Privacy Policy

Privacy Policy

Last Revised: August 30, 2021

Introduction

Kahun Medical Ltd. (“Kahun”, “we”, “us” or “our”) respects the privacy of its users (“User(s)”, “your” or “you”), and is committed to protecting your privacy and the personal information that you share with us in connection with the use of the Kahun Medical web and mobile applications (the “App”), and our main website, available at www.kahun.com or any other related website that links to this privacy policy (the “Website” or “Site”, and together with the App, the “Services”).

1. Scope

1.1 This Privacy Policy applies to Personal Data of Users. “Personal Data” or “Personal Information” means any information that can be used by us or others, either alone or together with other data, to uniquely identify you or be associated with you. The Personal Data we may process as part of providing, developing and maintaining the Services process is not attributed, connected or associated with any identified individual, to ensure their privacy protection.

1.2 A User of the App can be one of the following: (i) a healthcare professional seeking to support a medical diagnosis with medical research (“HCP”), when using the HCP version (available at: https://diagnose.kahun.com), or, (ii) a potential patient seeking to generate a summary of their symptoms before visiting their HCP, or to explore possible diagnoses for symptoms they experience (“Patient”), when using the patient version (available at: https://patient.kahun.com). A User of the Website is a visitor who browses or visit any of our Websites that link to this Privacy Policy (“Visitor”).

1.3 This Privacy Policy does not apply to (i) Personal Data processed by us as a data processor, or, (ii) Personal Data related to business partners or any person or entity with which we collaborate on a business-to-business basis, or (iii) information that was anonymized, aggregated in a form that made it non personal, or statistical data.

2. Preliminary Notes

2.1 Not for minors. If you are under the age of 16, do not use the Services, unless your parent or legal guardian are doing so on your behalf.

2.2 Binding Agreement. This Privacy Policy constitutes an integral part of our Terms of Service (“TOS”), and unless explicitly mentioned otherwise in another agreement with you, is part of our legal engagement. 

2.3 Special Jurisdictions and regulations. This Privacy Policy was designed with the Israeli and European data protection regulations in mind (“ILPA” and “GDPR”, respectively), however, given the country of your residency, other rules may apply to your Personal Data. If you are a resident of California, we advise you to additionally refer to this CCPA Privacy Statement.

2.4 Data Controller. With respect to Users who are HCP, Patients or Visitors, Kahun acts as a Data Controller. With respect to third party data, submitted about an individual by a HCP, Kahun acts as a Data Processor. The meaning of Controller and Processors are those given them by the GDPR.

2.5 Data Protection Officer (DPO). If you have any questions or requests regarding the data collected or otherwise processed under this Privacy Policy, including requests regarding your privacy rights or the transfers of Personal Data, please contact our Data Protection Officer (DPO) at: privacy@kahun.com. Please include sufficient details about your inquiry or request, to allow us to verify your request and address it on a timely manner.

2.6 Changes and updates to this Privacy Policy. We reserve the right to modify or update this Privacy Policy at any time, to reflect changes in our Services, data processing practices or to conform to a regulatory requirement. Such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the "Last Updated" heading. If we make material changes to this Privacy Policy, we will make our best efforts to notify you, by email if possible, or by means of a notice on our Website.

2.7 Your Personal Data. You are not required by law to provide us with Personal Data and you do so voluntarily. You can always avoid providing us certain Personal Information, however, you acknowledge that it may prevent us from providing you certain Services, or, may result in an ineffective Services. We sometimes process Personal Data about data subjects that were not provided to us by them, for example, when the User is an HCP, submitting Personal Data about their patients or study cases; in such cases, we require the HCP to hold a legal basis for the processing of such Personal Data. 

3. Your Consent 

3.1 Please read this Privacy Policy before accessing and using the Services. By entering, connecting to, accessing and/or using our Services, you agree to be bound by the terms and conditions set forth in this Privacy Policy, including to the collection and processing of your Personal Information. In certain cases, you will have to provide more prominent consent, for example, by checking a box and acknowledging your informed consent, prior to using any Services. 

3.2 Certain information we may collect, such as general usage information, device information, analytics, statistics, or any other data that enable us to provide the Services, is collected as part of our legitimate interest. You can find further explanation below, under the “Legal Basis” section.

3.3 Third-party information and consent:

  • When you use certain functionalities of the Services, you may end up submitting Personal Information about others. When doing so, you acknowledge and agree that such third party information is submitted on the basis of their lawful consent, contract or any other lawful basis applicable to your jurisdiction and/or profession, as the context may be. 
  • You hereby undertake to not submit or otherwise transmit to us any personal identifiable information of third parties, such as their names, contact information or identification numbers. 
  • If you submit to us any Personal Information pertaining to any third party, you hereby represent and warrant that you do so after receiving all the necessary legal consents or approvals and have the actual authority and legal right to upload, submit, disclose or otherwise share Personal Information of third party.  

3.4 Please note: you are not obligated by law to provide us with any Personal Information. you hereby acknowledge and agree that you are providing us with Personal Information at your own free will, for the purposes described in this Privacy Policy and via the Services.

4. Information we collect

4.1 The Personal Information we may process originates from one or more of the following sources: (i) Information you actively provide to us, including by way of contacting us or interacting with our Services; (ii) Information automatically accessed or collected while you use our Services or while you brows the Website, such as cookies and tags that are required for their functionality; (iii) Information submitted about your conditions by a User of the Services, based on your consent to them. 

  • When you use the Website (Visitors)
Type of Information
How Do We Use It?
Account Information: if you choose to sign-up we will process your email address (also your user name) and your selection of specialty.
We use this data to open an account for you, maintain it and secure the access to it. Additionally, when you choose to use the Services while logged-in, additional functionalities and services may be offered to you, such as record of your previous Cases. We retain Account Information for as long as you maintain your account with us. In certain cases, where required by applicable regulation we may retain for longer period of time, upon your permission.
Online Identifiers: When you use the App as an HCP our system will generate a random identifier that will allow us to attribute your Cases to your account. Additionally, the following Online Identifiers may be processed to operate your use: IP address, functional cookies, user agent.
Online identifiers are used for attribution and protection of your use to your Cases, and for your management of Cases and Account. Functional cookies are used upon your consent (if you are based in the UK or EU), to help you “remember” previous Cases you submitted.
Third Party Information: when you use the App to support a diagnosis or other medical decision you make, you may submit Personal Data about third-party patients (actual, prospective or hypothetical). In which case, the information will be similar in nature and type to what is detailed under “Patient Information” below. In such a case, you will be able to retrieve a summary of symptoms and receive respective input of possible diagnoses.
This information is used to provide the core Services of the App, and retained for as long as necessary to process the Services, and as long as you choose to retain Cases history.
  • When you use the App as a patient (Patient)

in addition to the Personal Information processed about Visitors, the following will be further processed about the usage of Patients:

Type of Information
How Do We Use It?
Data concerning health condition. Such as symptoms and medical condition, submitted by you in an anonymous form.
Demographic (non-identifiable) Information. Due to the relevance of age and gender to an analysis of a Case, we may ask you to submit this information when you use the Services. 
The data is used to provide the Services and provide you with further suggestions that may help you or your HCP to better understand a medical condition and/or diagnosis.

5. Using cookies and similar web technologies

5.1 We may use cookies and similar web technologies to help us with better understanding how you use our Services, including those offered by Third Party Service Providers (as defined below). These technologies are used to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our Users. For example, these technologies enable us to: (i) keep track of and “remember” our Users’ preferences in authenticated sessions, (ii) secure our Services by detecting abnormal behaviours, (iii) identify technical issues and improve the overall performance of our Services, (iv) and create and monitor analytics and usability of the Services.

6. Our legal basis for use of your information

6.1 We collect, process and use your information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds:  With your consent upon accessing and/or registering to the Services. Such consent is made by an affirmative action you require to take, that acknowledges your consent to this Privacy Policy and processing of your Personal Data. You have the right to withdraw your consent at any time. 

6.2 Legitimate Interest:

  • For our legitimate interest when processing is required to provide our Services, to make the functional and compatible with your device, to maintain and improve our Services, to learn from Users’ usages, to develop new services and features and to customize the Services overtime as per the categories and types of Users. 
  • For our legitimate interest to protect our Services and App and to safeguard any access to or use of the Services. This means that we process your information for purposes of detecting, preventing, or otherwise addressing fraud, abuse, security, safety, usability, functionality or technical issues with our Services, protecting against harm to the rights, property or safety of our online properties, our Users, or the public as required or permitted by law;
  • For our learning purposes of how Users prefer to use the Services and what are the features that better serve them.
  • We process certain information such as cookies and other online technologies for our legitimate interests while applying appropriate safeguards that protect your privacy. 

6.3 Legal reasons: If required, to enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulations, guidelines, industry standards, contractual requirements, legal process, subpoena or governmental request, as well as our Terms of Use.

6.4 Contract: if you partner with us on a business-to-business level, or otherwise engage in a contract with us, we will process personal Information to preparing for a contract, proposing a business offering, or fulfilling a contractual obligation with the organization you represent.

7. Purpose for processing your information  

In addition to the purposes described next to each data category, we may use information that we collect about you for the following purposes:

  • To provide, operate and improve our Services and manage our operation;
  • To generate analysis and insights for our Users and to better understand how they use our Services. 
  • To send you updates, notices, notifications, announcements, and additional information related to the Services.
  • To be able to manage your account and provide you with customer support.
  • To create cumulative statistical data and other cumulative information that is non-personal, in which we and/or our business partners might make use of in order to operate and improve our Services.
  • To perform functions or services as otherwise described to you at the time of collection.
  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities.
  • To comply with any applicable rule or regulation and/or respond to or defend against legal proceedings brought against us or our affiliates. 

