Privacy Policy
Updated on July 30th, 2024
The following Privacy Policy (hereinafter referred to as the "Policy" or “Privacy Policy") was designed for the users of the website www.medicai.io, and it will be reviewed and updated periodically according to all applicable laws and regulations (HIPAA/GDPR/ CCPA). The purpose of this Privacy Policy is to easily inform you about:
- The definitions of the terms provided by the GDPR
- Who is MEDICAI
- Where can you find us and how can you contact us
- Categories of personal data, purpose, legal basis, collection method, and retention period
- The disclosure of your personal data to third parties
- Which are your rights and how can you effectively exercise them
- Children’s personal data. We do not process data for children under 16 years old!
- What security precautions does MEDICAI have in place to protect your personal data
- Links to other websites
- Updates to this Privacy Policy
- Information concerning Data Protection Supervisory Authority
1. The definitions of the terms provided by the GDPR
Personal data represents any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing represents any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Restriction of processing represents the marking of stored personal data with the aim of limiting its processing in the future.
Controller refers to the natural or legal person, public authority, agency, or other body that, alone or with others, decides the purposes and means of processing personal data; where the purposes and means of such processing are set by European Union or Member State law, the controller or the specific criteria for its nomination may be set by Union or Member State law;
The processor represents a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
The recipient represents a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients; the processing of that data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third-party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
A data breach represents a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
2. Who is MEDICAI?
www.medicai.io is the official website (hereinafter referred to as the "Platform") of MEDICAI which is a global software company with main offices in Romania and United States of America. INNOVATOR ARTIFICIAL TECH S.R.L. isa Romanian legal entity, based in Bucharest, district 1, 29 Mușetești street, lot 1, ground floor, room 4, ap. 42, registered at the Trade Register under no. J40/10801/2017, CUI (fiscal code) 37862579 and Medicai USA, Inc., is a Delaware (USA) corporation, based in 8 The Green, Apartment B, Dover City, Kent County, 19901 Delaware State.
According to the provisions of General Regulation No. 2016/679 on data protection ("GDPR" / "GDPR Regulation") and the national legislation in force, in relation to personal data processed through the website www.medicai.io, MEDICAI has the capacity of controller of personal data, and visitors of the site and the persons who register on our website are data subjects.
MEDICAI observes the confidentiality and security of personal data, constantly ensuring that all personal data is processed only for specific, explicit, and legal purposes, according to the principles and provisions of the GDPR.
3. Where can you find us, and how can you contact us?
With respect to any information regarding the personal data we process, you can contact us by e-mail at dpo@medicai.io.
4. Categories of personal data, purpose, legal basis, collection method, and retention period
Generally, we collect personal data directly from you so that you have control over the type of information you provide to us.
To easily identify the personal data we process, we have combined them into several categories according to the purpose of processing.
Therefore, MEDICAI processes the users’ personal data as follows:
Category A: Creating the Account on the Platform
Data subject:
The patient and the doctor create a user account on the Platform.
In this Policy, any reference to the doctor as a data subject includes, in a broad sense, both the medical and non-medical auxiliary staff, such as nurses and receptionists, as well as the administrator of the medical unit or any other delegated medical representative who has user accounts on the Platform.
Personal data:
Name, surname, and e-mail address
In addition, for the configuration of the user profile of the patient, a series of personal data can be processed, such as country and city of residence, phone number, personal numeric code, and an avatar image. These data are optional and do not limit the use of the Platform.
For the configuration of the user profile of the doctor, we process the following additional personal data: country and city of residence, phone number, professional title, and medical specialization.
Purpose and legal basis:
MEDICAI processes personal data to register user accounts on the Platform in order to offer access to its functions.
According to Art. 6 para. (1) let. a) of the GDPR, personal data processing takes place with the data subject's consent.
Collection method and retention period:
The collection of personal data is done directly by the voluntary transmission by the data subject in order to use the functions of the Platform at the time of creating the account on the Platform.
Personal data is stored for as long as the data subject's account is active on the Platform.
