EVA System App for Medical Visual Assessment Privacy Policy

Last Revised: January 24, 2018

MobileOCT Ltd. and its affiliates d/b/a MobileODT (“MobileODT ", "Company", “we” or "us") respect the privacy of the users (“User(s)” or “you” or "Clinicians") of its mobile Application known as the “EVA System App for Medical Visual Assessment (the "App"), and EVA System Portal at http://portal.mobileodt.com (the "Portal") (collectively, the "Services", as further detailed in the TOU). We are committed to protect the information you submit through our Services. We believe that you have a right to know our practices regarding the information we may collect and use when you use our App, Portal and/or Services.

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in MobileODT's Terms of Use available at https://portal.mobileodt.com/Terms-of-Use ("TOU") to which this Privacy Policy is incorporated.

1.     Your Consent (important, please read carefully!)

BY (A) INSTALLING AND/OR DOWNLOADING THE APP ON YOUR MOBILE DEVICE, (B) ENTERING INTO, CONNECTING TO, ACTIVATING, USING AND/OR ACCESSING THE APP, THE PORTAL AND/OR THE SERVICES, AND/OR (C) CLICKING THE "I AGREE" BUTTON WHEN SETTING YOUR PASSWORD FOR THE APP AND/OR PORTAL, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE POSSIBLE COLLECTION AND PROCESSING, MONITORING, STORING AND SHARING OF THE INFORMATION SPECIFIED HEREIN. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES AND DO NOT INSTALL THE APP, DO NOT CONNECT TO, ACCESS OR USE THE APP OR PORTAL, DO NOT USE THE DEVICE AND PROMPTLY ERASE THE APP FROM YOUR MOBILE DEVICE.

2.     Which information we may collect on our Users and/or their Patients?

We may collect two types of data and information from our Users:

  1. The first type of information is un-identified and anonymous information ("Non-Personal Information"). We are not aware of the identity of the User from whom we have collected the Non-Personal Information. Non-Personal Information is any unconcealed information which does not enable identification of an individual User, and which is available to us when such User installs the App and when he/she uses the App or Portal. Non-personal Information which is being gathered consists of technical information, behavioral information and aggregated information, and may contain, among other things, browser type, the type of the User's mobile device and its operating system and version, device language, device storage, screen resolution and other modes (e.g. vibration mode, camera, Bluetooth), User's 'click-stream' in the App or Portal, time spent on various screens of the App and/or Portal, date and time stamps, Internet connectivity, etc.
  2. The second type of information is individually identifiable information, namely information that identifies, or may with reasonable effort identify an individual, or may be of a private and/or sensitive nature ("Personal Information"):

    • Users of the App automatically provide their mobile device ID, mainly for enhancing the User’s experience and for geo-location and security purposes as further detailed below.
    • Clinician's use of the App may generate Sessions. Each Session may include the Clinician's name, the patient's ID (actual or made-up), the clinical image, image date, Clinician's diagnosis, general geo-location of Clinician's mobile device (i.e. city or region). The patient's name and ID will not be visible to other Users on the Portal.
    • When using the App, Clinicians may, but do not have to, collect the name, age and phone number of their patient.
    • Pursuant to the Agreement, your employer/organization may provide MobileODT with the following details: Clinician name, phone number, email address, name of organization, entry level (Admin, non-Admin). This information is stored on our servers. Once you open an Account, you may edit your name, email and phone number.
    • We note that the App requests access to the User's camera in order to enable the User to take clinical images (or videos) using the App.

For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.

We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of the TOU and this Privacy Policy. It is in your sole responsibility to obtain your patients' consent and all other legally necessary consents or permissions required for the use of your patients' data.

3.     How Do We Collect Information on Our Users and/or their Patients?

There are a few methods that we use:

  1. We receive certain information from your employer/organization, as described above.
  2. We collect information through your installation and use of the App and/or Portal. In other words, when you are using the App and/or Portal we are aware of it and may gather, collect and store the information relating to such usage, either independently or through the help of our authorized third-party service providers as detailed below. Non-personal Information is collected from your mobile device automatically (i) through your use of the App, once your mobile device is on and as long as the App is running on your mobile device, and (ii) during your use of the Portal.
  3. We collect information which you may, at your discretion, provide us voluntarily. We collect Personal Information when you, at your discretion, decide to provide us (e.g. your name, email and phone number). We may gather, collect and store the Personal Information either independently or through the help of our authorized third-party service providers as detailed in Section 9 below.
  4. We collect patient information that you choose to include in your Sessions. We make no use of your patients' Personal Information. We may, however, use and share non-personal information with other entities without exposing any medical information which may be considered as Personal Information.

