, Google uses such information to analyze your use of our Website and provides us with reports and other services. The IP address transmitted from your terminal device to Google Analytics will not be merged with any other data that Google has. Google will transfer your data to third parties only if permitted by applicable law or in accordance with outsourced data processing agreements.

You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. More information can be found here: https://policies.google.com/privacy (opens in a new tab).

Amendments

We may revise this Privacy Policy from time to time. The most current version of the Privacy Policy will govern our use of your personal data and other information we process and will be posted on the Website. By continuing to access or use the Website and our services rendered through it, after those changes become effective, you agree to be bound by the revised Privacy Policy. If you do not agree, you must cease using our Website immediately.

Contact

You can reach us:

  • via e-mail: support@infermedica.com

  • in writing to our registered office: Infermedica Sp. z o.o., Plac Solny 14/3, 50-062 Wrocław, Poland

Data protection officer (DPO)

Bearing in mind the security and transparency of personal data processing processes at Infermedica and the need for their constant control, we have appointed a Data Protection Officer (DPO) in the person of Mr. Marcin Kaleta.

You can contact the appointed DPO via e-mail at dpo@infermedica.com, or via our postal address (please reference "Data Protection Officer").