Privacy Policy

Effective as of January 1, 2018

This privacy policy governs your use of Ediofy, a software application (“Application”) that was created by Ediofy. The Application includes a method for viewing medical cases, a database of medical images, comments and questions, a direct messaging feature, and mechanisms for users to upload images to the database and send direct messages to other users. These features and cases are collectively referred to as "the Services.'

Section 1. What information does the Application obtain and how is it used?

User-Provided Information The Application obtains the information you provide when you download and register for the Application. This includes the following categories of information: Personal User Information, User-Provided Case Information, Optional User-Provided Information and Automatically Collected Information.

Personal User Information

When you register for Ediofy you provide your:

*email address
*username
*password
*specialty (selected from a drop-down menu)
*areas of interest
*verification details.

We store your username, country, and specialty. Your password is cryptographically hashed, and your email address is encrypted.

These information elements are referred to collectively as your “Personal User Information.” We collect and hold this information for the purpose of administering your use of the Application.

You are solely responsible for (1) maintaining the strict confidentiality of your Personal User Information, (2) not allowing another person to use your Personal User Information to access the Services, (3) any and all damages or losses that may be incurred or suffered as a result of any activities that occur under your Personal User Information. You agree to immediately notify Ediofy in writing by email to hello@ediofy.com of any unauthorized use of your Personal User Information or any other breach of security. Ediofy is not and shall not be liable for any harm arising from or relating to the theft of your Personal User Information, your disclosure of your Personal User Information, or the use of your Personal User Information by another person or entity.

User-Provided Case Information

Based on your account status, you may perform the following tasks:

* Upload cases with captions and tags
* Share cases
* Comment on cases
* Answer medical and non-medical questions
* Direct message other users, and
* Create Collections.

(a) Upload cases and captions. We will store your uploaded cases, case captions, case creation dates, number of times the image tag is used, common variations of image tags (such as misspellings), and information on whether the tag appears in searches among other data points. The Application stores only de-identified images, not the original unedited image, which may contain personally identifying features. (See list of identifying features in the Content Policy).

(b) Comment on cases. We will store your comments, the dates of comments, and the username connected to the comments.

(c) "Save" cases. We will store the cases you have "saved" into "Collections," as well as the date they were saved and the username connected to those cases.

(d) Flag cases and comments provided by other users (i.e. to indicate that identifiable information may have been improperly included in a case, caption, or comment). Until or unless the case or comment is deleted, we will store the cases and comments that you flag, the subcategory of the flagged case, the date flagged, and the username referenced to the flagged case or comment.

(e) Communicate with other users by sending and receiving direct messages. When you send or receive direct messages through the Application, we may process or store your messages, phone number, log contact data and other information ("Message Data") in order to deliver the services. All Message Data is subject to the Terms and Conditions. Message Data will be encrypted as the direct message is sent and while the direct message is in transit. Message Data will be encrypted when stored on our servers. We will not access the Message Data, except in connection with delivering the Services. Although we strive to maintain the privacy and security of all Message Data, we cannot guarantee the privacy and security of Message Data and any Message Data that you send is at your own risk.

These informational elements shall be referred to as “User-Provided Case Information.” All User-Provided Case Information that you generate in the Application must comply with local, national, provincial, state, and federal privacy legislation and best practices. Identifying information must be removed from any uploaded cases and should not be included in any captions or comments. The Application is enabled with Ediofy’s proprietary features, such as automatic and manual information-blocking tools, to help you remove direct identifiers and other common identifiers from User-Provided Case Information, but the existence of these tools does not release you from any obligations under local, national, provincial, state, and federal laws to maintain the privacy of patients or other users. We will store the date your account was created, the Application version, and the last login date.

In order to improve the Application, personalise the content, and make recommendations for you, we use and analyse the User-Provided Case Information and Automatically Collected information (see below). We conduct surveys and research, test features in development and analyse the information to improve our products and services, develop new features, and conduct audits and quality assurance.

We may share or disclose User-Provided Case Information in the aggregate and anonymised. This information does not include your name, email address, or any other non-public information. We may share your User-Provided Case Information to partners that may use this data for an independent purpose.

Optional User-Provided Information

You have the option to:

* Request verification of your status as a healthcare professional. If you choose this option, you will be asked to provide us with additional information, which we will cross-reference with publicly available data to ensure that you are a licensed healthcare professional. If you are verified, we will store your status as a “verified healthcare professional.” You are required to update your status as necessary.

* Invite colleagues to join Ediofy so that they can use the Application. If you choose to do this, the Application will access the address book on your mobile device to enable you to choose which of your colleagues you would like to invite to the Application. While we may access your address book, we do not store your complete address book.

* Expand your user profile with additional information. You may complete any of the following fields: real name, state, country, institution, categories of interest, graduation date, and years of experience, among others. You may include a short biography and upload a profile picture. You are responsible for the accuracy of all of the information you provide. This information is public and can be seen by other users.

* Respond to surveys. We may survey users or solicit comments and opinions. If you respond, the information will be used to learn more about healthcare, to help improve your experience on the Application, and for other purposes of Ediofy. We use, share, and store this information in the aggregate only, with the exception of comments, which will be linked to your user profile.

* Allow colleagues to find you. When using the direct messaging feature, you may allow colleagues to find you and to sync your mobile device’s contacts to find people you know on the Application. If you choose to do this, the Application will access the entire address book on your mobile device and sync it to the Application. The Application uses a secure one-way hash to protect the emails and phone numbers in your contacts.

Automatically Collected Information

In order to improve the Application and deliver the Services, the Application may collect certain information automatically, including but not limited to the type of mobile device you use, the IP address of your mobile device, your mobile operating system, and information about the way you use the Application.

All information stored on our server will not be accessible by third parties.

We may use the information provided by you to contact you from time to time to provide you with important information, push notifications, and marketing promotions. You will be given the option to opt-out of these notifications.

Section 1: Does the Application collect precise real-time location information of the device? This Application does not collect precise information about the location of your mobile device.

Section 2 : Do third parties see and/or have access to information obtained by the Application? We will disclose Personal User Information and Automatically Collected Information, within or outside your jurisdiction, as described above in the following circumstances:

* as required by law, such as to comply with a subpoena, or similar legal process;
* when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
* with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement;
* if Ediofy is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of this information, as well as any choices you may have regarding this information; and User-Provided Case Information may be shared more broadly with third parties and Ediofy Clients.

Section 3 : What are my opt-out rights?
You can stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes that may be available as part of your mobile device or via the mobile application marketplace or network.

You may opt out of the aforementioned content announcements and messages. However, the Application will not allow you to opt out of any announcements and messages related to the implementation of this Policy and your obligations thereunder. As such, should your uploaded cases, case captions, or comments contain identifying information about a patient (as described in the Terms and Conditions), you will receive messages from Ediofy. notifying you of a potential privacy violation associated with this content.

You may also delete your account by going to your profile and tapping and holding the “Logout” button. You will be asked to confirm that you would like to delete your account. If you confirm, your profile information will be automatically deleted from the Ediofy server. Your cases and comments will be anonymized and attributed to "Healthcare Professional." You may request to have all images and comments associated with your account deleted. However, we cannot guarantee that we will be able to recall and delete images that have been provided to third parties, such as medical journals or medical education websites.

Section 4: Data Retention Policy, Managing Your Information
We will retain User-Provided Information as described above for as long as you use the Application, and will delete it if you delete your account. This can be done by tapping and holding the "Logout" button on the settings page within the profile tab in the Application or by contacting us via hello@ediofy.com. You will be asked to confirm that you would like to delete your account. If you confirm, your profile information will be automatically deleted from the Ediofy server. Your cases and comments will be anonymised and attributed to "Healthcare Professional." You may request to have all images and comments associated with your account deleted. However, we cannot guarantee that we will be able to recall and delete images and comments that have been provided to third parties, such as medical journals or medical education websites.

If you contact Ediofy to delete your account, the change will be processed within seven (7) calendar days.

Section 5: Security
We are concerned about safeguarding the confidentiality of your User-Provided Information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, your password is cryptographically hashed and your email address is encrypted.

We limit access to your User-Provided Information to authorised employees and contractors who need to know that information in order to operate, develop, or improve the Application. Please be aware that, although we will take reasonable steps to safeguard and maintain the security of User-Provided Information that we process and maintain, no security system can prevent all potential security breaches. Please refer to the Terms and Conditions for more details about Ediofy’s and your obligations with respect to the proper use of the Application and notification obligations thereunder.

Section 6: This Privacy Policy may be updated from time to time for any reason. Each time you use the Application, the most current version of the Privacy Policy will apply. We will notify you of any changes to our Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes. Unless stated otherwise, the most current version of the Privacy Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of your privacy without the consent of affected users.

