Privacy Policy
Effective January 01, 2023.
When you use the Medic Scanner application, you entrust us with personal, intimate information. We are committed to confidentiality, so as part of this policy, our company will take every measure to ensure that your personal information and rights are protected and that our data processing practices are transparent.
The purpose of our Privacy Policy is to explain what data we collect, how it is used and shared, and methods of control.
Here is a summary of our Privacy Policy to give you a quick overview of our data practices. The summary is not a substitute for reading the full policy for important information about your personal information, how we use it, and your rights regarding it. We've outlined some key information below, but we recommend that you read this Privacy Policy and Terms of Use in detail.
Introduction
This Privacy Policy explains how Investment Analytics Sp. z o.o., ul. B. Chrobrego 4, 12 - 100 Szczytno, TAX ID: 7451838341, Regon: 280617054, KRS: 0000387722 ("Investment Analytics Sp. z o.o." or "we") collects, stores, uses, transfers and shares personal data of our users ("you") in connection with the Medic Scanner mobile application (the "Application")* and the medicscanner.com website, including any products and services related thereto (the "Website") (collectively, the "Services"). Investment Analytics Sp. z o.o. is the "data controller."
*Note, the application may be displayed under a different name depending on your location. A full list of names is available here.
We reserve the right to make changes to the content of this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address you provided at registration), through the Application, or by displaying the new version of this Privacy Policy to you. Your continued use of the Application after the effective date of the updated version of the Privacy Policy constitutes your acceptance of the changes to the Privacy Policy. In some cases, we will ask you to agree to changes in the Privacy Policy. If you do not agree to the terms set forth in this Privacy Policy, please do not use the Services.
Please review the Privacy Policy posted on our Website and Application for the latest updates on our data protection practices.
- Personal data we receive from you
We collect your Personal Information in a variety of ways. Sometimes we collect Personal Information automatically when you interact with the Services, and sometimes we collect it directly from you. In some cases, we may receive Personal Information about you from other sources and third parties.
When you register or pay to use the Services, we may collect your following Personal Information:
- Name;
- Email address;
- Year of birth;
- Phone number;
- Password or access code;
- Place of residence and related location data, such as time zone and language.
- Gender
2.When you access or use the Services, we may automatically collect the following information:
a) Device information:
- Device model;
- Information about the operating system and its version;
- Unique device identifiers (e.g., IDFA);
- Enabled device accessibility functions (e.g., display functions, auditory functions, physical and motor functions);
- Mobile carrier and network information;
- Information about the data stored on the device;
- System version of the device.
b) Location information:
- IP address;
- Time zone;
- Mobile service provider information.
c) Data regarding your use of the Services, including but not limited to:
- Frequency of use;
- Areas and features of the Services that you access, visit or use;
- Involvement in specific functions.
We may use cookies and other tracking technologies to collect this and other information. Please see our Cookie Policy for more details.
Data from external sources. We may receive Personal Information about you from third parties. For example, we may obtain information from third parties to enrich or supplement existing information about you for, among other things, customizing and personalizing your service and for statistical and analytical purposes, as described below.
- How we use your Personal Information
We will not collect or use your Personal Data without informing you. Depending on which features of the Services you use, we will process your Personal Data based on one or more of the following legal bases:
a) Your consent. For example, at the registration stage, when you give us permission to process your Personal Information To fulfill our contractual obligations to you in order to provide the Services to you;
b) Legitimate Interest. We may process your Personal Data with respect to our interests in providing the Services to you, our commercial interests, including our interests in protecting the security and integrity of the Services, and broader societal benefits;
c) Legal Obligation. We may be required to process some of your Personal Information to ensure compliance with applicable laws.
Below we describe the purposes for which we process your Personal Data and our legal basis, including some basic examples:
| Purpose of processing | Legal basis for processing | Example |
| Supporting existing features of the App, including customizing the content and materials you see when using the App | Approval | We make automated decisions using your data , to provide you with access to new features and services and to provide you with certain suggested articles or materials to read |
| Customizing product and service offerings and making recommendations for you, including third-party products and offers | Approval | We can offer you a discount on future subscriptions and inform you about third-party offers |
| Provision and delivery of ordered products and services, processing transactions and sending related information, including confirmations and reminders | Contract | Using your device data, we may send you reminders when you need a skin check-up with a dermatologist. You can turn this off at any time in your device settings or in the app using the consent toggle screens |
| Issuance of invoices, account management and other administrative purposes, if applicable | Contract | We can send you an invoice via email if needed |
| Responding to your comments, questions and requests and providing customer service; | Legitimate interest | We may process your name and email address and phone number to respond to your request for support or to contact you about a specific question or concern that you have raised |
| Send technical notifications, updates, security alerts and messages from support and administration departments | Legitimate interest | We may send you an email notification containing a customer satisfaction survey. You may opt out of receiving surveys at any time by contacting us at pomoc@medicscanner.com |
| Monitor and analyze trends, usage and activity related to our Application | Approval | We may analyze your history of using the Application to understand what you like about it or, conversely, with the goal of improving service |
| Only in connection with information you agree to share for promotional purposes | Approval | If you agree, we may publish your opinion or comment on our website |
- Your privacy rights
No matter what country or region you are from, we are committed to providing you with the broad right to privacy with respect to your Personal Information.
What are your rights?
- Correcting Personal Information - If you believe your Personal Information is incorrect, you have the right to contact us and request that it be corrected.
- Restriction of processing - In certain circumstances, you have the right to request that we restrict the processing of your Personal Data. For example, you have the right to request restriction of your Personal Data if you question the accuracy of your Personal Data and we reserve time to verify it.
- Access to your Personal Data (including in portable form) - You have the right to request information about what Personal Data we process about you, to access all of your Personal Data, and to receive a copy of your Personal Data, including in structured and portable form (.json).
- Deletion of Your Personal Data - You have the right to request the deletion of your Personal Data after you have withdrawn your consent to the processing of such Data if you believe that the processing does not comply with applicable law. Please note that deletion of certain Personal Data may affect your use of certain features of the Services that rely on historical data.
- Right to object to the processing of your Personal Data - In some cases, you may object to the processing of your Personal Data, for example, if we process it for purposes arising from our legitimate interests, by contacting us at pomoc@medicscanner.com .
How can you enforce your privacy rights?
To exercise your rights, contact us at pomoc@medicscanner.com.
We will respond to your request within 30 days of receiving it. In some cases, it may take us up to 90 days, for example to fully delete Personal Data stored in our backup systems. We will notify you if we need more time and provide reasons for the delay.
What else?
Please note that if we receive a vague request, we may contact you to better understand it. We may also refuse to fulfill a request that is clearly unreasonable and excessive (repeated) requests.
In some cases, we will ask you to confirm your identity. Typically, we verify that the request was sent using the email address you provided when you registered for the Application. If you have not registered for an account, we may ask you to undergo additional verification measures to ensure that we are properly responding to requests.
In accordance with applicable laws, you have the right to file a complaint with your national data protection authority regarding our activities (including, but not limited to, your right to confidentiality of your data) that you believe violate applicable laws. If you have any concerns about our privacy practices, please let us know at pomoc@medicscanner.com.
- Third parties processing your Personal Data
We will not share your Personal Information with any third parties, except as specified below.
Processing to acquire new Medic Scanner users and stay in touch with you
With your consent, we may share certain Personal Information unrelated to your health for marketing and promotional purposes. By using partners for marketing and promotional purposes, we are able to reach you and similar individuals through various platforms and spread the word about Medic Scanner. If we need to share your Personal Information with other platforms for the mentioned purpose we will ask for your consent.
In some situations, we engage other companies to process your Personal Data on our behalf. We refer to these as "data processors".
