Privacy Policy for users testing the application
This Privacy Policy for Users Testing the Application ("Privacy Policy") should provide you with an information about how your data is processed when you decide to use our online AI Dental Application offering X-ray image diagnoses by artificial intelligence, available on www.test.aidental.ai (the "Application") for testing purposes during the social events and conferences.
Please note that we can update the Privacy Policy from time to time, but you can always find the latest version available online. Current version of the Privacy Policy is effective as of 14 March 2023.
For the purposes of this Privacy Policy, the abbreviation "GDPR" means General Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Please be informed that the information provided in this Privacy Policy shall fulfill our information obligation based on art. 13 of GDPR and we use all our efforts to ensure our compliance with the applicable data protection legislation.
This Privacy Policy provides you with the following information:
- Who will process your data?
- Whose data will be processed?
- Why do we process your personal data, which data do we process and on which legal basis?
- With whom may we share your personal data?
- Do we transfer your personal data to third countries?
- Are you subject to automated decision making or profiling?
- Which measures do we use to protect your personal data?
- How long do we process your personal data?
- What are your rights?
In case you wish to obtain more detailed information as mentioned herein, please do not hesitate to contact us on the e-mail address stated below.
Please note that this Privacy Policy applies exclusively to the processing of personal data carried out by us and for the purposes mentioned below we do not process personal data of persons younger than 18 years old.
1. Who will process your data?
Your personal data will be processed by us, company AID s.r.o. , having its registered seat at Námestie SNP 3, Bratislava - Staré Mesto 811 06, Slovakia, Business ID no.: 518 526 83, registered with the Commercial Registry of the District Court Bratislava I, section: Sro, insert no.: 130255/B ("company", "we", or "us").
If you want to learn more about the processing and protection of your personal data or if you have any other questions or comments related to data privacy, you can contact us via e-mail sent to: privacy@aidental.com.
2. Whose data will be processed?
We process personal data of you:
- user of the Application, who wants to evaluate new X-ray images by artificial intelligence via Application,
- testing user, who uses the Application for purposes of testing and assessing its functions
("you", or "your").
3. Why do we process your personal data, which data do we process and on which legal basis?
The main purpose of the Application is to evaluate oral and dental radiographs for easier diagnoses of dental defects. It is therefore possible to test the functioning of the Application at the conference or other social event both on a prepared set of images or on your own images. In order to achieve the stated purpose of the Application, we will process your personal data for several reasons, and so based on multiple legal bases.More detailed information can be found in the table below:
| Purpose of data processing | Detailed description | Scope of processed data | Legal basis |
|---|---|---|---|
| Use of our websites. | When you decide to use our websites, we may process your personal data as mentioned in our General Privacy Policy. | The detailed information about processed categories of personal data can be found in our General Privacy Policy. | Information about legal basis of personal data processing is available in our General Privacy Policy. |
| Test use of the Application without adding new dental scans. | When you decide to test the functioning of the Application at the conference or during other social event with a prepared set of images, we process only your personal data you enter in your registration. | When you actively use the Application, we process your name, surname, email address, profile picture, your online activity and further information you decide to tell us, including your feedback. Those personal data will be deleted in 30 days after you enter them. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to test the functionalities of the Application, to ensure positive experience when using the Application and to provide you with the desired outputs from the Application. |
| The use of the Application on newly added dental scans of yours. | You may decide to load your own dental scan to be evaluated by the Application. In such case when you are the personal data subject, we may process your personal data resulting from the scan to propose correct medical diagnose. | When you actively use the Application, we process your name, surname, email address, profile picture, your online activity and further information you decide to tell us, including your feedback. We will process your personal health data based on your dental scan for purpose of correct medical diagnoses. Those personal data will be deleted in 30 days after you enter them. | Art. 9 (2) (a) of GDPR based on your consent with such data processing of your health data. |
| The use of the Application on newly added dental scans of other data subjects. | You may decide to load dental scan of other personal data subjects to be evaluated by the Application. In such case you are in the role of personal data controller, and we are processors, evaluating personal data you decide to enter into the Application for purposes you decide, and so based on the agreement with you. | When you actively use the Application, we process your name, surname, email address, profile
picture, your online activity and further information you decide to tell us, including your
feedback. We will also process the dental scans you provide, the diagnosis made from them and any further personal data you decide give to us. Those personal data will be deleted in 30 days after you enter them if you do not say otherwise. |
Art. 6 (1) (f) of GDPR for the purpose of fulfillment of the contract between you and us. |
