tensormedical

Leveraging brain image analysis through machine intelligence

AH-1 Medical Software Privacy Policy

INTRODUCTION

Welcome to AH-1 Medical Software Privacy Notice.

AH-1 is a medical software (software as medical device) developed by Tensormedical SL (“us”, “we”, “our”).

“Personal data” is any information relating to an identifiable living individual. This encompasses information that directly identifies a person (like their name or ID number) as well as indirect identifiers (like medical images) that, when combined with other pieces of information, could reasonably be used to pinpoint a specific person.

WHAT WILL YOU FIND IN THIS DOCUMENT?

This Privacy Notice (“Notice”) sets out the terms under which we handle your personal data with our software in accordance with article 13 of the General Data Protection Regulation (“GDPR”). Your privacy is very important to us and the GDPR allows us to protect your personal information. Personal data collected through our software will be processed solely and exclusively for the purposes described in this document and will not be used for any other purpose.

WHO PROCESSES YOUR PERSONAL DATA?

If you are reading this document you are likely receiving healthcare from a clinician who uses our software to support your medical treatment. To ensure transparency, the hospital providing you the healthcare services is the Data Controller for all activities related to healthcare provision. If you have any questions about how your data is handled during treatment, please contact the hospital directly.

Instead, this document is being provided by Tensormedical SL. At Tensormedical SL we are interested in improving our software to better serve patients like you. For this reason we would like to collect and elaborate some of your personal data to improve our product as it will be better explained in this document.

Under the scope of this Notice the Data Controller handling your personal data is:

TENSORMEDICAL SL
Calle Pic de Peguera, 11, Girona, 17003, Spain
B01760784

You can contact us at any time by contacting us at info@tensormedical.ai

To further strengthen your data protection, we've appointed a dedicated Data Protection Officer (DPO) who you can contact if you have any questions about how your personal data is processed, or if you believe your privacy rights may have been infringed. You can contact our DPO by sending an email at dpo@tensormedical.ai

WHAT DATA DO WE PROCESS?

When the clinician uses our software to support your treatment, we may elaborate several categories of personal data grouped as follows:

  1. Pseudo-identifiers:
    • ID pacs hospital
    • Date of the Magnetic Resonance Image (MRI) scans
  2. Physical characteristics:
    • Age
    • Gender
  3. Health data - Magnetic Resonance Images:
    • Brain MRI
    • Brain Lesions
  4. Computed results:
    • Brain lesion’s status
  5. Validated results:
    • Computed results validated by Healthcare providers

All this information will be pseudonymised before being processed and analyzed. Pseudonymised data is personal data that has been processed in such a way that it can’t be attributed to a specific individual without additional information. In other words, this means that the direct identifiers (such as name, surname, address and so on) are removed and/or replaced with other information, preventing re-identification. The information we collect cannot be directly traced back to you. Think of it as a unique code that helps us understand how the software performs and how it is used, but the identity of patients treated with it remains unknown to us. This information is crucial for us to develop features and improvements that benefit all patients.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We can process your personal data for the following purposes:

  1. Improve AH-1
  • Processing activities:
    • Storage of pseudonymised MRI scans and pseudonymised validated results on Tensormedical Cloud Database
    • Usage of pseudonymised MRI scans and pseudonymised validated results for algorithm training and AH-1 software improvement
  • Data processed:
    • Pseudo-identifiers
    • Personal characteristics
    • Health data - Magnetic Resonance Images
    • Validated results
  • Legal basis:
    • Legitimate interest of the Controller - art. 6(1)(f) GDPR in improving the medical software functioning to ensure high standards of safety and performance
  • Exception:
    • Scientific research - art. 9(2)(j)
  • Are you required to provide the data?
    • We collect this data automatically when the clinician performs the analysis using AH-1.
    • You have the right to oppose the processing at any time by contacting us.

Our goal is to ensure that brain lesions detection technology applied to patients is efficient, performant, safe and reliable so that the whole society can benefit from it. In order to achieve our goal, we require the use of personal data, to improve the sensibility and accuracy of brain lesions detection. Without training and fine tuning our software with healthcare professionals validated results and annotated MRI scans it will not be possible to have high standards of quality and safety of the software functioning. We are committed to ensuring that only the minimum amount of information is collected and processed, following the data minimization principle.

DO WE DISCLOSE YOUR DATA TO ANYONE?

We will not disclose personal data to third parties, unless such disclosure is necessary to carry out certain processing activities. In such a case, we ensure that our suppliers, acting as Data Processors under Article 28 GDPR, will only process your personal data under appropriate confidentiality and security obligations and in accordance with our instructions and with this Notice.

DO WE TRANSFER YOUR DATA OUTSIDE THE EU/EEA?

Your personal data will be processed within the European Union and the European Economic Area. Should it be necessary for your personal data to be transferred to third countries outside the EU/EEA, such data transfers will take place only to third countries with an Adequacy Decision in place approved by the European Commission or, in case of no Adequacy Decision, based on Standard Contractual Clauses provided by the European Commission and additional security measures to ensure data security.

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will retain your personal data only as long as necessary to fulfil the purposes for which we collected it, including purposes related to fulfilling legal, tax or accounting obligations. A longer retention period may be required in the event of a legal complaint or in the event of disputes related to our existing contractual relationships. To determine the retention period of personal data we take into account:

  • the purposes for which we process the personal data, and whether we can achieve those purposes by other means;
  • the amount, nature and sensitivity of the data processed;
  • the potential risk of harm to individuals derived from unauthorized use or disclosure;

If personal data is no longer necessary for the purposes, or legitimate interests, pursued by us and no other legal basis applies, we will delete your data.

HOW DO WE SUPPORT YOU IN EXERCISING YOUR RIGHTS?

We inform you that these are your rights under the data protection law:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to not be subject to automated decision making, including profiling
  • Right to lodge a complaint with a Data Protection Authority
  • Right to withdraw consent if the processing of your information was based on consent

The exercise of rights is not subject to any formal constraints and is free of charge. You can also ask us for further information related to these rights.

You can exercise your rights by contacting us and our DPO at the following address dpo@tensormedical.ai.

UPDATES

This Notice may be subject to changes and reviews. All personal data processed is subject to the Notice effective at the time it was collected. Any changes to this Notice will be posted on Tensormedical SL website page and, if necessary, notified to you. We encourage you to consult our website periodically so that you are always informed about how we process your personal data.

This Notice was last updated on July 22, 2024.