These are companies that help us run the Services, support the communications occurring between you and us, or perform other activities related to the Application. They may process certain Personal Data to achieve the purposes of the features of the Application and related activities. We are fully responsible for any acts or omissions of these processors and enter into formal data processing agreements with them, to the extent required by applicable law.
Here is a list of our main data processors:
| Type | Data processor | Privacy policy of the data processor | Data collected | Target |
| Infrastructure and security | AWS (Amazon Web Services, Inc.) | AWS Privacy Policy | All Personal Information | storage of all personal data when using the application |
| Infrastructure and security | Auth0 (Auth0, Inc.) | Auth0 privacy and cookie policy | E-mail address IP address Name; | verification and authorization services |
| Payments | Apple (Apple, Inc.) | Apple Privacy Policy | Payment information and bank details Personal badges | enabling the collection and processing of application subscription payments |
| Payments | Google (Google LLC, USA) | Google Privacy Policy | Payment information and bank details Personal badges | enabling the collection and processing of application subscription payments |
| Website, Internet Services | - | - | When you use the Website and Online Services, certain third parties may collect information about your visits and activities through cookies or other tracking technologies (i.e. special pixels) and for various purposes, such as analytics or the need to improve performance. You can learn more about cookies and how to block them in our Privacy Policy. |
Google reCAPTCHA service
We use Google's reCAPTCHA service on the payment pages of our Website. The reCAPTCHA distinguishes data entered by humans from data entered by machines. Google's reCAPTCHA service collects information (e.g. IP address, time spent on the website or mouse movements made by the visitor) for analysis. Google's reCAPTCHA service then transmits information to Medic Scanner that you are a human and not a robot. More information about Google reCAPTCHA and Google's privacy policy can be found at the highlighted links.
Combined information
Occasionally, we may aggregate and anonymize your Personal Data or strip it of identifiable elements in such a way that it cannot be used to establish your identity. Such data ceases to be Personal Data. We may share such data with our partners or research institutions or use such data for statistical purposes, for example, we may share or use general age information, demographic information and aggregate statistics about specific activities or symptoms from collected data to help identify patterns among users in articles, blog posts and scientific publications. Sharing such data contributes to the advancement of health research. Our legal basis for processing your data for this purpose is legitimate interest.
Information posted by you
Any information (including Personal Information) shared in any area reserved for the online community or in an online discussion is generally available to all members of the Application community. We recommend that you think carefully before posting Personal Information in any public forum. What you post may be read, disclosed or collected by third parties and may be used by others in ways we cannot control or predict, including, to contact you for illegal purposes. If you accidentally post Personal Information in social posts on our services and wish to remove it, please send us a message at. pomoc@medicscanner.com.
Special circumstances
We may share your Personal Information under the following special circumstances:
- in response to subpoenas, warrants or lawsuits, to the extent required and limited by law (including when national security or law enforcement requires it);
- when disclosure helps to ensure the security and integrity of the Services or enables us to provide security to users or others, in accordance with applicable law. In such cases, we may delete some of your Personal Information (e.g., by resetting your password to prevent unauthorized access);
- When the disclosure of data is made at the request or with the consent of the user who entered the data in the application;
- for business transitions (mergers, asset sales, acquisitions, liquidations or sales of part of assets), in which data transfers are most common.
Depending on the circumstances, we may rely on legitimate interest or legal obligation as our legal basis for the above processing activities.
- Security of your Personal Information
General security measures
- We take all reasonable and appropriate security measures to protect all Personal Data collected from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction, keeping in mind the nature of the data we store and the risks associated with the special category of Personal Data we collect (health information). These measures include pseudonymization and tokenization of certain categories of Personal Data.
- Encryption of Personal Data during transmission and at rest;
- Systematic vulnerability scanning and penetration testing;
- Data integrity protection;
- Organizational and legal measures. For example, our employees have different levels of access to your Personal Information and only those who are responsible for data management are given access to your Personal Information and only for limited purposes necessary for the operation of the Services. Our employees are fully responsible for any disclosure, unauthorized access, alteration, destruction, or misuse of your Personal Information.
