Information Security and Medical Device Regulation
Privacy Notice
This Privacy Policy explains how we use the personal information that aikenist.com Technologies
Private Limited, its subsidiaries and affiliates collects or generates both in relation to our
Website https://aikenist.com/ along with any webpages and portals thereof and our mobile
application, products and services (“Privacy Policy”) as updated from time to time.
aikenist.com Technologies Private Limited, company registration CIN U72900KA2019PTC128949 having its
registered office at 007, Pushpanjali Apartments 1st Cross, 1st Main, Chamarajpet BANGALORE
Bangalore KA 560018 IN along with its subsidiaries and affiliates (hereafter
“Aikenist”, “we”, “us” or “our”) collects, uses or processes your (“you” or “your” or “Customer” or
“User”) personal data. This Privacy Policy is applicable when you use our Website
https://aikenist.com/ along with any webpages and portals thereof or the Aikenist mobile application
i.e., AikenistApp (the “Website” and “Application” respectively) or Aikenist’s proprietary software
including but not
limited to QuickScan, QuickFlow, QuickRad and all its allied renditions, Devices etc.
(collectively the “Services”). Our Services also include the https://app.aikenist.com/ and
https://scan.aikenist.com portal, which is a platform for free trial of our products.
All definitions in this Privacy Policy shall be interpreted in accordance with applicable data
protection laws which refers to the General Data Protection Regulation (Regulation no. 2016/679) and
the Directive on Privacy and Electronic Communications (Directive 2002/58/EC), as well as the
national implementations and related national legislation. All capitalized terms used herein and not
otherwise defined are defined as set forth in the Universal Terms and Data Processing Agreement.
This Privacy Policy shall be construed in accordance with the applicable data protection laws,
including but not limited to Data Protection Act 2018, General Data Protection Regulation (GDPR),
Children’s Online Privacy Protection Act (COPPA), Information Technology Act 2000 (IT Act), The
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules 2011 (SPDI rules) and Health Insurance Portability and Accountability Act
(HIPAA).
By visiting our Website, or using our Application or Services, you acknowledge and accept the data
processing described in this Privacy Policy, our Website terms and related documents. We will let
you know, by posting on our Website or otherwise, if we make any changes to this Privacy Policy from
time to time. Your continued use of the Services after notifying such changes will amount to your
acknowledgement and acceptance of the amended Privacy Policy.
We strive to treat your personal information as safely and securely as reasonably possible. As
described below, your personal data may be collected and used by Aikenist or disclosed to third
parties
for use on behalf of Aikenist. This Privacy Policy describes the information we collect about you
and
what may happen to that information. You must be at least 18 years old to have our permission to use
our Services. Our policy is that we do not knowingly collect, use or disclose Personal data about
visitors that are under 18 years of age.
I. About the service
See separate ‘Universal Terms’ (https://aikenist.com/legal-disclaimer/) for applicable terms and
conditions of
the
Services that Aikenist provides.
II. Personal data?
a. What is personal data?
“Personal data” means any information relating to an identified or identifiable natural person,
known as ‘Data Subject’, who can be identified directly or indirectly; it may include name, address,
gender, email address, phone number, IP address, location data, cookies, call records and similar
information. It may also include “special categories of personal data” such as racial or ethnic
origin, political opinions, religious or philosophical beliefs, or trade union membership, and the
processing of genetic data, biometric data for the purpose of uniquely identifying a Data Subject,
data concerning health or data concerning a natural person’s sexual orientation.
b. What Personal data does Aikenist collect and process?
Aikenist receives, processes and stores two distinct sets of personal data. We will process the
following personal data on the Services:
User profiles
First and Last Name
E-mail address at the time of sign up
Technical usage data
such as the URL you are accessing the Services from, your IP address, unique device ID, network and
computer performance, browser type, language and identifying information and operating system;
information about your use of the Services, such as what you viewed or searched for; page response
times, download errors, length of visits to certain pages, page interaction information (such as
scrolling, clicks and mouse-overs), consultation length(s), recurrence of visits and other
interaction information, methods used to browse away from the page.
