ORAVIZIO PRIVACY POLICY

Controller

Solita Oy (Business ID 1060155-5), Åkerlundinkatu 11, 33100 Tampere, Finland (later “Solita”, “we” or “company”).

Contact person for the register

support@oraviz.io
Tel. +358 (0)29 170 3300

Name of the register

Oravizio customer register

SHORT SUMMARY

To help you understand this privacy policy we have prepared the below summary of some of the most important things. However, please note that this summary does not represent the whole privacy policy, and in case of any discrepancy, the whole document prevails over the summary.

  1. When you use the service, there are certain Personal Data that we receive, collect, and process, in order to provide you with the service.
  2. We are processing all the Personal data in compliance with applicable data protection legislation.
  3. We only process and save minimum amount of Personal Data required to provide you the service, and/or as required by the applicable laws.
  4. When you use the service and enter patient data (such as the birth year, height, weight, sex, the joint to be operated, primary cause, ASA value, diagnoses, information of drugs, and laboratory values), we act as a Data Processor and your organization acts as a Data Controller for such data. Our use of such patient data is subject to Oravizio Terms and Conditions.
  5. We use on-demand cloud computing platform offered by Amazon Web Services (AWS) and all the Personal Data is stored in servers located in the EU.
  6. We might use sub-contractors to provide us a part of the service, and in such a case share the minimum amount of your Personal Data with them (for example: when we need to inform you about a new version of the service, we might use a 3rdparty email delivery service to reach you).
  7. We use the necessary protections and processes to protect your Personal Data.
  8. We do not use any 3rdparty Cookies in our service.

1.  General

Oravizio is a CE marked regulated medical device software service, manufactured by Solita. Oravizio is available at https://tool.oraviz.io.

Solita receives, collects and processes Personal Data of Solita’s customers (later “Customer”) and users of Oravizio. The purpose of this Privacy Policy is to describe how Solita processes Personal Data, what Personal Data Solita collects, how the data is used and to whom the data is disclosed. In addition, we tell you how you can control the processing of your Personal Data. “Personal Data” refers to any information about natural person (later “Data Subject”), which allows a person to be directly or indirectly identified as an individual person, as defined in the EU General Data Protection Regulation (2016/679).

We are dedicated to processing the Personal Data in compliance with the European Union’s General Data Protection Regulation and other applicable privacy laws (together as “data protection legislation”). Solita is committed to being transparent about how it collects and uses Personal Data and to meeting its data protection obligations.

2.  What data is collected, stored and processed?

Solita receives, collects, stores and processes a range of Personal Data about Data Subjects, including:

Categories of Personal Data

Examples of data content 

Necessary information related to customer relationship in order to provide the Oravizio service.

Name of the organization; country; contact person’s name; billing data; preferred language.

Necessary information of the Oravizio user to access the services.

Name of the user; email address; password hash.

Automatically collected information in order to better understand the usage of Oravizio and to improve services.

User IP address and geolocation derived from it; user device operating system, resolution and language; name and version of the user’s browser and language.

Unique statistical information on the usage of Oravizio in order to understand the intensity of the use and to ensure the quality of the services, and the adequacy of resources.

The number and timing of the risk assessments; the number and timing of the user’s sessions; what parameters are used in the risk assessment.

Analyticsused on our website generating third-party web analytics. We use the data collected by the tool to develop our online service.

The information collected by the third-party service provider in our websites.

To the extent patient related data submitted to Oravizio by users of the service contains Personal Data, the Customer acts as data controller under the data protection legislation and we process such Personal Data on behalf of the Customer as data processor. The processing of such patient related data is subject to Oravizio Terms and Conditions.

Personal Data processed by Solita is mainly collected directly from the Data Subjector through our Customer having a direct relationship with the Data Subject (such as employment). In addition, the Personal Data may also be collected automatically when the Data Subject uses the Oravizio service.

While the provision of certain Personal Data is necessary for the use of Oravizio, certain Personal Data may from time to time be provided voluntarily.

3.  Why does Solita process Personal Data?

We process Personal Data of Data Subjects to offer the Oravizio service. In this context, Personal Data may be processed for the following purposes:

  • user registration and delivery of the Oravizio service
  • invoicing (including debt collection), recalls, warranties, customer service, feedback and related communications
  • contacting the Data Subject and to provide information on the service
  • business planning and service development
  • complying with and fulfilling our legal duties and obligations such as tax law and accounting
  • ensuring security of the Oravizio service and preventing abuses
  • ensuring security of our IT environments and protection of data
  • presenting legal claims and/or responding to and defending against legal claims.

We process Personal Data on the following basis:

  • for the purposes of performance of a contract to which the Customer or Data Subject is party or in order to take steps at the request of the Customer or Data Subject prior to entering into a contract,
  • for the purposes of our legitimate interest to inform you about our services, to deliver and maintain our services, ask you for feedback, and to maintain the customer relationship. Where Solita relies on legitimate interests as a reason legal basis for processing Personal Data, it has considered whether or not those interests are overridden by the rights and freedoms of Data Subject’s and has concluded that they are not, or
  • to comply with legal obligations applicable to us (such as medical device regulation, corporate and accounting).