- Conduct periodic assessments of the effectiveness of data protection measures to ensure that the Services fully comply with the "Privacy by Design Principles," "Privacy by Default Principles," and others. We also undertake to conduct a privacy audit in the event of a merger or acquisition of Medic Scanner.
Remember that you can help us protect your Personal Information by properly selecting and securing your password, not sharing your password with others, and not allowing others to use your cell phone. Remember also that no security system is perfect, so we cannot guarantee absolute protection when using the Services or that your data will not be intercepted during transmission.
Security violations
If we become aware of a breach in the security of our systems, we will publish an appropriate notice or attempt to inform you of the breach in an email, and in addition, we will take the necessary corrective measures provided by law and this Privacy Policy. If we become aware of a potential breach of Personal Information, along with the other actions referred to in the Privacy Policy (such as notifying you in certain cases), we will also take certain actions to remedy the breach, as appropriate, which may include, logging you out of all devices, resetting your password (sending you a temporary password for you to use), and performing other reasonably necessary actions and activities.
If you wish to report a security incident related to the Services, please contact us at. pomoc@medicscanner.com.
- Children's privacy
General Age Restrictions. The Services are not intended for children and we do not intentionally collect personal information about children under the age of 18. If you know of a person under the age of 18 using the Services, please contact us at. pomoc@medicscanner.com, so that we can take the necessary steps to delete the data and/or account of such person.
Age restriction for residents of the European Economic Area and the United Kingdom. Due to legal requirements, we do not allow EEA or UK residents under the age of 18 to use the Services. If you know of a person under the age of 18 using the Services, please contact us at. pomoc@medicscanner.com, so that we can take the necessary steps to delete the data and/or account of such person.
- Communication with users
From time to time, we may contact you by email or otherwise (e.g., through pop-ups or push messages) to notify you of products, services, offers, promotions, prizes and events hosted by us or by others, and to provide you with information and news that may be of interest to you.
Opt-out options. You can always opt out of receiving emails by canceling your subscription using the "Unsubscribe" link provided in these emails. Unsubscribing from similar messages or notifications does not mean that you will stop receiving important messages, related to the Services, which are necessary for the proper use of the Services. You may also opt-out of receiving pop-ups or push notifications by adjusting the settings on your device. If provided by applicable law, we may ask some users to consent to receive such communications.
We would like to remind you that we may contact you to provide you with information about products, services, offers, promotions, prizes and events, ours or others, through third-party platforms (e.g. social media). For more information on withdrawing consent, please see the section below titled "Processing to find new Medic Scanner users and keep in touch with them."
- Storage and international transfer of Personal Data
Medic Scanner is based in Poland ("PL"). The Personal Information we collect is transferred to and processed in Poland (where it is subject to Polish law) and in other countries (where it is subject to the laws of those countries). Please note that the laws of Poland and the laws of other countries do not always offer the same degree of protection as the laws of your country's jurisdiction.
Transfer of personal data outside the European Union, the European Economic Area and the United Kingdom
Personal data in the European Union (EU), EEA and United Kingdom (UK) is protected by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, but some other countries may not necessarily offer the same standard of protection for your Personal Data.
Medic Scanner transfers Personal Data from the EU, EEA and UK to the US and other third countries. When transferring Personal Data outside the EU, EEA and UK, we implement standard contractual clauses or rely on current European Commission adequacy decisions. For more information, please contact us at. pomoc@medicscanner.com.
- Data Protection Officer
To contact our Data Protection Officer, write to us at pomoc@medicscanner.com Or use the contact information provided below.
- Contact us
If you have any concerns or questions about privacy, please contact us at the following address:
Investment Analytics Sp. z o.o., ul. B. Chrobrego 4/28, 12 – 100 Szczytno
E-mail: pomoc@medicscanner.com
You can also contact your local data protection authority.
EN 
PL