PRIVACY NOTICE
PRIVACY NOTICE
The General Data Protection Regulation and relevant Member State laws require us to provide people with information about what personal data we process, what are their rights, how they can exercise those rights, and how to make complaints.
This Privacy Policy provides that information in a way we have tried to make clear and transparent. If you would like more information about what data we process, for what purpose or how long we keep it for, please use the contact details provided at the end to ask us.
If you do not agree with this Privacy Policy, do not access or use our services or interact with any other aspect of our business.
WHO WE ARE
Access to Personal Information and Your Rights
- We need it in order to provide you with the services and to carry out the core activities related to our provision of the services.
- We need to comply with a legal obligation.
- We have a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests.
- You give us your consent to do so for a specific purpose.
The right of access (also known as subject access requests)
- Confirmation that your data is being processed;
- Other supplementary information – that largely corresponds to the information provided in this privacy notice.
We will provide this information to you free of charge unless the request is ‘manifestly unfounded or excessive’, when we may choose to charge an administration fee or refuse to respond. We will endeavour to provide the information as soon as possible, and never more than one month after receipt of your request. To ensure data security we will request evidence of identification before we supply any personal data.
The right to rectification
The right to erasure (also known as the right to be forgotten)
Proximie’s lawful basis for processing personal data is ‘for the performance of a task carried out in the public interest or in the exercise of official authority’. The right to erasure does not apply for this lawful basis.
The right to restrict processing
- You contest the accuracy of the data we hold. In this instance we will restrict your data until we have verified the accuracy of the data;
- The data has been unlawfully processed, but you oppose erasure and request restriction instead. This is unlikely, however if this is the case we will retain your data in this instance;
- We no longer need the data, and it will be removed under our data retention policy, but you require us to retain the information in order to establish, exercise or defend a legal claim. This is unlikely, however if this is the case we will retain your data in this instance;
- You have objected to us processing your personal data under the ‘right to object’ and we are considering whether our legitimate grounds override those of the individual.
The right to restrict processing
The right to object
The right to automated decision making including data profiling
The right to stop contacting you for marketing purposes or follow-up on any recruitment process
Processing and usage of data
Proximie processes audio visual data of surgical operations performed in a clinical environment. This video is securely live streamed and securely stored on our cloud servers and is only accessible to health care professionals who are securely authenticated on the Proximie platform. The capture of any personal data in audio visual feeds is avoided, unless it is clinically unavoidable. We advise organisations who use the service to avoid capturing any identifiable personal data in audio visual recordings, secure messages and session names.
Even where Proximie has a legitimate interest in processing your personal data, it will not do so to the extent that processing would override your interests, rights and freedoms to protect your personal data.
We may also use your personal data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by applicable law.
Proximie Ltd uses AWS servers hosted in the US (which are covered by the EU-US Privacy shield), United Kingdom, United Arab Emirates and Kingdom of Saudi Arabia and in other jurisdictions. Proximie is expanding its territories and always seeks to geolocate and protect data where possible.
If you are an EEA resident, your personal data held by Proximie may be transferred to, and stored at, destinations outside the EEA that may not be subject to equivalent data protection laws, including the United States. When you sign up for service with Proximie or inquire about our services, we transfer your information to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.
Accordingly, by using our services, you authorize the transfer of your information to the United States, where we are also based, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy and any applicable terms of service or other agreement between you and Proximie. In some cases, Proximie may seek specific consent for the use or transfer of your information overseas at the time of collection. If you do not consent, we may be unable to provide you with the services you requested.
The United States, the United Kingdom, the United Arab Emirates and the Kingdom of Saudi Arabia and other countries where we operate may not have protections for personal information equivalent to those in your home country.
Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Policy.
COOKIES
This Service does use these “cookies” for session management. The app may use third party code and libraries that use “cookies” to collect information and improve our and their services. Data sent to these third-party’s services will not involve electronic patient health or personal identifiable information. You do not have the option to refuse these cookies. You will not be able to use Proximie without accepting their use.
You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. As mentioned above, you will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the services. Where you have not set your permissions, we may also separately prompt you regarding our use of cookies on the site or the Proximie’s platforms.