Category B: The use of the Platform and its functions by the doctor in his activities of medical assistance, diagnosis, and treatment in relation to his patients
Data subject:
The patient who benefits from the services provided by the doctors who use the Platform as a technical or software tool in their work.
Personal data:
In addition to the processing of personal data mentioned in Category A above, MEDICAI may process, as appropriate, medical data such as medical imaging analysis (MRI, CT, PET-CT, X-ray, ultrasound), symptoms, past illnesses, allergies, diagnosis, medical tests and medications administered in the past, blood type, medical recommendations, medical history of your family, other information you give us about your family members and your kinship relations, the medical data contained in the referral note and in the medical report, and genetic data.
Also, MEDICAI may process the content of medical-specific conversations carried out between the patient and the doctor or medical entity through the Platform.
Purpose and legal basis:
MEDICAI uses personal data to provide our services, which include (i) hosting your MRI, CT, X-ray, Ultrasound, and PET-CT investigations on the MEDICAI Platform, as well as the documents in the usual PDF, DOC, and JPG format, and viewing them; (ii) facilitating patient-doctor collaboration for purposes related to the establishment of a medical diagnosis, the provision of medical services and healthcare, at your request, including the evaluation and interpretation of the investigations and documents in point (i) by doctors; (iii) the online submission of your medical imaging investigations at your request.
Personal data are processed on the basis of the explicit consent of the data subject, as provided by Art. 6 para. (1) lit. a) of the GDPR, when the processing is necessary for purposes related to the provision of medical services and medical assistance or the establishment of a medical diagnosis and treatment by doctors or medical entities having accounts created on the Platform, following your request and in consideration of the existing patient-doctor relationship. The consent for the personal data processing activities in this section can be withdrawn at any time by the data subject through a written request sent to the e-mail address dpo@medicai.io. The withdrawal of consent does not affect the legality of the processing carried out up to that point.
In this Policy, any reference to medical entities includes clinics, hospitals, and any medical institutions, both public and private, with which MEDICAI has entered into contractual relationships, as long as such medical entities have an active user account on the Platform.
Collection method and retention period:
The collection of personal data is made directly by the data subject by uploading on his or her account on the Platform the medical information and documents (MRI, CT, PET-CT, X-ray, ultrasound, medical blood tests, medical reports, documents containing medical diagnoses, etc.).
The collection of personal data is also made directly when the data subject communicates with the doctor or medical entity having an account on the Platform, through the messaging and chat functions integrated into the Platform.
Following the patient's request in this regard, the medical entity and/or the doctor who treated the patient can also collect personal data in an indirect manner by uploading such data.
Medical data is processed by MEDICAI as a result of the collaboration between the patient and a doctor or a medical entity with an active account on the platform within the medical assistance, diagnosis, and treatment services offered by the doctor or medical entity by using the Platform as a technical tool or software in his activity.
Under no circumstances except for the indirect collection of data in the situations presented in this policy does MEDICAI process medical data in the absence of a prior request initiated by the patient regarding the collaboration mentioned above, respectively with a doctor or medical entity with an active account within the Platform.
Personal data is stored for as long as the data subject's account is active on the Platform, unless otherwise provided by law.
If there is no legal requirement, we will only store medical data for as long as is necessary for the processing of data for the purposes indicated in this Policy.
From the moment you deactivate your account created on the Platform, your personal data will be deleted or anonymized.
As stated below, MEDICAI may use your anonymized data for statistical and scientific research.
Considering the specificity of our activity of hosting medical documentation and investigations in order to facilitate collaboration between doctors or medical entities who have an active account on the Platform and their patients and, respectively, the specificity of our activity of scientific research and statistics in the medical field (for example, for the development of AI-type systems), your medical data will be stored in accordance with specific legal provisions in the field of health.
In addition, your data may be stored for the purpose of complying with a legal obligation to which we are subject, such as reporting to competent health authorities or carrying out any checks done by the legal authorities.
