Notification bar: Introducing our improved academy
Privacy Statement
This privacy statement explains how we process personal data through our web and mobile apps and our website (www.incision.care). Please take your time to read everything stated below.
This policy applies to any users of our services, and to anyone else who contacts us or otherwise submits information to us, unless noted below.
1. Who we are?
We are Incision Group B.V., a scale-up company based in the Netherlands. Our headquarters are in Mauritskade 63, 1092 AD Amsterdam; if you want to know more about us, check here.
If you have any questions about the Privacy Statement or any other questions regarding how we process personal data, you can write to privacy.security@incision.care, we’ll take care of your request and answer you back as soon as possible.
2. Processing of personal data
In this section we explain you how we process personal data through our services and our website.
NOTE: If we act in the capacity of processor, this means that we are going to process your data on behalf of another entity (usually a legal entity which is our customer, such as a hospital or a training institution) which determines the purpose and the means of the processing. Typically, we act in the capacity of processor when we offer our web and mobile services to users on behalf of their employer, training institution, or similar. If you want to have an overview of the contractual duties we have when we act in the capacity of processor, check here.
Incision Academy
Incision Academy is a service that we provide to both (i) customers (legal entities, such as hospitals and training institutions) for their users (employees, students, etc.), (ii) and single users (natural persons). In the first case we act in the capacity of processor (so we’ll process your data on behalf of the customer), in the second one we act in the capacity of controller (so the processing won’t be performed on behalf of a customer).
In both the contexts we will process your data for your registration on Incision Academy (such as your name, your email, your profession, your username and password, etc.) and to properly provide you our services (such as the courses you complete, the training content you access, etc.). In no occasion we will process special categories of personal data, and in particular heath related information.
We will process your data as long as you have a user profile on Incision Academy; you can update your data autonomously and at any time, and you can request to delete your user profile writing to info@incision.care.
Incision Academy is a web app completely based on the computing services of Amazon Web Services (“AWS”), to ensure a high level of security of your data and availability of the service. We chose the Ireland region of AWS, so no data transfer out of the European Union is required for the provision of our services.
Incision Assist
Incision Assist is a service that we provide to customers (legal entities, such as hospitals and training institutions) for their users (mainly employees). For this service we act in the capacity of processor (so we’ll process your data on behalf of the customer).
We will process your data for your registration and proper use of Incision Assist (such as your name, your email, your profession, your username and password, etc.) and until the customer you belong will tell us either return or delete your data. In no occasion we will process special categories of personal data, and in particular heath related information.
Incision Assist is an application (both web and mobile) completely based on the computing services of Amazon Web Services (“AWS”), to ensure a high level of security of your data and availability of the service. We chose the Ireland region of AWS, so no data transfer out of the European Union is required for the provision of our services.
This website (www.incision.care)
When you enter our website, this one automatically processes a certain amount of information (IP address, the model of the device, platform, local code and the universally unique identifier) that is necessary to allow your device to properly interact with it. Our website stores this information only for the duration of the single session.
If you contact us through the contact details available on our website or you write in our chat, we’ll process you data exclusively to answer your questions and support you, and we will store your data as long as necessary for these activities.
Cookie and other tracking tools
Our website stores cookies on your device and uses tracking tools to store your personal preferences and settings; optimize login processes; maintain a high level of security and to monitor and analyze performance of our online services. In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information collection is to diagnose service issues and to administer and track your usage of our website.
Out of the technical cookies, necessary to interact in the correct way with our website, we will always ask for your specific and informed consent (through our cookie banner) before installing other categories of cookies on your device or tracking you for analytical or advertisement purposes.
If you want to know more about how we use cookies and other tracking tools and/or you want to see in detail the cookies and tracking tools we use check here.
Usage data
When you use our mobile or web applications we record every interaction you have with the different features. This includes, but is not limited to, key words typed in the search bar, the duration and the date of each interaction, surgical films watched, etc. These activities are performed with particular attention in limiting the amount of personally identifiable information we process about you.
We mainly process usage data for analytical purposes, and in particular to satisfy our legitimate interest to understand how to implement our products to better fit users’ needs. For this purpose, we aggregate the data in such a way is no longer possible to identify who, in specific, this data belongs to.
Usage data could be used to personalize the communications that we’re going to send you to keep you active and up-dated about new features and content in our products.
If you decide to delete you profile, usage data will be anonymized by removing every reference to you (such as user ID, name, email).
NOTE: If we’re processing your data on behalf of a customer (for one or more of our products), we may share (after receiving a legitimate request) with it some, specific, usage data.
Communications
We are going to send you communications for different purposes.
By default, we send e-mails and push notifications through the mobile app because we really want to keep our users active, satisfied, and updated about new features and content in our products.
We will send you e-mails and push notifications through the mobile app for administrative purposes, for instance: we will send you a notification when an admin user uploads new content for your group; we will send you an e-mail to activate your account; etc. These communications are necessary for us to properly provide you with our services.
If you subscribe to our newsletter through our website or flag the consent to receive communications in the subscription panel of our web apps, we’ll send you communications regarding our products, events we’re going to participate to, and other informative and promotional content.
If you don’t want to receive communications anymore, you can let us know at any time by clicking on the link present in every e-mail.
