Last modified: January 6, 2023
This Privacy Notice describes the policies and procedures on the collection, use, and disclosure of user information when you use our website or our Discovery Services. When you use this website or our products and services, various Personal Data is collected and processed. Personal Data is data that can be used to identify you individually. By using this website or our products or services, you agree to the collection and processing of your Personal Data at home and abroad as described in this Privacy Notice. Please read this Privacy Notice carefully to understand how your data will be collected, used, and disclosed. It is important to us that you are aware of your privacy rights and how the law protects you. We take the protection of your Personal Data very seriously and treat your Personal Data in accordance with statutory data protection regulations and this Privacy Notice.
The legal basis for data processing in Switzerland is the Swiss Data Protection Act (DSG) and the ordinance (VDSG). The competent authority in Switzerland is the Federal Data Protection and Public Information Officer (EDÖB). For visitors from the EU and the European Economic Area, due to the extraterritorial application of the European General Data Protection Regulation (GDPR), we will also comply with the respective articles of the GDPR and name them for you. The European Union regards Switzerland as having an adequate level of data protection.
Under the GDPR, RetinAI acts as a Data Controller when it collects Personal Data from its website users. RetinAI may also act as a Data Processor only in customer relationships where a Data Processing Agreement (DPA) has been executed to define the customer company as the Data Controller. The standard DPA may be accessed at: https://www.retinai.com/dpa
For the purposes of this Privacy Notice:
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Application means the software program provided by the Company downloaded by You on any electronic device, named Discovery Services.
- Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to RETINAI MEDICAL AG, FREIBURGSTRASSE 3, 3010 BERN, SWITZERLAND.
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Country refers to Switzerland.
- Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual. This includes PHI.
- Service refers to the Application or the Website or both.
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
- Third-Party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Website refers to RetinAI - Intelligence in Ophthalmology, accessible from https://www.retinai.com/.
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
3. Contact Details
3.1 Data Controller or Processor
RetinAI Medical AG
3.2 Data Protection Officer
Marc Stadelmann, PhD
4. Personal Data Collection and Use
We collect your data when you visit our website by automatically receiving data from your browser. This information is temporarily stored and deleted without your intervention and includes the following:
- IP address of the requesting device
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (i.e. referer URL)
- Browser used
- Device’s operating system (if applicable)
- Name of your access provider (if applicable)
The above data is processed by us for the following legitimate purposes (Art. 6(1) GDPR):
- Ensuring a smooth connection to the website
- Improving the user experience of our website
- Evaluating system security and stability
- Performing administrative tasks
We collect your data when you send us enquiries using our Contact form or order form. This information is voluntarily provided by you and may include contact details and Personal Data about yourself or others. Please ensure that you understand all statutory data protection regulations before providing any third-party Personal Data to us. Note that emails and electronic communications via internet platforms and websites may not always be protected to secure confidentiality. The data you provide is stored until you make a request for erasure or to withdraw consent, or the data no longer serves a legitimate purpose. Otherwise, this data will be deleted within 6 months of receipt of the request if the data serves no other purpose. Note that mandatory statutory provisions, in particular, retention periods, remain unaffected by this provision.
4.3 Cookies and Tracking Technologies
The cookie stores information that arises in each case in connection with the specific device used. However, this does not mean that we will gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize the user experience, which are stored on your device for a specified period of time. If you revisit our site to use our services, you will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to re-enter them.
On the other hand, we used cookies to record the use of our website statistically and to evaluate them for the purpose of optimizing our offer. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.
The data processed by cookies are necessary for the aforementioned purposes in order to safeguard our legitimate interests as well as third parties (see Art. 6 sec. 1 p. 1 lit. f GDPR).
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete disabling of cookies may prevent you from using all the features of our website.
The technologies We use may include:
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
- Necessary/Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
- Cookies Notice/Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
- Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
We may use third-party Service providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Notice: https://policies.google.com/privacy.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
We may use social plug-ins of the social networks LinkedIn, Twitter, Instagram and YouTube on our website in order to make our law firm better known. The processing of the Personal Data of the users is also carried out on the basis of our legitimate interests in effective information of the users and communication with the users (see Art. 6 sec. 1 lit. f. GDPR). If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is (Art. 6 sec. 1 lit. a., Art. 7 GDPR).
