ENTITYMED PRIVACY POLICY
Last revised: 01/03/2024
EntityMed Ltd. (“EntityMed”, “our”, “we” or “us”) offers to its customers (each, a “Customer”) a demonstration tool endeavor to predict the results of certain potential aesthetic procedures via a SaaS web application, accessible through your mobile device or desktop (the “EntityMed App”). In addition, our Website locatedat www.entitymed.com offers its visitors (respectively “Site” and “Visitors”), information on our company, technology, and information concerning our EntityMed App, as well as demos and trials of our EntityMed App (if such are made available). The Site together with the EmtityMed App and related services, except if specifically designated otherwise, shall be referred to herein as the “Services”.
EntityMed respects the privacy of our Customer(s) and the privacy of our Customer’s patients’ who are the end-user(s) of our Services (“User”, “You” or “Your”).This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use or access our, the ways in which we may use such information, and the choices and rights available to you. This Privacy Policy supplements and shall be read in conjunction with our Terms of Use [https://entitymed.com/legal] (the “Terms of Use”), and may be supplemented by additional privacy statements, terms, or notices provided to you (collectively, the “Terms”). Capitalized terms that are not defined herein, shall have the meaning ascribed to them in our Terms of Use.
YOUR CONSENT
PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND/OR USING THE SERVICES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.
Please note: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us with Personal Information as described in this Privacy Policy at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.
TO THE EXTENT THAT CUSTOMER IS PROVIDING US WITH ANY PERSONAL INFORMATION (AS DEFINED BELOW) RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY, INCLUDING INFORMATION RELATED TO ANY OF ITS PERSONNEL, COLLEAGUES, OR PATIENTS (I.E., USER(S)), CUSTOMER HEREBY REPRESENT THAT HE IS SOLELY RESPONSIBLE TO RECEIVE, AND UNDERTAKE THAT IT SHALL OBTAIN AT ALL TIMES, THE CONSENT, AUTHORITY, PERMISSION, AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW ENTITYMED TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AS DETAILED HEREIN.
- WHAT TYPES OF INFORMATION DO WE COLLECT?
We divide the information we may access and collect into two categories: Personal Information and Non-Personal Information. In this section, we describe each of the three categories of information that we may collect, and in the following section, we describe the circumstances under which such collection is performed.
- Non-Personal Information, means information that may be made available to us, or collected automatically via your use of the Services, that does not enable us to identify the person from whom it was collected, or to whom such data pertains. Non-Personal Information usually consists of either technical, analytical, or aggregated information that is not linked to a specific individual;
- Personally Identifiable Information (PII) or Personal Information, means information that pertains to or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information we have access to. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, face image an identification number, a persistent cookie identifier, etc., i.e. an identifier that does not expire at the end of your session in our Services. Personal Information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person;
We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of this Privacy Policy.
TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON WHICH IS NOT YOU, INCLUDING ANY CUSTOMER’S PERSONNEL, YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENT THAT YOU HAVE AND UNDERTAKE THAT YOU SHALL HAVE AT ALL TIMES, MAINTAINED AND RECEIVED, THE CONSENT, AUTHORITY, PERMISSION, AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW ENTITYMED TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AS DETAILED HEREIN.
- HOW DO YOU COLLECT INFORMATION FROM ME?
- We collect information through your use of the Services. In other words, we are aware of your usage of the Services and may gather, collect and record the information relating to such usage, including by using “cookies” and other tracking technologies, as further detailed below.
- We collect information which you provide us voluntarily. For example, we collect Personal information which you voluntarily provide us when you request to use the Services (i.e., photo of your face) and/or receive communications from us or when you contact us directly via the Services.
- In addition, we may publish open positions at EntityMed via our Services or social media such as LinkedIn and others. In connection with such opportunities, we collect information that is voluntarily provided to us by the job candidates (“Candidates”) when they apply to any of the open positions published by us, by e-mail, via the Services or otherwise, and only as necessary for the recruitment process, as further detailed in below.
- WHY DO YOU COLLECT AND PROCESS MY INFORMATION?
- To provide and operate our Services.
- In order to anonymize it and then after it has been anonymized and cannot be used to identify you, to create cumulative statistical data and other cumulative information that is non-personal, with which we and/or our business partners might make use in order to operate and improve our Services and offer related products.
- Be able to contact Users who requested such contact to be made, for the purpose of providing them with further information on EntityMed and its Services;
- To prevent, detect, mitigate, and investigate fraud, security breaches, or other potentially prohibited or illegal activities;
- To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
- To act upon and comply with requests you may make pursuant to this Privacy Policy and the privacy laws that apply to you.
- WHAT ARE YOUR LEGAL GROUNDS FOR COLLECTING MY PERSONAL INFORMATION?
- With your consent: We ask for your agreement to process your information for the specific purposes stated herein and you have the right to withdraw your consent at any time. For example, we ask for your consent to obtained and process your information (which may contain Personal Information) to the Services.
- Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality, or technical issues with our Services; protecting against harm to the rights, property, or safety of our Services, our Users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfill our obligations under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request.
- WHO DO YOU SHARE MY INFORMATION WITH AND WHY?
We may share information with third parties (or otherwise allow them access to it) only in the following manners and instances:
- Internally and for the provision of the Services – We may share information with our Customers (solely to the extent you receive the Services directly from our Customer), employees, for the purposes described in this Privacy Policy. In addition, should EntityMed or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such a change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, through a prominent notice on our Services.
