Privacy Policy

[Last updated: October, 2021]

This Privacy Policy („Policy„) governs the data collection, processing and usage made by Ibex Medical Analytics Ltd. (“IBEX” or “us”, “our”, “we”) through our website available here. This Policy concerns the data we collect from individuals who access and use our website („Users”, „you“ or „your“).

This Policy constitutes an integral part of any agreement between you and us, including any Terms and Conditions (“Terms”). Definitions used herein but not defined herein shall have the meaning ascribed to them in the Terms.

The privacy of your data is at our outmost importance and hence we handle your data carefully in accordance and compliance with the applicable data privacy regulation. Please note that you are not obliged to provide us with any personal data (as defined below), and we do not request you to do so. However you shall be aware that your avoidance of providing us with some personal data may not allow us to provide you with our services.

If you have any questions about this Policy, please contact us at: info@ibex-ai.com.

Amendments

We reserve the right to periodically amend or revise the Policy, which will immediately affect the implementation of the revised Policy on our website. The last revision date will be reflected in the “Last Updated” heading located at the top of the Policy. We will make a reasonable effort to notify you if we implement any changes that substantially change our privacy practices. We recommend that you periodically review this Policy to ensure that you understand our privacy practices and check for any amendments.

Who are we and Contacting Us

Ibex Medical Analytics Ltd.

101 Rokach Blvd, Tel Aviv-Yafo, Israel 6153101

Email: info@ibex-ai.com

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website:

https://prighter.com/q/14104857189

The Data Protection Representative (DPR) under Article 27 to the GDPR:

Maetzler Rechtsanwalts GmbH & Co KG, Schellinggasse 3/10, 1010 Vienna, AUSTRIA

The Data Protection Representative (DPR) under Article 27 to the UK-GDPR:

Prighter Ltd, 20 Mortlake Mortlake High Street, London, SW14 8JN, UNITED KINGDOM

Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us by using the contact details above. All requests will be dealt with promptly and efficiently.

Parties Role

Under the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”), we act, in the course of the processing the data of users of our website, as the Data Controller.
Please note, in the event you are a patient of one (or more) of our customers (i.e. one of our customers, a healthcare provider (“HCP”) use our THE GALEN™ Platform in order to provide you its services) the HCP is acting as a Data Controller of your Personal Data and we act as the Data Processor on behalf of such Data Controller. Similarly, when we process Protected Health Information (“PHI”) on behalf of any of our customers who is deemed as a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we act as a Business Associate.

Collection of Non-Personal Data

We may collect aggregated, non-personal and non-identifiable information which may be made available or gathered via your use of our website (“Non-Personal Data“). We are not aware of the identity of the individual from which the Non-Personal Data is collected.

Also, we may sometimes process and anonymize or aggregate personal data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified person.

Non-Personal Data may be used by us without limitation and for any purpose, including for commercial, research, or statistical purposes, without further notice to you.

Collection of Personal Data

During your interaction with the website, we will collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data”). This may include online identifiers, name, emails, etc., subject to applicable law.

In case you will provide us with your Personal Data, we may manage it under a “Customer Ticket” in one of our systems in accordance with terms of this Policy.

Note, that if we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.

Processing of Personal Data – Purposes and Lawful Basis

We have included in the table below information about which data is processed, how we process and use your data and the lawful basis for which we do so subject to the GDPR.

Type of Data

Purpose of Processing

Lawful Basis

Contacting Us

If you voluntarily contact us in any manner, whether for support, to submit a request or for other inquiries, whether by filing the „Contact Us“ or „Schedule a Demo“ forms or through other means of communications, e.g., any online form may available on the website, you may be asked to provide us with your contact details such as your full name, email address and mobile number.

We will use this data and our correspondence history solely to respond to your inquiries and provide you with the support or information you have requested. We will retain our correspondence with you for as long as needed, subject to applicable law.

In the course of our correspondence you might provide us with any other information you will voluntarily choose to provide us with. In such event we do not require you to provide us with any Personal Data; however we might not be able to provide you with the service or information you required in your inquiry.

