Last Revised: January 24, 2018
MobileOCT Ltd. and its affiliates d/b/a MobileODT (“MobileODT ", "Company", “we” or "us") respect the privacy of the users (“User(s)” or “you” or "Clinicians") of its mobile Application known as the “EVA System App for Medical Visual Assessment (the "App"), and EVA System Portal at http://portal.mobileodt.com (the "Portal") (collectively, the "Services", as further detailed in the TOU). We are committed to protect the information you submit through our Services. We believe that you have a right to know our practices regarding the information we may collect and use when you use our App, Portal and/or Services.
1. Your Consent (important, please read carefully!)
2. Which information we may collect on our Users and/or their Patients?
We may collect two types of data and information from our Users:
- The first type of information is un-identified and anonymous information ("Non-Personal Information"). We are not aware of the identity of the User from whom we have collected the Non-Personal Information. Non-Personal Information is any unconcealed information which does not enable identification of an individual User, and which is available to us when such User installs the App and when he/she uses the App or Portal. Non-personal Information which is being gathered consists of technical information, behavioral information and aggregated information, and may contain, among other things, browser type, the type of the User's mobile device and its operating system and version, device language, device storage, screen resolution and other modes (e.g. vibration mode, camera, Bluetooth), User's 'click-stream' in the App or Portal, time spent on various screens of the App and/or Portal, date and time stamps, Internet connectivity, etc.
The second type of information is individually identifiable information, namely information that identifies, or may with reasonable effort identify an individual, or may be of a private and/or sensitive nature ("Personal Information"):
- Users of the App automatically provide their mobile device ID, mainly for enhancing the User’s experience and for geo-location and security purposes as further detailed below.
- Clinician's use of the App may generate Sessions. Each Session may include the Clinician's name, the patient's ID (actual or made-up), the clinical image, image date, Clinician's diagnosis, general geo-location of Clinician's mobile device (i.e. city or region). The patient's name and ID will not be visible to other Users on the Portal.
- When using the App, Clinicians may, but do not have to, collect the name, age and phone number of their patient.
- Pursuant to the Agreement, your employer/organization may provide MobileODT with the following details: Clinician name, phone number, email address, name of organization, entry level (Admin, non-Admin). This information is stored on our servers. Once you open an Account, you may edit your name, email and phone number.
- We note that the App requests access to the User's camera in order to enable the User to take clinical images (or videos) using the App.
For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.
3. How Do We Collect Information on Our Users and/or their Patients?
There are a few methods that we use:
- We receive certain information from your employer/organization, as described above.
- We collect information through your installation and use of the App and/or Portal. In other words, when you are using the App and/or Portal we are aware of it and may gather, collect and store the information relating to such usage, either independently or through the help of our authorized third-party service providers as detailed below. Non-personal Information is collected from your mobile device automatically (i) through your use of the App, once your mobile device is on and as long as the App is running on your mobile device, and (ii) during your use of the Portal.
- We collect information which you may, at your discretion, provide us voluntarily. We collect Personal Information when you, at your discretion, decide to provide us (e.g. your name, email and phone number). We may gather, collect and store the Personal Information either independently or through the help of our authorized third-party service providers as detailed in Section 9 below.
- We collect patient information that you choose to include in your Sessions. We make no use of your patients' Personal Information. We may, however, use and share non-personal information with other entities without exposing any medical information which may be considered as Personal Information.
4. What are the Purposes of the Collection of Information?
We collect Non-Personal Information and Personal Information in order to provide the Services.
We collect Non-Personal Information in order to:
- Use it for statistical and research purposes and for customization and improvement of our Services.
- Improve our metrics and the quality of the Services and gather statistics for commercial purposes and in order to enhance the User's experience.
- Engage with third parties for commercial or research purposes.
