WHAT OUR BOT DOES WITH YOUR DATA
We need some information from you if you want our Thyroid Checker to work. Want to know what we at Your.MD do with your data? Keep reading, it’s only a few sentences.
THE DATA WE COLLECT
Aside from the technical and analytical data, we also collect your age, gender, IP address, country, region, time zone and chat data you choose. We call this information “Your Data’’.
WHAT WE DO WITH YOUR DATA
We use it so the Thyroid Checker can calculate the most likely condition based on what you tell us. Your Data is never compromised when we update or improve our app. However to repair technical errors and bugs, we will use the Information you share with us. While we use Google Analytics to help us improve our bot and make it better for you, we do not disclose Chat Data to Google.
WE TAKE CARE OF YOUR PRIVACY
We need to store Your Data in order for our bot to work, but we do not use it to create your profile. The information you tell our bot, is called “Chat Data’’ - it is not directly tied to Your Data, which means that we can check how well we did without knowing anything personal about you. In limited cases, we will need to access your Chat Data and IP address to trace bugs, solve technical errors and distribute answers.
We store your Information for as long as needed to provide our Service. After the period of 6 months we will delete the Data we collected from you.
We ask for your Data so that the Thyroid Checker can give you the best results. However, you can withdraw your consent at any time by sending a request to email@example.com. You can opt out of Google Analytics by installing this browser add-on https://tools.google.com/dlpage/gaoptout.
(v.1, February 2018)
WE RESPECT YOUR PRIVACY
We respect your privacy and we take protecting it seriously. If you have any privacy related concerns, please contact us at: firstname.lastname@example.org.
Your.MD Thyroid Checker Services (hereinafter referred to as: ‘’Services’’) is offered by YOUR.MD AS, incorporated and registered in Norway with company number 999260993 whose registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1 , 0252 Oslo, Norway via its subsidiary Your.MD Limited, incorporated and registered in the UK with company number 08727263 whose registered office is at Your.MD Ltd, 5th Floor, 43 Whitfield Street, London, W1T 4HD, UK (hereinafter referred to as: ‘’Your.MD’’, ‘’We’’).
This privacy statement describes how Your.MD collects and uses the Information and/or Data (the terms are used interchangeably) you provide. It also describes the choices available to you regarding our use of your Information and how you can access the Information. We will never use your Data for any purpose not explicitly stated herein. Your.MD Services should only be used by persons over the age of 16 or older and capable in your country of residence of entering into legal binding agreement to use our Service.
COLLECTION OF INFORMATION
In order for you to be able to use our Services, we need to collect limited Information (the term ''Information'' and/or ‘’Data’’ is used collectively for the information defined below).
User agent (web browser type and version), screen information, geolocated country and region, time zone
User’s interaction with the Services
- Logs with technical information and Chat History
Technical data as described above
Various information on how you use the Services
Google Analytics' own unique user ID
Thyroid Checker Information
Your Data – age, gender, geolocated country and region (not specific enough to identify a street), time zone, Services preferences, IP address.
Chat Data - (selected symptoms, duration, rejected symptoms, questions and answers to clarify symptoms, factors that affect the diagnosis (age and gender), other information about our Services you may voluntarily provide, Thyroid Checker’s results)
USE OF INFORMATION
We use your Information to provide the Thyroid Checker and to make constant improvements with troubleshooting, testing, research, internal analytics and surveys to ensure the best user experience, but only on an anonymised basis. We also send reports to our partner Merck, who is hosting the Thyroid Checker webpage, without disclosing any of Your Data.
We use Your Data to be able to provide the Thyroid Checker and to help us better understand your reported symptoms. We do not tie Your Data (IP address that could indirectly identify you) with Chat Data (symptoms you choose) when checking the performance of the Thyroid Checker, but we need to tie Your Data (also including IP address) with Chat Data in limited cases of solving technical errors, bugs and distributing answers. Google Analytics uses IP address to provide and protect the security 3 of the service, and to give website owners a sense of where in the world their users come from, but we do not send them any Chat Data and all traffic analysis is done on aggregated basis solely for us. Please see the Analytics Provider Section for more information.
We use Technical, Thyroid Checker and Analytics Information to be able to provide the Thyroid Checker Services. The Thyroid Checker will ask you questions to assess the most likely condition, based on your reported predefined symptoms. This means that we will use Your Data (age, gender, IP address and other technical data along with the symptoms you choose) to be able to calculate the most likely condition and present you the outcome of such calculation. We do not create a user profile out of Your Data. We do not tie Your Data with Chat Data when checking the performance of the Thyroid Checker, but we need to tie Your Data (also including IP address) with Chat Data in limited cases of solving technical errors, bugs and distributing answers. This means that when we check for general performance of the Thyroid Checker we can do this without personally identifying you, but if we need to check technical problems this can only be done by researching Chat Data with Your Profile, namely an IP address.