The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.
We also maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services there.
We would like to point out that data of users can be processed outside the European Union. This can create risks for users, as this could e.g. make it more difficult to enforce users' rights. With regard to US providers that have been certified under the currently not fully accepted Privacy Shield, we would like to point out that they have now also additionally committed to comply with the data protection standards of the EU /GDPR.
In addition, users' data on the Internet is often processed for market research and advertising purposes. For example, user profiles can be created from the usage behavior and the resulting interests of the users. The user profiles can in turn be used to display advertisements inside and outside the platforms, which are presumed to be in the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behavior and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective processing operations and the opt-out, we refer to the following linked information of the providers. RetinAI does not use your information for advertising purposes, unless you give us express marketing consent.
Even in the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively by the providers. Only the providers have access to the data of the users and can take direct measures and provide information. If you still need help, you can also contact us.
Our website uses social media plugins from LinkedIn to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from LinkedIn.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the LinkedIn servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated by it into the website.
By integrating the plugins, LinkedIn receives the information that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn account or are not currently logged in to LinkedIn. This information (including your IP address) is transmitted by your browser directly to a LinkedIn server in the US and stored there. If you are logged in to LinkedIn, LinkedIncan assign the visit to our website directly to your LinkedIn account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information is also posted to LinkedIn, depending on your personal settings, and displayed to your LinkedIn contacts.
LinkedIn may use this information for the purpose of advertising, market research and the needs of the LinkedIn pages. For this purpose, LinkedIn creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on LinkedIn, to inform other LinkedIn users about your activities on our website and to provide other services related to the use.
If you do not want LinkedIn to assign the data collected through our website to your LinkedIn account, you must log out of LinkedIn before visiting our website, or change your user settings in your web browser and on LinkedIn.
The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection notice of the provider:
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)Privacy Notice https://www.linkedin.com/legal/privacy-Notice , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Our website uses plugins from the Google-operated YouTube site. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our sites equipped with a YouTube plugin, a connection is made to the youtube servers. The YouTube server will be informed which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offers.
Further information on the handling of user data can be found in YouTube's privacy Notice at: https://support.google.com/youtube/answer/2801895?hl=en and the provider's other information at:
– Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), privacy Notice: https://policies.google.com/privacy , Opt-Out: https://adssettings.google.com/authenticated , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .
4.4 Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the privacy Notice of every website You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
When using our Discovery Services
When you sign up to our Discovery Services as a user, we will process your Personal Data to provide and improve our Services. Furthermore, we will process the content you upload as described in our EULA and DPA (https://www.retinai.com/dpa). In case you provide us with Personal Data for natural persons other than you, you are responsible and reliable to us for having ensured your legal basis for processing or having obtained consent from these individuals accordingly.
5. Types of Data Collected
5.1 Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You.
Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Employer company, role, title
- Address, State, Province, ZIP/Postal code, City
- Usage Data
Data you upload into the website, e.g. in Forms
5.2 Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, user logs and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, user logs and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
6. Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of and improve our Service.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To contact You: To contact You by email or user notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about, that You have opted in for on our website.
- To manage Your requests: To attend and manage Your requests to Us.
- For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your user experience.
We may share Your personal information in the following situations:
- With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service.
- With Your consent: We may disclose Your personal information for any other purpose with Your consent.
7. Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
8. Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction. Our IT data storage and Discovery cloud platform are hosted on Amazon Web Services (AWS) primary data centers in Europe
Your consent to this Privacy Notice followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Notice and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
We will share your personal information with third parties if:
- you have given your express consent to this (Art. 6 sec. 1 p. 1 lit. a GDPR),
- the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding interest in the non-disclosure of your data (Art. 6 sec. 1 p. 1 lit. f GDPR),
- in the event that there is a legal obligation for the transfer (according to Art. 6 sec. 1 p. 1 lit.c GDPR), as well as
- this is permitted by law and is necessary for the performance of contractual relationships with you (Art. 6 sec. 1 p. 1 lit.b GDPR). Please see the information on our Third Party Providers below.