 

Any information you submit to us via the Services is used respectively to the purposes indicated in the relevant form or webpage. 

8. Sharing information with third parties

We keep the information processed by us in strict confidence and only share your information with third parties in very limited circumstances and for very specific purposes, as described below:

8.1 Third Party Services: We are partnering with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting, database and server co-location services (e.g., Amazon (AWS)), data analytics services (e.g. Google Analytics) and session replay records for analytic purposes such as crashes, functionality and usability (e.g. MixPanel) and our business, legal and financial advisors (collectively, “Third Party Service Providers”). 

Such Third Party Service Providers may receive or otherwise have access to certain of your Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing the Services, and may only use your Personal Information for such purposes. Disclosures of Personal Information is subject to the respective third party’s undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us provide you with the Services. 

8.2 Our auditors, consultants, investors, and contractors with whom we may share samples of Personal Data on a need-to-know basis only and under strict confidentiality obligations.

8.3 Law enforcement, legal proceedings, and as authorized by law: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

8.4 Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our company, any of our Users, or any members of the general public.

8.5 Our Staff: We may share Personal Information internally with our staff at Kahun, for the purposes described in this Privacy Policy. Should we undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Website, App or Services.

8.6 Change of control: In the event that Kahun is acquired by or merged with a third party entity, we reserve the right to transfer or assign the information we collected as part of such merger, acquisition, sale, or other change of control.

8.7 In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your information is treated, transferred, or used.

For the avoidance of doubt, we may share your Personal Information in additional manners, pursuant to your consent, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-Personal (including anonymized, statistical or aggregated) Information in our sole discretion and without the need for further approval.

9. Where we store your personal information

9.1 Your information will be maintained, processed and stored by us and our authorized affiliates (if applicable) in secure cloud storage, provided by our Third Party Service Providers based in the United States.

9.2 While the data protection laws in jurisdictions where the information is physically stored may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf, are each committed to keeping it protected and secured, pursuant to this Privacy Policy, applicable legislation and best industry standards, regardless of any lesser legal requirements that may apply in a particular jurisdiction. You hereby accept the place of storage and the transfer of information as described in this Privacy Policy.

10. Data retention and security

10.1 As a matter of principle, we retain Personal Data for no longer than necessary to achieve the purpose for which it was collected. Further, when feasible, we process Personal Data on a temporary basis. The Personal Data we process to provide, maintain, and develop the Services, is not attributed, connected or associated with any identified individual, to ensure their privacy protection.

10.2 We retain the Personal Information we collect or receive from you only for as long as your registered account exists in our system and as needed in order to provide you with the Services and as otherwise necessary to comply with applicable laws and regulations.  If you withdraw your consent to us processing your Personal Information, including by deleting your account, we will delete your Personal Information from our systems, except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceeding brought against us or our affiliates.

10.3 We take great care in implementing and maintaining the security of the Services and of your Personal Information. We employ industry standard procedures and policies to ensure the safety of your information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. However, we do not and cannot guarantee that unauthorized access will never occur and reiterate that no measure can provide absolute information security

11. Your privacy rights

11.1 The following rights apply to certain individuals, depending on their country of residence:

  • Right to know: You have a right to know (also called, right to access) Personal Data held about you. Your right of access may normally be exercised free of charge; however, we reserve the right to charge an appropriate administrative fee where permitted by applicable law.
  • Right to rectify: You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading.
  • Right to be forgotten: You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise, or defense of legal claims.
  • Right to object: You have the right to object, to or to request restriction, of the processing.
  • Right to data portability: You have the right to data portability in certain contexts. This means, that in case we indeed retain Personal Data about you, you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller.
  • Right to withdraw consent: You have the right to withdraw your consent at any time, in circumstances where such consent was given by you. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular, if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

11.2 You can exercise your rights by contacting us at privacy@kahun.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. 

11.3 Verification: When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.

12. Minors and third-party information provided by you 

12.1 To access or use the Services, you must be over the age of sixteen (16), and in any case, not an underage according to the legislation in your country of residence. Kahun does not knowingly process Personal Information from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services. 

12.2 If it comes to our attention that a person under the age of sixteen (16) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.

12.3 If you are submitting to the Services any Personal Information pertaining to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share the Non-personal Information and/or Personal Information and/or any other form of sensitive information, on the minor’s behalf.  

13. Changes to the Privacy Policy 

The terms of this Privacy Policy will govern the use of the Services and any information collected therein. Kahun reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Policy on the homepage of the Website and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Updated” date and your continued use of the Website after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

14. General

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of Israel, without respect to its criminal law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Tel Aviv, Israel.

This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

15. Have any questions? 

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: privacy@kahun.com and we will make an effort to reply within a reasonable timeframe.