Section 7: Your Consent By using the Application, you are consenting to us processing User-Provided Information and Automatically Collected Information as set forth in this Privacy Policy now and as amended by us. “Processing” means using cookies on a computer/hand-held device or using or touching information in any way, including but not limited to collecting, storing, deleting, using, combining, and disclosing information.

If you have any questions regarding privacy while using the Application, have questions about our practices, or wish to make a complaint about our handling of your personal data, please contact us via hello@ediofy.com. We will make every effort to investigate and respond to your complaint in a timely way.

Any and all good-faith disclosures of privacy concerns under this Policy will not be used to restrict or prohibit you from continuing to use the Application to the extent permitted by law. However, disclosure of any unlawful practices implicating the Privacy Policy to Ediofy does not release you from your obligations to notify local, national, provincial, state, and federal authorities of any violation of law related to your use of the Application.

Section 8: Notice to Residents of California
If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. With respect to these entities, this Policy applies only to their activities within the State of California. To make such a request, please send an email to hello@ediofy.com.

Section 9: Additional Terms for Residents of the United Kingdom, Norway, Iceland, Kazakhstan, Turkey, The Russian Federation, South America, Ukraine, Uzbekistan and The European Union.

If you are a resident of the United Kingdom, Norway, Iceland, Kazakhstan, Turkey, the Russian Federation, Ukraine, Uzbekistan, the European Union, or South America, legislation* permits you to request that we tell you what personal information we hold about you and how we process it and that we provide you with a copy of that information. You are also entitled to access, rectify, change, update, delete, revoke, or improve upon your personal information at any time. You can exercise this right free of charge. We may ask you to provide further information to confirm your identity before considering your request. To make such a request, please send an email to hello@ediofy.com.

If you use the Application to invite colleagues to join Ediofy or to share cases with a colleague, you must first have their consent to use their email address for this purpose. Ediofy will rely on your obtaining that consent.

For purposes of providing the Application, Ediofy may transfer your personal data (including User-Provided Information) to servers located in the United States or other countries outside of the European Economic Area/Ukraine which provide for a different level of data protection. By using and continuing to use the Application, you agree to that transfer.

The data we hold is used solely for the purposes of operating the Application and communicating with you. We will not provide it to any third parties, other than service providers acting on our behalf to assist in running the Application. The information we request from you is mandatory unless indicated otherwise and is necessary to enable Ediofy to provide you with the Application. You are also entitled to object to any processing of your personal data on reasonable grounds.

If you are a resident of Ukraine, you are hereby informed that Ediofy shall be your personal data controller, processing information defined as User-Provided Information and Automatically Collected Information. Apart from the rights listed in this section above, you also have the following rights as regards personal data protection:

* the right to be aware of the collecting sources, location of your personal data, processing purpose, location and/or place of residence (location) of the controller or the processor of your personal data, or to give the respective instruction to obtain such information to authorised parties, except the cases, established by law;
* the right to obtain the information about the terms for granting access to your personal data, including the information on the third parties to whom your personal data is transferred;
* the right to obtain no later than thirty (30) calendar days from the moment of the request submission, except for the cases, established by law, a response regarding the fact whether your personal data is processed, as well as to obtain the content of your personal data currently processed;
* the right to protect your personal data from illegal processing and unintended loss, damage resulting from purposeful concealment, nondisclosure or untimely disclosure, as well as to protect the information that is inaccurate, or discrediting the honour, dignity and business reputation of the individual;
* the right to claim for the protection of your rights with respect to your personal data to the Parliament Commissioner of Ukraine on Protection of Human Rights or court;
* the right to bring the means of legal protection in case of violation of personal data protection legislation;
* to make a reservation with regard to restrictions of the right to processing your personal data when granting consent to your personal data processing;
* to withdraw your consent for personal data processing;
* to know the mechanism of automatic personal data processing;
* to be protected from an automated decision that has legal consequences for you.
*Legislation
* Argentina – Personal Data Protection Act N°25.326
* Austria – The Data Protection Act 2000
* Belarus – The Information, Informatization and Data Protection Act N°455-3 of 10 November 2008
* Belgium – The Data Protection Act of 08 December 1992
* Denmark – The Act on Processing of Personal Data
* Finland – The Data Protection Act (523/1999)
* France – The Law n°78-17 on Computers and Data Processing
* Germany – The Federal Data Protection Act
* Greece – Law 2472/1997 on the Protection of the Individual from Processing Personal Data, as amended and in force
* Iceland – The Icelandic Data Protection Act
* Italy – Legislative Decree 196/2003
* Kazakhstan – Law on Personal Data and Its Protection from 21 May 2013 No. 94-V
* Netherlands – Dutch Personal Data Protection Act 2000
* Norway – Act of 14 April 2000, No. 31 relating to the processing of personal data (Personal Data Act)
* Portugal – The Data Protection Act (Law 67/98 of 26 October)
* The Russian Federation – Federal Law of the Russian Federation “On Personal Data”
* Spanish Kingdom – Spanish Data Protection Act 15/1999 and Spanish Data Protection Royal Decree 1720/2007
* Sweden – The Personal Data Act (1998:204)
* Ukraine – The Personal Data Protection Act of June 01, 2010 No 2297-VI
* United Kingdom – The Data Protection Act 1998
* Uzbekistan – Law on Principles and Guarantees of Freedom of Information No 439-II dated 12.12.2002

