Privacy Policy

Last updated: 2023-08-04

Please note: we are currently reviewing our privacy policy to protect our users and their data better. We will be updating it as more information becomes available.

Contents

1. Who we are        2

1.1 This Privacy Policy        2

1.2 The Services        2

1.3 Controller        2

2. The Personal Data we process about you        2

3. How we collect personal data        3

3.1 Information provided by customers        3

3.2 Information we automatically collect about you and your device        3

3.3 Information we receive from suppliers        3

4. How we use your Personal Data        4

4.1 To enable and provide the Services        4

4.1.1 General        4

4.1.2 To administer the Services and our relationship with you        4

4.1.3 To provide decision support for cancer diagnostics        4

4.1.4 To secure the quality and develop the Services        4

4.1.5 To communicate with you and provide customer support        4

4.2 To conduct research        4

4.3 Marketing        5

4.3.1 Marketing Communication        5

4.3.2 Surveys and interviews        5

4.3.3 Marketing opt-out        5

4.4 To comply with legal obligations        5

5. How long do AIM keep your personal data        6

6. Disclosures of your Personal Data        6

6.1 Recipients        6

6. How we protect your Personal Data        7

7. Third-party links        7

8. Your rights in relation to your personal data        7

8.1 Your rights        7

8.2 How to exercise your rights        8

9. Glossary        8

1. Who we are

1.1 This Privacy Policy

This Privacy Policy covers how AI Medical Technology AB ("AIM", "we", "us", or "our") collects and processes your Personal Data (defined in section 2) obtained by us through your use of our services or otherwise shared by you. It is important that you read it together with any other privacy notice that we may provide when we are collecting your Personal Data so that you are fully aware of how and why we are using it.

We keep our Privacy Policy under regular review, and it may be subject to change. Any changes will be posted on our website (the "Website") and, where appropriate, notified to you.

1.2 The Services

The service (Dermaliser) is delivered as an application (referred to as the "App", "our services", or "the service"), Dermalyser is a diagnostic decision support system (DDSS) empowered with advanced artificial intelligence (AI). The primary function is to classify skin cancer such as malignant melanoma using image analysis combined with deep learning (AI). In addition to the App, AIM has a Website containing information about the company and its products.

1.3 Controller

AIM is a controller and is responsible for the processing of your Personal Data. We care about the confidentiality and integrity of the information that is shared with us and will only process your Personal Data in accordance with this Privacy Policy and applicable laws and regulations.

AIM has appointed a Data Protection Officer ("DPO"). If you have any questions or comments about this Privacy Policy or the processing of your Personal Data, please contact our customer support at support@aimedtech.com.

2. The Personal Data we process about you

AI Medical Technology AB may process the following types of personal data:

Account Data

Includes the registration date, contact data and whether you have an active subscription or not.

Customer Data

Includes address, billing address, delivery address, email address, contact person and telephone number.

Device Data

Includes device identifier, your mobile operating system and OS version.

IP Data

The IP address that you are accessing the service from.

Identity Data

User credentials and digital identity of the user.

Data related to the patient

Images of skin leisures with anonymised reference to the customer's patient journaling system.

Transaction Data

includes details about purchases and payments, excluding bank and credit card details.

Usage Data

Includes details of your use of the Services, such as traffic data and data logs for application monitoring, security and statistics.

User Data

Includes data the customer provides when setting up an account with Dermalyser for using the App, such as Contact, organisation and Identity.

AIM also use cookies and browser local storage to distinguish you from other service users and to store your preferences.

3. How we collect personal data

3.1 Information provided by customers

AIM store and process personal data provided by customers when registering and signing up to use the App. Information can also be gathered from customers answering surveys, contacting our customer support or otherwise corresponding or interacting with us and our Services.

When signing up for the App (by purchasing the app or signing a contract), you will be requested to consent to our use of personal data (please note that you will need to consent for the App to work). You can withdraw your consent at any time by cancelling the agreement (according to the terms) or by contacting us at support@aimedtech.com. If you provide sensitive data to us by other means than the app – for example, via support – this is described in greater detail in section 4.1.

3.2 Information we automatically collect about you and your device

When you are using our Services, we will automatically collect Device, IT and Usage Data. Some Usage Data is collected by using cookies. Please see our Cookie Policy for additional details.

3.3 Information we receive from suppliers

We receive Device and Usage Data about you from analytics providers such as Google Analytics and Transaction and Contact Data from our payment service providers.