4.     What are the Purposes of the Collection of Information?

We collect Non-Personal Information and Personal Information in order to provide the Services.

We collect Non-Personal Information in order to:

  • Use it for statistical and research purposes and for customization and improvement of our Services.
  • Improve our metrics and the quality of the Services and gather statistics for commercial purposes and in order to enhance the User's experience.
  • Engage with third parties for commercial or research purposes.

We collect Personal Information in order to:

  • Allow you to export it to your, your organization's or third parties' systems for your own purposes. IT IS IN YOUR SOLE RESPONSIBILITY TO OBTAIN YOUR PATIENTS' CONSENT AND ALL OTHER LEGALLY NECESSARY CONSENTS OR PERMISSIONS REQUIRED FOR THE USE AND TRANSFER OF YOUR PATIENTS' DATA. TO THE EXTENT LOCAL LAWS OBLIGE YOU TO COMPLY WITH PRIVACY OR HEALTH-RELATED-INFORMATION REQUIREMENTS, YOU SHOULD INFORM US REGARDING SUCH REQUIREMENTS AND TO THE EXTENT WE ARE ABLE TO ASSIST WE WILL ADDRESS THESE REQUIREMENTS IN THE APPLICABLE INVOICE.
  • Verify the User's identity when he/she signs in to the Services.
  • Be able to reply to the User's support requests or other question concerning the Services.
  • Allow our Users to communicate with their patients.
  • Determine geo-location information from which the User's mobile device or computer is connected to the Internet in order to render the Services, for statistical purposes as well as in order to safeguard our Services.

5.     Sharing Information with Third Parties

We may share Personal Information only in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy, the Terms, including investigation of potential violations thereof or dishonest or fraudulent activities; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to respond to User's support requests; (e) to respond to claims of violations of any right of a third-party through the App, Portal and Services; (f) to protect the rights, property or personal safety of MobileODT, its users, your organization, patients or the general public; (g) when MobileODT is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of MobileODT (in which event your Personal Information may be transferred to a third party located in a country that does not have the same data protection laws as your jurisdiction), upon User's prior approval; (h) to collect, hold and/or manage the Personal and Non-personal Information collected within the App and/or Portal through our authorized third party service providers, with appropriate agreements and safeguards in place to maintain HIPAA compliance, as reasonable for business purposes, which may be located in a country that does not have the same data protection laws as your jurisdiction upon User’s prior approval; (i) to cooperate with third parties for the purpose of enhancing the User's App or Portal experience; and/or (j) pursuant to your explicit approval prior to the disclosure.

For avoidance of doubt, MobileODT may transfer and disclose Non-Personal Information to third parties at its sole discretion and without restriction. 

6.     Security

We take industry accepted standards to maintain the security and integrity of our App and Portal through a monthly software release cycle and regular security reviews, so that we may protect our User's information and our User's organizations, as well as any patient information and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.

The information which is gathered from the App and/or Portal is sent to our servers over a secure channel using HTTPS protocols. We also encrypt Sessions or parts thereof in our database in order to effectively anonymize any patient information. We also limit access of third parties to the Services by requiring the use of a PIN number and/or password and by determining different access levels to Users (e.g., Admin, non-Admin).

If we learn of a security breach, then we will notify you electronically so that you can take appropriate protective steps as well as post a notice on the App and/or Portal.

Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur. WE WILL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION. 

7.     Your Compliance with Privacy and Health-Related-Information Laws

   YOU MUST COMPLY WITH ALL APPLICABLE PRIVACY LAWS AND REGULATIONS. YOU MUST REFRAIN FROM UPLOADING OR SUBMITTING PERSONAL MEDICAL DATA WHICH MIGHT BE CONSIDERED AS PROTECTED HEALTH INFORMATION UNLESS YOU HAVE OBTAINED THE NECESSARY AUTHORIZATIONS AND CONSENTS TO ALLOW SUCH UPLOADING OR SUBMISSION. OBTAINING THE APPROPRIATE AUTHORIZATION AND CONSENT IS IN YOUR SOLE RESPONSIBILITY. BY UPLOADING OR SUBMITTING INFORMATION, YOU REPRESENT AND WARRANT THAT YOU CAN UPLOAD OR SUBMIT SUCH INFORMATION IN FULL COMPLIANCE WITH ANY APPLICABLE PRIVACY LAWS AND REGULATIONS. WE WILL NOT ASSUME ANY LIABILITY IN THIS RESPECT.