In the event of any transfer abroad, we comply with the legal requirements (see https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html, and/or Art. 44-49 GDPR).
9. Disclosure of Your Personal Data
9.1 Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Notice.
9.2 Law Enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other Legal Requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
9.3 Third Party Providers
The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their privacy statements.
We host our website on Webflow Inc., a Delaware Corporation, and have agreed to their privacy Notice and data processing agreement with them accordingly, which you can see here:
Webflow - Privacy Notice
Webflow - Data Processing Addendum
We host our Discovery Services on Amazon Web Services (AWS) and have agreed to their privacy Notice and data processing agreement with them accordingly, which you can see here:
AWS Service Terms (amazon.com), AWS_GDPR_DPA.pdf (awsstatic.com)
In case you make use of the credit card payment option from our web-store, you will be using our third party payment service provider Stripe in Switzerland, whose terms of Service You can access here: https://stripe.com/ch/terms and https://stripe.com/ch/privacy.
By using the Stripe payment service, You agree to the terms and conditions and privacy terms of Stripe. RetinAI shall not be liable to You for Your use of this third-party service.
10. Data Subject Rights
As a Swiss or EU data subject, you have the rights listed below. With respect to data subjects located in other jurisdictions, these rights apply to you to the extent that they are provided for by an applicable provision under local privacy laws.
As a Data Subject, You have the right to:
- Request information about your Personal Data processed by us. In particular, you may request information about the processing purposes, the category of Personal Data, the categories of recipients to whom your data have been or will be disclosed, an accounting of such disclosures, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if they were not collected from us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information on its details (see Art. 15 GDPR);
- Request at any time the correction of inaccurate or completion of your Personal Data stored by us (see Art. 16 GDPR);
- Request the deletion of your Personal Data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (Art. 17 GDPR);
- Request the restriction of the processing of your Personal Data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims (according to Article. 18 GDPR) or you have objected to the processing in accordance with Article 21 GDPR;
- In cases rarely applicable to us, you may request that your Personal Data provided to us be obtained in a structured, common and machine-readable format or request the transfer to another controller (in accordance with Article 20 GDPR);
- Revoke your consent to us at any time. As a result, we may no longer continue the data processing, which was based exclusively on this consent, for the future (see Art. 7 sec. 3 GDPR) and
- To complain to a supervisory authority (see Article 77 GDPR). As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. The competent supervisory authority for data protection in Switzerland is the EDOEB.
- Please note that in case we are processing your Personal Data on behalf of a customer that agreed a Data Processing Agreement with us, we may redirect your requests to the Controller accordingly.
Right to Object
Insofar as your Personal Data is processed on the basis of legitimate interests (see Art. 6 sec. 1 p. 1 lit. f GDPR), you have the right to object to the processing of your Personal Data, insofar as there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a special situation (see Art. 21 GDPR).
If you wish to exercise your right of withdrawal or objection, please contact our DPO at firstname.lastname@example.org.
11. Data Security
Within the website visit, we use the common Secure Socket Layer (SSL) method in conjunction with the highest encryption level supported by your browser. Typically, this is 256-bit encryption. If your browser doesn't support 256-bit encryption, we'll use 128-bit v3 technology instead. You can see whether a single page of our website is transmitted encrypted by the closed display of the bowl or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
The security of Your Personal Data is important to Us, but please note that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
12. Current version and updates of this privacy notice
RetinAI is required to abide by the terms of this Privacy Notice currently in effect. RetinAI reserves the rights to change the terms of this Privacy Notice and publish them accordingly.
The current Privacy Notice can be accessed at https://www.retinai.com/privacy-Notice at any time on the website and can also be printed by you.
13. Contact Us
If you believe that your privacy rights have been violated, you may send a complaint to our DPO above or to the appropriate government authority. You will not be retaliated against for filing a complaint. Similarly, you can also contact us if you have any questions about this Privacy Notice:
By email: email@example.com
By visiting this page on our website: https://www.retinai.com/contact
RetinAI Medical AG, Freiburgstrasse 3, 3010, Bern - All rights reserved ©