2. INFORMATION WE COLLECT
The Service collects information from you in two ways: directly from your input and automatically through the Service's technologies.
2.1 Information we collect automatically
The Service automatically collects information on how you use the Service, such as:
- The IP-address used to connect your computer to the internet is temporarily stored by our web server for security, maintenance and product improvement purposes;
- Computer, device, and connection information, such as browser type and version, operating system, mobile platform, and unique device identifier ("UDID") and other technical identifiers are collected through a.o. our use of Google Analytics features;
- Service usage information such as URL click stream data, including date and time stamp, referring- and exit-URLs, search terms you used, and pages you visited or searched for on the Service.
We may use information that does not reveal your identity or permit direct association with any specific individual, such as browser and device information, anonymous usage data, and aggregated information, for any purpose, except where we are restricted by law. If we combine non-Personal Data with Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.
2.2 Information You Provide
The type of personal information you provide to us may vary, corresponding to the ‘role’ you have when interacting with the Service.
2.2.1 General Website and Service Use
When using the Service as a general user you may provide information to us by:
- Your language preferences as specified by selecting your preferred language on the Service;
- Search terms you enter on the Service;
- Model parameter values that you specify in the Service in order to calculate a result;
- Your Name, Email address and Message, when using our contact Form.
2.2.2 Registered Users
In order to access certain content and to make use of additional functionality and features of the Service, we ask you to register for an account by completing and submitting a registration form. In addition to the information you provide by your general use of the Service, you may provide us with:
Mandatory contact details:
- Username, Email Address, Occupation, Organizations
Optional contact details:
- First Name, Last Name, Telephone, Address, Zip, City, Country, Website, Twitter-, Facebook-, LinkedIn-handle, a Profile Picture
- Regarding the use of Medical Devices on the Service: your declaration of being a medical professional, and/or your declaration of adherence to the Medical Devices’ Intended Use.
Evidencio Customers, such as medical professionals, may be asked to provide additional information in order to fulfill the legal, administrative and financial obligations that need to be performed in the context of e.g. the use of Medical Devices as provided by the Service, such as:
- Payment information, as required by our Payment Providers;
- Your explicit warranty that you are qualified to use a specific medical device;
- Your input, time-of-use, calculated output, when using any Medical Device on the Service.
If you choose to sign in and use the Service by using a third party account (e.g. your Hospital account), the authentication of your login is handled by the third party and the Service will collect your name, email address, and any other information about your third-party account that you agree to share with us at the time you give permission for your account on the Service to be linked to your third party account.
2.2.4 Job Applicants
- Any information you send us as part of a job application will be treated as personal information and will be destroyed once the job application process is concluded.
- The fact that you provide us with your job application and personal information does not mean we are obligated to provide you with any response whatsoever.
Evidencio acts as a Data Controller (as defined in Data Protection Legislation) regarding this 'Personal Data'. The legal basis upon which we process Personal Data is our legitimate interest to provide Services to you.
3. USE OF YOUR INFORMATION
We may use your Personal Data to:
- Provide the Service to you, by e.g. allowing access to, or delivery of our products or services, processing or fulfilling orders or transactions, or administering surveys or promotional programs;
- Respond to your requests, inquiries, comments, or concerns;
- Provide technical-, product-, and other support and help ensure safe and secure operation of the Service;
- Offer you customized content and individualized personalization of the Service to make it more relevant to your interests and needs;
- Enhance, evaluate, and improve the Service, its advertisements and promotional campaigns and our products and services and to develop new products and services;
- Identify and analyze usage trends, including for the purposes of research, audits, reporting and paying royalties and license fees to third-party content providers;
- Notify you about changes or updates to the Service and our products and services;
- Provide you with special offers, promotions, surveys, advertisements and other information about the Service as well as products, events and services of ours, our affiliates and non-affiliated third parties such as societies and sponsors.
- We do not make automated decisions based on your Personal Data.
4. DISCLOSURE OF YOUR INFORMATION
We may need to share a subset of your Personal Data with:
- Relevant entities, and representatives, for which we are acting as a partner, agent, licensee, or publisher, such as 3rd party IP-holders. These entities or representatives are always explicitly mentioned in relation to Service Content or within (Data Processing) Agreements governing your access to such Content;
We also may need to disclose your Personal Data:
- To respond to or comply with any law, regulation, subpoena, court order or other legal obligation;
- To enforce and protect our rights and properties;
- To detect, investigate and help prevent security threats, fraud or other malicious activity;
- To protect the rights, property or safety of our users, employees or others; and
- If Evidencio, the Service or a related asset or line of business is acquired by, transferred to or merged with another company.