8.     Deletion or Modification of Personal Information

If for any reason you wish to update or modify the Personal Information, close your Account or delete the Personal Information included therein, you may do so using the Settings of the Account or by sending us an e-mail request to contact@mobileodt.com and we will make reasonable efforts to do so pursuant to any applicable privacy laws.

We may retain and use your Personal Information for a reasonable time after termination as necessary to comply with our legal or business requirements or obligations (including as required by applicable law), to resolve disputes and/or to enforce our Terms, all as permitted under any applicable privacy laws. Aggregated and/or anonymous data derived from Account may remain on our servers indefinitely. MobileODT cannot ensure that third parties to which you chose to transfer Personal Information deleted it and cannot monitor their use of such information.

Please note: Cancelling your Account may cause inability to access your Account and/or the loss of certain information (including, without limitation, the Sessions and/or clinical images or any Personal Information). You will have a thirty (30) day period from the cancellation date to copy or extract any information which was uploaded by you to our Services. We do not and will not accept any liability for information loss which occurs after this thirty (30) day period. It is in your sole responsibility and liability to document your and your patients' information as required by law (including without limitation, under applicable privacy and/or health-related-information-law or regulation).

9.     Third Party Software/Service

In order to provide you with the Services via the App and/or Portal, we may use third party service providers who may collect, store and/or process the information detailed herein, such as such as Google Analytics, which privacy policy can be found at www.google.com/policies/privacy/partners/ and http://www.google.com/intl/en/analytics/privacyoverview.html;  Amazon cloud services which privacy policy can be found at: http://aws.amazon.com/privacy/. When Protected Health Information (PHI) is transmitted to any third party provider, MobileODT will sign a Business Associate Agreement (BAA) with the designated third party service provider, to comply with HIPAA and HITECH. In those cases in which PHI is not transmitted, MobileODT uses commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, retention, processing and use of non-personal and Personal Information. We do not control such third party service providers. Please read their terms of use and privacy policies to better understand their privacy practices.

10.     International Data Transfer

We may transfer information collected about you, including Personal Information, to affiliated entities, or to other third party service provides (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Please note that we may transfer such information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to such transfer of information.

11.     Cookies & Local Storage

When you access or use the App and/or Portal, we and/or our third party service providers may use industry-wide technologies such as "cookies" and local storage (or other similar technologies), which store certain local information on your device (e.g. geo-location information, camera mode and Internet connectivity) ("Local Storage") which may enable, inter alia, automatic activation of certain features and make the User’s App or Portal experience and usage simpler, more relevant, convenient and effortless. Such information is locally stored in the User's mobile device. MobileODT and/or our authorized third party service providers may access such information. MobileODT and/or our authorized third party service providers may use both session cookies (which expire once you exit the App or Portal) and persistent cookies (which stay on the User’s mobile device until he/she deletes them) for the purpose of confirming the user's validity and for analytic purposes. Such Local Storage used by the App and/or Portal may store non-personal information (such as the different pages viewed by a User within the App or Portal or Internet connectivity) as well as geo-location data, which will be collected in accordance with the terms specified herein. It is easy to prohibit and/or delete the Local Storage, inter alia, via uninstalling the App from your mobile device and/or through the Settings option of your device or browser. Most platforms and browsers will allow you to erase cookies from a device, block acceptance of cookies, or receive a warning before a cookie is stored. In order to erase or disable the Local Storage option you may use the settings option of your browser or device or according to the specific instructions provided by the third party service provider's privacy policy and terms of use. However, if you block or erase cookies, or change the settings of your device or browser, your App and/or Portal experience may be affected and may be limited.  

12.     Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the App, the Portal and the Services and any information collected therein. MobileODT may change the terms of this Privacy Policy at any time and at its sole discretion, so please re-visit this page frequently. In case of any material changes, we will post a clear notice on the App and/or Portal (if applicable) and send you an e-mail (to the extent that you provided us with such e-mail address) regarding such change. Such material changes will take effect seven (7) days after such notice was provided on our App and/or Portal or sent via e-mail, whichever is earlier. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the App, the Portal and/or the Services on or after the Last Revised date will constitute your acceptance of, and agreement to be bound by, those changes. In the event that the Terms should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice. If you object to any such change, you will have a right to terminate the Portal Terms in accordance with the provisions of Section 12 thereof.

13.     Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are most welcome to send us an e-mail to the following address, and we will make an effort to reply within a reasonable timeframe:  contact@mobileodt.com.