Autoscriber's privacy policy



PRIVACY POLICY

AUTOSCRIBER B.V.


Who are we?


We are Autoscriber B.V. (Autoscriber). Our address is High Tech Campus 6 a, 5656 AE Eindhoven. We are registered with the Chamber of Commerce (Kamer van Koophandel) under number

83055150.


What do we do?


We offer you access to our AI-application that turns the conversation between a physician and a patient into a structured summary. Our application also offers the ability to search, filter and replay the transcript of your conversation, as well as dictate notes outside of the consultation. We call our application Autoscriber App.


What are you reading?


This policy explains: which data we collect, how we use, store and protect it and which privacy rights you can invoke (the Privacy Policy). We may modify this Privacy Policy. If we substantially modify

the Privacy Policy, we shall place a notification on our Website and in our App. In addition, we shall

notify registered users in case of a substantial modification via email. If you are not a registered user, we advise you to consult the Website, App and this Privacy Policy regularly.


Questions?


If you have any questions regarding this Privacy Policy, do not hesitate to contact us by sending an email to support@autoscriber.com.


This Privacy Policy was last modified on September 4, 2023.


  1. APPLICABILITY

This Privacy Policy applies to Autoscriber App, our websites www.autoscriber.com and

app.autoscriber.com (the Website) and any other services or products we provide (the Services). Autoscriber App is accessible through our Website under separate Software-as-a-Service Agreements (SaaS). More specifically, the Privacy Policy applies to you as one of the following direct or indirect users:

−Organisations using Autoscriber App, the Website or our Services (the Medical Organisation). Examples are hospitals and GP Practices.

−Individuals using Autoscriber App, the Website or our Services on behalf of the Medical Organisation (the Physician). Examples are doctors, surgeons, nurses, medical interns.

−The patient and, optionally, their companions (the Patient).



  1. AUTOSCRIBER’S ROLE

Since Autoscriber is no participant to the conversation between the Physician and its Patients, we have no full insight on all information being actually exchanged during the conversation between the Patient and his Physician. Therefore, we recommend Patients to always contact the relevant Physician or your hospital if you have any specific requests regarding your medical consultation. In addition, please note that we might sometimes refer your request to the Medical Organisation.


  1. DATA PROCESSING

We process personal data on the basis of the following grounds which are included in the General Data Protection Regulation (GDPR).

    1. consent;
    2. execution of an agreement (including the SaaS);
    3. legal obligation; and
    4. legitimate interest of Autoscriber.

OVERVIEW OF DATA PROCESSING

Account creation

Ground 2

To create an account, the Medical Organisation and/or Physician must provide (i) its contact information: name of the organisation, first name, last name, phone number, location, job title and email address, (ii) username, and (iii) password.

Get in touch

Ground 4

When you fill in the digital contact form you must enter your name, email address, phone number and request description. We only process this data in order to provide you with the requested information.

Payment

Ground 2

For the payment of the fees relating to the use of Autoscriber App, the

Medical Organisation must provide its payment details: payment method and financial data, such as credit card and/or bank account information.


IP Address

Ground 4

Upon each visit to the Website your (fixed our temporary) IP address is detected. We process these data for technical and functional management in order to ensure our Website is easy to use.

Job Application

Ground 1 or 4

If you apply for a job at Autoscriber, we may use the following data to

process your application: name, address, age or date of birth, gender, e-mail address, telephone number and résumé.

Communication

Ground 2

We may use the contact information of the Medical Organisation or Physician to send information messages necessary for the use of Autoscriber App, excluding marketing communications.

Performance of SaaS

Ground 2 (Medical Organisation)

we may process the following (special) categories of personal data to

comply with our obligations regarding the provision of SaaS: the recordings of the conversations between the Physician and the Patient (the

Recordings) and any other personal data entered into Autoscriber App by the Physician in relation to the Patient (Other Data). These Recordings and Other Data contain (sensitive) personal data, such as: date of birth, address, contact information, complaints, diagnoses, medication use, allergies, height, weight, medical history, blood group.


The Medical Organisation is at all times responsible for the Recordings and Other Data that is processed using Autoscriber App. The Medical Organisation determines i) what data is stored and/or processed in the log files; ii) what grounds apply to the processing; and iii) how long the data is kept.

Product

Improvement

Ground 1

Autoscriber may store the Recordings and Other Data to improve

Autoscriber’s Technologies in the future. For this purpose Autoscriber needs the explicit consent of the Medical Practitioner, the Patient and their

companions. If the Medical Practitioner or the Patient(s) or, if applicable, a companion do not give their consent for the processing of the Recordings and Other Data by Autoscriber to improve Autoscriber’s Technologies,

Autoscriber will not store the Recordings and Other Data for this purpose.

Data Aggregation

Ground 4

In order to minimise the processing of personal data, we may aggregate or encrypt personal data to create anonymous data that cannot subsequently be traced back to a natural person.

Legal Compliance

Ground 3

In order to comply with applicable law, Autoscriber may be required to process personal data for purposes other than those set out in this Privacy Policy, for example for law enforcement and in case of a court order.

