Privacy Policy

Effective Date: July 31, 2023

At Segmed, Inc. ("Segmed," "we," "us," or "our"), we are committed to protecting the privacy and confidentiality of the information we collect, including medical data, as well as the personal information of our clients. This Privacy Policy outlines how we handle and safeguard the data, including medical data, in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), as well as our commitment to handling client information confidentially. Please read this Privacy Policy carefully to understand our practices regarding your information.

1. Information We Collect:
1.1. Personal Information: We may also collect personal information from our clients, such as names, contact details, and professional affiliations, to provide our services and maintain our client relationships including personal information that you voluntarily provide to us when you register on the Website or our Insight platform, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website or Insight platform or otherwise when you contact us including contact information such as names; email addresses; job titles; account usernames, Payment information such as billing addresses; debit/credit card numbers; security code, and other similar information. 

1.2. Cookies: We automatically collect certain information when you visit, use or navigate the Website. Like many businesses, we collect this type of information through cookies and similar technologies. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website and Insight platform, and for our internal analytics and reporting purposes.

1.3. Opting out of cookies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Website or Insight platform. To opt-out of interest-based advertising by advertisers on our Website visit http://www.aboutads.info/choices/.

1.4. Do Not Track: Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. Medical Data: Segmed collects medical data from various sources, including healthcare providers, researchers, and other entities, for the purpose of de-identifying and anonymizing the data and subsequently sub-licensing this data. This data may include but is not limited to medical images, patient demographics, medical records, and other related information.

2. Use of Information:
2.1. We use personal information collected via our Website and Insight platform for a variety of business purposes described below. We process your personal information with your consent, which may be obtained through this privacy policy, or where permitted by law, in reliance on our legitimate business interests, in order to enter into or perform a contract with you, or for compliance with our legal obligations. 

We use the information we collect or receive in the following non-exclusive manners:
- To facilitate account creation and logon process. 
- To post testimonials. We may post testimonials on our Website that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial. You can withdraw your consent at any time.
- To request feedback and to contact you about your use of our Website or Insight platform.
- To manage user accounts. 
- To send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
- To keep our Website and Insight platform safe and secure (for example, for fraud monitoring and prevention).- To enforce our terms, conditions, and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- To fulfill and manage your orders, payments, returns, and exchanges made through the Website, and to provide you with the requested service.
- To respond to user inquiries and solve any potential issues you might have with the use of our Services.

2.2. De-identification and Anonymization: Segmed's primary purpose is to de-identify and anonymize medical data to remove any personal health information (PHI). We use technical and administrative measures to ensure that the data is stripped of PHI, rendering it anonymous and non-identifiable.

2.3. Service Provision: We use the de-identified medical data to provide services to healthcare providers, researchers, and other authorized entities, in accordance with applicable laws and regulations. These services may include data analytics, algorithm development, research collaborations, and other related activities.

2.4. Client Services: We may also use the information to send important notices, updates, and promotional materials related to our services.

2.5. Marketing: To send you marketing and promotional communications if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time.

2.6. For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Website or Insight platform, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users.

3. Data Security:
3.1. Data Protection Measures: Segmed maintains technical, physical, and administrative safeguards to protect the confidentiality, integrity, and availability of the medical data and personal information we collect. We employ industry-standard security practices to prevent unauthorized access, use, or disclosure of the data.

3.2. Confidentiality Obligations: We require our employees and contractors to adhere to strict confidentiality obligations regarding the medical data and personal information they handle. Access to data is limited to authorized personnel who require it to perform their duties.

4. Data Sharing:
4.1. We may share data with service providers, governmental authorities or other third parties based on the following legal bases:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose. This may include consent obtained through this privacy policy.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

4.2. Client Information: We do not sell or disclose personal information of our clients to third parties for marketing purposes. We may share client information with trusted third-party service providers who assist us in operating our business, maintaining our systems, or delivering services to our clients.

5. Handling Information Internationally
We may transfer, store, and process your information in countries other than your own. Our servers are located in the United States. If you are accessing our Website or Insight platform from outside the United States, your information may be transferred to, stored, and processed by us in our facilities and by our service providers in other countries. If you are a resident of the European Economic Area or other parts of the world, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

6. Retention
We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. We will keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). In most cases we will dispose of your information within three years of the end of our relationship unless we are required for business or legal reasons to retain it for longer.

7. Security of Information:
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

8.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Website, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at info@segmed.ai.

9.
Depending on where you live, you may have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request correction or deletion of your data; (iii) to restrict the processing of your personal information or withdraw your consent to processing; or (iv) to ask us to transfer your information to another party. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, you may email us at info@segmed.ai. We will consider and act upon any request in accordance with applicable data protection laws.

10.
If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

11.
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

12.
If you are a resident of California, you may have specific privacy rights under the California Consumer Privacy Act of 2018 (CCPA), as amended, including:

12.1. California residents may request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. You can request that we delete personal information that we collected from you, subject to certain exceptions (such as if the business is legally required to keep the information). You may request that we stop selling or sharing your personal information (“opt-out”), including via a user-enabled global privacy control. We will not sell or share your personal information after we receive your opt-out request unless you later authorize us to do so again. You may request that we correct inaccurate information that we have about you. You can direct we only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

12.2. What categories of personal information do we collect?As described above, we generally collect contact and payment information. We have collected the following categories of personal information in the past 12 months: Identifiers. Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name; and Personal information categories listed in the California Customer Records statute. Name, contact information, education, employment, and financial information.

We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by phone or mail for the purposes described above, including support requests, customer surveys and delivery of our Services.

13.
How do we use and share your personal information?More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at info@segmed.ai. If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

14. Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data. Segmed, Inc. has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. Segmed, Inc. will not sell personal information in the future belonging to website visitors, users and other consumers.

15. Compliance with Laws:
15.1. HIPAA and GDPR and CCPA Compliance: Segmed complies with the requirements of HIPAA and the GDPR and CCPA, as applicable, regarding the handling, de-identification, and processing of medical data and personal information. We implement appropriate safeguards to protect the privacy and security of the data and comply with individuals' rights under these regulations.

16. Updates:
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website or by other reasonable means.

17. Contact Us:
If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us at: Segmed, Inc. info@segmed.ai.

By using our services or providing us with your information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.