Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly application, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our application and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this application (the „controller“) for purposes of data protection law is:

theBlue.ai GmbH, c/o The-Labs.Space, Raboisen 32, 20095 Hamburg

[email protected]; Phone: +49 40 280 56 248

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

• to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
• to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
• to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
• to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
• to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our application will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Server data

For technical reasons, the following data will be collected in the server logs to ensure a secure and stable functioning of the application: user login (email address), IP address, the date and time of your application usage.

The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our application.

The data will be deleted within no more than thirty days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Application functionalities

One of the main functionalities of our application is the possibility to upload personalized data for the purpose of their anonymization, as well as sharing the anonymized version with the other users. You can upload different types of personal data such as: medical images (DICOM), videos, pictures and text documents.

The exact types of personal information uploaded is dependent on you and there is no list of mandatory data to include for this purpose. The data might include information such as names, addresses, personal IDs, biometric data (faces), phone numbers, email addresses, information included in the tags of images from imaging diagnostics, e.g. Patient’s Name, Patient’s Birth Time, Patient’s ID.

The uploaded data will be processed for the purpose of providing the services specified in the License Agreement and in the manner resulting from the License Agreement, in IT systems, in the cloud environment provided by Microsoft.

As our application uses AI models to support the data anonymization, we can store the original form of the uploaded data for the purpose of manual checking and editing of the processed data by you. The data will be stored as long as you keep the uploaded data in the application, but no longer than 30 days, unless specifically requested by you to store it for a longer period.

Cookies

Our application makes use of session cookies in order to enable the user log-in process.
Recognition occurs through an IP address saved to the cookies. The information thereby obtained is used to authorize and keep you logged in to the application.
You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to use the application properly.

Order processing

The data you submit when ordering services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.

The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.

Customer account/registration

When you purchase the license, we will use the data you entered during registration (e.g. your name, your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to support you with any potential problems with the application usage or to provide you with the updates in the application). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account.

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent. The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. During the registration process or later during your work with the application, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

Sendinblue

We use Sendinblue for the email communication in our application, especially to enable core functionalities connected with sharing and receiving of the data. We can also use Sendinblue for the purpose of communicating information connected with the functioning of the application, for example the release of new features or unavailability of the application.

Sendinblue is a service provided by the company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, hereinafter referred to as “Sendinblue „.

The data requested during the registration process (your email address and name) will be processed by Sendinblue. For this your IP address and the date of your registration will be saved along with the time.

Additionally at https://www.sendinblue.com/legal/privacypolicy/ Sendinblue offers further data protection information.

The emails sent by Sendinblue contain technologies by which we can analyse whether and when an email was opened and whether and which links contained in the email were followed. We save this data in addition to the technical data (system data and IP address). The data thus collected is used to continuously improve the quality of our services.

The legal basis for sending the newsletter and the analysis is Art. 6 Para. 1 lit. a.) EU General Data Protection Regulation (GDPR).