- Protecting Our Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms of Use https://entitymed.com/legal., including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security, or technical issues; or otherwise, if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.
- Third Parties & Business Partners – We may share your information with a number of selected service providers, whose services and solutions are required or otherwise facilitate achievement of the purposes of processing set forth above. These third parties serve in facilitating and enhancing our Services, namely, among others, to allow cloud hosting services (e.g. Google firebase). Our third-party Services providers act as our sub-processors and may only process your information according to our instructions (which are given in accordance with the terms hereof). We remain responsible for any processing of your information done by such third-party service providers on our behalf not in accordance with the terms hereof, except for events outside of such service providers’ reasonable control.
- Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
For the avoidance of doubt, we may share anonymized or de-identified information with any other third party, at our sole discretion.
- WHERE DO YOU TRANSFER OR STORE MY INFORMATION?
Your information may be transferred to, maintained, processed, and stored by us and our authorized affiliates and service providers in the U.S. Europe and Israel. Please note that Israeli and/or U.S. data and privacy laws may not be as comprehensive as those in your country of residence. Residents of certain countries may be subject to additional protections, as set forth below.
GDPR (EEA Users): This section applies only to natural persons residing in the European Economic Area (for the purpose of this section only, "you" or "your" shall be limited accordingly). It is EntityMed's policy to comply with the EEA's General Data Protection Regulation (“GDPR”). In accordance with the GDPR, we may transfer your Personal Information from your home country to Israel, the U.S., and/or other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such transfer if we ensured that at least one of the following applies:
- The country to which Personal Information has been transferred has been determined by the EU Commission to be a country providing adequate protection to the privacy rights of EU residents.
- Application of Standard Contractual Clauses (also known as "Model Clauses") where appropriate.
6.1
Server Location and SecurityYour personal data is stored on servers located in the United States. We understand the importance of keeping your information secure and we have implemented measures to ensure that your data is protected. Our server security systems adhere to standards at least as strong as those required in the European Union to safeguard your personal information. By using our services, you acknowledge that your data may be transferred to and stored on servers located outside of your jurisdiction, including the United States. Rest assured, we take the necessary steps to protect your data and maintain its confidentiality, integrity, and availability.
- WHAT ARE MY RIGHTS?
If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out herein. Those rights may include, but are not limited to, the following:
- Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
- Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will correct it as soon as we can.
- Data deletion. In some circumstances, you have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized.
- Data portability. In some circumstances, you may have the right to request that data that you have provided to us is provided to you, so you can transfer this to another data controller.
- Restriction of processing. In some cases, you may have the right to request a restriction of the processing of your Personal Information, such as when you are disputing the accuracy of your information held by us.
California Privacy Rights: See our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures, if any.
- DO YOU USE COOKIES OR SIMILAR TRACKING TECHNOLOGIES?
We use certain monitoring and tracking technologies, including ones offered by third-party service providers. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our users. For example, these technologies enable us to: (i) keep track of our Users’ preferences and authenticated sessions, (ii) secure our Services by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Services, and (iv) create and monitor analytics.
8.1
Cookies TypesFirst-party cookies: As the name implies, first-party cookies are put on your device directly by the website you are visiting.
Third-party cookies: These are the cookies that are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytic system.
Session cookies: These cookies are temporary and expire once you close your browser (or once your session ends).
Persistent cookies: This category encompasses all cookies that remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. According to the ePrivacy Directive, they should not last longer than 12 months, but in practice, they could remain on your device much longer if you do not take action.
- HOW DO YOU KEEP MY INFORMATION SECURE?
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We limit access to your information only to those employees, third-party service providers, or partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us.
Despite these measures, EntityMed cannot provide absolute information security or eliminate all risks associated with Personal Information, and security breaches may happen. If there are any questions about security, please contact us at contact@entitymed.com.
- HOW LONG WILL YOU RETAIN MY INFORMATION?
We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing of your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).
- HOW DO YOU PROTECT THE PRIVACY OF CHILDREN?
To use our Services, Users must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from individuals under the age of eighteen and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of eighteen are not using the Services. If you believe that we might have any information from or about an individual under the age of eighteen, please contact us at contact@entitymed.com.
- HOW DO YOU USE THE INFORMATION OF JOB CANDIDATES?
We welcome qualified candidates to apply to any of the open positions posted at our Services by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keeping Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing).
Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider candidates for other suitable positions and opportunities at EntityMed; so we could use the Candidate Information as a reference for future applications, and in case the candidate is hired, for additional employment and business purposes related to their employment with us.
If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at contact@entitymed.com.
- UPDATES TO THIS PRIVACY POLICY
This Privacy Policy is subject to changes from time to time, at our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. By continuing to access and use our Services after any updates become effective, you accept and agree to be bound by the updated Privacy Policy.
- GENERAL INFORMATION
This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of California, without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in San Francisco, California.
This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.
- HOW CAN I CONTACT YOU?
If you wish to exercise any of the aforementioned rights or receive more information, please contact us using the details provided below:
- CONTACT US
If you wish to exercise any of the aforementioned rights or receive more information, please contact us using the details provided below:
EntityMed Ltd.,
Email: contact@entitymed.com
Address: 9 Hamenofim St, Herzliya, Israel