| Ensure security of the Application | We want the Application to be safe for its users, therefore we adopt security measures to prevent hacker attacks and other security incidents and breaches. We also take some additional measures, the implementation and application of which is required to maintain the safety of the Application and personal data processed through the Application. These actions require processing of your personal data. | We will primarily process technical information about the device you use when working with the Application (e.g., IP address, device type) and certain information about the way you use the Application. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to ensure security of the Application and security of its users. |
| Marketing and promotion of Application | We can use results and feedbacks from test use of the Application to promote the Application. We can also send you the newsletter or other marketing communication with the news about the Application as part of our direct marketing. | For promotion of the Application, we will process your name, surname, email address as well as your user experience with the Application. When providing you with marketing communication we will process mostly your name, surname, and email. We will delete those after you choose that you do not want us to send you any further marketing materials. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to market services provided by the Application. |
| Dispute solving, exercise and defense of our rights and legal claims | We may process your personal data for the purposes of solving legal disputes, claims complaints or other similar proceedings. | Within this purpose, we may process any personal data that is necessary to achieve the stated purpose, even if your personal data was originally obtained for one of the other purposes.This will mainly concern your name and surname, your contact details (address, phone number, email), information related to your suggestions, complaints and requests, information related to the use of the Application etc.The scope of processed personal data may be wider, depending on the concrete claim or dispute. | Art. (6) (1) (f) of GDPR for the purpose of our legitimate interest to handle disputes that may arise during our collaboration and in relation to the use of the Application. Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject. |
4. With whom may we share your personal data?
We take the protection of your personal data very seriously, so we try to limit the scope of their recipients as much as possible. Only certain of our employees and coworkers may have access to your personal data. In such a case, access shall be granted only if it is necessary for the purposes described and only if the respective employee is bound by the confidentiality duty.
We may share your personal data with our suppliers who support us in our business or provide us with partial services, e.g. marketing services, legal and audit services, tax advisors, various IT and support services, technical subcontractors, etc. These entities include:
- Microsoft Corporation Inc., seated at Redmond, Washington, USA, providing us with digital infrastructure.
- Büro Milk s.r.o., seated at Klemensova 4 811 09 Bratislava - mestská časť Staré Mesto, providing us with marketing servicies and personalized content creation.
- PS:Digital, s.r.o., seated at Šustekova 5 851 04 Bratislava - mestská časť Petržalka, providing us with marketing services, personalized content and other marketing distribution.
- khn, s.r.o., seated at Fraňa Kráľa 23, 811 05 Bratislava - Staré Mesto, providing us with design and survey services
- Aston ITM, spol. s r.o., seated at nám. SNP 3 811 06 Bratislava, providing us with IT services
- Curaden AG, Amlehnstrasse 22, 6010 Kriens, Switzerland, providing us with access to dental student associations
We do not permit our suppliers to sell any personal data we share with them, or to use any personal data we share with them for their own purposes or for other purposes than to perform the services they provide to us. Before engaging any supplier, we perform due diligence, including detailed privacy, security and legal analysis. We do not engage a supplier unless our quality standards are met. Our suppliers are all subject to contract terms that enforce compliance with applicable data protection laws.
Further, please be informed that our suppliers may engage additional contractors to support them in their business and to provide them with certain services, which can possibly also require processing of your data. Such services may include but are not limited to: cloud services and website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, banks and payment method providers, accounting, legal, tax and audit services. These further contractors should provide their services based on the contract, under which they are obliged to follow applicable law, especially with respect to observance of applicable data protection legislation.
Lastly, please note that we may share your personal data if required to do so by law or decision of respective public authority or court order, for example with our suppliers or clients, tax authorities, social security agencies, law enforcement agencies or other governmental agencies.
5. Do we transfer your personal data to third countries?
We may process your personal data also outside the EU/EEA, since some of our partners with whom we cooperate are located outside the territory of the EU/EEA, respectively, have their subcontractors located in those countries or process personal data in third countries in a different way. In this case, we strive to ensure that your personal data is transferred exclusively to countries that are considered to have an equivalent level of personal data protection in accordance with the relevant European Commission decision, or where the appropriate personal data protection measures are in place. In general, we use standard contractual clauses for data transfers to third countries or require compliance with other additional guarantees and measures. Regardless of the country in which your personal data is processed, we take appropriate technical, security and organizational measures to ensure that the level of protection is the same as in the EU/EEA. If you would like to know more about the international transfer of your personal data and the relevant safeguards, we have in place to govern the transfer of your personal data, you can contact us via email sent to the address mentioned above.