A third set of personal data is processed using the AikenistApp, which you as a User will upload the
data on the platform and Aikenist will act as Data Processor on behalf as of you as Data Controller
for
this data:
Anonymised patient case information pseudonymized DICOM images including embedded metadata;
content that you post, upload and/or contribute to the Services;
For the data listed in clause II (b) (3) above, where you as a User of the Services will act as Data
Controller and Aikenist as provider of Services, will act as a Data Processor, you hereby
acknowledge
and agree for Data Processing Agreement which is effective from the date of your first use of
Services. The Data Processing Agreement outlines what kind of processing we are instructed to
perform on your behalf regarding Personal data pertaining to Data Subjects where you are the Data
Controller.
Information about third parties should only be provided to us if you have demonstrable permission
and consent of Data Subjects i.e., your patients, to do so or if the information is available in the
public domain. You shall be solely responsible for receiving all informed, written, explicit or
implicit consents as required under applicable laws, from the Data Subjects i.e., your patients or
similar data owners. Your use of Services is deemed that such consents have been duly received by
you and will be available upon request for Aikenist to audit. We will rely on you to provide
information
which is accurate, complete and up to date and you agree to ensure this.
III. Why does Aikenist process this Personal data?
Aikenist will process the Personal data sets described above for the following purposes:
To enable you to verify your account, to administer your account, to enable and provide the Services
and integration with third party services, and to provide, personalize and improve your experience
with the Services, and to otherwise provide the Services according to the Terms of Service;
to send you alerts or messages by email or otherwise, including to provide you with marketing of our
and our related parties’ products and services;
to inform you about updates of the Services or the terms and conditions of Services;
to improve and develop the Services or new services and to analyse your use of the Services;
to ensure the technical functioning of the Services and to prevent the use of the Services in breach
of the Terms (including the Universal Terms and any other terms in relation to Application or
Services);
to enforce the Terms and any additional Terms (including the Universal Terms and any other terms in
relation to Application or Services), including to protect our rights, property and safety and the
rights, property and safety of third parties if necessary;
to fulfil our obligations as Data Controller and Data Processor;
to respect and fulfil our obligations in regards to the Rights of the Data Subject;
to respond to any queries you raise with us and to provide customer support; and
to fulfil requirements by law (see clause VIII below).
We will be unable to provide you the Services unless you provide us with the Personal data listed in
clause II.b above. The processing of the Personal data above is necessary to enter into the Terms
(including Universal Terms) with us and to maintain the contractual relationship between you and us,
where Aikenist will act as Data Processor for the collected data. Some of this collected information
is
subject to processing of third parties, both within and outside the European Union (third
countries).
The data listed in clause II.b.2 above is solely collected and used for performance and issue
handling pertaining to the platform and will not be used for identifying you as a user, unless this
is requested by official legal investigations as in provided in clause VIII below.
The processing of your Personal data for the purposes listed above is conducted on the basis of the
legitimate interest of Aikenist. Our legitimate interest for the processing is maintaining
sufficient IT
security through logging data when you use our Services and to evade fraud and to protect the
Services from cyber threats. We also log data for the maintenance and improvement of our Services.
IV. Disclosure of personal data
There are circumstances where we may wish to disclose or are compelled to disclose your Personal
data to third parties. These scenarios include disclosure to:
our affiliates and sister companies;
our service providers who capture and store data collected through the forms that are filled by
visitors to our Website;
subject to appropriate legal basis such as consent, our advertising and marketing teams who enable
us, for example, to deliver personalized ads to your devices or who may contact you by email,
telephone, SMS or by other means;
public authorities where we are required by law to do so; and
other third parties where you have provided your consent.
The service providers are contractually bound not to share Personal data collected from visitors on
our Website with anyone else.
We confirm and acknowledge that we do not commercially exploit or distribute Personal data to any
third party for commercial purposes. We share and disclose your Personal data to companies with
which we have contracts in place. These companies mainly provide data storage, data analytics,
advertising, IT support and other services to be able to run and improve our Services.
When you use our Services, you may be directed to other websites where the Personal data collected
is not in our control. The privacy policy of such other websites will govern the Personal data
obtained from you on that website.
V. Cookie Statement
In order to collect the information including Personal data as described in this Privacy Policy, we
may use cookies and similar technology on our Website. A cookie is a small piece of information
which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device
(“Cookies”). Cookies can be first party, i.e. cookies that the website you are visiting places on
your device, or third party cookies, i.e. cookies placed on your device through the Website but by
third parties, such as, Google.
