Last modified: October 2022
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE Embie APP SERVICES.
You must be 16 years or older to use our Services. It is expressly prohibited for minors under the age of 16 to create and use an Embie account.
Protecting your data, privacy and personal data is very important to Embie (“us”, “our” or “we”). It is vitally important to us that our users feel secure when using our Services.
This privacy policy (the “Privacy Policy”, together with our Terms of Services at Embieapp.com/terms-services, our Cookie Policy at Embieapp.com/cookies and any other documents referred therein), sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read this Privacy Policy carefully to understand the types of data we collect from you, how we use it, the circumstances under which we will share it with third parties, and your rights in relation to your personal data.
When using “Embie” through our mobile application (“App”), or accessing our website Embieapp.com (“Website”) or any service and/or product we may provide you (the “Services”), you will be asked to indicate your acknowledgment of, and where applicable, give your consent to the practices described in this policy.
Our Website may contain links to third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third-party websites.
1. Who is Embie
This Privacy Policy applies to any personal data processed by Embie (As operated by Embie Clinic, Ltd), Trumpeldor 17, Unit 6, Tel Aviv, Israel.
Embie is the data controller (as defined under Article 4(7) GDPR) of all processing activities in connection with the Services.
Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed to info@embieapp.com.
EU Representative
Our EU Representative is Chino Srls, registered office at Via Segantini 28, Rovereto (TN), 38068, Italy, email address embie-eurepresentative@chino.io.
2. General overview of our data processing in connection with the Services
We may collect and process the following data about you:
Information that you provide to us. You will be asked to provide us with your information when you:
- fill in forms on our Website or App, or correspond with us by email or otherwise;
- register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
- use the Services;
- report a problem with our Services; or
- complete any surveys we ask you to fill in that we use for research purposes (these are optional).
The information you will be asked to provide us for these purposes may include your identification and/or sensitive data such as: Email address, symptoms, Medications / prescriptions, lab and ultrasound results,, Personal details (e.g. age, sex, date of birth, ), Physical description (e.g. Height, weight) , Physical health data, Mental health data, Data regarding risk situations and risk behavior, Genetic data related to population studies, genetic research, etc., Composition of the family, Data about the sex life, Images, Medical Diagnosis, Fertility Treatment history, Current Treatment Cycles (Treatment Protocols, Labs, Ultrasound, Egg Report, Embryo Report, Transfer Report, Cycle Report), Previous Treatment Cycles (Treatment Protocols, Labs, Ultrasound, Egg Report, Embryo Report, Transfer Report, Cycle Report), Calendar Appointments.
Information we collect about you. Although we will not use it to identify you, we may collect the following data during each of your visits to the Website and App:
- Device Data: geolocation data, Mobile device IDs, IP addresses
- Usage data: technical information about your device, incl. device-specific information such as your hardware model, operating system version, unique device identifiers, and mobile network information; details of your visits to the Website and App, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our Website and App (including date and time).
- Analytics data: your IP address, operating system and browser type; information about which app store you downloaded our App from; length of visits to certain pages, and page interaction information (such as scrolling, finger gestures, clicks, and mouse-overs).
If you are using our Services on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data. For the avoidance of any doubt, any reference in this Privacy Policy to “your data” shall include data about other individuals that you have provided us with.
3. Specific processing activities
When you use our Website
- Purposes: We use the following data to provide you with access to our Website, ensure that the Website can establish an internet connection smoothly and is easy to use; to analyze the system security and stability, as well as for additional administrative and analytical purposes.
- Types of data: IP address of the requesting device, date and time of access, name and URL of the requested file, Website from which access is obtained (“Referrer URL”), browser used and, where applicable, your device’s operating system and the identity of your access provider.
- Legal Basis: The processing of your personal data is based on the necessity for the performance of the contract between you and Embie (art. 6 (1) (b) GDPR). Special categories of personal data (sensitive personal data) about your health are processed based on the necessity of the performance of the service (art. 6 (1) (b) GDPR), on the explicit consent you provided when you created your user account (art. 9 (2) (a) GDPR). You are not obliged to provide the above personal data. However, you will not be able to access the Website if such personal data are not provided.
- Retention Period: Your data is removed after 14 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.