The lawful basis for processing your contact us details will be the contract between you and us, meaning we will use the data for addressing your requests and inquiries.

After completing any such request, we will retain your information as part of our business records under our legitimate interest.

Some of our Services’ data might be processed under our legal obligation, such as safety requirements.

Newsletter:

If you voluntarily subscribe to our newsletter (including as part of filling our Contact Us form) you will be required to provide us your email address or any other means of contact.

We will use this data solely to send you our Newsletter and other marketing materials.

We will send you updates and newsletters based upon your consent, which you may withdraw at any time by using the unsubscribe option within the body of the applicable newsletter correspondence or by contacting us via email at info@ibex-ai.com.

Online identifiers and other Technical Data

When you interact with our website, we may collect certain online identifiers, including your IP address and Advertising ID.

We may also collect technical Non-Personal Data transmitted from your device (e.g., language used, type of operating system, type of device, etc.) and approximate geographical location (country).

For more information please see the Cookies and Pixels section below

We use this data for our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving the website and how we offer it; (ii) enhancing your experience; (iii) auditing and tracking usage statistics and traffic flow; and (iv) protecting the security of the website, as well as our and third parties’ rights (subject to applicable law requirements).

Such processing is part of our legitimate interests as a commercial business.

Career:

In the event you are interested in joining our team, and wish to submit your CV, you will be required to provide us with your contact details (such as phone number and email) and submit your CV („Career Info“).

Your Career Info is processed in order to process your job application, including assessing suitability, eligibility or fitness to work

Please note, We do not collect, store or process any of your Career Info.

We do not request or require sensitive personal information concerning religion, health, sexual orientation, or political affiliation with recruiting.

If you are hired, the information may be used in connection with employment and corporate management.

We will collect and retain your data at first for the fulfillment of a contract – your request to attend any of our open positions.

Also, if you are hired eventually, the lawful basis for further retaining your data will be performance of a contract.

In case we will terminate your candidacy to any such position, we will retain your data as part of our legitimate Interest.

Cookies & Pixel Usage

Our website includes tracking technologies such as cookies and pixels. These tracking technologies are used for the purpose of gathering some information automatically, by ourselves or by third party service providers on our behalf.

We may use various types of Cookies and Pixels:

Essential – which are necessary for the site to work properly (usually appears under our name/cookie tag);
Functional – designated to save your settings on the website – your language preference or other view preferences;
Targeting – used to collect information from you to help us improve our products and services and serve you with targeted advertisements that we believe will be relevant to you (e.g., Google’s Cookies);
Social networks – Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn Cookies, or pixels, etc.) enable sharing your usage information with your social network’s accounts;
Analytics – give us aggregated and statistical information to improve the website and further developing it (e.g., Google analytics, Google Firebase Crashlytics, etc.);
Third-party services used by us –an external service which provides us with services which allow us to provide you with the services.

Please note that the data collected by the use of Cookies and Pixels may be linked to and combined with any other data, including Personal Data.

Also note that Cookies and Pixels data is usually collected through third-party service providers, like Google, Facebook, etc. In those cases, your Personal Data might be transferred to those third parties, which might use it, as a “joint controller” or “Co-Controller” of the data, meaning that the data is also “owned” and processed by them under their terms and conditions. Under those terms and conditions and the direct accounts or subscriptions you have with those third parties, your Personal Data might be linked to other data collected by the relevant third party and processed in its systems, for its purposes, and under its management. For example, suppose you have a Facebook account, the Personal Data collected through Facebook’s Cookies in our website might be linked to other data Facebook collects and might be used by Facebook per the independent agreements between you and Facebook.