In accordance with specific health regulations, the medical history cannot be deleted.
Data related to payments and invoicing will be stored in accordance with the applicable legislation.
To store your data in electronic format, we use our own servers or those of other companies specializing in electronic archiving.
*Please note that MEDICAI does not provide healthcare, diagnostic, or treatment activities, having only the function of hosting the data collected according to this Policy and mediating the relationship between patients and doctors or medical entities having active accounts on the Platform. MEDICAI is not responsible for the processing activities carried out in their own name by doctors or medical entities as data controllers and in such cases, it is possible to collect the data from doctors/medical entities, MEDICAI being the processor. In this regard, please refer to their privacy policies / / GDPR information notes / any other GDPR documents available (on their websites in physical format / in any other electronic format).
**For the avoidance of doubt, we mention that MEDICAI/the Platform does not mediate the provision of telemedicine services, its purpose being to technically facilitate the provision of these services by doctors or medical entities.
Category C: Subscribe to the newsletter
Data subject:
Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who create a user account on the Platform, subscribe to our newsletter.
Personal data:
Email address.
Purpose and legal basis:
MEDICAI processes personal data in order to transmit personalized communications to the data subjects.
According to Art. 6 para. (1) lit. a) of the GDPR, personal data processing takes place with the data subject's consent.
Collection method and retention period:
By voluntarily transmitting their personal information when signing up for our newsletter, the data subject directly initiates the collection of their personal information. Personal data is stored for as long as you remain a subscriber to the newsletter or until you unsubscribe from the newsletter.
Category D: Visiting the Platform
Data subject:
Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who have an active user account on the Platform and use its functions.
Personal data:
Essential data: standard technical information for connecting to the internet, which may include: information about the computer or device used to access the Platform (device type, operating system, screen resolution, language, country where you are, type of web browser used, etc.), a truncated version of the IP address, or your preferences regarding cookies that process personal data;
Non-essential data: statistical data such as the city of connection to our site, demographic information, number of visitors, interval and duration of access to the site, the share of viewing sections, as well as other information regarding the online interests and actions of our website visitors;
Purpose and legal basis:
MEDICAI may process personal data collected through the Platform for the following purposes and legal basis:
Essential data:
Standard technical connection data is required to technically ensure the functionality, optimization, and security of the Platform.
The technical data is processed to facilitate your access to the Platform (for example, to adjust the size of the site according to the characteristics of the device used), to recognize and stop any improper use of the Platform, etc.
Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR Regulation, which allows us to process personal data when it is necessary for the purpose of our legitimate interests related to the functionality of the Platform.
Non-essential data: personal data in this category is collected to improve our services as well as for marketing purposes.
We may collect aggregate analytical statistics, as defined above, using cookies created by other companies, such as Google Analytics.
According to Google Analytics policy, "Google Analytics is an easy-to-use tool that helps site owners measure how users interact with the content of a webpage."
You can disable or restrict the transmission of cookies by changing the settings of the browser used. At the same time, cookies that are already stored can be deleted at any time.
For more information on how you can modify or delete the data processed by each cookie, see the Cookies Policy, available on our site.
Personal data in this category is processed under Art. 6 para. 1 letter a) of the GDPR - the consent of the data subject.
Collection method and retention period:
The collection of data is made automatically on the occasion of accessing the Platform, through essential and non-essential cookies. Personal data is stored according to the periods indicated in the Cookie Policy.
Category E: Using the “Book a Demo” function
Data subject:
Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who have an active user account on the Platform, who want to benefit from the book a demo function.
Personal data:
Name, surname, e-mail address, and phone number
Purpose and legal basis:
MEDICAI processes your personal data when you fill out the form related to book a demo function, available within the Platform, in order to schedule a free phone call with a MEDICAI representative to provide additional information on the services integrated into the MEDICAI Platform, such as online uploading of the patient's archive, the transmission of investigations, and communication (including video) between the patient and the doctor.
Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR Regulation, which allows us to process personal data when it is necessary for the purpose of our legitimate interests.
