BASMA.AI PRIVACY POLICY

Last updated: August 2020

At basma.ai, accessible from basma.ai, one of our main priorities is the privacy of our visitors. This Privacy Policy contains the types of information that is collected, processed and stored by basma.ai and how we use it.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they share and/or collect in basma.ai. This policy is not applicable to any information collected offline or via channels other than this website.

This Privacy Policy tells you how we process your personal data and informs you about your rights. We are aware of the significance of the processing of personal data for you as a data subject and so we comply with all relevant legal requirements. The protection of your privacy is of the utmost importance to us. Processing of your personal data by us is carried out in accordance with the GDPR and other national laws and state laws outside of the European Union.

Name and Contact details of the responsible party/representative
Basma AI, Inc
Address: Flat 51, 5th Floor, ABC Mall, Juffair, Kingdom of Bahrain
Email: privacy@basma.ai


Data Protection Officer

Ali Guloom is our Data Protection Officer for the EEA and she can also be contacted at privacy@basma.ai.

Interpretation

This privacy policy uses the definitions in the General Data Protection Regulation (GDPR) of the European Union and its Member States. References to personal data within the meaning of the GDPR shall be construed as encompassing references to personal information within the meaning of the California Consumer Privacy Act (CCPA) and personally identifying information within the meaning of the Health Insurance Portability and Accountability Act (HIPAA) and the treatment of such data, and rights and liabilities arising under the GDPR shall be understood to encompass the treatment, rights and liabilities arising under CCPA and HIPAA.

“Personal data” means all information which relates to an identified or identifiable individual (“data subject”). By identifiable we mean an individual can be identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

“Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

“Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Restriction on processing' means the marking of stored personal data with a view to restricting their processing in the future.

"Profiling" means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular with a view to analysing or predicting aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that individual.

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable individual.

"Filing system” means any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised along functional or geographical lines.

"Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, provision may be made for the controller or for the specific criteria for his or her designation under Union law or the law of the Member States.

"Processor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"Recipient” means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party or not.  However, authorities which may receive personal data in the course of a specific investigation carried out pursuant to Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in compliance with the purposes of the processing.

“Third party” means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Processing operations

We collect and process the following personal data about you: contact and address information (if you send us your contact information), online identifiers (e.g. your IP address, browser type and version, the operating system used, the referrer URL, the IP address, the file name, the access status, the amount of data transferred, the date and time of the server request) and social media identifiers. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. When you register for an account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number. Where necessary we also collect and process financial information such as payment card numbers.

Certain third parties with whom we contract for the purposes of our telehealth services may ask you to submit via our platform data revealing racial or ethnic origin, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (collectively special category data, sensitive information and protected health information). Other than storing these data in an encrypted, secure location, basma.ai does not make use of these data. These data are processed by or under the responsibility of a professional subject to an obligation of professional secrecy  or rules established by national competent bodies or by another person also subject to an obligation of secrecy or rules established by national competent bodies. In accepting the terms of this privacy policy, you agree that you are aware of the fact that we store these data, the reasons why and bases on which these data are processed (as set out below) and the restrictions on the processing of these data.

Processing purposes

We process your data for the following purposes:

  • for the contact you have requested,
  • for processing contracts with you,
  • for advertising purposes,
  • for quality assurance and
  • for our statistics.

Legal bases of data processing

The processing of your data takes place on the following legal bases:

- Your consent according to Art. 6 para. 1 a) and Art. 9 para 2 (a) GDPR,

- to perform a contract with you in accordance with Art. 6 para. 1 b) GDPR

- to fulfil legal obligations under Art. 6 para. 1 c) GDPR or

- because of a legitimate interest under Art. 6 para. 1 f) GDPR.

- for the purposes of preventive or occupational medicine, medical diagnosis, the     provision of health or social care or treatment or the management of health or social care systems and services or pursuant to a contract with a health professional Under Art. 9 para 2 h) GDPR.

Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time by contacting us using the contact details above. Our use of the information up to that point will be lawful. You may also be able to use the “Unsubscribe” option in any email from us.

California Consumer Privacy Act

Under the California Consumer Privacy Act (CCPA), residents of California have the right to opt out of the "sale" of their personal information. The meaning of “sale” under CCPA is very broad and includes certain types of sharing of information that may not be traditionally be thought of as a "sale".

security participates in certain digital advertising networks that help us to deliver advertising that is tailored to your interests. This participation may constitute a "sale" of personal information under the CCPA. In order to opt out of this activity, please contact us at address or see our Cookies Policy for more information.

Aside from the above, basma.ai does not currently exchange personal information for money with any third party, and it does not otherwise share personal information in a way that would constitute a "sale" under the CCPA.

However, if you would like to opt-out now of any possible future "sale" of your personal information in the event that our activities change, please contact us at privacy@basma.ai using the subject line “California Privacy Do Not Sell My Data”. Please provide us with your name and email address so that we can process the request.