4. How we use your Personal Data

4.1 To enable and provide the Services

4.1.1 General

For the service to work, AIM must process the personal data you add to the services. This includes administering our services and our relationship with customers, providing the decision support, securing the quality and developing the Services and communicating and providing customer support, as further explained below.

Consent for processing personal data must be obtained for the app to work.

4.1.2 To administer the Services and our relationship with you

AIM use user and IT data to administer the service and our relationship with customers. This includes setting up accounts for the App, troubleshooting, and system testing, as well as notifying you of changes to the services or technical issues and reaching out to you.

Lawful Basis: Contract, Consent, Legitimate interest in running the business, provide and ensure the proper function and use of the Services. Se also, the AIM GDPR Policy

4.1.3 To provide decision support for cancer diagnostics

AIM uses AI-based algorithms to provide decision support for the diagnosis of skin cancer; it does this by analysing the image data from images that are taken by the App. The image is taken by medical professionals on patient skin lesions.

Lawful Basis: Contract, Consent.

4.1.4 To secure the quality and develop the Services

We process your usage and account data to monitor and analyse how our customers engage and interact with the services so that we can secure the quality and develop the services to better align with usage patterns and preferences. While we have access to personal data for the purpose of analytics, the results are aggregated and stripped of any personal data.

Lawful Basis: Contract, Consent, Legitimate interest

4.1.5 To communicate with you and provide customer support

We will process personal data that you provide in inquiries to our customer support by telephone, email or through contact forms provided by us to communicate with you and act on complaints. What type of personal data we collect for this purpose depends on the nature of your inquiry. If you are a user, our support agents may request access to your user data if necessary to respond appropriately to your inquiry. Such access is subject to strict access controls and security measures to protect your integrity.

Lawful Basis: Contract, Consent, Legitimate interest to respond to your inquiries,

4.2 To conduct research

AIM conduct research to evaluate the effectiveness and suitability of the App in clinical practice. We use the results of our research to communicate the benefits and limitations of Dermaliser to healthcare professionals. All our published research is subjected to peer
review and follows normal scientific processes, including ethical approval from the relevant professional bodies where required.

If we have consent, we may use your user data and other personal data that you may
provide, in anonymised form, for scientific studies, scientific articles and other research purposes as may be disclosed when your personal data is collected. However, personal data is anonymised and aggregated before any such publications are shared outside AIM.

We may also contact you with requests to participate in specific research projects run by us or our business partners. AIM also contributes to research carried out by selected universities, institutions and other parties by sharing anonymised data with them. To avoid doubt, we do not share any Personal Data with such external parties.

Finally, we may analyse sensitive data to publicly share insights learned from aggregated data with the purpose of increasing knowledge and understanding of
Skin cancer. This kind of publication is always based on aggregated anonymised data and, as such, doesn't contain any personal information.

Lawful Basis: Consent

4.3 Marketing

4.3.1 Marketing Communication

AIM process transaction, account, contact and usage data to conduct internal usage analysis to create and send relevant messages about our products. Some Marketing Data is collected by using cookies. These cookies include third-party services that may collect information about your visits to our site for analytics, retargeting and conversion tracking purposes. Please see the AIM Cookie Policy for further details.

Lawful basis: Legitimate interest to market ourselves and our Services

4.3.2 Surveys and interviews

As a customer, you may be contacted and enabled to complete surveys or take part in interviews for marketing purposes. We will process the Profile Data that you provide in such surveys and interviews to analyse user preferences, improve and assess the effectiveness of marketing activities, and use it as marketing material or other promotional purposes as disclosed when your Personal Data is collected.

Lawful Basis: Consent

4.3.3 Marketing opt-out

You always have the right to opt out of receiving marketing communication by contacting us at support@aimedtech.com.

4.4 To comply with legal obligations

Dermalyser is classified as a medical device intended for use as a decision support tool for diagnosing skin cancer by an EU Notified Body. This means that we are subject to medical device regulations which may require the collection and processing of your Personal Data. There are also other legal provisions that require the processing of your Personal Data, such as accounting and fraud prevention laws. For more details, see section 6.1.

Lawful Basis: Legal Obligation

5. How long do AIM keep your personal data

We retain your Personal Data for as long as necessary to achieve the purposes set out in this Privacy Policy. In some cases, we may be required to continue to process your Personal Data for a longer period of time to comply with legal obligations (e.g. accounting or audit obligations) or for the establishment, exercise or defence of legal claims. When we no longer have a reason to keep your personal data, if you withdraw your consent or if you successfully request that we erase it, your data will be deleted.

