Privacy Policy

Last updated: March 20, 2020

Who are we?

Welcome to the website of Infermedica Sp. z o.o. with its registered office in Wrocław, Plac Solny 14/3, 50-062 Wrocław, Poland (" Infermedica", “we”, “us ”, “our”). Infermedica is a Polish company entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0000429183, having Tax Identification Number: 8971782877 and REGON: 021889810. Infermedica owns the website under the domain www.developer.infermedica.com (“Website”) as well as acts as a personal data controller of any personal data collected and processed in connection with the usage of the Website.

All our activities connected with the Website comply with the applicable data protection legislation, in particular with provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

The main goal of this privacy policy is to inform you how and for what purpose we process personal data in connection with your visit to, and use of the Website.

Why do we collect and process data?

We collect and process your data to provide and improve the functioning of the Website. We collect and process your personal data, i.e. information that identifies, or at least makes it possible to identify, you as a natural person when you voluntarily decide to actively communicate with us or when you request an account on the Website, subscribe for information we provide by the Website, including our Blog subscription. What is more, we collect and process certain technical data that results from you visiting the Website which may also be considered personal data. Processing means any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, any kind of disclosure, erasure or destruction or other use.

What personal data do we collect and process and what is a legal basis for it?

We collect several different types of information for various purposes to provide and improve the functioning of our Website. These types of information that we collect and process depend on the certain types of services we provide by the Website. We collect and process your personal data:

- when you submit a request for an account on our Website to access and use API,

- when you subscribe for a newsletter of the information posted on our Blog,

- when you subscribe for commercial information provided by us,

- when you request a contact with us,

- when you browse the Website.

Providing your personal data is voluntary, but necessary to set up an account on the Website, for contact, for newsletter related to our blog you requested as well as for providing you with commercial information about our services and products and offered by us. Without it, we will not be able to set up an account, contact you, to provide you with commercial information or to share the newsletter with you.

1. Request an account:

If you request for an account on our Website (by clicking a “Request an account” button on our Website), we will collect and process following types of your personal data:

- name and surname,

- e-mail address,

- company name,

- position within company,

- country.

Collection and processing of your personal data by us when requesting for an account on our Website shall have the following legal basis in particular purposes:

a) to request an account on our Website to access and use API – a basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR);

b) to exercise API agreement – processing is necessary to perform API agreement concluded between you and Infermedica (legal basis under Article 6(1)(b) of the GDPR;

c) to establish, assert or defend ourselves against claims related to the demo call or the processing of your personal data – since the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert or defend ourselves against claims.

2. Blog Newsletter subscription:

If you sign up for an account on our Website, you may voluntarily opt-in to receive e-mails containing our blog posts by selecting and clicking corresponding checkbox at the time of account registration. We will collect and process following types of your personal data for purposes of providing you with these e-mails:

- e-mail address.

Collection and processing of your personal data by us when subscribing for our blog shall have the following legal basis in particular purposes:

a) to provide you with a newsletter in connection with the our Blog – a basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR);

b) to analyze the efficiency of our newsletter undertakings by processing the information whether you read our newsletter communications - those analysis and measurement shall be understood as our legitimate interest (legal basis under Article 6(1)(f) of the GDPR);

c) to create a database with your personal data which is aimed at the organization and the proper maintenance of the newsletter communication sent to you – it shall be understood as our legitimate interest and moreover, it helps us to timely and efficiently provide you with the newsletter and to keep records regarding the efficiency and time until when your data is processed (legal basis under Article 6(1)(f) of the GDPR);

d) to establish, assert or defend ourselves against claims related to blog newsletter or the processing of your personal data – since the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert or defend ourselves against claims.

3. Commercial Information:

If you sign up for an account on our Website, you may voluntarily opt-in to receive e-mails containing our commercial information by selecting and clicking corresponding checkbox at the time of account registration. We will collect and process following types of your personal data for purposes of providing you with these e-mails:

- e-mail address.

Collection and processing of your personal data by us when subscribing our commercial information shall have the following legal basis in particular purposes:

a) to provide you with commercial information about our products and services which is a marketing purpose - a basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR in terms of getting your consent and subsequently, in terms of providing commercial information - Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means);

b) to analyze the efficiency of our commercial undertakings by processing the information whether you read our commercial communications - those analysis and measurement shall be understood as our legitimate interest (legal basis under Article 6(1)(f) of the GDPR);

c) to create a database with your personal data which is aimed at the organization and the proper maintenance of the commercial communication sent to you – it shall be understood as our legitimate interest and moreover, it helps us to timely and efficiently provide you with commercial information and to keep records regarding the efficiency and time until when your data is being processed (legal basis under Article 6(1)(f) of the GDPR);

d) to establish, assert or defend ourselves against claims related to commercial information or the processing of your personal data – since the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert or defend ourselves against claims.