Collection method and retention period:
The collection of personal data is carried out directly by the data subject by voluntary transmission on the occasion of completing a “Book a Demo” form available within the Platform. Personal data is stored for the period necessary to manifest our legitimate interests.
Category F: Using the lead magnets marketing feature
Data subject:
Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who have an active user account on the Platform, when they use the lead magnets marketing feature.
Personal data:
Name, surname, e-mail address, and the name of the employing company
Purpose and legal basis:
MEDICAI processes your personal data when completing the fields related to the marketing function through the lead magnets services in order to: (i) provide materials regarding the activity carried out by MEDICAI and the services provided through the Platform, as well as other information of interest for the person concerned; (ii) provide subsequent contact by MEDICAI through means of communication with a human operator, as well as electronic means, in order to provide additional information; (iii) provide, in the future, other materials and information similar to those received at the time of initial collection of personal data.
Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR Regulation, combined with the provisions of Art. 12 para. (2) from Law No. 506/2004, which allows us to process personal data when it is necessary for the purpose of our legitimate interests. For the purpose of further contacting the data subjects by means of electronic means, MEDICAI processes personal data based on the consent of the data subject, as provided by Art. 6 para. (1) lit. a) of the GDPR.
Collection method and retention period:
The collection of personal data is carried out directly by the data subject by voluntary transmission on the occasion of completing the fields related to the marketing function through the lead magnets services. The data subject has the right to object to the processing of his or her personal data or to withdraw their consent at any time by sending a written request to the e-mail address dpo@medicai.io.
Personal data is stored for the period necessary to manifest our legitimate interests, respectively, until the time when the data subject withdraws his consent.
Category G: Contacting us
Data subject:
Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who have an active user account on the Platform, when they want to contact us through the Platform.
Personal data:
Email address—when you contact us via email or through the live chat function; name, surname, e-mail address, telephone number, and the content of the message if it refers to other personal data—when you contact us through the contact form and through the support form (ticket), available on the Platform.
Purpose and legal basis:
MEDICAI processes your personal data whenever you contact us: (i) at the e-mail address indicated on the Platform; (ii) through the live chat function available on the Platform; (iii) through the contact form available on the Platform; (iv) through the support form (ticket) available on the Platform, in order to provide additional information regarding the services offered by us, the functionality of the Platform, your account, or any possible questions you may have in relation to the use of the Platform.
Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR Regulation, which allows us to process personal data when it is necessary for the purpose of our legitimate interests—the functionality of the website.
Collection method and retention period:
When filling out the necessary information when contacting us, the data subject directly initiates the voluntary transmission of personal data. Personal data is stored for the period necessary to manifest our legitimate interests.
Scientific research and statistics:
MEDICAI may use directly the medical data of patients under the condition that they are anonymized as stated herein, so that it becomes impossible to identify the persons to whom they refer, for statistics purposes and for the purpose of scientific research for the development of software of advanced systems (for example, for machine learning or for the development of AI-type systems, including for the purposes of training and tuning of algorithms and models for diagnostics by means of Artificial Intelligence -, hereinafter also referred to as "AI-type systems"), with the exception of scientific research activities within clinical trials.
Also, MEDICAI may transfer to third parties the medical data of patients under the condition that they are anonymized by MEDICAI as stated herein, so that it becomes impossible to identify the persons to whom they refer, to be sued by these third parties for statistical purposes and for the purpose of scientific research for the development of software for advanced systems (for example, for machine learning or for the development of AI-type systems), with the exception of scientific research activities within clinical trials.
By combining research results, MEDICAI aims to obtain valuable new knowledge in the medical field, including regarding widespread diseases with difficulties in diagnosis and treatment. MEDICAI can then develop and implement knowledge-based policies that can improve the quality of life for large numbers of people and increase the efficiency of social health services.
In this context, MEDICAI ensures that it keeps the data used in statistical activities and in research studies in an anonymized and confidential manner. Also, with regard to MEDICAI’s AI-type Systems, MEDICAI ensures that it constantly improves its related software.