The Service may let you post and share Personal Data, comments, materials and other content. Any information you disclose publicly may be collected and used by others, may be indexable by search engines, and might not be able to be removed. Please be careful when disclosing Personal Data in these public areas.
5. YOUR ACCESS TO YOUR INFORMATION
You have a right to be informed on Personal Data processed by the Service, a right to rectification/correction, erasure and restriction of processing. Upon request, you have the right to receive a structured, common and machine-readable format of the Personal Data you provided to us. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that you are the data subject entitled to receive such Personal Data.
Access to your Personal Data will be provided free of charge. However, we may (in advance) charge a reasonable compensation should your request be clearly unfounded, repetitive, or excessive. At our sole discretion we may refuse to comply with your request in these circumstances.
As a registered user you can access your account information and make corrections or updates at any time. The accuracy of such information is solely your responsibility.
Where you have provided consent, you may withdraw it at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing it. Whenever you withdraw consent, you acknowledge and accept that this may have a negative influence on the scope and quality of the Service. We will endeavor to fulfill your request within 30 days but some Personal Data may persist in backup copies for a certain period of time and may be retained as necessary for legitimate business purposes or to comply with our legal obligations. You agree that Evidencio BV shall not be held liable regarding any loss and/or damage to your Personal Data if you choose to withdraw consent.
You have the right to file a complaint with the data protection authority in your jurisdiction. However, we would very much appreciate it if you would file your complaint with us before going to a data protection authority.
6. DATA RETENTION
Evidencio acts as a Data Controller regarding your Personal Data. As such, we have defined data retention policies regarding your Personal Data.
- Information you provide as part of your user profile will as long as your profile exists. In part some information may be retained longer due to legal requirements (e.g. due to legislation medical device use)
- Information you provide as part of your Service Subscriptions (e.g. payment, tax, or company information) we are required by law to retain for 10 years.
- Information we collect automatically: 5 years.
- In case you use the Service as part of your employment at an organization that has an Evidencio Subscription with associated Data Processing Agreement in place. Particular details on data retention regarding tour use of the Service may be specified in the respective Data Processing Agreement.
7. DATA SECURITY
Evidencio has taken every reasonable precaution to safeguard your Personal Data against loss, theft and misuse and unauthorized access, disclosure, alteration, and destruction through the use of appropriate administrative, physical and technical security measures.
Our company and Services have been ISO27001 and NEN7510 certified.
As part of our obligations under these information security certifications our Service is periodically scanned for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Your Personal Data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
Personal Data and usage data is stored as long as is necessary for the purpose(s) for which we originally collected it. We may also retain information as required by law.
8. CROSS-BORDER TRANSFER OF INFORMATION
Evidencio’s Service is hosted on Amazon AWS cloud infrastructure. We currently use AWS Services located in Ireland and Germany. Your Personal Data may be transferred to either Ireland or Germany for processing. By using the Service, you consent to the transfer of information to these countries which may be outside of your country of residence, and which may have different Personal Data protection rules than in your country.
10. GOOGLE ANALYTICS
11. LINKS TO THIRD PARTY PRODUCTS & SERVICES
The Service may, at our discretion, include or offer third-party products or services. These third-party products or services may have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked products or services. Nonetheless, as we endeavor to protect the integrity of our Service, we welcome any feedback regarding these third-party products and services.
12. COMPLIANCE WITH LOCAL LAWS
12.1 EU General Data Protection Regulation (“GDPR”)
We carry out all data control and processing operations in strict compliance with the GDPR. We use a limited number of external service providers that are trusted and meet high data protection and security standards for certain tasks such as technical data analysis, processing and/or storage offerings. We only share information with them that is required for the services offered, and we contractually bind them to keep any information we share confidential. We will not pass your data on to third parties without your express consent unless we are obliged to do so by statutory law or an instruction from a public authority or court.
12.2 California Online Privacy Protection Act
- We honor “do not track” signals and do not track, plant cookies (other than a functionally required session cookie), or use advertising when a Do Not Track (DNT) browser mechanism is in place.
- Should a data breach occur:
- We will notify the users via email within 7 business days.
- We also agree to the Individual Redress Principle.
- We do not market to children under 13.
- Please note that we allow third-party behavioural tracking to improve our Service and our user experience.
12.3 CAN-SPAM ActPrivacy Protection Act
- If at any time you would like to unsubscribe from receiving future emails from Us, you can email us at email@example.com and we will promptly remove you from ALL correspondence.
Attn: Privacy Officer
Last revised: March 9, 2021