4. Contact:

If you request a contact with us, we will collect and process following types of your personal data:

- e-mail address,

- name and the surname, if you voluntarily provided.

Collection and processing of your personal data for the contact purposes have the following legal basis in particular purposes:

a) to contact you – a basis is your voluntary consent (legal basis under Article 6(1)(a) of the GDPR);

b) to establish, assert or defend ourselves against claims related to contact matters or the processing of your personal data – since the processing is necessary for us to pursue our legitimate interest (Article 6(1)(f) of the GDPR), namely being able to establish, assert or defend ourselves against claims.

5. Security and online marketing:

When you browse our Website, we will collect and process your IP address for security purposes. What is more, we also use some online marketing services to analyze your behavior in order to optimize both our Website and our advertising and we – together with these online marketing service providers – collect and process IP address when browsing our Website. In particular, we use a re-marketing technologies like Facebook Pixel, Google Analytics, FullStory and Amplitude.

Collection and processing of your personal for the security and online marketing aims have the following legal basis in particular purposes:

a) to provide and strengthen security of the services provided by us by the Website, to improve functionality of the Website and to perform load balancing of the Website - it shall be understood as our legitimate interest (legal basis under Article 6(1)(f) of the GDPR). We do not process your IP address to identify you as a natural person, but to increase security protection for your Website.

b) to analyze your behavior in order to optimize both our Website and our advertising - it shall be understood as our legitimate interest (legal basis under Article 6(1)(f) of the GDPR). We do not process your IP address to identify you as a natural person, i.e. data collected through these services is anonymous to us and we cannot determine your identity.

How long do we process your personal data?

We will retain and use your personal data only for as long as we need it to fulfil the purpose for which we have collected and processed it or as long as required and/or possible by retention requirements specified in the provisions of law.

When it comes to setting up an account, your data will be processed by us:

1. to set up an account - until the withdrawal of the consent or until the termination and/or expiration of the API agreement;

2. to perform the API agreement – until the termination and/or expiration of the API agreement;

3. to establish, assert or defend ourselves against claims – until such claims become time-barred.

When it comes to blog subscription, your data will be processed by us:

1. to provide you with a newsletter, to analyze its efficiency and to maintain a commercial database – until the withdrawal of the consent or for a period of up to 3 years from the date of your last activity in the meaning of clicking the link to the newsletter sent to you via e-mail;

2. to establish, assert or defend ourselves against claims – until such claims become time-barred.

When it comes to commercial information subscription, your data will be processed by us:

1. to provide you with commercial information, to analyze its efficiency and to maintain a commercial database – until the withdrawal of the consent or for a period of up to 3 years from your last activity in the meaning of clicking the link sent to you in the commercial communication;

2. to establish, assert or defend ourselves against claims – until such claims become time-barred.

When it comes to contact request, your data will be processed by us:

1. to contact you - until the purpose of contact request is met or until the withdrawal of the consent, in any case no longer than for a period of 3 years from the last activity;

2. to establish, assert or defend ourselves against claims – until such claims become time-barred.

When it comes to security matters, your data will be processed by us:

1. to provide and strengthen security of the services provided by us by the Website, to improve functionality of the Website and to perform load balancing of the Website – no longer than 60 (say: sixty) days from the date they were collected.

When it comes to online marketing matters, your data will be processed by us:

1. to analyze your behavior in order to optimize both our Website and our advertising - until the services are rendered or until you change the ad settings on your Facebook or Google profile as well as directly on the webpages of other internet marketing services providers.

What can we do with your personal data?

We work with some third parties and they may have access to some of your information collected and processed by us. The recipients of your personal data may include:

1. entities authorized by law on the basis of a proper request (courts, state authorities);

2. entities providing accounting, IT, marketing, communication and analytical as well as legal services, including HubSpot, Google, Facebook, LinkedIn;

3. subcontractors with whom we cooperate.

Your information, including personal data, may also be transferred to — and maintained on — computers located outside of the European Economic Area where the data protection laws may differ from those enacted in the provisions of the GDPR.

Therefore, if we transfer personal data outside the European Economic Area, i.e. to third countries, the transfer of personal data will be based on appropriate legal mechanisms such as a Commission Implementing Decision, including in particular Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 adopted pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield (notified under document No. C(2016) 4176), standard contractual clauses or other similar legal instruments provided for in the GDPR.

To ensure you an adequate control over your personal data transfer outside the European Economic Area, you will have the right to obtain a copy of your personal data transferred to third countries at any time.

Your rights concerning personal data

In accordance with the GDPR provisions, you have the following rights:

1. the right to request access to your data and to receive a copy of your data : whenever made possible, you can access, update or request deletion of your personal data;

2. the right to rectify (correct) your data: you have the right to have your information rectified if that information is inaccurate or incomplete;

3. the right to erasure: you have a right to erasure regarding data that is no longer required for the original purposes or that is processed unlawfully;

4. the right to data portability: you have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format;

5. the right to object: you have the right to object to our processing of your personal data – upon your justified objection we will cease any further processing under Article 6(1)(f) of the GDPR;

6. the right to withdraw consent: you also have the right to withdraw your consent at any time where we relied on your voluntary consent to process your personal information;

7. the right to lodge a complaint to the competent supervisory authority - about our collection and use of your personal data.