Links to third-party websites
Individual applicants as part of the recruitment process
We need this information to process your application, and to keep a record of the applications made. We may keep your CV and personal contact details in order to offer you further opportunities in the future.
We hold your data for three years after the process is complete, if you are unsuccessful.
Potential clients sourced through individual marketing campaigns
We need your personal data in order to offer our services to you, and we keep a database of contact details in our systems.
We hold your personal data in this respect for three years, or until you tell us you no longer wish to receive marketing contact from us, at which point we delete it.
Important notes concerning data processing
Google Analytics
Google Analytics uses “cookies”, which are text files saved on the site visitor’s computer, to help the website analyze their use of the site. The information generated by the cookie (including the truncated IP address) about the use of the website will normally be transmitted to and stored by Google.
Google Analytics is used exclusively with the extension “_anonymizeIp ()”. This extension ensures an anonymization of the IP address by truncation and excludes a direct personal reference. Via this extension Google truncates the site visitor’s IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional situations will the site visitor’s full IP address be transmitted to Google servers in the United States and truncated there. The IP address, that is provided by the site visitor’s browser in using Google Analytics will not be merged by Google with other data from Google.
On behalf of the site operator, Google will use the information collected to evaluate the use of the website, to compile reports on website activity and to provide other website and internet related services to the site operator (Art. 6 (1)( f) GDPR). The legitimate interest in data processing lies in the optimization of www.proximie.com, my.proximie.com, beta.proximie.com and their mobile clients, the analysis of the use of these websites and the improvement of their content and features. The interests of the users are adequately protected by the pseudonymization of their IP address. No other personal data is collected.
Google LLC has certified their compliance with the EU-U.S. Privacy Shield Framework and on that basis they provides a guarantee to comply with European data protection law. The data sent and linked to the Google Analytics cookies, e.g. pseudonymised IP addresses will be automatically deleted after 50 months. The deletion of data whose retention period has been reached is done automatically once a month.
The website visitor may refuse the use of cookies by selecting the appropriate settings in their browser. The website visitor can also prevent Google from collecting information (including their IP address) via cookies and processing this information by downloading this browser plugin and installing it: http://tools.google.com/dlpage/gaoptout
Further information concerning data processing and use by Google, the settings and deactivation possibilities can be found in the Google Privacy Policy (https://policies.google.com/privacy) as well as in the Google Ads Settings (https://adssettings.google.com/authenticated).
Tableau
- Anonymised user churn (logins per month)
- Number of video sessions views
Only high level metrics are derived and utilised for Proximie to understand commercial growth and macro usage of the platform.
Microsoft Dynamics 365
- User information for contract points of contact
- Number of contact attempts
- Lead times and metrics for client onboarding and support
- Sales targets
Data within Microsoft Dynamics is routinely removed and only used for interim performance metrics, and to make sure client contact remains within SLA agreements.
Intercom
Atlassian
Subprocessors
Third Parties
NB: No Electronic Patient Information will exist outside of the Proximie cloud (country or region specific Servers hosting services). Only User information may exist outside of this for communication, support and anonymous analytics tracking only.