Sharing Data with Third Parties

We do not share any Personal Data collected from you with third parties or any of our partners except in the following events:

Legal Requirement: We will share your information in this situation only if we are required to do so to comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.);
Policy Enforcement: We will share your information, solely to the extent needed to (i) enforce our policies and agreements; or (ii) to investigate any potential violations thereof, including without limitations, detect, prevent, or take action regarding illegal activities or other wrongdoings, suspected fraud or security issues;
Company’s Rights: We will share your information to establish or exercise our rights, to prevent harm to our rights, property, or safety, and to defend ourselves against legal claims when necessary, subject to applicable law;
Third Party Rights: We will share your information, solely to the extent needed to prevent harm to the rights of our users, yourself, or any third party’s rights, property, or safety;
Business Purpose – we may disclose your personal information to a third party for a business purpose, as detailed above.
Service Providers – we share your information with third parties that perform services on our behalf (e.g. customer service, tracking, servers, service functionality, marketing, and support, etc.) these third parties may be located in different jurisdictions.
Corporate Transaction – we may share your information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy;
Authorized Disclosures – we may disclose your information to third parties when you consent to a particular disclosure. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.

Your Data Subjects‘ rights under Privacy Protection laws

Under EU law, EU residents and individuals have certain rights to apply to us to provide information or make amendments to how we process data relating to them. Those rights might include:

right to access your Personal Data – you can ask us to confirm whether or not we have and use your Personal Data, and if so, you can ask for a copy of your data;
right to correct your Personal Data – you can ask us to correct any of your Personal Data that is incorrect, after verifying the accuracy of the data first;
right to erase your Personal Data – you can ask us to erase your Personal Data if you think we no longer need to use it for the purpose we collected it from you. You can also ask for such erasure in any case in which the process of your data was based on your consent, or where we have used it unlawfully, or where we are subject to a legal obligation to erase your Personal Data. Any request for such erasure will be subject to our obligations under the law (e.g., our obligation to keep some records for tax or customs purposes);
right to restrict our use in your Personal Data – you can ask us to restrict our use of your Personal Data in certain circumstances;
right to object to how we use your Personal Data – you can object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information;
you can always require us to refrain from using your data for direct marketing purposes;
you can ask us to transfer your information to another organization or provide you with a copy of your Personal Data (Portability Right);

We may not always be able to do what you have asked us to. Also, not all those rights apply in every jurisdiction. Yet, we encourage you to contact us with any such request, and we will be happy to assist you.

In addition, you have the right to lodge a complaint at any time before the relevant supervisory authority for data protection issues. However, we will appreciate the chance to deal with your concerns before you approach the authorities, so please feel free to contact us in the first instance.

Though those rights principally apply under the GDPR towards EU residents, similar rights may apply in other jurisdictions, to some extent, in accordance with the relevant jurisdiction. Thus, if you are not an EU resident but still have any such request, we encourage you to contact us with any such inquiry and we will do our best to assist you, in accordance with the applicable law and our legitimate and lawful interests.

Data Retention

Unless you instruct us otherwise and subject to applicable laws, we retain the data we collect from you for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. We may keep some of your Personal Data for more extended periods to protect our legal interests or under any safety or other legal requirements.

Security & Data Transfer

We take great care in implementing physical, technical, and administrative security measures that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost. You need to remember, however, that unfortunately, the transmission of information via the internet cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the full security of data transmitted via our website, and any transmission of your data shall be done at your own risk.

Further, in the event of a security incident, in which we discover your Personal Data may be at risk, we will take reasonable efforts to notify you and the applicable authority (if required, subject to applicable laws).

If you believe that your privacy was treated not in accordance with this Privacy Policy, or you have reasonable concern with that any person attempted to abuse our Service, please contact us at: info@ibex-ai.com.

Also note that, as we may use third party service providers and our website uses third party cookies as described above, your Personal Data might be processed in other territories outside your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer, in accordance with applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred in accordance with the provisions of the standard contractual clauses approved by the European Union.

You may exercise your rights, where applicable, to receive information on such a transfer mechanism.

Children

Our website is not directed, nor is it intended for use by children (the phrase „child“ shall mean an individual that is under the age defined by applicable law, which concerning the European Economic Area (“EEA“) is under the age of 16 and with respect to the U.S.A, under the age of 13) and we do not knowingly process a child’s information. We will discard any information that we receive from a User, Customer or Visitor who is considered a „child“ immediately upon discovering that such a user shared information. Please contact us if you have reason to believe that a child has shared any information with us.