We use the Cookies for the sole purpose of making it possible to browse the Website and let you use
its functionalities. We use third party Cookies like Google Analytics to collect statistical
information in an aggregated form on the number of users accessing the Website and generate
statistical data on how the visitor uses the Website. We also use third party advertisements on our
Website. Some of these advertisers such as Google through Google AdSense program may collect
information including your IP address, your ISP, the browser you used to visit our Website, etc. You
can refer to the list of cookies used by us along with the purpose of using them below.
You can choose to disable or selectively turn off our third party cookies in your browser settings,
however, this may affect how you are able to interact with our Website as well as other websites.
VI. Our website
Cookie name Purpose Duration Domain Category
_gat Used by Google Analytics to throttle request rate 2 years aikenist.com Statistics
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the
Website. Session aikenist.com Statistics
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the
Website. Session aikenist.com Statistics
csrftoken Helps prevent Cross-Site Request Forgery (CSRF) attacks. 1 year
app.aikenist.com/scan.aikenist.com
portal Necessary
collect Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the
visitor across devices and marketing channels. Session google-
analytics.com Statistics
_gat Used by Google Analytics to throttle request rate 2 years aikenist.com Statistics
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the
Website. Session aikenist.com Statistics
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the
Website. Session aikenist.com Statistics
AUTH_SESSION_ID Required for login Session accounts.aikenist.com Necessary
AUTH_SESSION_ID_LEGACY Required for login
Session accounts.aikenist.com
Necessary
KEYCLOAK_IDENTITY Required for login
Session accounts.aikenist.com
Necessary
KEYCLOAK_IDENTITY_LEGACY Required for login
Session accounts.aikenist.com
Necessary
KEYCLOAK_SESSION Required for login
10 Days or Session accounts.aikenist.com
Necessary
KEYCLOAK_SESSION_LEGACY Required for login
10 Days or Session
accounts.aikenist.com
Necessary
csrftoken Helps prevent Cross-Site Request Forgery (CSRF) attacks.
1 year platformapi.aikenist.com Necessary
sessionid Required for login
1 year platformapi.aikenist.com
Necessary
_ga_JPCJ0V0E2R Registers a unique ID that is used to generate statistical data on how the visitor
uses the Website. 1 year aikenist.com Statistics
mp_290aa5bd816866afa3a61ec8c43bd26d_mixpanel Registers a unique ID that is used to generate
statistical data on how the visitor uses the Website. 1 year aikenist.com Statistics
VII. Your consent
By contacting us, subscribing to our newsletter, you consent to the processing for the purposes
contained in clause II(b) above which includes processing of your name, gender, contact details and
preferences as set out in this Privacy Policy. By accepting Aikenist’s Terms, we process your
Personal
data to be able to fulfil our agreement with you for the purposes listed above in clause III.
Aikenist
will process Personal data if it has a legal obligation to do so to fulfil requirements by law as
pointed out in clause VIII below’.
VIII. Data Subject Rights
Data Subjects may have numerous rights in relation to their personal data.
Right to make a subject access request (SAR): Data Subjects may request in writing copies of their
personal data. However, compliance with such requests is subject to certain limitations and
exemptions and the rights of other individuals. Each request should make clear that a SAR is being
made. You may also be required to submit a proof of your identity and any payment permitted by law,
where applicable.
Right to rectification: Data Subjects may request that we rectify any inaccurate or incomplete
personal data.
Right to withdraw consent: Data Subjects may at any time withdraw their consent to the processing of
their personal data carried out by us on the basis of their previous consent. Such withdrawal will
not affect the lawfulness of processing based on such previous consent.
Right to object to processing including automated processing and profiling: We do not make automated
decisions about Data Subjects. However, we may rely on information provided by third parties such as
credit reference agencies which may score Data Subjects on the basis of automated decisions.
Profiling may be carried out for business administration purposes, such as monitoring trends in User
visits of our Website. We will comply with valid objection requests unless we have a compelling
overriding legitimate ground for the continuation of our processing or we have another lawful reason
to refuse such request. We will comply with each valid opt-out request in relation to marketing
communications.
Right to erasure: Data Subjects may request that we erase their personal data. We will comply,
unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate
ground for keeping the personal data, such as, our business record retention obligations that we
have to comply with.