In order to exercise your rights, you may send a request to the following e-mail address: office@infermedica.com, send a letter to our correspondence address indicated above or personally go to our registered office. Please note that before responding to such requests or exercising your rights, we may ask you to verify your identity. In order to withdraw your consent for personal data processing given to us, you can also click unsubscribe hyperlink in e-mail correspondence. The withdrawal of your consent does not affect the lawfulness of our previous processing based on your consent before its effective withdrawal.

Security

The security of your data is a very important issue for us. We strive to conscientiously and perpetually protect your personal data from loss, destruction, distortion/falsification, manipulation and unauthorized access or unauthorized disclosure through appropriate technical and organizational measures we adopted in our company.

However, please be informed and always keep in mind that no method of transmission over the Internet or method of electronic storage is 100% secure. Due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care will be safe from any intrusions made by third parties, such as hackers.

Cookies

We use cookies to track your activity on our Website and we hold certain information resulting from such tracking.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from our Website and stored on your device. They are used to collect and track information and to improve and analyze our services rendered through our Website.

Detailed information can be found in our Cookies policy.

Online marketing services and services rendered by third-parties

a) Online marketing services:

Based on the legitimate interest in the analysis, optimization and economic operation of our activities, as well as in analyzing your behavior in order to optimize both our Website and our advertising, we use the following online marketing services:

Facebook Pixel:

On our Website we use marketing tool available through and provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA, i.e. “Facebook Pixel”. Facebook Pixel is a source code fragment added to our Website.

This tool makes it possible to track your behavior and activity after you have been redirected to our Website once you have seen or clicked on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook our advertisements for statistical and market research purposes and may help to optimize future advertising efforts. Information gathered with use of this tool allows Facebook to provide you with personalized ads when using Facebook website.

When you visit our Website, Facebook Pixel tools establishes a direct connection with Facebook servers. Facebook is therefore informed that you visited our Website and may assign this information to your Facebook account.

The data collected through Facebook Pixel tool is anonymous to us, and we cannot determine your identity. The data is however stored and processed by Facebook what makes it possible to connect it with the respective Facebook account and Facebook can use the data for its own advertising purposes, according to the Facebook privacy policy and the Facebook user’s profile settings. Facebook has an ultimate control of any data gathered through this tool. However, you can opt-out of Facebook’s use of Facebook Pixel tool through settings available on your Facebook account.

Detailed information on Facebook Pixel an the way your data is collected and processed can be found here: https://www.facebook.com/policy.php

Google Analytics:

Our Website uses Google Analytics, a web analysis program of Google Ireland Ltd. (Gordon House, 4 Barrow Street, Dublin, Ireland). Google Analytics uses cookies that are stored on your terminal device as well as your IP address with active IP anonymization feature. On our behalf Google uses such information to analyze your use of our Website and provides us with reports and other services. The IP address transmitted from your terminal device to Google Analytics will not be merged with any other data of Google. Google will transfer your data to third parties only if permitted by applicable law or in accordance with outsourced data processing agreements.

You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. More information can be found here: https://policies.google.com/privacy

Full Story:

We use analytics software and services offered by FullStory, Inc. to collect information regarding your behavior on our Website. For more information about FullStory, please see the FullStory privacy policy available at https://www.fullstory.com/legal/privacy/ . You can opt out of FullStory’s collection and processing of data generated by your use of our Website by going to https://www.fullstory.com/optout/ .

Amplitude:

We use analytics software and services offered by Amplitude Inc. (631 Howard Street, Suite 300, San Francisco, CA 94105, USA). This tool collects technical information, such as the type of your device, the operating system used or the name of your provider. In addition, Amplitude tracks events that occur during use of our Service. You will find additional information about the manner in which Amplitude processes data at: https://amplitude.com/privacy.

b) Services rendered by third parties

Certain services offered to you through the Website contain links to websites hosted and operated by a companies other than us, in particular webpages of our partners or software hosting webpages. We do not share your personal information with these third parties, but you should be aware that any information you disclose to these third parties once you access their websites is not subject to this Privacy Policy.

Amendments

We may revise this privacy policy from time to time. The most current version of the privacy policy will govern our use of your personal data and other information we process and will be posted at the Website. By continuing to access or use the Website and our services rendered through it, after those changes become effective, you agree to be bound by the revised privacy policy. If you do not agree, you must cease using our Website immediately.

Contact

You can reach us:

- via e-mail: office@infermedica.com

- by phone: +48 693 861 163

- in writing to our registered office: Infermedica Sp. z o.o., Plac Solny 14/3, 50-062 Wrocław, Poland