Improving our Services
We use your Data to improve our services and your experience with conducting internal analytics, Google Analytics, troubleshooting, testing, research and surveys as explained in this and the following Section. In limited cases when we need to check technical problems, bugs or distribute answers we access Your Data (IP address that could indirectly personally identify you) along with researching the Chat Data.
We provide the following information to Merck on monthly basis: how many users used the Thyroid Checker, finished the consultation, were identified as susceptible to suffer a specific condition all in an aggregated and anonymised form, meaning Your Data and Chat Data is never disclosed. Merck has the right to appoint an independent auditor to verify the data. In such case, we might need to disclose more data, but don’t worry, Your Data will be anonymised should this need to happen.
We use the Information we collect with the help of our Analytics Provider to constantly improve our Services and make it better for you. We chose our Provider carefully and we set the most restrictive controls they offer to ensure they do not use your Data for any purposes other than providing services to us. The Analytics Provider processes the Information we share - namely various information on how you use the Services by using Google Analytics' own unique user ID, but they also have access to your IP address.
When you visit the Thyroid Checker website, your web browser automatically sends IP address and information on how you use the Services. We use your Data only for the purposes of our internal analytics to improve our Services. We do not use any other features apart from the Google Analytics (‘’GA’’) and we do not allow sharing of your Data with Google’s other products and services. We never disclose any of your Chat Data to Google. Google can share your Data only in limited situations where a) it concludes that it is required by law or has a good faith belief that access, preservation or disclosure of customer data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or b) in certain limited circumstances when third parties carry out tasks on Google's behalf (e.g., data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. GA uses IP addresses to provide and protect the security of the service, and to give website owners a sense of where in the world their users come from (also known as "IP geolocation"). Apart from this GA works on aggregated data Please see these links for more information:
Google Analytics Cookies
Our Internal Analytics
Our internal analytics is based on using Chat Data and IP address, but the data is stored in a separate database. This means we can review Chat Data without seeing any of Your Data, so your Data is kept confidential with pseudonymisation. We analyse Chat Data to constantly improve the Thyroid Checker and make it better for you.
SHARING OF INFORMATION
Sometimes we need to disclose the Information for other lawful purposes, as customary for all developers.
Apart from sharing the Information with our Analytics Providers, as stated in Section “Our Providers’’ and “Usage of Information’’, we may also disclose Information in the following cases:
- if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request;
- to exercise or protect the rights, property or personal safety of the Company, our users or others;
- to enforce this privacy statement, including investigation of potential violations thereof;
- upon fulfilling legal requirements of local legislation to supply certain services/information a third party might legally request from us
- to detect, prevent, or otherwise address fraud, security or technical issues;
- if Your.MD is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your Information via our website;
- to respond to claims that any content published within our Services violates any right of a third party
STORING OF INFORMATION AND SECURITY
We follow generally accepted industry standards and internal procedures to protect Information submitted to us, during transmission, storing and processing. If you have any concerns about the security of our Services, please contact us at email@example.com.
We have restricted access to production environments and monitoring of user activities. The Information is encrypted and key protected, and we have integrated commercially reasonable efforts to assure that your Information remains secure when maintained by us. However, please be aware that no security measures are perfect or impenetrable.
We use AWS hosting for storing of Information and they provide multiple security certificates. For more Information, please see https://aws.amazon.com/security/.
DELETION OF INFORMATION
We store your Information for as long as needed to provide our Service, namely 6 months from its collection. We may store the Information longer, but only in a way that it cannot be tracked back to you.
Storing might be different depending on the territory of collecting the Information and the applicable legislation, but we always strive to store the Information only as long as it is needed for the purposes of providing, improving or personalising our Services.
We make sure we do not collect more Information than is needed to provide our Services and we strive to limit our Providers to do so as well. We have integrated protocols to allow us to process Chat History in a pseudonymised way, but you are always free to opt out of our Information processing by sending an email to firstname.lastname@example.org or opt out of Google Analytics by installing this browser add-on https://tools.google.com/dlpage/gaoptout.
CONTACT AND ACCESS TO PERSONAL INFORMATION
If you have any questions, please contact us at: email@example.com
We are committed to keep your Information accurate, complete and up-to- date. You can request that we correct or delete the Information, provided that we are not required to retain such Information by law or for legitimate business purposes. To make such request or ask us about this privacy statement please send us an email to firstname.lastname@example.org. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
Matteo Berlucchi, CEO