Privacy Policy

Last updated: February 3, 2021

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of Your information when You use the website or our Discovery Services and tells You about Your privacy rights and how the law protects You.

The legal basis for data processing in Switzerland is the Swiss Data Protection Act (DSG). The competent authority in Switzerland is the Federal Data Protection and Public Information Officer (EDÖB). For visitors from the EU and the European Economic Area, due to the extraterritorial application of the European General Data Protection Regulation (GDPR), we will also comply with the respective articles of the GDPR and name them for you.

When you use this website, various personal data is collected and processed. Personal data is data that can be used to identify you individually.

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

By using this website, you agree to the collection and processing of your personal data at home and abroad as described in this privacy policy.

The privacy policy published on this website at the time of use applies to the use of the website.

Further, it will also apply to the Discovery Services and we also explain herein how we will process your Personal data, in case you sign up to use our Discovery Services. We will use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Please note, that in many cases we will require to agree on a separate data processing agreement with our customer, the licensor of the Discovery Services, who then would instruct us how to process the Personal Data of its authorized users and the content data they may upload to the platform on the customer’s behalf.

In such a case, we would act as processor only, and the respective customer company that signs on to the Discovery Services would be regarded the Controller. You can review our standard DPA at

If you have any questions or concerns about data protection or would like to assert special data subject rights under the GDPR, you can contact us at any time at the address below.

Interpretation and Definitions


The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.


For the purposes of this Privacy Policy:

  • Account means a unique account creat
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application means the software program provided by the Company downloaded by You on any electronic device, named Discovery Services
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to RETINAI MEDICAL AG, FREIBURGSTRASSE 3, 3010 BERN, SWITZERLAND.
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: Switzerland
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application or the Website or both.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to RetinAI - Intelligence in Ophthalmology, accessible from
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Name and contact details of the controller:

This data protection information applies to data processing by:

RETINAI MEDICAL AG, Freiburgstrasse 3, 3010, Bern - Switzerland -

Data Protection Officer: Marc Stadelmann, PhD -

Collecting and Using Your Personal Data

When visiting our website

On the one hand, your data is collected by you providing us with it. This can be for example data that you enter in a contact form or in a user account registration.

On the other hand, data is also automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of page view). Please refer to the details of the technical collection and use of the data by cookies, analysis tools and third-party plug-ins in the further description below.

If you send us enquiries via the contact form, your details from the request form, including the contact details you provide there, will be stored with us for the purpose of processing the request and in case of follow-up questions. If you provide us with personal data of third parties, please make sure that the data subject agrees to this.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to processing or the purpose for data processing is no longer applicable (e.g. if after 6 months there is no further contact after your request has been processed).

Mandatory statutory provisions, in particular retention periods, remain unaffected.

Please note that in the case of e-mails or electronic communication via websites and internet platforms, the legally regulated attorney-client secrecy cannot be guaranteed in each case.

When you visit our website information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • The date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • browser used and, if applicable, your computer's operating system and the name of your access provider.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring comfortable use of our website,
  • Evaluation of system security and stability as well as
  • for other administrative purposes.

Our legitimate interest follows for the purposes listed above for the collection of data (see Art. 6 sec. 1 p. 1 lit. f GDPR).

In addition, when we visit our website, we use cookies and analysis services. For further information, please see paragraphs 6 -8 of this privacy notice.

When using our contact form

If you have any questions, we offer you the opportunity to contact us via a form provided on the website. A valid e-mail address is required so that we know who the request originated from and in order to be able to answer it. Further information may be provided voluntarily.

The data processing for the purpose of contacting us is based on your voluntary consent (see Art. 6 sec. 1 p. 1 lit. a GDPR).

The personal data collected by us for the use of the contact form will be deleted after completion of the request made by you, if no client relationship results from this within 6 months of your contact. You may also contact us at any time if you want us to correct or delete your contact details.

Cookies and Tracking Technologies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, trojans or other malware.

The cookie stores information that arises in each case in connection with the specific device used. However, this does not mean that we will gain direct knowledge of your identity.

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to detect that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use temporary cookies to optimize the user experience, which are stored on your device for a specified period of time. If you revisit our site to use our services, you will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to re-enter them.