Feedbacks
In our web and mobile applications, we provide the possibility to the user to send feedbacks (either to comment a feature or report a bug). We keep your feedbacks in the highest consideration to resolve the possible issues you reported and to implement our services. For this reason, we could get in touch with you via e-mail or, if you specifically ask, via telephone. We will store your feedback only for the time necessary to process it and, anyway, no more than six months.
Other processing activities
In addition to everything stated in this document, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3. Service providers and guarantees
All our third-party service providers are committed to take appropriate security measures to protect your personal data in line with our policies. We only allow them to process your personal data for specified purposes and in accordance with our instructions. In case a third-party service provider requires to process personal data on our behalf outside the European Union, we will adopt in advance adequate guarantees to ensure the same level of protection to that data (the preferrable mean will be signing with the third-party service provider appropriate standard contractual clauses as issued by the European Commission on 04th June 2021).
4. Your rights
You, as data subject, can at any time exercise the following rights:
- - Right to withdraw the consent: To the extent that the legal basis for the processing of your data is your consent, you have the right to withdraw that consent at any time;
- - Right to access: You have the right to confirmation as to whether we process or not your personal data and, where we do, receive a copy of that data, together with additional information regarding the processing activities;
- - Right to rectification: You have the right to have any inaccurate data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed;
- - Right to erasure: You have the right to request the erasure of your data without undue delay;
- - Right to restriction of processing: You have the right to request the restriction of processing;
- - Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller;
- - Right to object: You have the right to object the prevalence of interests legitimating the processing over your interests, rights and freedoms.
Out of some circumstances in which you can autonomously honor your rights (for instance, unsubscribe to our newsletter; correct you data on your user profile, etc.), to exercise your right you can write at any time to privacy.security@incision.care; we will take care of your request.
Please note that:
- - We can honor your request if we are processing your data in the capacity of controller, otherwise we will forward your request to the controller;
- - We may ask you to verify your identity and/or to provide more information regarding your request;
- - We will answer you without undue delay and in any event within one month (we may require more time taking into consideration the complexity or the amount of the requests);
- - Sometimes your rights are restricted, and, in some legitimate circumstances, we may decline your request (in these cases, we will always explain you why we did so).
If you consider that the processing of your data infringes data protection laws, you have the right to lodge a complaint to:
- The National Supervisory Authority, if you're based in the European Union;
- The Information Commissioner's Office (ICO), if you're based in the United Kingdom;
- The Swiss Federal Data Protection and Information Commissioner (FDPIC), if you're based in Switzerland.
Minors under age 16
Our application and services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of consumers below the age of 16.
5. For individuals based in California
This section provides additional specific information for consumers based in California as required by the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”).
Collection, use and disclosure of personal information
In the last 12 months, we may have collected the following categories of personal information:
- - Identifiers, such as your name, email address, telephone number or other similar identifiers;
- - California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and password, company name, job title, business email address and department;
- - Internet or network information, such as log and analytics data, information about the device(s) used to access the services and information regarding your interaction with our websites or services and other usage data;
- - Geolocation data, such as information about your location (at country and city level) collected from your IP address;
- - Feedbacks.
If you want to understand how we collect, use and disclose your data, please refer to the articles above.
California privacy rights
In addition to what is stated above, as a California resident you may be able to exercise the following rights under the CCPA in relation to the personal information about you that we have collected (subject to certain limitations at law):
- - The right to access/know all the information relating to the processing of your data that we have collected and disclosed in the last 12 months:
- - The right to request deletion of personal information we have collected from you, subject to certain exceptions.
We do not sell your data.
You also have the right to be free of discrimination for exercising these rights.
Please note that if exercising these rights limits our ability to process personal information (such as a deletion request), we may no longer be able to provide you with our products and services or engage with you in the same manner.
6. For individuals based in Australia
This section is applicable to individuals whose personal information is collected, stored, used or disclosed under the Australian Privacy Principles (“APPs”) contained in the Privacy Act of 1988.
Providing anonymous and pseudonymous options
You have the option of anonymity or using a pseudonym when dealing with Incision. However, this option may not be made available to you in certain cases, including if it’s impractical for us to allow this option or when we are required or authorized to deal with an identified individual by or under the law.
Collection, use and disclosure of personal information
We collect personal information only by lawful and fair means.
If you want to understand how we collect, use and disclose your data, please refer to the articles above.
Your rights under the APPs
In addition to what is stated above, you have the following rights related to the collection, use and disclosure of your personal data:
- - Be informed about the collection and use of your personal data;
- - Access your personal information;
- - Correction of your personal information to ensure accuracy and completeness;
- - Request to not receive direct marketing communications from us or to not disclose your personal information to others for direct marketing purposes.
If you consider that the processing of your data infringes data protection laws, you have the right to lodge a complaint to the Office of the Australian Information Commissioner (OAIC).
7. Information Security
We are committed to protecting the security of your data by implementing appropriate technologies and procedures, to avoid unauthorised access or disclosure. We utilise a variety of security technologies and organizational procedures to help protect your data, such as access controls, firewalls and secure servers, encryption, secure connections, etc.
8. Changes to this Privacy Statement
We may revise this Privacy Statement from time to time. The most current version of this document will govern our use of your data. If we make a change to this statement that, in our sole discretion, is material, we will notify you via an app notification or email to the email address associated with you. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Statement.