Infrastructure Subprocessors
Slack Technologies
Entity subprocessing activities:
Communications Platform
Entity Country
United States of America
Entity policies
https://slack.com/intl/en-gb/privacy-policy
Microsoft Azure
Entity subprocessing activities:
Servers hosting services
Entity Country
United States of America
Entity policies
https://azure.microsoft.com/en-gb/support/legal/
Sahara Net
Entity subprocessing activities:
Servers hosting services (for use in KSA only)
Entity Country
Kingdom of Saudi Arabia
Entity policies
https://security.sahara.com/
Amazon Web Services
Entity subprocessing activities:
Servers hosting services
Entity Country
United States of America
Entity policies
https://aws.amazon.com/privacy/
https://aws.amazon.com/compliance/
https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/
Microsoft Dynamics 365
Entity subprocessing activities:
Analytics and CRM Services
Entity Country
United States of America
Entity policies
https://privacy.microsoft.com/en-gb/privacystatement
https://docs.microsoft.com/en-gb/dynamics365/get-started/gdpr/
Microsoft Office 356
Entity subprocessing activities:
Communications and Documentation Platform
Entity Country
United States of America
Entity policies
https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-information-protection-for-gdpr?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/privacy-security-and-transparency
Google Cloud Firebase (previously Google Analytics)
Entity subprocessing activities:
Analytics and Communications services
Entity Country
United States of America
Entity policies
https://firebase.google.com/support/privacy
https://firebase.google.com/policies/analytics
https://policies.google.com/privacy
Atlassian (Jira Service Desk, Confluence, Jira)
Entity subprocessing activities:
Communications, documentation and customer support services services
Entity Country
United States of America
Entity policies
https://www.atlassian.com/legal/privacy-policy
Tableau
Entity subprocessing activities:
Analytics services
Entity Country
United States of America
Entity policies
https://www.tableau.com/en-gb/legal/regional-privacy-laws
Intercom
Entity subprocessing activities:
Communications and customer support services services
Entity Country
United States of America
Entity policies
https://www.intercom.com/legal/terms-and-policies
AFFILIATES, SECURITY & RIGHTS
Proximie Affiliates
- Proximie SAL – Registered in the Republic of Lebanon in the Register of Commerce of Beirut.
- Proximie INC – Registered in the Commonwealth of Massachusetts in the United States of America.
Security
- ISO 9001, HIPAA, Cyber Essentials and NHS DSPT Certification
- Encryption of video in transit and at rest using 128 and 256 AES encryption
- Mandatory internal security, GDPR, and HIPAA training for all staff
- Regular (CREST accredited) penetration testing.
- Adherence to the Secure Software Development Lifecycle which includes static analysis and manual security processes within Product and Engineering.
- Use of AWS and Azure ISO 27001 certified cloud services.
However, no system or service can provide a 100% guarantee of security, especially a service that relies upon the public internet. Therefore, you acknowledge the risk that third parties may gain unauthorized access to your information. Keep your account password secret and please let us know immediately if you think your password was compromised. Remember, you are responsible for any activity under your account using your account password or other credentials.
Your Rights as a California Resident
We process your personal information only in order to provide the services and we do not retain, use, or disclose your personal information outside of the scope of the agreement we have with you.
How We Collect, Use, and Share your Personal Information
- Identifiers, such as name, e-mail address, mailing address, fax number and phone number. We collect this information directly from you or from third party sources.
- Information collected in connection with your use of our services, including communications usage information and the communications content processed through the services.
- Internet or network information, such as browsing and search history. We collect this information directly from your device.
- Geolocation data, such as IP address. We collect this information from your device.
- Financial information, such as payment details or financial account numbers in the process of providing you with our services. We collect this information from you.
- Inferences based on your use of the services and browsing history.
- Other personal information, in instances when you interact with us online, by phone or e-mail in the context of receiving support from our sales and customer service teams.
Your California Rights
- The right of access means that you have the right to request that we disclose what personal information we have collected, used and disclosed about you in the past 12 months.
- The right of deletion means that you have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions.
- The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
- Proximie does not sell personal information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199).
- “California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California consumers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy, as we do, only to disclose personal information of consumers to third parties for the third parties’ direct marketing purposes if the consumer has opted into such information-sharing.
Right to Know
- The specific pieces of Personal Information we collected about you
- The categories of Personal Information we collected about you.
- The categories of sources from which the Personal Information is collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- If we sold or disclosed your Personal Information for a business purpose
Right to Delete
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the rights of other consumers to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
How to Exercise your California Rights
Please email us at CCPA@Proximie.com if you would like to exercise your rights pursuant to CCPA or learn more about your rights or our privacy practices.
Updates & Changes to this Privacy Policy
This policy is effective as of 2020-04-29
Contact Us
Data Protection Officer
Proximie Ltd
The Harley Building
77 New Cavendish Street
London
W1W 6XB
In the unlikely event that you wish to lodge a complaint about our collection, transfer or processing of your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO) via their website www.ico.org.uk or in writing to:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF