Last updated: December 26, 2023
- A data subject may be one or more of the following: (i) a healthcare professional user (HCP) seeking to support a medical decision or diagnosis with medical research (“HCP”), (ii) a patient of an HCP user, whether submitting Personal Data directly or that such data is submitted about them (“Patient”); (iv) A visitor of the web App or Site (“Visitor”).
2. Preliminary Notes
- Not for minors. If you are under the age of 16, do not use the Services, unless your parent or legal guardian is doing so on your behalf.
- Data Controller. With respect to Visitors Users, Kahun acts as a Data Controller. Otherwise, Kahun acts as a data processor and follows the instructions for data processors, as the case may be.
- Your Personal Data. You are not required by law to provide us with Personal Data and you do so voluntarily at your free will. You can always avoid providing us with certain Personal Information, however, you acknowledge that it may prevent us from providing you with certain Services, or, may result in ineffective usage of Services. We sometimes process Personal Data about data subjects that were not provided to us by them, for example, when an HCP User, submits Personal Data about their patients or a case study; in such cases, we require the HCP to hold a legal basis for the processing of such Personal Data.
- Beta Versions. Some portions of functions of the Services may be provided as a Beta, which means it is a pre-release version intended for testing purposes. When a Service or any part thereof is marked as “Beta”, you may encounter bugs, errors, or other issues that could affect functionality. We do not guarantee the accuracy, completeness, or reliability of the information or features within beta versions. Changes and updates may occur frequently, impacting your experience. While we take precautions to safeguard your data, as with any beta version, there may be potential security risks. Avoid using sensitive or confidential information during this testing phase.
3. Your Consent
- Certain information we may collect, such as general usage information, device information, analytics, statistics, or any other data that enables us to provide the Services and monitor against fraud, is collected as part of our legitimate interest. You can find a further explanation below, under the “Legal Basis” section.
- Personal information about third parties and respective consent:
a. When you use certain functionalities of the Services, you may end up submitting the Personal Information of others. When doing so, you acknowledge and agree that such third-party information is submitted based on their lawful consent, contract or any other lawful basis applicable to your jurisdiction and/or profession, as the context may be.
b. You hereby undertake to not submit or otherwise transmit to us any Personal Information, including Personal Health Information (PHI), unless you have a documented lawful basis to do so. We reserved the right (however not obliged), to request that you demonstrate to us any such consent.
4. Information we collect
- The Personal Information we may process originates from one or more of the following sources: (i) Information you actively provide to us, including by way of contacting us or interacting with our Services; (ii) Information automatically accessed or collected while you use our Services or while you browse the Website, such as cookies and tags that are required for their functionality; (iii) Information submitted about your conditions by a User of the Services, based on your consent to them.
- When you use the Website (Visitors)
a. Extracting analytics and statistical information about the visits to our Website.
b. Preventing and protecting against spam or fraud, including attempts to overload or attack our Services, as part of our legitimate interest.
c. Necessary cookies are used as part of our legitimate interest and for purposes of the Website’s functionality.
d. In certain cases, and upon your explicit consent (if you are an EU/EEA or UK resident), third-party cookies and tags will be used for purposes of marketing our Services.
We retain online identifiers for as long as required to achieve each of these purposes or until deleted by you via your browser’s settings. Cookies’ expiry dates are varied as a dependency of the type and purpose and can be found in our cookies policy.
We also retain this information for purposes of quality validation and assurance, for example, when we seek to validate the credibility or consistency of output over time.
- When you sign-up and/or use the Services as an HCP User: in addition to the Personal Information processed about Visitors, the following will be further processed about the usage of HCP.
When you use the App to support a diagnosis or other medical decision you make, you may submit Personal Data about third-party patients (actual, prospective or hypothetical). In this case, the information will be similar in nature and type to what is detailed under “Patient Information” below and shall be reflected by you to such third-party data subjects.
We explicitly ask you to not submit to the Services any Personally Identifiable Information. If you submit a free text and include information of such a nature, you are doing so at your sole risk and responsibility.
Such information will be processed as a general text input.
- Patient and/or Third Parties
in addition to the Personal Information processed about Visitors, the following may be processed about third parties whose Personal Data may be submitted by Users:
5. Using cookies and similar web technologies
6. Our legal basis for processing Personal Information
- Legitimate Interest:
- For our legitimate interest when processing is required to provide our Services, to make the functional and compatible with your device, to maintain and improve our Services, for quality assurance of the Services, including to maintain our technology’s longevity, accuracy and validity, to learn about usages, to develop new services and features and to customize the Services overtime as per the categories and types of Users.
- For our legitimate interest to protect our Services and to safeguard any access to or use of the Services. This means that we process your information for purposes of detecting, preventing, or otherwise addressing fraud, abuse, security, safety, usability, functionality or technical issues with our Services, protecting against harm to the rights, property or safety of our online properties, our Users, or the public as required or permitted by law.
- For our learning purposes of how Users prefer to use the Services and what are the features that better serve them, to test system output and compare them for quality purposes.
- We process certain information such as cookies and other online technologies for our legitimate interests while applying appropriate safeguards that protect your privacy.
- Contract: if you partner with us on a business-to-business level, or otherwise engage in a contract with us, we will process Personal Information to prepare for a contract, propose a business offering, or fulfilling a contractual obligation with the organization you represent.
7. Purpose for processing Personal Information
In addition to the purposes described next to each data category, we may use information that we collect about you for the following purposes:
- To provide, operate and improve our Services and manage our operation;
- To generate analysis and insights for our Users and to better understand how they use our Services;
- To send you updates, notices, notifications, announcements, and additional information related to the Services;
- To be able to manage your account and provide you with customer support;
- To create cumulative statistical data and other cumulative information that is non-personal, which we and/or our business partners might make use of in order to operate and improve our Services;
- To perform functions or services as otherwise described to you at the time of collection;
- To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities;
- To comply with any applicable rule or regulation and/or respond to or defend against legal proceedings brought against us or our affiliates.
Any information you submit to us via the Services is used respectively for the purposes indicated in the relevant form or webpage.
8. Sharing information with third parties
We keep the information processed by us in strict confidence and only share your information with third parties in very limited circumstances and for very specific purposes, as described below:
- We are partnering with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting, database and server co-location services (e.g., Amazon (AWS)), AI-Language Models (AILM) or Large Language Models (LLM), such as OpenAI (which Privacy Commitments are available at https://openai.com/enterprise-privacy#our-commitments), data analytics services (e.g. Google Analytics) and session replay records for analytic purposes such as crashes, functionality and usability (e.g. MixPanel) and our business, legal and financial advisors (collectively, “Third Party Service Providers”).
Such Third Party Service Providers may receive or otherwise have access to certain Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing the Services, and may only use your Personal Information for such purposes. Disclosures of Personal Information are subject to the respective third party’s undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us provide you with the Services.
- Our auditors, consultants, investors, and contractors with whom we may share samples of Personal Data on a need-to-know basis only and under strict confidentiality obligations.
- Law enforcement, legal proceedings, and as authorized by law: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
- Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our company, any of our Users, or any members of the general public.
- Change of control: In the event that Kahun is acquired by or merged with a third-party entity, we reserve the right to transfer or assign the information we collected as part of such merger, acquisition, sale, or other change of control.
- In the unlikely event of a bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your information is treated, transferred, or used.
- Tests, research and validation partners. From time to time we may collaborate with selected third-party partners for purposes of (i) research, testing and/or validation of our Services, or, the output they provide, or, (ii) for purposes of helping other products improve by using our technology and Services. An example may be using LLM (Large Language Modeling) technologies, which may process Personal Information on our behalf for the purpose of generating responses that are tested and validated by our Services. Such technologies do not store or retain any personal information provided during the conversation, and may only retain Personal Information for 30 days for fraud monitoring purposes.
For the avoidance of doubt, we may share your Personal Information in additional manners, pursuant to your consent, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-Personal (including anonymized, statistical or aggregated) Information at our sole discretion and without the need for further approval.
9. Where we store your Personal Information
- Your information will be maintained, processed and stored by us and our authorized affiliates (if applicable) in secure cloud storage, provided by our Third Party Service Providers based in the United States.
10. Data retention and security
- As a matter of principle, we retain Personal Data for no longer than necessary to achieve the purpose for which it was collected. Further, when feasible, we process Personal Data on a temporary basis. The Personal Data we process to provide, maintain, and develop the Services, is not attributed, connected or associated with any identified individual, to ensure their privacy protection.
- We retain the Personal Information we collect or receive from you only for as long as your registered account exists in our system and as needed to provide you with the Services and as otherwise necessary to comply with applicable laws and regulations. If you withdraw your consent to us processing your Personal Information, including by deleting your account, we will delete your Personal Information from our systems, except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceeding brought against us or our affiliates.
- We take great care in implementing and maintaining the security of the Services and of your Personal Information. We employ industry standard procedures and policies to ensure the safety of your information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. However, we do not and cannot guarantee that unauthorized access will never occur and reiterate that no measure can provide absolute information security.
11. Your privacy rights
- The following rights apply to certain individuals, depending on their country of residence:
- Right to know: You have a right to know (also called, right to access) Personal Data held about you. Your right of access may normally be exercised free of charge; however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law.
- Right to rectify: You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading.
- Right to be forgotten: You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise, or defense of legal claims.
- Right to object: You have the right to object, to or to request restriction, of the processing. Please note, given the nature of the Services and structure of the technology, the capability to exercise this right may be inherently limited. In which case your only remedy will be be to cease your usage of the Services.
- Right to data portability: You have the right to data portability in certain contexts. This means, that in case we indeed retain Personal Data about you, you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller.
- Right to withdraw consent: You have the right to withdraw your consent at any time, in circumstances where such consent was given by you. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular, if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
- You can exercise your rights by contacting us at email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly according to applicable law or inform you if we require further information to fulfill your request.
Verification: When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all according to applicable law.
12. Minors and third-party information provided by you
- To access or use the Services, you must be over the age of sixteen (16), and in any case, not underage according to the legislation in your country of residence. Kahun does not knowingly process Personal Information from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.
- If it comes to our attention that a person under the age of sixteen (16) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.
- If you are submitting to the Services any Personal Information relating to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share the Non-personal Information and/or Personal Information and/or any other form of sensitive information, on the minor’s behalf.
15. Have any questions?