Section 10: Additional Terms For Residents of Australia, New Zealand, China, India, Israel, Japan, or South Africa
If you are a resident of Australia, New Zealand, China, India, Israel, Japan, or South Africa, privacy legislation permits you to request that we tell you what personal information we hold about you and provide you with a copy of that information. You also have the right to request that we correct your personal information if it is inaccurate, out-of-date, or incomplete. We may ask you to provide further information to confirm your identity before considering your request. To make an access and/or correction request, please send an email to hello@ediofy.com.

If you use the Application to invite colleagues to join Ediofy or to share cases with a colleague, you must first have their consent to use their email address for this purpose. Ediofy will rely on your obtaining that consent.

It is not mandatory or legally required for you to provide us with any of your personal information. However, if you do not provide the information that we ask for, you may not be able to access and use all of the Application’s features available to users.

Ediofy may transfer your personal data to servers located in other countries for purposes of providing the Application. By using and continuing to use the Application, you agree to that transfer. If you are an Australian resident, you acknowledge that by providing your consent to the transfer to servers located outside Australia, we are not required to take reasonable steps to ensure your personal information is handled in accordance with Australian privacy law.

If you are a user in China, if you notice any personal information leakage or otherwise have any complaint about the protection of your personal information, please contact hello@ediofy.com. We will respond within fifteen (15) days of the receipt of your email.

Section 11: Additional Terms for Residents of Lebanon
If you are a user in Lebanon, by tapping the “CREATE ACCOUNT” or “GET STARTED” button, or accessing or using the Application, you are confirming your approval to have this Privacy Policy drafted in the English language.

Section 12: Additional Terms for Residents of South Korea
If you are a resident of South Korea, we will collect and use your User-Provided Information and Automatically Collected Information (hereinafter collectively referred to as “Personal Information,”) after your express prior consent.

It is not mandatory for you to provide us with any of your Personal Information. However, if you do not provide the information that we ask for, you may not be able to access and use all or parts of the Application’s features available to users.

The Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilisations and Information Protection permit you to request that we tell you what Personal Information we hold about you and how we process it and that we provide you with a copy of that information. You are also entitled to access, rectify, change, update, delete, revoke, or improve upon your Personal Information at any time. You can exercise this right free of charge. To make an access and/or correction request, please send an email to hello@ediofy.com.

The contact details of our Privacy Officer in charge of protecting and managing your Personal Information, and handling inquiries and complaints concerning Personal Information, are as follows:
* Name of department: Privacy
* Contact information: hello@ediofy.com

All of your Personal Information will be stored, processed, and transmitted after encryption. You may block cookies by activating settings on the browser that allows you to refuse the settings of all or some cookies. Click here for more information about cookies.

We may transfer your Personal Information to servers located in other countries for purposes of providing the Application, after your express prior consent. Our servers are currently located in the U.S.

We do not disclose your Personal Information to any third parties, including service providers.

When we destroy Personal Information, we will take commercially reasonable and technically possible measures to ensure that the information is not restored or regenerated. If we need to retain Personal Information instead of destroying it, we will store and manage such Personal Information or the Personal Information file separately from other Personal Information, to the extent that it is technically possible. If the Personal Information that needs to be destroyed is in the form of an electronic file, we will permanently delete such information in an irrevocable manner. Any other document, printout, letter, and other recorded media will be destroyed by incinerating or shredding.

If you use the Application to invite colleagues to join Ediofy or to share cases with a colleague, you must first have their consent to use their email address for this purpose. Ediofy. will rely on your obtaining that consent. The Application will allow you to directly share information and/or send invitations to your colleagues. Ediofy will not collect or store the email addresses of your colleagues during this process.