Autoscriber's privacy policy

PRIVACY POLICY

AUTOSCRIBER B.V.

Who are we?

We are Autoscriber B.V. (Autoscriber). Our address is High Tech Campus 6 a, 5656 AE Eindhoven. We are registered with the Chamber of Commerce (Kamer van Koophandel) under number

83055150.

What do we do?

We offer you access to our AI-application that turns the conversation between a physician and a patient into a structured summary. Our application also offers the ability to search, filter and replay the transcript of your conversation, as well as dictate notes outside of the consultation. We call our application Autoscriber App.

What are you reading?

This policy explains: which data we collect, how we use, store and protect it and which privacy rights you can invoke (the Privacy Policy). We may modify this Privacy Policy. If we substantially modify

the Privacy Policy, we shall place a notification on our Website and in our App. In addition, we shall

notify registered users in case of a substantial modification via email. If you are not a registered user, we advise you to consult the Website, App and this Privacy Policy regularly.

Questions?

If you have any questions regarding this Privacy Policy, do not hesitate to contact us by sending an email to support@autoscriber.com.

This Privacy Policy was last modified on September 4, 2023.

1. APPLICABILITY

This Privacy Policy applies to Autoscriber App, our websites www.autoscriber.com and

app.autoscriber.com (the Website) and any other services or products we provide (the Services). Autoscriber App is accessible through our Website under separate Software-as-a-Service Agreements (SaaS). More specifically, the Privacy Policy applies to you as one of the following direct or indirect users:

−Organisations using Autoscriber App, the Website or our Services (the Medical Organisation). Examples are hospitals and GP Practices.

−Individuals using Autoscriber App, the Website or our Services on behalf of the Medical Organisation (the Physician). Examples are doctors, surgeons, nurses, medical interns.

−The patient and, optionally, their companions (the Patient).

2. AUTOSCRIBER’S ROLE

Since Autoscriber is no participant to the conversation between the Physician and its Patients, we have no full insight on all information being actually exchanged during the conversation between the Patient and his Physician. Therefore, we recommend Patients to always contact the relevant Physician or your hospital if you have any specific requests regarding your medical consultation. In addition, please note that we might sometimes refer your request to the Medical Organisation.

3. DATA PROCESSING

We process personal data on the basis of the following grounds which are included in the General Data Protection Regulation (GDPR).

1. consent;
2. execution of an agreement (including the SaaS);
3. legal obligation; and
4. legitimate interest of Autoscriber.

4. DATA STORAGE

Autoscriber stores your personal data only as long as it is necessary to fulfil the purposes mentioned in the Section 3 (Data Processing), and for no longer than permitted under applicable law. More specifically, we apply the following retention periods.

−Account data: the data of Medical Organisations or Physicians required to create an account will be retained for as long as you use the Autoscriber App. After unsubscribing or deleting your account, we maintain your account data for a period up to 2 years, in case you want to reactivate your account.

− Application data: If Autoscriber does not hire you, your information will be deleted within 4 (four) weeks after your application unless otherwise agreed between you and Autoscriber in writing.

− Consent: For purposes based on your consent, data processing ends when you decide to withdraw such consent.

− Aggregated data: In case data is anonymised by Autoscriber, we may retain this data for statistical and analytical purposes.

–Recordings and Other Data: If the Medical Practitioner and the Patient gave Autoscriber consent for the storage of Recordings and Other Data with the purpose to improve the Autoscriber technologies, Autoscriber will retain such Recordings and Other Data for a maximum period of 5 (five) years, unless the Medical Practitioner and or the Patients withdraw their consent earlier.

If you are a Patient, please note that Autoscriber doesn’t have any control about the retention of personal data by the Medical Organisation and the Physician in your electronic patient file or any other form of data retention.

SECTION 4 – DATA PROTECTION

We do our utmost to protect your personal data, by taking technical and organisational security measures to protect your data against manipulation, loss, destruction and access by unauthorised persons. These security measures are constantly improved in line with technological developments.

−Access to the personal data is strictly limited to employees and third party service providers on a ‘need to know’ basis, who have passed a police clearance check (VOG);

−Encryption of personal data in the cloud using customer managed keys;

−Secure network connections with Secure Socket Layer (SSL), or a comparable technology;

−Access to the personal data is secured with a two-factor authentication (2FA);

−Conclusion of Non-disclosure agreements (NDA’s)

SECTION 4 – DATA SHARING

In the cases listed below, Autoscriber shares personal data with third parties.

If the above organisations are regarded as processors under the GDPR, Autoscriber will enter into a data processing agreement with them. Processing of personal data will only take place on

Autoscriber’s instruction and under Autoscriber’s responsibility.

International Transfer

Autoscriber’s services are managed and operated from the Netherlands. We process personal data within the European Economic Area (EEA) to the extent possible, and will only process personal data outside the EEA if we can invoke the safeguards legally required by the GDPR for the transfer of personal data (such as the conclusion of an EU model contract).

The employees of Autoscriber working from South-Africa may internally access the European cloud environment, containing personal data. The employees are provided with access based on the

need-to-know principle, and the personal data shall at all times remain within Autoscriber’s European cloud environment. Providing employees access to personal data is necessary for

Autosriber to conclude agreements with third parties in your interest, as permitted by the GDPR.

SECTION 5 – PRIVACY RIGHTS

Under the GDPR, you have the right to:

−request access to your Personal Data;

−request us to correct, limit or delete your personal data;

−request a copy of your personal data. We can provide this copy to third parties at your request;

−object to the processing of your personal data by contacting us;

−file a complaint directly with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) about the way we process personal data;

−revoke your consent to the processing of your personal data;

SECTION 6 – COOKIES

A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.

We use cookies to improve the user experience on our Website. Moreover, cookies ensure that our Website and App work faster, that you can visit our Website and App safely and that we can track and solve errors on our Website and App.

You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website or App. However, please note that without cookies, our Website and App may not function as well as it should.