Lawful basis: Consent, Legal Obligation

6. Disclosures of your Personal Data

6.1 Recipients

AIM never sells personal- or user data. We conduct extensive assessments before engaging any processor to ensure that they have appropriate technical and organisational measures in place that adequately protect your personal data. Anyone who is processing personal data on our behalf is bound by contractual obligations to keep personal data confidential and secure and to use it only for the purposes as instructed by us.

AIM may share your Personal Data:

  1. with our service providers that we use to support and provide our business, such as technical service or operation providers, to the extent needed to enable and provide the Services to you,
  2. with our successors, if we are involved in, e.g. a merger, acquisition or asset sale, giving you notice of this,
  3. with others with whom you ask us to share your personal data,
  4. AIM will provide personally identifying data in response to a third-party inquiry only if required by a valid legal process but will take all possible steps to keep your data private. AIM will contest the disclosure of your personal data in response to a third-party inquiry to the extent that a reasonable ground for objection exists. AIM will provide you with prompt prior notice of such a request, to the extent legally permitted, so that an order for relief may be requested. Suppose AIM reasonably determines that such disclosure is still legally required. In that case, it will seek a confidentiality designation protecting the disclosure. It will only disclose the portion necessary and at the required time, and/or
  5. to protect and defend AIM, our business partners’ or users' rights and interests.

If you choose to share your Personal Data with any third person (e.g. a partner), you accept that you have done so at your own risk.

6. How we protect your Personal Data

All information you provide to us is transferred using encryption (HTTPS) and stored on secure servers. We use generally accepted industry standards, technologies, procedures and methods, such as firewalls, encrypted storage, regular software updates, security scans, access control, audit logging and review of admin actions as well as external penetration tests to protect the integrity of your personal data and to prevent unauthorised access. We also have policies and other organisational measures in place, including recurrent employee training on data protection and strict procedures to deal with any suspected personal data breach.

7. Third-party links

The AIM Website may contain links to other websites. Please note that we do not accept any responsibility or liability for personal data that may be collected through these websites or services. We recommend that you read their privacy policies before you submit any personal data to them or use their services.

8. Your rights in relation to your personal data

8.1 Your rights

You have the right to:

  1. request access to and information about your Personal Data that is being processed by us.
  2. request correction of your personal data if it is inaccurate or incomplete, including providing additional data if relevant information is missing,
  3. request the erasure of your personal data,
  4. object to our processing of your personal data (i) if the processing is based on our legitimate interest, or (ii) for direct marketing purposes,
  5. request that we restrict the processing of all or some of your Personal Data in certain situations and to ask us not to send you any direct marketing, and
  6. request a copy of your personal data in a structured, commonly used format and that we transfer your personal data to another controller.

If you have any concerns regarding our processing of your Personal Data, you have the right to file a complaint with the Swedish Data Protection Authority (Sw. Integritetsskyddsmyndigheten), or your local supervisory authority.

8.2 How to exercise your rights

You may contact us in writing at any time to exercise your rights, preferably using the email address that is associated with your user account. We may need to request specific information from you to help us confirm your identity.

We do our best to respond to your request within a few days and at least one (1) month. If the request is complicated or if we have received a large number of requests, we may need to prolong our response time by one (1) additional month.

You can exercise your rights at no cost to you. However, we may charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive.

9. Glossary

Anonymized data

Anonymised data means that the identifying information is irreversibly removed so that an individual is not identifiable.

Application

Dermalyser

Consent

Consent means that you have agreed to our processing of your personal data for a specific purpose by a statement or clear opt-in. You can withdraw your consent anytime by contacting us at support@aimedtech.com or by following the instructions provided when the consent was collected.

Contract

Contract means that the processing of your Personal Data is necessary for the performance of a contract to which you are a party, e.g., our Terms of Use, a purchase agreement, or to take steps at your request before entering into a contract.

Legal obligation

Legal obligation means that the processing of your Personal Data is necessary for compliance with a legal obligation that we are bound by, e.g., medical device regulations or national laws.

Legitimate interest

Legitimate interest means that we assess that we have a legitimate interest in conducting and managing our business that, considering and balancing any potential impact on you and your rights, we do not consider are overridden by the impact on you. Please contact us if you want to know more about how we have conducted this balance of interest.

Minimised data

Minimised data means that only the minimal amount of data needed for a certain kind of processing is included.

Pseudonymised data

Pseudonymised data means that identifying information is replaced with something else so that additional information is needed to re-identify an individual. Pseudonymisation is a security measure.

_________________________________________________________________________________________________________________

         AI Medical Technology AIM AB 2023. All rights reserved.