Your privacy is important to us. This privacy statement explains what personal data Incision collects from you, through the services we offer to you through our website and app and how we use that data.
This policy applies to any users of our services and our affiliates anywhere in the world, and to anyone else who contacts Incision or otherwise submits information to Incision, unless noted below.
1. Data Protection Principles
We are committed to complying with data protection law and principles, which means that your data will be:
- a. Processed lawfully, fairly and in a transparent way;
b. Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
c. Adequate, relevant and limited to what is necessary for those purposes;
d. Accurate and, where necessary, kept up to date;
e. Kept for no longer than is necessary for those purposes; and
f. Processed securely.
2. Collection of Personal Information
Depending on the specific services that Incision provides, Incision can act in (i) the capacity of data processor, or (ii) in the capacity of data controller for the information you provide or that is collected by Incision or its affiliates.
If we act as data processor, you, the user of Incision’s platform and services, acts as data processor for your data stored on Incision’s platform, and you need to comply with the requirements set out by the applicable privacy laws in your country. Incision’s responsibilities as a data processor are described in Incision’s processor obligations
If we act as data controller, we collect data to operate effectively as a business and to provide you, the user, with tailored services and products.
- i. Data provided during registration
At the registration process on the Incision platform, you are asked to provide the following information:
- a. Your first and last name
- b. Your email address
- c. Your profession
- d. Your medical speciality
- e. Your profile password and username
- f. Your place of work/institution
- g. Your country of residency
This basic information is necessary to complete your user registration and for you to use our app and services (for more information on what we use your data for, see section 3). If you decline to provide this information during the registration process you will not be able to create an account on the app, our website and use our services.
In order to optionally complete your Incision profile, we ask for you to also provide your (registered) hospital details. We do not specifically ask for location data but we do infer your location based on your IP address during registration and for opt-ins. In addition to IP address, our platform automatically collects data about your device, including the model, platform, locale code and UUID (universally unique identifier).
- ii. App and service engagement data
When you begin to use our app or web services, we monitor engagement on our platform by recording every interaction you have with products you are registered on. This includes, but is not limited to, page visits, surgical films watched and exams taken on our platform (including performance metrics associated with assessments).
- iii. Cookies and other data collection technologies
In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information collection is to diagnose service issues and to administer and track your usage of our platforms.
- iv. Third party aggregate data
Our third parties may gather non-persona digital properties to enrich aggregate analytics.
How Incision uses Personal Information
Incision uses your personal information for the following reasons:
- v. To operate effectively as a business and to perform essential business operations, including developing and providing (new) services.
We aim to provide services tailored to a users specific role, phase in the education or career, location and medical specialty.
To enhance your experience and productivity on our platform, we endeavor to identify and recommend the most relevant content through personalized notifications, based on your profile and recent activities. To ensure your experience with our products is optimal, we continuously re-examine and iteratively optimize user journeys on our platform.
Service (performance) issues, identified by users and communicated to Incision, are effectively diagnosed and resolved using data collected from interactions on the platform. Decisions on product development and evaluations of product performance are based on aggregate analysis and business intelligence based on non personal data.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We only allow them to process your personal data for specified purposes and in accordance with our instructions.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- vi. To deliver communications of personal interest including product and content releases and in response to product queries or support requests.
Communications sent by Incision come in the form of emails to the email address provided by you during the registration process and through notifications delivered to your device. We may send you communications relating to new and existing product and content releases and updates. We send such communications so that you are aware of changes we are making to the content or features of our products, or new releases, which could affect the usefulness of our core services to you.
You have the right to opt out of such email communication at any time by using the unsubscribe link, found at the bottom of every email.
We may track and report your performance on relevant services such as specific educational programs with your prior knowledge and consent.
If you accept take part in an educational program, you grant Incision permission to share your relevant activity metrics on the Incision platform with the owner(s) of the educational program. Owners of educational programs include, but are not limited to academic institutions and (teaching) hospitals. You have the right at any time to opt out of a program by giving written request to firstname.lastname@example.org
- vii. Patient images
3. Choices and Transparency
In this section, we have summarized the rights that you have under data protection law. The information we provide in this section is a brief summary of your rights under data protection law and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
In most cases, your principal rights under data protection law are:
- a. the right to be informed;
- b. the right of access;
- c. the right to rectification;
- d. the right to erasure;
- e. the right to restrict processing;
- f. the right to data portability
- g. the right to object; and
- h. rights in relation to automated decision making and profiling.
Please note that your rights are sometimes restricted, please contact Incision for additional information. You have the right to confirmation as to whether or not we hold or process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:
- a. We may ask you to verify your identity, or ask for more information about your request; or
- b. Where we are legally permitted to do so, we may decline your request, but we will explain why, if we do so.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right of erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a contractual or other legal obligation; or for the establishment, exercise or defense of legal claims.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time.
4. Duration of Data Retention
Incision retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyse the data for the purpose it was collected (as described in section 3).
5. Information Security and International Transfers
Incision is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes a variety of security technologies and organizational procedures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt certain types of data
For more information or question on our policy please contact us at: email@example.com