PRIVACY POLICY
[Last Amended: Dec 1, 2021]
- GENERAL
Inmed Ltd. (“Inmed ,” “we,” “our,” or “us”) is the developer and owner of the Inmed ® Tele-health software and system (“System“), which includes the cloud-based platform provided as part of the services offered by Inmed and available for use and registration through Google Play Store and Apple App Store.
This privacy policy (“Privacy Policy”) explains Inmed ’s practices regarding its collection, storage, usage and disclosing of certain information, including Personal Data (as such term is defined below) from Inmed ’s customers that are Healthcare Professionals who use the System and Platform (“Customer”). This Privacy Policy also explains Inmed ’s practices with respect to its processing of certain personal health information, as further explained below, of its Customer’s patients (“Patient” and “Patient PHI,” respectively). Our Customers and their Patients shall be collectively referred to herein as “you” or “your“.
This Privacy Policy is an integral part of our License Agreement (“Agreement”). Any definitions that are used herein and not defined herein shall have the meaning ascribed to them in the terms and conditions.
- PERSONAL DATA CONTROLLER AND LAWFULNESS
We have included information below regarding which types of data are collected and how we process and use your data to inform you about our processing practices and assure you that your Personal Data is treated with respect and in accordance with the applicable data protection legislation when using the Platform. However, before we get into that, we would like to explain the lawful basis upon which we collect, process and use your data (as further explained in the table below):
- If you are a Customer, we will process your Personal Data in order to perform our contract with you;
- If we have a legitimate interest in processing Personal Data, such as for security and verification purposes, as part of our Services; or
- If you are a patient, we will process your Personal Data where you have provided us or our Customers with your consent to do so if and as required under applicable law.
For the purposes of the European Union General Data Protection Regulation (“GDPR“), we are considered the Controller (as such term is defined under the GDPR) of the Personal Data we collect from our Customers and considered the Processor (as such term is defined under the GDPR) of the Personal Data that we process from the Patients on behalf of the Customers. Patient Personal Data will be processed in accordance with our Data Protection Agreement with our Customers.
- INFORMATION WE COLLECT
- If you are a Customer:
- Registration – When you register for our Platform you will need to provide us with your full name, email address, profession, phone number, and the name and email address of the site that the System will be used at. This information will be processed for the purpose of performing our contract with you, to set up your account with us and enable you to use our Platform.
- Contact Details – In the event you contact us for support or other inquiries you may be requested to provide us with your full name and email address. We will process this information subject to our legitimate interest and use it solely for the purpose of contacting you, responding to your inquiries and providing you with the support or information that you requested. We may process the contents of our correspondence with you in order to improve our customer service and in order to resolve any disputes with you (if applicable).
- Online Identifiers and Technical Non-Personal Data – When you use our Platform, we may, either directly or indirectly (through our third-party service providers) collect your IP address. We may collect technical Non-Personal Data from you when you access our Platform as well, such as, your language preference and the actions you take when you use our Platform. In the event required under applicable law, we will obtain your consent to gather such information. Please note that we do not attempt to analyze or determine your identity based on such information or otherwise combine it with any information such as your name or email address.
- If you are a patient:
- Patient data processed on behalf of Customers – When our Customer uses our Platform, certain information regarding the Patient will be uploaded onto our Platform either automatically or by the Customer himself, including the Patient’s full name, ID number, date of birth, gender and certain health information of the Patient including results of physical exams such as, body temperature, SpO2 & pulse rate, auscultation recording, otoscope recording, images of skin, mouth and throat. We will have access to the Patient health information as provided by our Customer or the patient. However, Inmed provides services to the Customer and does not use the patient information for any other purpose. We may store this information, analyze it and provide a report to our Customers to help enable them to properly treat and assist their Patients and in order to enable us to provide our Services. We will retain any such information for as long as needed, subject to applicable law and our customer written instructions.
- If you are a Customer:
- HOW WE COLLECT DATA
Depending on the nature of your interaction with us, we may collect information from you in one or both of the following ways:
- Automatically– we may automatically collect some information from you, such as your IP address, when you use our Platform.
- Provided by you voluntarily– we will collect information if and when you choose to provide us with the information, such as via communications with us or when you register for our Platform, all as explained in this Privacy Policy.
- SHARING INFORMATION WITH THIRD PARTIES
We may disclose your personal data to any member of our group of companies reasonably necessary for the purposes and on the legal basis set out in this notice.
We may disclose your personal data to our trusted third parties. We have engaged to perform business-related functions on our behalf, including, but not limited to, marketing and distribution of our products, hosting services, database maintenance, and analytics services.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or an administrative or out-of-court procedure.
- DATA RETENTION
We retain the information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws and our customer written instructions.
- USER RIGHTS
Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process such as:
- The right to access and be informed about how your personal information is being used.
- The right to access the personal information we hold about you.
- The right to request the correction of inaccurate personal information we hold about you.
- The right to request that we delete your data, or stop processing it or collecting it, in some circumstances.
- The right to request that we transfer or report elements of your data either to you or another service provider.
- The right to complain to your data protection regulator.
- The right to complain to a supervisory authority; and
- To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
You may exercise any of your rights related to your personal data by contacting us by email at dpo@inmedmd.com or by the contact us form on our Website.
- SECURITY
We have put in place physical, administrative, and technical procedures and measures designed to help prevent unauthorized access and maintain data security confidentiality.
Although we take appropriate measures to safeguard against unauthorized disclosures of personal data, we cannot assure you that your personal data will never be disclosed, altered, or destroyed in a manner that is inconsistent with this privacy policy.
- DATA TRANSFER (To our EU customers – Your Information and Countries Outside of EEA)
The personal data that we process may be transferred to, processed, or stored outside the European Economic Area (“EEA”).
We are committed to processing any EU personal information in third countries approved as adequate by the European Commission or using the European Commission’s standard contractual clauses.
Further information may be obtained from our Data Protection Officer.
- NO SALE OF PERSONAL INFORMATION
Inmed does not and will not sell your Personal Information.
- CHANGES TO THIS PRIVACY POLICY
Inmed reserves the right to amend this privacy notice at our discretion and at any time.
When we make changes to this privacy notice, we will post the updated notice on our Website and application and update the notice’s effective date. Your continued use of our Website and application following the posting of changes constitutes your acceptance of such changes
CONTACT US
Please contact us if you have any questions (or comments) concerning this Privacy Policy, as follows:
- By email: dpo@Inmedmd.com
- By mail: Inmed Ltd.
Hartom 19, Beit Binat, Jerusalem, Israel