We collect Personal Information in order to:
- Allow you to export it to your, your organization's or third parties' systems for your own purposes. IT IS IN YOUR SOLE RESPONSIBILITY TO OBTAIN YOUR PATIENTS' CONSENT AND ALL OTHER LEGALLY NECESSARY CONSENTS OR PERMISSIONS REQUIRED FOR THE USE AND TRANSFER OF YOUR PATIENTS' DATA. TO THE EXTENT LOCAL LAWS OBLIGE YOU TO COMPLY WITH PRIVACY OR HEALTH-RELATED-INFORMATION REQUIREMENTS, YOU SHOULD INFORM US REGARDING SUCH REQUIREMENTS AND TO THE EXTENT WE ARE ABLE TO ASSIST WE WILL ADDRESS THESE REQUIREMENTS IN THE APPLICABLE INVOICE.
- Verify the User's identity when he/she signs in to the Services.
- Be able to reply to the User's support requests or other question concerning the Services.
- Allow our Users to communicate with their patients.
- Determine geo-location information from which the User's mobile device or computer is connected to the Internet in order to render the Services, for statistical purposes as well as in order to safeguard our Services.
5. Sharing Information with Third Parties
For avoidance of doubt, MobileODT may transfer and disclose Non-Personal Information to third parties at its sole discretion and without restriction.
We take industry accepted standards to maintain the security and integrity of our App and Portal through a monthly software release cycle and regular security reviews, so that we may protect our User's information and our User's organizations, as well as any patient information and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.
The information which is gathered from the App and/or Portal is sent to our servers over a secure channel using HTTPS protocols. We also encrypt Sessions or parts thereof in our database in order to effectively anonymize any patient information. We also limit access of third parties to the Services by requiring the use of a PIN number and/or password and by determining different access levels to Users (e.g., Admin, non-Admin).
If we learn of a security breach, then we will notify you electronically so that you can take appropriate protective steps as well as post a notice on the App and/or Portal.
Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur. WE WILL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION.
7. Your Compliance with Privacy and Health-Related-Information Laws
YOU MUST COMPLY WITH ALL APPLICABLE PRIVACY LAWS AND REGULATIONS. YOU MUST REFRAIN FROM UPLOADING OR SUBMITTING PERSONAL MEDICAL DATA WHICH MIGHT BE CONSIDERED AS PROTECTED HEALTH INFORMATION UNLESS YOU HAVE OBTAINED THE NECESSARY AUTHORIZATIONS AND CONSENTS TO ALLOW SUCH UPLOADING OR SUBMISSION. OBTAINING THE APPROPRIATE AUTHORIZATION AND CONSENT IS IN YOUR SOLE RESPONSIBILITY. BY UPLOADING OR SUBMITTING INFORMATION, YOU REPRESENT AND WARRANT THAT YOU CAN UPLOAD OR SUBMIT SUCH INFORMATION IN FULL COMPLIANCE WITH ANY APPLICABLE PRIVACY LAWS AND REGULATIONS. WE WILL NOT ASSUME ANY LIABILITY IN THIS RESPECT.
8. Deletion or Modification of Personal Information
If for any reason you wish to update or modify the Personal Information, close your Account or delete the Personal Information included therein, you may do so using the Settings of the Account or by sending us an e-mail request to firstname.lastname@example.org and we will make reasonable efforts to do so pursuant to any applicable privacy laws.
We may retain and use your Personal Information for a reasonable time after termination as necessary to comply with our legal or business requirements or obligations (including as required by applicable law), to resolve disputes and/or to enforce our Terms, all as permitted under any applicable privacy laws. Aggregated and/or anonymous data derived from Account may remain on our servers indefinitely. MobileODT cannot ensure that third parties to which you chose to transfer Personal Information deleted it and cannot monitor their use of such information.
Please note: Cancelling your Account may cause inability to access your Account and/or the loss of certain information (including, without limitation, the Sessions and/or clinical images or any Personal Information). You will have a thirty (30) day period from the cancellation date to copy or extract any information which was uploaded by you to our Services. We do not and will not accept any liability for information loss which occurs after this thirty (30) day period. It is in your sole responsibility and liability to document your and your patients' information as required by law (including without limitation, under applicable privacy and/or health-related-information-law or regulation).
9. Third Party Software/Service
10. International Data Transfer
We may transfer information collected about you, including Personal Information, to affiliated entities, or to other third party service provides (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that we may transfer such information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to such transfer of information.
11. Cookies & Local Storage