Nonagon Ltd. (“Nonagon,” “we,” “our,” or “us”) is the developer and owner of the Nonagon® self-health assessment software and system (“System“), which includes the cloud-based platform provided as part of the services offered by Nonagon and available for use and registration through Google Play Store and Apple App Store.
2. PERSONAL DATA PROCESSING AND LAWFULNESS
We have included information below regarding which types of data are collected and how we process and use your data to inform you about our processing practices and assure you that your Personal Data is treated with respect and in accordance with the applicable data protection legislation when using the Platform. However, before we get into that, we would like to explain the lawful basis upon which we collect, process, and use your data (as further explained in the table below):
- If you are a Customer, we will process your Personal Data in order to perform our contract with you;
- If we have a legitimate interest in processing Personal Data, such as for security and verification purposes, as part of our Services; or
- If you are a patient, we will process your Personal Data where you have provided us or our Customers with your consent to do so if and as required under applicable law.
For the purposes of the European Union General Data Protection Regulation (“GDPR“), we are considered the Controller (as such term is defined under the GDPR) of the Personal Data we collect from our Customers and considered the Processor (as such term is defined under the GDPR) of the Personal Data that we process from the Patients on behalf of the Customers. Patient Personal Data will be processed in accordance with our Data Protection Agreement with our Customers.
3. INFORMATION WE COLLECT
3.1. If you are a Customer:
3.1.1. Registration – When you register for our Platform you will need to provide us with your full name, email address, profession, phone number, and the name and email address of the site that the System will be used at. This information will be processed for the purpose of performing our contract with you, to set up your account with us and enable you to use our Platform.
3.1.2. Contact Details – In the event you contact us for support or other inquiries you may be requested to provide us with your full name and email address. We will process this information subject to our legitimate interest and use it solely for the purpose of contacting you, responding to your inquiries and providing you with the support or information that you requested. We may process the contents of our correspondence with you in order to improve our customer service and in order to resolve any disputes with you (if applicable).
3.1.3. Online Identifiers and Technical Non-Personal Data – When you use our Platform, we may, either directly or indirectly (through our third-party service providers) collect your IP address. We may collect technical Non-Personal Data from you when you access our Platform as well, such as, your language preference and the actions you take when you use our Platform. In the event required under applicable law, we will obtain your consent to gather such information. Please note that we do not attempt to analyze or determine your identity based on such information or otherwise combine it with any information such as your name or email address.
Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your Personal Data and further use it for internal and external purposes, including, without limitation, to improve the services and for research purposes. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
3.2. If you are a patient:
3.2.1.Patient data processed on behalf of Customers – When our Customer uses our Platform, certain information regarding the Patient will be uploaded onto our Platform either automatically or by the Customer himself, including the Patient’s full name, ID number, date of birth, gender and certain health information of the Patient including results of physical exams such as, body temperature, SpO2 & pulse rate, auscultation recording, otoscope recording, images of skin, mouth and throat. We will have access to the Patient health information as provided by our Customer or the patient. However, Nonagon is the data processor that provides services to the Customer and does not use the patient information for any other purpose. We may store this information, analyze it and provide a report to our Customers to help enable them to properly treat and assist their Patients and in order to enable us to provide our Services. We will retain any such information for as long as needed, subject to applicable law and our customer written instructions.
4. HOW WE COLLECT DATA
Depending on the nature of your interaction with us, we may collect information from you in one or both of the following ways:
- Automatically– we may automatically collect some information from you, such as your IP address, when you use our Platform.
5. SHARING INFORMATION WITH THIRD PARTIES
We may disclose your personal data to any member of our group of companies reasonably necessary for the purposes and on the legal basis set out in this notice.
We may disclose your personal data to our trusted third parties, with whom we have engaged to perform business-related functions on our behalf, including, but not limited to, marketing and distribution of our products, hosting services, database maintenance, and analytics services.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a regulatory obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or an administrative or out-of-court procedure.
6. DATA RETENTION
We retain the information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws and our customer written instructions.
7. USER RIGHTS
Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process such as:
- The right to access and be informed about how your personal information is being used.
- The right to access the personal information we hold about you.
- The right to request the correction of inaccurate personal information we hold about you.
- The right to request that we delete your data, or stop processing it or collecting it, in some circumstances.
- The right to request that we transfer or report elements of your data either to you or another service provider.
- The right to complain to your data protection regulator.
- The right to complain to a supervisory authority; and
- To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
We will not discriminate against you for exercising any of your regulatory rights.
You may exercise any of your rights related to your personal data by contacting us by email at email@example.com or by the ‘contact us’ on our Website.
We have put in place physical, administrative, and technical procedures and measures designed to help prevent unauthorized access and maintain data security confidentiality.
9. DATA TRANSFER (To our EU customers – Your Information and Countries Outside of EEA)
The personal data that we process may be transferred to, processed, or stored outside the European Economic Area (“EEA”).
We are committed to processing any EU personal information in third countries approved as adequate by the European Commission or using the European Commission’s standard contractual clauses.
Further information may be obtained from our Data Protection Officer.
9. NO SALE OF PERSONAL INFORMATION
Nonagon does not and will not sell your Personal Information. However, if in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
Nonagon reserves the right to amend this privacy notice at our discretion and at any time.
When we make changes to this privacy notice, we will post the updated notice on our Website and application and update the notice’s effective date. Your continued use of our Website and application following the posting of changes constitutes your acceptance of such changes
- By email: firstname.lastname@example.org
- By mail: Nonagon Ltd.
13 Zarchin st.
Ra’anana 4366241, Israel