Fraud Detection

Ground 3 or 4

We process personal data for fraud detection and to prevent fraud and abuse. If Autoscriber has a reasonable suspicion of, or determines that there has been, any fraud, scam or criminal activity attributable to you, personal data will be processed in order to prevent you from using Autoscriber App

or the Website in the future.

Customer Service

Ground 1 or 4

We may collect and share personal data to provide (international) customer service for the Medical Organisation and Physician. For example, we may

collect (telephone) requests received by the Autoscriber service centre and the related responses, together with the other contact details. This way we can better respond to enquiries.

Marketing

Ground 1 or 4

We may use the contact information of the Medical Organisation and/or Physician for marketing communications (such as newsletters), to the extent permitted by law. We will always provide you with the option to

unsubscribe from our newsletter and will never provide our subscribers file to third parties, unless with your explicit consent.


  1. DATA STORAGE

Autoscriber stores your personal data only as long as it is necessary to fulfil the purposes mentioned in the Section 3 (Data Processing), and for no longer than permitted under applicable law. More specifically, we apply the following retention periods.

Account data: the data of Medical Organisations or Physicians required to create an account will be retained for as long as you use the Autoscriber App. After unsubscribing or deleting your account, we maintain your account data for a period up to 2 years, in case you want to reactivate your account.

Application data: If Autoscriber does not hire you, your information will be deleted within 4 (four) weeks after your application unless otherwise agreed between you and Autoscriber in writing.

Consent: For purposes based on your consent, data processing ends when you decide to withdraw such consent.

Aggregated data: In case data is anonymised by Autoscriber, we may retain this data for statistical and analytical purposes.

–Recordings and Other Data: If the Medical Practitioner and the Patient gave Autoscriber consent for the storage of Recordings and Other Data with the purpose to improve the Autoscriber technologies, Autoscriber will retain such Recordings and Other Data for a maximum period of 5 (five) years, unless the Medical Practitioner and or the Patients withdraw their consent earlier.


If you are a Patient, please note that Autoscriber doesn’t have any control about the retention of personal data by the Medical Organisation and the Physician in your electronic patient file or any other form of data retention.


SECTION 4 – DATA PROTECTION


We do our utmost to protect your personal data, by taking technical and organisational security measures to protect your data against manipulation, loss, destruction and access by unauthorised persons. These security measures are constantly improved in line with technological developments.

−Access to the personal data is strictly limited to employees and third party service providers on a ‘need to know’ basis, who have passed a police clearance check (VOG);

−Encryption of personal data in the cloud using customer managed keys;

−Secure network connections with Secure Socket Layer (SSL), or a comparable technology;

−Access to the personal data is secured with a two-factor authentication (2FA);

−Conclusion of Non-disclosure agreements (NDA’s)


SECTION 4 – DATA SHARING


In the cases listed below, Autoscriber shares personal data with third parties.


OVERVIEW OF THIRD PARTIES

Service Providers

Ground 2 or 4

Autoscriber may share personal data with the following categories of service providers, who contribute to Autoscriber App: hosting, data analysis and storage, payment processing, information technology and related infrastructure, customer service, product design, product diagnostics, email delivery, credit card processing, auditing, and marketing. Autoscriber only shares personal data with service providers that provide sufficient

safeguards to protect personal data.

Competent Authorities Ground 4

Autoscriber discloses personal data to law enforcement authorities and

other public authorities to the extent required by law or strictly necessary for the prevention, detection or prosecution of criminal offences and fraud.


Transfer

Ground 4

We may transfer personal data to third parties in the event that Autoscriber is subject to a merger, acquisition, reorganisation, sale of business units or bankruptcy. In this case Autoscriber will ask for your prior consent, if this is required under applicable law.

If the above organisations are regarded as processors under the GDPR, Autoscriber will enter into a data processing agreement with them. Processing of personal data will only take place on

Autoscriber’s instruction and under Autoscriber’s responsibility.


International Transfer


Autoscriber’s services are managed and operated from the Netherlands. We process personal data within the European Economic Area (EEA) to the extent possible, and will only process personal data outside the EEA if we can invoke the safeguards legally required by the GDPR for the transfer of personal data (such as the conclusion of an EU model contract).

The employees of Autoscriber working from South-Africa may internally access the European cloud environment, containing personal data. The employees are provided with access based on the

need-to-know principle, and the personal data shall at all times remain within Autoscriber’s European cloud environment. Providing employees access to personal data is necessary for

Autosriber to conclude agreements with third parties in your interest, as permitted by the GDPR.


SECTION 5 – PRIVACY RIGHTS


Under the GDPR, you have the right to:


−request access to your Personal Data;

−request us to correct, limit or delete your personal data;

−request a copy of your personal data. We can provide this copy to third parties at your request;

−object to the processing of your personal data by contacting us;

−file a complaint directly with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) about the way we process personal data;

−revoke your consent to the processing of your personal data;


SECTION 6 – COOKIES


A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.

We use cookies to improve the user experience on our Website. Moreover, cookies ensure that our Website and App work faster, that you can visit our Website and App safely and that we can track and solve errors on our Website and App.


You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website or App. However, please note that without cookies, our Website and App may not function as well as it should.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us