4.  Who has access to data?

The Oravizio service is produced using on-demand cloud computing platform offered by Amazon Web Services (AWS) and all the Personal Data is stored in servers located in the EU.

For the purposes stated in this Privacy Policy, Personal Data may be disclosed, when necessary, to authorities, other companies within the same group of companies as us, our resellers and to other third parties, such as third-party service providers (such as IT vendors, logistics and service companies etc.). In such case, the Personal Data will only be disclosed for purposes defined above. We do not sell or otherwise disclose Personal Data to third parties outside Solita for such third parties’ own purposes.

  • List of the processors and other recipients can be provided upon request.

Transfer outside EU/EEA: 

Personal Data is not transferred outside the European Union and the European Economic Area (“EU/EEA”).

Other transfers:

In addition, we may share the Personal Data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.

Personal Data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Oravizio service as well as to guarantee the safety of Oravizio.

5.  How does Solita protect data?

Personal Data is kept technically protected. Physical access to Personal Data is blocked by access control and other security measures. Access to Personal Data requires adequate rights, as well as multi-stage recognition. Unauthorised access is also prevented by firewalls and other technical protection. Only Solita and designated persons can access the stored data. Solita employees are bound by the confidentiality obligation. The stored data is backed up safely and can be returned as needed. The level of security is audited at recurring intervals by carrying out either an external or internal audit.

6.  For how long is data kept?

Personal Data collected in connection with the Oravizio service shall be retained as long as need for the purposes defined in this Privacy Policy, unless such data is replaced through regular updates or otherwise. Personal Data may be, in whole or partly, retained for longer or shorter period if required by applicable law (such as customer data for accounting and tax law) or if there is some other justified reason for us to retain or delete the Personal Data. In such a case, once the reason to retain the Personal Data ceases to exist, the Data Subject’s Personal Data shall be erased without delay.

  • Detailed retention times can be provided upon request.

We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.

7.  Your rights

As a Data Subject, you have a number of rights under applicable data protection legislation. You can:

  • access the Personal Data processed
  • obtain a copy of your Personal Data on request in a structured, commonly used and machine-readable format insofar as the processing is based on contract, and insofar as you have provided the information to Solita
  • require Solita to change incorrect or incomplete Personal Data
  • require Solita to delete or stop processing your Personal Data, for example where the data is no longer necessary for the purposes of processing. However, please note that certain Personal Data is strictly necessary in order to achieve the purposes defined in this Privacy Policyand may also be required to be retained by applicable laws. Thus, you may not delete such Personal Data.
  • object to the processing of your data where Solita is relying on its legitimate interests as the legal ground for processing. For example,you may object to your Personal Data being used for marketing purposes at any time.
  • ask Solita to restrict processing Personal Data for a period if data is inaccurate or there is a dispute about whether or not your interests override Solita’s legitimate grounds for processing data.

Data Subject may exercise the aforementioned rights by sending a written request tosupport@oraviz.ioor to the Contact person for the register specified first above.

If you believe that Solita has not complied with applicable data protection laws when processing your Personal Data, you can lodge a complaint with a supervisory authority. In Finland, that is the Data Protection Ombudsman.

8.  Cookies

Cookies are small files stored on a user’s computer’s hard disk. Cookies facilitate navigation on our website and increase user friendliness. Our web pages use cookies to remember your choices.

Cookies can also be used to determine whether your computer has previously had access to our site. Only the cookie on your computer will be recognised.

Cookies can be used to determine whether you have visited our website before. This is done by recognising the cookies on your computer. The cookies show from where you came to our website, which of our www-pages you have browsed and when, what browser you are using, the display resolution, operating system and IP address of your computer or what information you send from the internet address. The information will not tell us the name of the user or other Personal Data, and the user cannot be identified by the cookies alone.

If you use our website, you agree to the use and storage of cookies on your computer. Most web browsers automatically accept cookies. As a visitor, you can block cookies by changing your browser settings so that your browser does not allow cookies to be saved. In that case, you agree that, for some services, blocking the use of cookies may affect the functionality of the service.

9.  Other

Solita may make changes to this Privacy Policy at any time by giving a notice on the Oravizio service, website and/or by other applicable means. The Data Subjects are highly recommended to review the Privacy Policy on our website every now and then. If the Data Subject objects to any of the changes to this Privacy Policy, the Data Subject should cease using the Oravizio service, where applicable, and he/she can request that we remove the Personal Data, unless applicable laws require us to retain such Personal Data. Unless stated otherwise, the then-current Privacy Policy applies to all Personal Data we process at the time.

Contact information

If, at any time, you as the Data Subject have questions or concerns about this Privacy Policy, please contact support@oraviz.io or the Contact person for the register specified first above.

This Privacy Policy has been published on June 4th, 2019, version 1.0

Version history

Version number

Change description

Date

Version 1.0

Initial version

June 4th 2019