Your.MD Thyroid Checker Privacy Policy

WHAT OUR BOT DOES WITH YOUR DATA


(February 2018)

We need some information from you if you want our Thyroid Checker to work. Want to know what we at Your.MD do with your data? Keep reading, it’s only a few sentences.

THE DATA WE COLLECT


Aside from the technical and analytical data, we also collect your age, gender, IP address, country, region, time zone and chat data you choose. We call this information “Your Data’’.

WHAT WE DO WITH YOUR DATA


We use it so the Thyroid Checker can calculate the most likely condition based on what you tell us. Your Data is never compromised when we update or improve our app. However to repair technical errors and bugs, we will use the Information you share with us. While we use Google Analytics to help us improve our bot and make it better for you, we do not disclose Chat Data to Google.

WE TAKE CARE OF YOUR PRIVACY


We need to store Your Data in order for our bot to work, but we do not use it to create your profile. The information you tell our bot, is called “Chat Data’’ - it is not directly tied to Your Data, which means that we can check how well we did without knowing anything personal about you. In limited cases, we will need to access your Chat Data and IP address to trace bugs, solve technical errors and distribute answers.

DATA DELETION


We store your Information for as long as needed to provide our Service. After the period of 6 months we will delete the Data we collected from you.

OPTING-OUT


We ask for your Data so that the Thyroid Checker can give you the best results. However, you can withdraw your consent at any time by sending a request to care@your.md. You can opt out of Google Analytics by installing this browser add-on https://tools.google.com/dlpage/gaoptout.

CONSENT


Please read the full document below and send us an email to care@your.md if you are still not sure your Data is safe with us. By saying yes to this Privacy Policy, you allow us to use your Data exactly as we said we will.


Thyroid Checker Your.MD Privacy Policy
(v.1, February 2018)

WE RESPECT YOUR PRIVACY


We respect your privacy and we take protecting it seriously. If you have any privacy related concerns, please contact us at: care@your.md.

Your.MD Thyroid Checker Services (hereinafter referred to as: ‘’Services’’) is offered by YOUR.MD AS, incorporated and registered in Norway with company number 999260993 whose registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1 , 0252 Oslo, Norway via its subsidiary Your.MD Limited, incorporated and registered in the UK with company number 08727263 whose registered office is at Your.MD Ltd, 5th Floor, 43 Whitfield Street, London, W1T 4HD, UK (hereinafter referred to as: ‘’Your.MD’’, ‘’We’’).

YOUR CONSENT


Before you start using the Services you will need to actively accept this Privacy Policy and confirm that you have read and agreed to our data processing practices as described herein. By doing so, you consent to the collection and usage of your data, so please read this Privacy Policy carefully. If there is anything you do not understand, please contact us at care@your.md.

This privacy statement describes how Your.MD collects and uses the Information and/or Data (the terms are used interchangeably) you provide. It also describes the choices available to you regarding our use of your Information and how you can access the Information. We will never use your Data for any purpose not explicitly stated herein. Your.MD Services should only be used by persons over the age of 16 or older and capable in your country of residence of entering into legal binding agreement to use our Service.

COLLECTION OF INFORMATION


In order for you to be able to use our Services, we need to collect limited Information (the term ''Information'' and/or ‘’Data’’ is used collectively for the information defined below).

Technical Information

  • User agent (web browser type and version), screen information, geolocated country and region, time zone

  • IP address

  • User’s interaction with the Services

  • Logs with technical information and Chat History

Analytical Information

  • Technical data as described above

  • Various information on how you use the Services

  • Google Analytics' own unique user ID

Thyroid Checker Information


  • Your Data – age, gender, geolocated country and region (not specific enough to identify a street), time zone, Services preferences, IP address.


  • Chat Data - (selected symptoms, duration, rejected symptoms, questions and answers to clarify symptoms, factors that affect the diagnosis (age and gender), other information about our Services you may voluntarily provide, Thyroid Checker’s results)

USE OF INFORMATION


We use your Information to provide the Thyroid Checker and to make constant improvements with troubleshooting, testing, research, internal analytics and surveys to ensure the best user experience, but only on an anonymised basis. We also send reports to our partner Merck, who is hosting the Thyroid Checker webpage, without disclosing any of Your Data.

