472

DATA PRIVACY FRAMEWORK NOTICE

Effective: July 3, 2023

Aidoc Inc. (“Aidoc”, “We” or “Our”) has certified with the EU-U.S. DPF and the Swiss-U.S. DPF with respect to the Personal Data (defined below) that We receive from the Customers (defined below) or from Aidoc Medical Ltd. (“Aidoc Medical”).

Aidoc complies with the principles of the EU-U.S. DPF and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred to the United States. Aidoc has certified to the Department of Commerce that it adheres to the DPF Principles and Our DPF certification, when approved, will be available here.

If there is any conflict between the terms in this DPF Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/s/

1. DEFINITIONS

Customer(s) means prospective, current, or former customers, or clients of Aidoc and/or Aidoc Medical.

Employee(s) means prospective, current and former employees and job applicants of Aidoc and/or Aidoc Medical who is located in EU.

Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. SCOPE.

Aidoc‘s participation in the DPF applies to the Personal Data subject to EU and Swiss data protection law that (i) Aidoc receives from Aidoc Medical and/or (ii) Aidoc collects and/or Processes on behalf of Aidoc Medical.

3. PURPOSES OF DATA PROCESSING.

Non-HR data

Aidoc provides radiology analysis services to its customers using Artificial intelligence (the Service).

In order to perform the Service, we, Aidoc may use Personal Information for the purpose of providing support and analytics to customers, or to support customers in research. The personal information includes:

  • Pseudonymized radiology scans, reports, and meta-data;
  • Marketing and customer database for contact information;
  • Usage logs and application analytics of Aidoc’s products;

Aidoc will also Process the Personal Data it receives as described in Section 2, for the purposes of offering and/or providing the Service to Customers, to provide support for Customer operations, to provide maintenance (including proactive and preventative actions), to assist in or to perform research, or for administrative purposes. To fulfill these purposes, We may, without limitation, use the Personal Data to contact data subjects, to discuss or execute contracts, to provide the Service, to provide support and maintenance, to correct and address technical or service problems, for marketing purposes, to comply with applicable laws, regulations and orders from public authorities or courts and/or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of- court procedures.

HR data

Aidoc receives information from Aidoc and/or Aidoc Medical concerning Employees. The purposes for which Aidoc collects and uses Employees Personal Data to assess an individual as a candidate, and once you are an Employee for compensation, payroll, and benefit planning and administration (e.g. salary, tax withholding, tax equalization, awards, insurance and pension), workforce development, education, training, performance management, problem resolution (e.g., internal reviews, grievances), internal investigations, auditing, compliance, risk management and security purposes, Employee communications and as required or expressly authorized by laws or regulations applicable to Aidoc’s business or by government agencies that oversee or regulate our business. As an employee of Aidoc, your personal data may be forwarded internally to your managers, other business units or divisions, and any of the various corporate functions. Your Personal Data may also be shared with various third parties and third-party agents in the normal course of business. As an employee of Aidoc and/or Aidoc Medical, you may have rights to access and/or limit disclosures of certain types of personal data. For any questions directly related to this please contact [email protected]

4. ONWARD TRANSFERS OF PERSONAL DATA.

Subject to Section 6 below, We will not transfer Personal Data originating in the EU and/or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. DPF and the Swiss-U.S. DPF and/or applicable law. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. DPF and the Swiss-U.S. DPF, Aidoc is potentially liable. We may transfer Personal Data to processors, service providers, vendors, contractors, partners and agents (collectively “Processors”) who need the information in order to provide services to or perform activities on Our behalf, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, amongst others. In addition, we may disclose or allow government and law enforcement officials access to Personal Data, in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations, and/or if We believe in good faith that this will help protect the rights, property or personal safety of Aidoc, any of our partners, customers (including, their administrators and/or users), or any member of the general public. Lastly, We may share your Personal Data internally within our group of companies, when they have a need to know, and should Aidoc or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition, or purchase of substantially all or part of its assets, Personal Data may be shared with or transferred to the parties involved in such an event.

The abovementioned Processors and the description of the services that they provide and/or the activities that they perform are set out in the table below:

Categories of services
Lead / Marketing data
Hosting of logs / analytics / research data.
Cloud
Identity management and authentication

5. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.

Data subjects have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data We have processed on behalf of one of the Customers or to request that we limit our use or disclosure of your Personal Data, please contact[email protected] and provide your name, contact information and observe the required formalities under applicable law.

6. REQUIREMENT TO DISCLOSE.

Aidoc may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts or public authorities, including to meet national security or law enforcement requirement.

7. DPF INDEPENDENT RECOURSE MECHANISM.

In compliance with the DPF Principles, Aidoc commits to resolve complaints about Our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding Our DPF policy should first contact Aidoc at: [email protected] or by postal mail sent to:

Aidoc, Inc.
Attn: Privacy DPF
1781 E Indigo Dr.
Chandler, AZ 85286

Non-HR Data

Aidoc has further committed to refer unresolved privacy complaints under the EU-U.S. DPF and the Swiss-U.S. DPF Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information and to file a complaint. The services of JAMS are provided at no cost to you.

HR Data

Aidoc has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved DPF complaints concerning human resources data transferred from the EU in the context of the employment relationship. Data Subjects with inquiries or complaints regarding this DPF Notice we recommend first to contact Aidoc at: [email protected].

8. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.

Aidoc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US DPF Principles and the Swiss-U.S. DPF Principles outlined in this notice.

9. ARBITRATION.

Under certain conditions, more fully described on the DPF website (available here), you may also be able to invoke binding arbitration to determine whether a participating organization has violated its obligations under the DPF principles as to that individual and whether any such violation remains fully or partially unremedied (“residual claims”) after you approached us and you used the independent recourse mechanism. The International Centre for Dispute Resolution-American Arbitration Association (“ICDR-AAA”) was selected by the U.S. Department of Commerce to administer arbitrations pursuant to and manage the arbitral fund. Please visit ICDR-AAA’s website for more information.