On the other hand, we used cookies to record the use of our website statistically and to evaluate them for the purpose of optimizing our offer. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.

The data processed by cookies are necessary for the aforementioned purposes in order to safeguard our legitimate interests as well as third parties (see Art. 6 sec. 1 p. 1 lit. f GDPR).

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete disabling of cookies may prevent you from using all the features of our website.

The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies
    Type: Session Cookies
    Administered by: Us
    Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
  • Functionality Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
  • Tracking and Performance Cookies
    Type: Persistent Cookies
    Administered by: Third-Parties
    Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.

We may use third-party Service providers to monitor and analyze the use of our Service.

  • Google Analytics
    Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

    You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

    You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy:

    For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

We may use social plug-ins of the social networks LinkedIn, Twitter, Instagram and YouTube on our website in order to make our law firm better known. The processing of the personal data of the users is also carried out on the basis of our legitimate interests in effective information of the users and communication with the users (see Art. 6 sec. 1 lit. f. GDPR). If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is (Art. 6 sec. 1 lit. a., Art. 7 GDPR).

The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

We also maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services there.

We would like to point out that data of users can be processed outside the European Union. This can create risks for users, as this could e.g. make it more difficult to enforce users' rights. With regard to US providers that have been certified under the Privacy Shield, we would like to point out that they have now committed to comply with the data protection standards of the EU /GDPR.

In addition, users' data on the Internet is often processed for market research and advertising purposes. For example, user profiles can be created from the usage behaviour and the resulting interests of the users. The user profiles can in turn be used to display advertisements inside and outside the platforms, which are presumed to be in the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing operations and the opt-out, we refer to the following linked information of the providers. RetinAI does not use this information for advertising purposes.

Even in the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively by the providers. Only the providers have access to the data of the users and can take direct measures and provide information. If you still need help, you can also contact us.

  • LinkedIn
    Our website uses social media plugins from LinkedIn to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from LinkedIn.

    When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the LinkedIn servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated by it into the website.

    By integrating the plugins, LinkedIn receives the information that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn account or are not currently logged in to LinkedIn. This information (including your IP address) is transmitted by your browser directly to a LinkedIn server in the US and stored there. If you are logged in to LinkedIn, LinkedIncan assign the visit to our website directly to your LinkedIn account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information is also posted to LinkedIn, depending on your personal settings, and displayed to your LinkedIn contacts.

    LinkedIn may use this information for the purpose of advertising, market research and the needs of the LinkedIn pages. For this purpose, LinkedIn creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on LinkedIn, to inform other LinkedIn users about your activities on our website and to provide other services related to the use.

    If you do not want LinkedIn to assign the data collected through our website to your LinkedIn account, you must log out of LinkedIn before visiting our website, or change your user settings in your web browser and on LinkedIn.

    The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection notice of the provider:

    – LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), Privacy Policy , Privacy Shield
  • YouTube
    Our website uses plugins from the Google-operated YouTube site. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

    When you visit one of our sites equipped with a YouTube plugin, a connection is made to the youtube servers. The YouTube server will be informed which of our pages you have visited.

    If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

    The use of YouTube is in the interest of an appealing presentation of our online offers.

    Further information on the handling of user data can be found in YouTube's privacy policy at: and the provider's other information at:

    – Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy , Privacy Shield

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every website You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

When using our Discovery Services

When you sign up to our Discovery Services as a user, we will process your Personal Data to provide and improve our Services. Furthermore, we will process the content you upload as described in our EULA and DPA ( ). In case you provide us with Personal Data for natural persons other than you, you are responsible and reliable to us for having ensured your legal basis for processing or having obtained consent from these individuals accordingly.

Types of Data Collected

  • Personal Data
    While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You.

    Personally identifiable information may include, but is not limited to:

    Email address
    First name and last name
    Employer company, role, title
    Address, State, Province, ZIP/Postal code, City
    Usage Data
  • Usage Data
    Usage Data is collected automatically when using the Service.

    Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, user logs and other diagnostic data.

    When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, user logs and other diagnostic data.