Your Data
We use Your Data to be able to provide the Thyroid Checker and to help us better understand your reported symptoms. We do not tie Your Data (IP address that could indirectly identify you) with Chat Data (symptoms you choose) when checking the performance of the Thyroid Checker, but we need to tie Your Data (also including IP address) with Chat Data in limited cases of solving technical errors, bugs and distributing answers. Google Analytics uses IP address to provide and protect the security 3 of the service, and to give website owners a sense of where in the world their users come from, but we do not send them any Chat Data and all traffic analysis is done on aggregated basis solely for us. Please see the Analytics Provider Section for more information.

Thyroid Checker
We use Technical, Thyroid Checker and Analytics Information to be able to provide the Thyroid Checker Services. The Thyroid Checker will ask you questions to assess the most likely condition, based on your reported predefined symptoms. This means that we will use Your Data (age, gender, IP address and other technical data along with the symptoms you choose) to be able to calculate the most likely condition and present you the outcome of such calculation. We do not create a user profile out of Your Data. We do not tie Your Data with Chat Data when checking the performance of the Thyroid Checker, but we need to tie Your Data (also including IP address) with Chat Data in limited cases of solving technical errors, bugs and distributing answers. This means that when we check for general performance of the Thyroid Checker we can do this without personally identifying you, but if we need to check technical problems this can only be done by researching Chat Data with Your Profile, namely an IP address.

Improving our Services

We use your Data to improve our services and your experience with conducting internal analytics, Google Analytics, troubleshooting, testing, research and surveys as explained in this and the following Section. In limited cases when we need to check technical problems, bugs or distribute answers we access Your Data (IP address that could indirectly personally identify you) along with researching the Chat Data.

Merck Reports


We provide the following information to Merck on monthly basis: how many users used the Thyroid Checker, finished the consultation, were identified as susceptible to suffer a specific condition all in an aggregated and anonymised form, meaning Your Data and Chat Data is never disclosed. Merck has the right to appoint an independent auditor to verify the data. In such case, we might need to disclose more data, but don’t worry, Your Data will be anonymised should this need to happen.

ANALYTICS PROVIDER
We use the Information we collect with the help of our Analytics Provider to constantly improve our Services and make it better for you. We chose our Provider carefully and we set the most restrictive controls they offer to ensure they do not use your Data for any purposes other than providing services to us. The Analytics Provider processes the Information we share - namely various information on how you use the Services by using Google Analytics' own unique user ID, but they also have access to your IP address.

Google Analytics
When you visit the Thyroid Checker website, your web browser automatically sends IP address and information on how you use the Services. We use your Data only for the purposes of our internal analytics to improve our Services. We do not use any other features apart from the Google Analytics (‘’GA’’) and we do not allow sharing of your Data with Google’s other products and services. We never disclose any of your Chat Data to Google. Google can share your Data only in limited situations where a) it concludes that it is required by law or has a good faith belief that access, preservation or disclosure of customer data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or b) in certain limited circumstances when third parties carry out tasks on Google's behalf (e.g., data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. GA uses IP addresses to provide and protect the security of the service, and to give website owners a sense of where in the world their users come from (also known as "IP geolocation"). Apart from this GA works on aggregated data Please see these links for more information:
https://www.google.com/policies/privacy/partners,
https://support.google.com/analytics/answer/6004245?hl=en,
https://www.google.com/policies/privacy/.

Google Analytics Cookies

Google Analytics mainly uses first-party cookies to report on user interactions on websites that use Google Analytics. Google Analytics stores cookies on your computer to keep track of how you use our Thyroid Checker. We use Cookies to analyse your activity to improve the Thyroid Checker. For example, by using Cookies, we can look at aggregate patterns like the average number of symptom checks that were not finished. We can use such analysis to gain insights about how to improve the functionality and experience of the Thyroid Checker.

Our Internal Analytics
Our internal analytics is based on using Chat Data and IP address, but the data is stored in a separate database. This means we can review Chat Data without seeing any of Your Data, so your Data is kept confidential with pseudonymisation. We analyse Chat Data to constantly improve the Thyroid Checker and make it better for you.

SHARING OF INFORMATION
Sometimes we need to disclose the Information for other lawful purposes, as customary for all developers.

