PRIVACY POLICY OF THE DEEP DIGITAL EVIDENCE ECOSYSTEM & PROTOCOLS PLATFORM
1. PURPOSE
1.1 At DEEP, we’re committed to your privacy. We know that earning your trust is utmost important to us when you use our Services.
1.2 Our digital evidence ecosystem & protocols platform (“Platform”) provides a catalogue of
digital measures and measurement solutions, and a collaborative framework for faster
development of digital measures and measurement solutions improving regulatory decision-
making of measurement solutions.
1.3 This privacy policy applies to the collection, use, and disclosure of personal data when you use
our Platform and services.
2. WHAT INFORMATION DO WE COLLECT?
2.1 We collect following personal data when you use our Platform or interact with Us:
(a) basic information, such as name, and contact details (email address);
(b) service-related information, e.g. user IDs, authentication credentials as well as data
generated in connection with service provision e.g., login information, and how services
are used;
(c) your communication and interactions with us, such as correspondence, and service
requests; and
2.2 We may collect and use for any purpose aggregated metadata of the Platform, where individual
person is not identified from e.g., statistical data collected in connection with the use of our
Platform.
2.3 We do not collect any health or patient data (data collected from patients in a clinical trial).
3. PURPOSE AND LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
3.1 We collect and process your personal data for the purposes of providing our Platform to you
and fulfilling our contractual obligations.
3.2 The legal basis for processing your personal data may vary depending on the specific purposes
for which we are processing your data but may include our legitimate interests for performance
of the contract, or compliance with legal obligations.
(a) Keeping Our Platform running - Providing services to you and ensuring the functioning
and maintenance of the Platform;
(b) Verifying your identity for the purposes of signing into the Platform;
(c) Managing your user account in the Platform; and
(d) User Support, corresponding with users, solving issues, and providing support;
4. DATA SHARING AND DISCLOSURES OF PERSONAL DATA
4.1 We may share your personal data with third-party service providers who assist us in providing
our services. We may also disclose your personal data to comply with legal obligations or to
protect our legal interests.
2 (2)
5. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EU OR EEA
5.1 DEEP does not transfer the Personal Data outside of the European Union (EU) / European
Economic Area (EEA) without a prior written consent, and DEEP uses data centers located
within the EU / EEA. Some of the sub-processors of DEEP may be established or may have
access to the Personal Data outside of the EU/EEA e.g., in cases where the Customer has
initiated support ticket and customer support of the cloud service provider may have access to
the Personal Data within the support ticket.
5.2 If Personal Data is transferred to the country outside of the EU/EEA that is not recognized by
the European Commission as providing an adequate level of protection for Personal Data,
DEEP shall (i) comply with chapter v of the GDPR; (ii) use transfer tools (such as standard
contractual clauses for controller-processor transfers) adopted by the European Commission;
(iii) take necessary steps to provide appropriate safeguards for international data transfers; (iv)
to the extent necessary implement supplementary measures for protection of Personal Data as
required by applicable laws; and (v) where necessary ensure that the party responsible for the
transfer of Personal Data have conducted the transfer impact assessment if needed.
6. RETENTION OF PERSONAL DATA
6.1 We will retain your personal data only for as long as necessary to provide services to you during
the performance of the pilot agreement, and the platform usage agreement, and as required by
law (After that, we will securely dispose of your personal data.
7. YOUR RIGHTS
7.1 You have certain rights regarding your personal data:
7.2 Right to Access: You have the right to access your personal data that we hold.
7.3 Right to Rectify Personal Data: You have the right to request that we correct any inaccurate or
incomplete personal data that we hold.
7.4 The Right to Object to the Processing: You have the right to object to the processing of your
personal data for certain purposes.
7.5 The Right to Data Portability: You have the right to receive your personal data in a structured,
commonly used, and machine-readable format.
7.6 The Right to Be Forgotten: You have the right to request that we erase your personal data under
certain circumstances.
7.7 The Right to Restriction of the Processing: You have the right to request that we restrict the
processing of your personal data under certain circumstances.
7.8 The Right to Give and Withdraw Your Consent: You have the right to give or withdraw your
consent for the processing of your personal data.
8. DATA SECURITY
8.1 We take appropriate technical and organizational measures to protect your personal data from
unauthorized access, disclosure, or other misuse. These measures include physical, electronic,
and procedural safeguards that comply with applicable legal requirements.
8.2 Our Platform is running in Azure cloud. Azure provides various security measures and controls
to help protect members data, including network security, identity and access management,
encryption, and monitoring.
8.3 To ensure information security and data protection for the Platform, access control
mechanisms are implemented to restrict access to data to authorized personnel only. Data is
encrypted both in transit and at rest, and secure protocols are used.
3 (3)
8.4 Although our good faith efforts to store your data in a secure operating environment that is not
available to the public, please remember that unfortunately no data transmission or storage is
100% risk free. You provide your personal data at your own risk, and we cannot guarantee the
absolute security of your data. In the unfortunate case of a security breach that endangers your
privacy or data we will inform you as well as the relevant authorities, as required by law. We
may also temporarily shut down services to protect the personal data.
9. CHANGES TO THE PRIVACY POLICY
9.1 We may update this privacy policy from time to time. We will notify you of any significant
changes by posting a notice on our website or by sending you an email.
10. CONTACT US
10.1 If you have any questions or concerns about this privacy policy or our use of your personal data,
please contact us at [qonm_pilot@deepmeasures.health]