Also, MEDICAI offers adequate guarantees for the rights and freedoms of the data subjects, as stated in Art. 89 para. 1 of the GDPR Regulation. This is true in terms of the effective exercise of the rights stated in the GDPR Regulation, namely the right to access, rectification, deletion, restriction of processing, opposition, and data portability, insofar as the rights of access, rectification, restriction of processing, and opposition are likely to be used.
5. The disclosure of your personal data to affiliates
We share personal data with our affiliates as necessary to provide our services to you or perform usual business activity. Personal data shared with our affiliates is granted GDPR level of protection. The affiliate of Medicai USA, Inc. is Innovator Artificial Tech S.R.L., from Romania, both companies described above.
The disclosure of your personal data to third parties
Our members and employees:
MEDICAI`s members and employees who have access to personal data have been trained to observe the security and confidentiality of the personal data they have access to for performing business activities. MEDICAI’s members’ and employees` access to personal data is limited to the information required in performing their specific tasks.
Suppliers:
In order to carry out OUR activity, we collaborate with various partners who contribute to the development of our projects, and, inevitably, we make available to them some of your personal data.
In such cases, the transmission of personal data will be limited to the data strictly necessary for the partners to carry out the necessary activities in our projects, and we have implemented contractual clauses to ensure that they comply with the provisions of this Privacy Policy and all applicable law.
Also, trying to do the best in our industry, sometimes we choose to work with other companies to facilitate certain technical or administrative functions that fall within their scope of activity, such as data hosting services, data services payment, marketing services, technical systems security services, software development services, IT support and maintenance services, legal services, etc.
In cases where we decide to use third parties to benefit from their services, we will only provide them with the information they need to perform their specific functions, provided that they comply with the provisions of the GDPR Regulation.
When our contractual partners act as proxies for the processing of your personal data, we will ensure that they process the data in accordance with applicable personal data protection legislation and in accordance with our prior instructions.
For the purchase of our services and all subsidiary transactions, such as the provision of bank details, the billing of our services, the recording of payments made, and the communication of any questions or concerns you may have regarding payments made, MEDICAI collaborates with the Stripe payment processor, who acts as an individual operator. In this context, MEDICAI does not have access to any banking data provided by the data subjects for the purpose of purchasing the services on our Platform. For more details on Stripe's processing activities and security measures, please see the privacy policy available here.
Legal requirements:
Your personal data may be communicated to governmental authorities and/or law enforcement agencies if required by the applicable law.
6. Which are your rights regarding the processing of personal data, and how can you effectively exercise them?
MEDICAI, as data controller, has implemented technical and organizational measures to ensure that the following rights of data subjects are respected:
Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us and, where that is the case, access to your personal data and information on how they are processed.
Right to data portability
You have the right to receive the personal data processed in a structured, commonly used, and machine-readable format, including the right to have this data transmitted directly to another controller if this is technically feasible.
Right to object
You have the right to object to the processing of your personal data when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data is being processed for direct marketing purposes.
Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification must be communicated by the controller to each recipient to whom the data subject's data have been transmitted, unless this proves impossible or involves disproportionate (demonstrable) efforts.
Right to erasure ("right to be forgotten")
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the following grounds applies: (i) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based and there is no other legal ground for the processing; (iii) you object to the processing and there are no overriding legitimate grounds for the processing; (iv) your personal data have been unlawfully processed; (v) your personal data have to be erased for compliance with a legal obligation; (vi) your personal data have been collected in relation to the offer of information society services.
Right to restriction of processing
You have the right to obtain from us a restriction on processing where one of the following applies: (i) you contest the accuracy of your personal data for a period that allows the verification of the correctness of the data; (ii) the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; (iii) we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims; (iv) you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right not to be subject to a decision based solely on automated processing
You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant manner. Therefore, we hereby state that MEDICAI does not use applications, algorithms, artificial intelligence, or automatic processes to make automatic decisions (without human intervention) that produce legal effects for you.