4. DIRECT MARKETING FOR OUR OWN SIMILAR PRODUCTS AND SERVICES
- Types of data: Email address, usage data.
- Purpose: To send direct marketing (similar products and services, updates, newsletter) or communication that we believe will be of interest to you. You can modify your marketing settings at any time by using the link at the bottom of each marketing email, or by updating your notifications settings in the app.
- Legal basis: Necessary for the performance of the contract (Article 6 (1) (b) GDPR), Legitimate interest in receiving the above mentioned communications, to improve our products and services and better engage with you (Article 6 (1) (f) GDPR).
- Retention Period: You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.
We may also use certain health data to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent.
5. PROVIDE PROFILED MARKETING COMMUNICATIONS OF OUR OWN OR THIRD PARTIES’ PRODUCTS
- Purposes: Provide marketing communications of ours or third parties’ products to you.
- Types of data: For this purpose we process your [identity information and contact information].
- Legal Basis: The processing is based on your consent (art. 6 (1) (a) GDPR).
- Retention Period: You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter.
6. ANALYSE, DEVELOP AND IMPROVE TECHNICAL FUNCTIONALITIES, AND ENSURE THE SECURITY OF OUR PLATFORM AND WEBSITE
- Purposes: We continuously strive to provide the best experience possible. We therefore may use your personal data to analyse, develop, and improve technical functionalities and ensure the security of our platform and website.
- Types of data: For this purpose we may process the personal data collected for the other purposes outlined in this Privacy Policy.
- Legal Basis: The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our platform and website (art. 6 (1) (f) GDPR). Special categories of personal data (sensitive personal data) about your health may be processed for this statistical purpose in accordance with the appropriate safeguards (art. 9 (2) (j) GDPR – art. 89 GDPR).
- Retention Period: Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
7. ASSESSMENT OF SUITABILITY FOR CLINICAL RESEARCH
- Purpose: We use the above data in an anonymous, aggregated or pseudonymized manner to assess your suitability for clinical research and to invite you to partake in clinical research with one of our clinical research partners. For the avoidance of doubt, we do not pass on any personal data to our clinical research partners without your explicit consent.
- Types of data: symptoms, Medications / prescriptions, lab and ultrasound results, geolocation data, Personal details (e.g. age, sex, date of birth, ), Physical description (e.g. Height, weight), Physical health data, Mental health data, Data regarding risk situations and risk behavior, Genetic data related to population studies, genetic research, etc., Composition of the family, Data about the sex life.
- Legal Basis: Explicit Consent (Article 9 (2) (a) GDPR).
- Retention Period: Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
8. AGGREGATED DATA FOR COMMUNITY/FEED TRENDING RESULTS
- Purpose: We may use the health data you provide to create aggregated data for community/feed trending results.
- Types of data: health data.
- Legal Basis: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purpose. Under no circumstances will we use the collected data to determine your identity.
- Retention Period: Your data will be stored until it is no longer required for the purpose for which it was collected. After that, or when you request deletion of your account or when you delete your account in the App, the collected data will be deleted or irreversibly anonymized.
9. OTHER PURPOSES
Manage and Defend Legal Claims
If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
10. Fulfill Legal Obligations
Finally, we use your personal data to fulfil legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such case process the personal data collected which is necessary in order to fulfill the legal obligation in question. Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. For this purpose, we may share your personal data with other parties, see below.
11. Payment Processing
When you upgrade your Embie services, your personal data such as credit card numbers and/or cell phone numbers, as well as other information about you necessary to ensure that a transaction is properly authorized, such as your address, zip code, and cv number (collectively, “Payment Information”) may be collected by 3rd party such as the Google Play Store or Apple. We do not collect or store any of your payment information on our servers.
12. Cookies and tracking on our Website
Our Website uses so-called “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s device (computer, tablet, or phone). We use the term “cookies” to refer to all tools that collect data on our Website (e.g. IP addresses, place and time of the visit of the users). The user’s data collected in this way is pseudonymized. The data is not stored together with the user’s other personal data. This processing is carried out on a legal basis or, where required by law, based on your consent.
For detailed information on our user tracking and the cookies we use, the purposes for which we use them and to manage your Cookie preferences see our Cookie Policy.
