Privacy and Cookie Policy
Privacy Policy and Cookie policy
1. This Privacy Policy describes how EXINI Diagnostics AB (publ) (“EXINI,” “we,” “our,” or “us”) collects, uses, and shares information about you and applies to your use of any website that posts a link to this Privacy Policy (collectively, the “Site”). This Privacy Policy does not apply to our information collection activities through the Software as a Medical Device as a Service offering (“Software”), unless otherwise stated below or at the time of collection.
Those activities are governed by the Software Agreement between you and EXINI (the
“Agreement”). By using the Site, you consent to our collection, use and disclosure practices, and other
activities as described in this Privacy Policy. If you do not agree and consent, discontinue use
of the Site.
2. We and our Service Providers (defined below) may collect information you provide directly via the Site. For example, we collect information when you register for the Software, contact customer support, or otherwise communicate or transact with us through the Site. The information we collect may include Personal Information. “Personal Information” is information that identifies you personally (whether alone or in combination), such as your first and last name, e-mail address, phone number, affiliation, and profession. You may choose to voluntarily submit certain other information to us through the Site, including Personal Information, but you are solely responsible for your own Personal Information in instances where we have not requested that you submit such information to us. Personal Information once “de-identified” is not subject to this Privacy Policy and we and our Service Providers may treat it as non-Personal Information and use it without obligation to you except as prohibited by applicable law.
3. Third Party Services and Analytics.
Our Site includes hyperlinks to websites, locations, platforms, or services operated by third parties (“Third Party Service(s)”). These Third Party Services may use Tracking
Technologies to independently collect information about you and may solicit Personal Information from you.
We may use Google Analytics and other Service Providers for analytics services. These analytics services may use Tracking Technologies to help EXINI analyze Site users and how they use the Site. Information generated by these services (e.g., your IP address and other Usage Information) may be transmitted to and stored by these Service Providers on servers in the U.S. (or elsewhere) and these Service Providers may use this information for purposes such as evaluating your use of the Site, compiling statistic reports on the Site’s activity, and
providing other services relating to Site activity and other internet usage. To the extent we combine information from Third Party Services with Personal Information we collect directly from you on the Site, we will treat the combined information as Personal
Information under this Privacy Policy. Otherwise, the information collected and stored by third parties remains subject to their policies and practices, including whether they continue to share information with us, the types of information shared, and your choices on what is visible to others on Third Party Services. We are not responsible for and make no representations regarding the policies or business practices of any third parties or Third Party Services and encourage you to familiarize yourself with and consult their privacy policies and terms of use.
Interested to learn more about our products, book a demo!
GDPR
When you use aPROMISE to process patient information related to a patient who is a resident of the EU, you are responsible for ensuring that your organization complies with GDPR. In terms of GDPR you, as the user of aPROMISE, are the data controller and EXINI, as the service provider, is the data processor. In advance of processing data with aPROMISE, be sure that you have explicit consent from the patient whose data you are capturing. When data is sent to aPROMISE, it is stored in a secure manner, and is encrypted in transit and at rest.
Our Commitment
EXINI (‘we’ or ‘us’ or ‘our’) are committed and dedicated to ensuring the security and protection of the personal information that we process, and to provide a robust, continuous and consistent approach to data protection. Our objectives for GDPR and HIPAA compliance include the development and implementation of data protection roles, policies, procedures, controls and measures to ensure continuous safeguarding of the personal information under our remit.
How we are implementing GDPR and HIPAA
Policies & Procedures – Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including HIPAA, are in place
Data Retention & Erasure – we have retention policies and are applying the privacy by design principle, meaning we store only data that is needed for the current task and only store it for as long as needed Data Breaches – as a medical device manufacturer we have breach procedures in place that ensure safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time
International Data Transfers & Third-Party Disclosures – when EXINI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure,
encrypt and maintain the integrity of the data
Processor Agreements – when we use a third-party to process personal information on your behalf, we have data processor agreements and/or business associate agreements in place.