Apart from sharing the Information with our Analytics Providers, as stated in Section “Our Providers’’ and “Usage of Information’’, we may also disclose Information in the following cases:

  • if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request;
  • to exercise or protect the rights, property or personal safety of the Company, our users or others;
  • to enforce this privacy statement, including investigation of potential violations thereof;
  • upon fulfilling legal requirements of local legislation to supply certain services/information a third party might legally request from us
  • to detect, prevent, or otherwise address fraud, security or technical issues;
  • if Your.MD is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your Information via our website;
  • to respond to claims that any content published within our Services violates any right of a third party

STORING OF INFORMATION AND SECURITY
We follow generally accepted industry standards and internal procedures to protect Information submitted to us, during transmission, storing and processing. If you have any concerns about the security of our Services, please contact us at care@your.md.

We have restricted access to production environments and monitoring of user activities. The Information is encrypted and key protected, and we have integrated commercially reasonable efforts to assure that your Information remains secure when maintained by us. However, please be aware that no security measures are perfect or impenetrable.

We use AWS hosting for storing of Information and they provide multiple security certificates. For more Information, please see https://aws.amazon.com/security/.

The Data we collect is transferred to and stored at a destination outside the European Economic Area ("EEA"), namely AWS's region in Oregon in the US. It may also be processed by staff operating outside the EEA who work for AWS or for one of its Providers. Don’t worry, your Data will still be safe - we have entered into the AWS data processing addendum to make sure your personal information (IP address) is safe, namely a) that the AWS will use the Data only to provide its storing services; b) that it will not disclose Data to any third party; c) that the AWS restricts its personnel to process your Data without their authorisation; d) that we stay in control of correcting, blocking, deleting, retrieving your Data; e) that AWS is responsible for implementing and maintaining the technical and organisational measures; f) that AWS is certified under ISO 27001 and agrees to maintain an information security program for the Services that complies with the ISO 27001 standards or such other alternative standards as are substantially equivalent to ISO 27001 for the establishment, implementation, control, and improvement of the AWS Security Standards; and g) that AWS may use subcontractors but will restrict their access only for the purposes of offering AWS services. By downloading our Services, you agree to the transfer, storing and processing as stated herein. We will take all steps reasonably necessary to ensure that your Data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of Information via the internet is not completely secure. Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to our site; any transmission is at your own risk.

DELETION OF INFORMATION
We store your Information for as long as needed to provide our Service, namely 6 months from its collection. We may store the Information longer, but only in a way that it cannot be tracked back to you.

EU Territory We store personal information, namely an IP Address for the duration of the provision of our Services, namely 6 months from its collection. Traffic Information is erased or made anonymous when it is no longer needed for the transmission or, in the case of payable services, up to the end of the period during which the bill may lawfully be challenged or payment pursued. Location Information is stored to the extent and for the duration necessary for the provision of a value-added service. Cookies, direct marketing and provision of value-added services Information (including traffic information used for these purposes) is stored so long as the same is necessary for the provision of these activities, or up to the time when a user opts out from such use in accordance with this Privacy Policy. Other information is stored for as long as we consider it to be necessary for the provision of our Service. This Section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication or as strictly necessary in order for us to provide the service you requested.

US Territory We will retain collected Information for the period necessary to fulfil the purposes outlined in this Privacy Policy namely 6 months from its collection unless a longer retention period is required or permitted by applicable legislation.
Storing might be different depending on the territory of collecting the Information and the applicable legislation, but we always strive to store the Information only as long as it is needed for the purposes of providing, improving or personalising our Services.

OPT-OUT
We make sure we do not collect more Information than is needed to provide our Services and we strive to limit our Providers to do so as well. We have integrated protocols to allow us to process Chat History in a pseudonymised way, but you are always free to opt out of our Information processing by sending an email to care@your.md or opt out of Google Analytics by installing this browser add-on https://tools.google.com/dlpage/gaoptout.

CHANGES TO THE PRIVACY POLICY
We may update this Privacy Policy to reflect the changes in our Information processing practices. Because we are constantly adding new services and features, we might not make an immediate upgrade of the Privacy Policy, unless in case of material changes to our Data processing practices. The most current version of this Privacy Policy will govern our use of the Data we collect from you and it is available at https://www.your.md/widget-pages/thyroid-checker/privacy/. Because we do not create your profile account you will need to consent to the most recent version each time you use the Services.

CONTACT AND ACCESS TO PERSONAL INFORMATION

If you have any questions, please contact us at: care@your.md

We are committed to keep your Information accurate, complete and up-to- date. You can request that we correct or delete the Information, provided that we are not required to retain such Information by law or for legitimate business purposes. To make such request or ask us about this privacy statement please send us an email to care@your.md. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.


Your.MD,
Matteo Berlucchi, CEO