6. Are you subject to automated decision making or profiling?
Your personal data are not subject to automated decision making or profiling.
7. Which measures do we use to protect your personal data?
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of your personal data. We maintain technical and organizational measures designed to protect your personal data within our organization against relevant security threats, including against unauthorized access, destruction, loss, alteration, or misuse. As already mentioned above, your data are accessible only to a limited number of personnel who need access to perform their duties. In case you wish to learn more about our technical and organizational measures, please do not hesitate to contact us on the contact details mentioned above or on our websites.8. How long do we process your personal data?
We process your personal data only as long as it is legally permitted and necessary for the purposes for which the data was collected (please see more details and concrete data processing periods for certain purposes above in section 3. of this Privacy Policy). However, this does not rule out that we may continue to process your personal data on a different legal basis for a longer period, especially if it concerns the fulfillment of legal obligations.
In general, your personal data will be processed for the duration of the conference (i.e., while using the Application), or to the extent necessary even after its end, due to the fulfillment of legal obligations, or if it is necessary to defend legal claims in accordance with our legitimate interests. If you are interested in information regarding the specific processing and storage period of your personal data, please do not hesitate to contact us via email sent to the address mentioned above.
9. What are your rights?
You are entitled to exercise your rights as a data subject with respect to the processing of your personal data. Please see the table below for more details.| your right | what does it mean? |
|---|---|
| Right to access | You have the right to obtain the information whether your personal data are processed, and if yes, you can request a copy of your personal data we process, for which we may charge you with a fee. If we process your personal data, you can request information about why we process your personal data, which personal data we process, with whom do we share your personal data, for how long we store your personal data and how do we determine the period, your rights to rectification or erasure, restriction or objection of processing of your personal data, your right to lodge a complaint with a supervisory authority, from where we collected your personal data, if not directly from you, whether you are subject to automated decision making or profiling, whether we transfer your personal data to third countries. All of the mentioned information is included in this Privacy Policy. |
| Right to rectification | It is important that we have the correct information, and we request you to notify us if any of your personal data is incorrect or if any of your personal data have been changed. We will rectify your personal data without undue delay upon your notification. |
| Right to erasure ("right to be forgotten") | If the processing of your personal data is no longer necessary or has been unlawfully processed, you withdraw your consent or object to the processing of your personal data, you may request us to erase your personal data. |
| Right to restrict processing | From the moment when you (i) asked for rectification of your personal data, or (ii) objected the
processing, until we assess your request (e.g. to confirm the accuracy of your personal data or to
rectify them according to your instructions), you are entitled to request us to restrict the
processing.
You may also request us to restrict the processing of your personal data if the processing was unlawful, but you do not want us to delete your personal data, or if we do not need your data anymore for the original processing purposes, however the data are important for defending your legal claims. This means that we (except for the retention of personal data) may process your personal data for which the processing was restricted, only if you consented with such processing, if it is necessary in connection with legal claims, to protect someone else's rights, or if there is a significant public interest in processing. |
| Right to object processing | If we process your personal data based on our legitimate interest or for direct marketing purposes, you may object to such processing. We can process your personal data further if we can demonstrate the compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. |
| Right to data portability | You may request us to provide you with the personal data that you provided to us for the processing based on the consent or for fulfillment of the contract. We should provide you with your personal data in a structured, commonly used and machine-readable format. You also have the right to request the transfer of these data directly to another data controller, if it is technically feasible. |
| Right to withdraw your consent | If some processing activities are based on the consent, you will have the right to withdraw such consent at any time. Please note that the withdrawal of your consent does not affect legality of the processing previously performed based on the originally granted valid consent. |
| Rights related to automated decision making and profiling | You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. We do not use automated decision-making or profiling for the outlined purposes of data processing. However, if you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision in a non-automated manner. |
If you would want to exercise any of your abovementioned rights, if you would like to file a complaint about how we process your personal data or if you have any further questions regarding the processing of your personal data, you can contact us via the contact information mentioned above and we will review your request, suggestions and reply to your questions.
If you are not satisfied with our response or if you believe that we process your data unfairly or unlawfully, you may lodge a complaint with a relevant supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic; for more information, please visit www.dataprotection.gov.sk.