Restriction: Data Subjects may request that we restrict our processing of their personal data in
various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a
legal obligation to continue processing your personal data in a certain way.
Right to data portability: In certain circumstances, Data Subjects may request the controller to
provide a copy of their personal data in a structured, commonly used and machine-readable format and
have it transferred to another provider of the same or similar services. We do not consider that
this right applies to our Services. However, to the extent it does, we will comply with such
transfer request. Please note that a transfer to another provider does not imply erasure of the Data
Subject’s personal data which may still be retained for legitimate and lawful purposes.
Right to lodge a complaint with the supervisory authority: We suggest that Data Subjects contact us
about any questions or complaints in relation to how we process their personal data. However, each
Data Subject has the right to contact the relevant supervisory authority directly.
IX. Responding to Legal Requests
We may access, preserve and share your Personal data in response to a legal request (like a search
warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address
fraud and other illegal activity, to protect ourselves, you and other users, including as part of
investigations described in Article 23(1) in the GDPR.
X. Retention of Personal Data
Personal data about registered users will be retained for as long as the user has an active profile
on the Services. users who have not used our Services will have all personal data deleted after 1
year of inactivity on the Services.
If you agree to be added to our mailing list, we will keep your personal information for that
purpose unless and until you tell us that you want to unsubscribe or be removed from the list. If
you advise that you do not want to be added to our mailing list or you ask to be removed, we will
delete your Personal data (aside from keeping a record that you have asked us not to send you
marketing information).
XI. Personal data of children under the age of 18
The AikenistApp and the Services provided under it are not directed at, marketed to, nor intended
for,
children under 18 years of age. The Website does not knowingly collect or solicit information from
anyone under the age of 18 or allow anyone under the age of 18 to sign up for the Service. In the
event that you learn that you have gathered personal information from anyone under the age of 18
without the consent of a parent or guardian, you will delete that information as soon as possible.
You are required under the Children’s Online Privacy Protection Act (“COPPA”) as well as the GDPR
and other Personal Data Protection laws (as those may apply) to obtain verifiable parental consent
(or from the child’s legal representative) in order to collect, use or disclose Personal Data
pertaining to that child.
If you are a parent or guardian of a person under the age of 18 and you become aware of that the
child has provided personal data to us without your consent, please contact dpo@aikenist.com to
exercise
your access, rectification, erasure, limiting of processing and objection rights.
XII. Security Practices
The importance of security for Personal data is of great concern to us. At Aikenist, we have gone to
great lengths to manage the security and integrity of the Services and to ensure that we use
best–in-class services when providing secure transmission of information from your device. Personal
Data collected via the Services is stored in secure environments that are not available or
accessible to the public; only those duly authorised people, officers, employees or agents of
Aikenist
who need access to your information in order to do their jobs are allowed access.
Anyone who violates our privacy or security policies is subject to disciplinary action, including
possible termination of their contract with Aikenist and civil and/or criminal prosecution. Aikenist
uses
the latest technologies to ensure utmost security, including utilising several layers of firewall
security and encryption of Personal data to ensure the highest level of security. As a result, while
we strive to protect your Personal data, you acknowledge that:
(a) there are security and privacy limitations of the Internet which are beyond our control;
(b) the security, integrity and privacy of any and all information and data exchanged between you
and us through this Website cannot be guaranteed; and
(c) any such information and data may be viewed or tampered with in transit by a third party.
XIII. Grievance Officer
To exercise your rights, or if you have any questions or complaints regarding our processing of your
personal data, please contact us our Data Protection Officer (DPO) at the following email ID –
dpo@aikenist.com. In your letter/email please state your full name, your username (if you are a
user) and
which institution you are linked to. Note that you should sign the request to receive information
about the processing of your personal data yourself.
XIV. Notice of Changes to the Privacy Policy
If we make changes to this Privacy Policy, we will notify you by posting a copy of the updated
policy on our Services prior to any change becoming effective. We will post a copy of the updated
policy on our Services prior to any change becoming effective. If your consent is required due to
the changes, we will provide you additional prominent notice as appropriate under the circumstances
and ask for your consent in accordance with applicable law.
Please contact contact@aikenist.com for information on Aikenist.ai’s information security measures.