    We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
  • Use of Your Personal Data
    The Company may use Personal Data for the following purposes:

    To provide and maintain our Service, including to monitor the usage of and improve our Service.

    To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

    For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

    To contact You: To contact You by email or user notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

    To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about, that You have opted in for on our website.

    To manage Your requests: To attend and manage Your requests to Us.

    For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your user experience.

    We may share Your personal information in the following situations:

    With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service.

    With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

We will share your personal information with third parties if:

  • you have given your express consent to this (Art. 6 sec. 1 p. 1 lit. a GDPR),
  • the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding interest in the non-disclosure of your data (Art. 6 sec. 1 p. 1 lit. f GDPR),
  • in the event that there is a legal obligation for the transfer (according to Art. 6 sec. 1 p. 1 lit.c GDPR), as well as
  • this is permitted by law and is necessary for the performance of contractual relationships with you (Art. 6 sec. 1 p. 1 lit.b GDPR). Please see the information on our Third Party Providers below.

In the event of any transfer abroad, we comply with the legal requirements (see link, or Art. 44-49 GDPR).

Disclosure of Your Personal Data

  • Business Transactions
    If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
  • Law enforcement
    Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
  • Other legal requirements
    The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

    Comply with a legal obligation
    Protect and defend the rights or property of the Company
    Prevent or investigate possible wrongdoing in connection with the Service
    Protect the personal safety of Users of the Service or the public
    Protect against legal liability

Third Party Providers

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

We host our website on Squarespace Ireland Limited, Attention: Legal – Privacy, Le Pole House, Ship Street Great, Dublin 8, D08N12C, Ireland and have agreed to their privacy policy and data processing agreement with them accordingly, which you can see here:

Privacy Policy – Squarespace

Data Processing Addendum – Squarespace

We host our Discovery Services on Amazon Web Services (AWS) and have agreed to their privacy policy and data processing agreement with them accordingly, which you can see here:

AWS Service Terms (, AWS_GDPR_DPA.pdf (

Data Subject Rights

As a Data Subject, You have the right to:

  • Request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if they were not collected from us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information on its details (see Art. 15 GDPR);
  • request at any time the correction of inaccurate or completion of your personal data stored by us (see Art. 16 GDPR);
  • if applicable, you may request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (Art. 17 GDPR);
  • you may request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims (according to Article. 18 GDPR) or you have objected to the processing in accordance with Article 21 GDPR;
  • in cases rarely applicable to us, you may request that your personal data provided to us be obtained in a structured, common and machine-readable format or request the transfer to another controller (in accordance with Article 20 GDPR);
  • revoke your consent to us at any time. As a result, we may no longer continue the data processing, which was based exclusively on this consent, for the future (see Art. 7 sec. 3 GDPR) and
  • to complain to a supervisory authority (see Article 77 GDPR). As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. The competent supervisory authority for data protection in Switzerland is the EDOEB.

Please note that in case we are processing your Personal Data on behalf of a customer that agreed a Data Processing Agreement with us, we may redirect your requests to the Controller accordingly.

Right to Object

Insofar as your personal data is processed on the basis of legitimate interests (see Art. 6 sec. 1 p. 1 lit. f GDPR), you have the right to object to the processing of your personal data, insofar as there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying  a special situation (see Art. 21 GDPR).

If you wish to exercise your right of withdrawal or objection, an e-mail to

Data security

Within the website visit, we use the common Secure Socket Layer (SSL) method in conjunction with the highest encryption level supported by your browser. Typically, this is 256-bit encryption. If your browser doesn't support 256-bit encryption, we'll use 128-bit v3 technology instead. You can see whether a single page of our website is transmitted encrypted by the closed display of the bowl or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

The security of Your Personal Data is important to Us, but please note that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Current version and updates of this privacy notice

This privacy policy is currently valid as of February 2021.

Due to the further development of our website and offers above or due to changes in legal or regulatory requirements, it may become necessary to change this privacy notice. The current privacy notice can be accessed at at any time on the website and can also be printed by you.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email:

By visiting this page on our website:

Privacy Policy for RetinAI

Intelligence in Ophthalmology