Legitimate interests

Insofar as we restrict the processing of your personal data to legitimate interests as defined by Art. 6 para. 1 f) GDPR, such interests include the improvement of our services, essential maintenance of our services, protection against abuse and the maintenance of our statistics.

Data sources

We receive the data from you (including about the equipment you use). If we do not collect the personal data directly from you, we will also inform you of the source of the personal data and, if applicable, whether it comes from publicly available sources.

Recipients or categories of recipients of personal data

When processing your data, we work together with the following service providers who have access to your personal data: providers of web analysis tools and social media platforms and third party contractors, our corporate affiliates and third party service providers  (third parties that provide us with services, including but not limited to data hosting and/or other services that allow us to provide you with the products and services you request. Please note that this may include the provision of financial and/or transaction details from payment providers in order to process a transaction). Data is transferred to third countries outside the European Union. This takes place under contractual regulations provided for by law and the specific derogations set out above (consent, to perform a contract with you, to fulfil legal obligations, because of a legitimate interest and/or for health related purposes) which are intended to ensure adequate protection of your data and which you can view on request.

Advertising Partners’ Privacy Policies

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on basma.ai, which are sent directly to users' browsers. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Please note that basma.ai has no access to or control over these cookies that are used by third-party advertisers.

Log files

Every time our website is accessed, usage data is transmitted by your internet browser and stored in log files (server log files). The data records stored in this process contain the following data: the domain from which the user accesses the website, date and time of access, IP address of the accessing device, website(s) that the user visits in the context of the offering, transferred data volume, browser type and version, operating system used, name of the internet service provider, message whether the access was successful. These log file data records are evaluated in anonymised form to improve the offering and make it more user-friendly, to find and eliminate errors and to control the utilisation of servers.

Cookies

Please read our separate Cookie Policy.

Google Analytics

We use the Google Analytics service of Google Inc. This service enables analysis of the use of our website and uses cookies for this purpose. For this purpose, the information generated by the cookie, such as your anonymised IP address, is transferred on our behalf to a Google Inc. server in the USA, where it is stored and evaluated. This ensures an anonymised recording of IP addresses. The anonymisation of your IP address is usually done by shortening your IP address by Google Inc. within the European Union or in other signatory states of the European Economic Area (EEA). In exceptional cases, your IP address will be transferred to a Google Inc server in the USA and only there it will be anonymised. If your IP address is transmitted in this way, it is not merged with other data from Google Inc. As part of the Google Analytics advertising function, remarketing and reports on performance according to demographic characteristics and interests are used. The purpose of these procedures is to use the information on user behaviour to align the advertising measures more closely with the interests of the respective users. As part of remarketing, personalised advertising measures can be placed on other Internet sites based on the user's surfing behaviour on this website. If you have consented to Google linking your web and app browsing history to your Google Account and information from your Google Account being used to personalise ads, Google will use this data for cross-device remarketing. You may opt out of having your information collected by Google Analytics at any time. You may take the following steps:

You can refuse to accept cookies. Please refer to Google Analytics Cookie Policy.

It may be that some browsers continue automatically to accept cookies. However, you can prevent the use of cookies by adjusting your browser settings. If you do that, however, not all functions of the website may be available. You must configure the settings separately for each browser that you use.

You can also prevent the collection and processing of this data by Google Inc. by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Social Media PlugIns (Facebook, Twitter, Instagram, Linkedin, YouTube)

Our website integrates plugins from the social networks Facebook (provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA), Instagram (provider Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA), Linkedin (provider LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA),  YouTube (provider: YouTube LLC 901 Cherry Ave San Bruno, California 94066 USA) and Twitter (Provider Twitter, Inc, 1355 Market St Suite 900 San Francisco, CA 94103 United States. You can recognise the plug-ins from the networks’ logos or the "Like Button" on our site. When you visit our site, the plugin establishes a direct connection between your browser and the server of the social network. The providers are thereby informed that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate your visit to our site with your user account. We would like to point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by the social networks. You can find further information about this in the networks’ privacy policies by following these links: http://de-de.facebook.com/policy.php, http://instagram.com/about/legal/privacy/, https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

Children

We do not knowingly collect online contact information or personally identifiable offline contact information about children from children.

We do not entice children by the prospect of a special game, prize or activity, to divulge any information about themselves for any reason. We do not permit children under the age of sixteen (16) to register with our site, as we do not knowingly accept or store personal data submitted by children younger than thirteen, nor do we respond to, promote to, market to, or communicate with children known to be younger than thirteen years old.

Changes to this Policy

basma.ai reserves the right to amend this Privacy Policy at its discretion and at any time. When we make changes to this Policy, we will post the updated notice on this site and update the Policy’s effective date. Your continued use of our web site following the posting of changes constitutes your acceptance of such changes.