13. Data Security
We keep your data safe adopting the best practices and highest standards in terms of security.
All required technical and organisational security measures have been adopted.
When data is shared between our App and the server storage, it is encrypted through https. Our databases are stored in Hetzner german cloud and we guarantee the highest level of security using the Chino.io Security Platform. In order to fetch data from storage, the API of the Embie app needs to be used.
All data handling is GDPR (General Data Protection Regulation) compliant.
Retention Period
In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 60 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
14. Transfer to Other Countries
We transfer personal data to our service providers which are located in the European Union (EU) or the European Economic Area (EEA)). In order to ensure that your personal data is always protected we ensure that there are adequate safeguards in place. The processing of data in Israel is based on the adequacy decision provided by the European Commission. The transfer of data to service providers located in the US must also be considered legitimate because it relies on Standard Contractual Clauses. If you have questions regarding to which countries your personal data is transferred and which safeguards we take to protect your personal data, or to request a copy of such safeguards respectively information where they are available, please contact us at info@embieapp.com.
15. Sharing of personal data
We share information with certain recipients as explained below:
Service Providers
We use certain third-party service providers which provide for example IT services to us as can be found here. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They must not use your personal data for their own purposes and they are obligated to protect your personal data.
Partners
We may share aggregated information with our partners, e.g. reports based on research which do not include any personal data.
The transfer of personal data is based on your explicit consent. Such data will only be shared with the partners if you have given your explicit consent to this.
Partners include, but are not limited to, pharmaceutical companies, universities and other educational institutions.
Other Sharing
In addition to the above, we may if necessary, share your information with other recipients for the following purposes:
- to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
- to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
- to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).
16. How long do we retain your personal data
In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 60 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
17. Your rights
You have certain rights in relation to the use of your personal data. If you wish to exercise your rights, please contact us at: info@embieapp.com.
You have the right to:
BE INFORMED
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is what we are trying to do, providing you with the information in this Privacy Policy.
ACCESS YOUR PERSONAL DATA
You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.
UPDATE YOUR PERSONAL DATA
You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.
WITHDRAW CONSENT
If we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
DELETE YOUR PERSONAL DATA (RIGHT TO BE FORGOTTEN)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
RESTRICT THE USE OF YOUR PERSONAL DATA
You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the platform during the time that the use of your personal data is restricted.
OBJECT TO THE USE OF YOUR PERSONAL DATA
Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
UNSUBSCRIBE FROM MARKETING COMMUNICATION
You have the right to oppose our use of your personal data for promotional and marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED DECISION-MAKING
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
TRANSFER YOUR PERSONAL DATA (DATA PORTABILITY)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
LODGE A COMPLAINT
As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in Article 77 GDPR.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer bein
g able to use the Services.
18. Privacy information for California residents
If you are a California resident, California law requires us to provide you with some additional information regarding your rights with respect to your “personal information” (as defined in the California Consumer Privacy Act (hereinafter the “CCPA”) that came into force on January 1st, 2020).
We did not during the preceding 12 months, do not currently, and will not in the future sell or transfer your personal data to third parties (and will never do it without providing a right to opt out).
We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed in Section 3 above, but only with the third-party processors with whom we have a data protection agreement in place. A full list of our third-party processors can be found here.
CCPA provides Californian consumers the following rights (which does not interfere with GDPR):
- Right to request disclosure of any personal information we collected (Article (1798.100) (a) CCPA). This means in particular that you have the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected, the purpose of the collection, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information that have been collected (Article 1798.110 (a) CCPA).
- Right to request deletion of any personal information that we collected from you (Article (1798.105) CCPA). This means that after we have verified your request to delete your personal information, we shall delete it from our records and direct any service providers to delete your personal information from their records, except when Article 1798.105 (d) CCPA is applicable (e.g. in case the personal information is necessary to provide the Services, to detect security incidents, to identify and repair errors that impair existing intended functionality of the App, to engage statistical research in the public interest, or to comply with a legal obligation).
In addition to the possibility to contact us by sending an e-mail to info@embieapp.com, you can exercise any rights under CCPA.
19. Changes to this policy
Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.