To exercise your rights listed above, you can send us your request (accompanied by your contact details) electronically at the e-mail address dpo@medicai.io .
7. Children’s personal data. We do not process data for children under 16 years old!
MEDICAI does not collect any personal data from children under the age of 16.
So, if you are under 16, please do not submit to us any personal data.
8. What security precautions does MEDICAI take to protect your personal data?
MEDICAI has assumed the responsibility of implementing appropriate technical and organizational measures regarding the protection of privacy, ensuring the security of personal data, and avoiding, altering, accessing, modifying, destroying, or disclosing unauthorized data.
- MEDICAI’s employees and collaborators who have access to the databases are expressly nominated; access to the computer system is made using individual accounts and passwords that are changed periodically;
- all employees, collaborators, and service providers who are in contact with personal data act in accordance with the principles and policies regarding the processing of personal data provided by the applicable legislation, respectively by the standards of confidentiality; thus, they have been informed and have the obligation to comply with the provisions of the GDPR Regulation by signing Agreements for the processing of personal data or as a result of the law;
- personal data are printed, only by authorized users, if necessary for the performance of the activity or according to legal obligations; however, we mention that we do not print personal data because is not necessary for our activity;
- MEDICAI’s employees and collaborators have access only to the personal data necessary, adequate and relevant for the performance of their duties and only in accordance with the stated purpose of data collection;
- computers and terminals used to access the computer system are password protected and have antivirus, antispam, and firewall security updates;
- we take the necessary measures to protect your personal data against the loss, misuse, and unauthorized access, disclosure, modification, or destruction of your data;
- we carry out, at regular intervals, security audits on the computer systems we use for the processing of personal data;
- we anonymize the personal data that we process so that it becomes impossible to identify the person to whom they refer, where possible and appropriate to our activity;
- we adopt and review data processing practices and policies, including physical and electronic security measures, regularly train MEDICAI’s employees and collaborators, and constantly monitor how we apply our own practices and policies.
Please select carefully what personal data you choose to send, including the email addresses listed on the site. The Internet or e-mails are not impenetrable, and an unexpected technical error can lead to an unfortunate event involving personal data transmitted.
While we take all reasonable steps to ensure the security of your data, MEDICAI cannot guarantee the absence of any breach of security or the inability to penetrate security systems. In the unlikely event that such a breach occurs, we will follow the legal procedures for limiting the effects and informing the data subjects as soon as possible.
9. Links to other websites
On our website, you may find links to other organizations or web pages. This Policy does not cover the personal data processed by them.
If you decide to access the links displayed on our site, we encourage you to carefully read their privacy policies.
10. Updates to this Privacy Policy
As we plan to develop and offer you new services/features, we will need to update this Privacy Policy. In order to keep you informed, we always publish the latest version of the Privacy Policy on our website, without any specific notice in this respect. We encourage you to constantly review this Privacy Policy in order to be constantly informed with respect to the categories, purposes, and manners in which MEDICAI processes your personal data.
If you have any questions about our Privacy Policy, please contact us at dpo@medicai.io.
11. Information concerning the Data Protection Authorities (DPAs)
If you consider that your rights provided by Regulation No. 679/2016 have been violated, you have the possibility to communicate this to us at the address dpo@medicai.io or to contact the DPA by submitting a complaint.
DPAs are independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation and the relevant national laws. There is one in each EU Member State.
Find your National Data Protection Authority online.
For California residents
If you are a California resident please have in mind that:
- “data subject” also means “consumer” and “controller” also means “business”;
- you have the right to not sell or share your information; please opt-out of sharing your personal data by writing an email to dpo@medicai.io ;
- you may use the same form to exercise your right to opt-out of sale of personal information as provided by CCPA.
HIPAA
Medicai USA, Inc. is HIPAA compliant and has the HIPAA seal of compliance certificate issued by Compliancy Group.
Romanian citizens please see applicable Privacy Policy here: https://www.medicai.io/ro/politica-de-confidentialitate.