Last updated: August 2020
Name and Contact details of the responsible party/representative
Basma AI, Inc
Address: Flat 51, 5th Floor, ABC Mall, Juffair, Kingdom of Bahrain
Data Protection Officer
Ali Guloom is our Data Protection Officer for the EEA and she can also be contacted at firstname.lastname@example.org.
“Personal data” means all information which relates to an identified or identifiable individual (“data subject”). By identifiable we mean an individual can be identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
“Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction on processing' means the marking of stored personal data with a view to restricting their processing in the future.
"Profiling" means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular with a view to analysing or predicting aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that individual.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable individual.
"Filing system” means any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised along functional or geographical lines.
"Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, provision may be made for the controller or for the specific criteria for his or her designation under Union law or the law of the Member States.
"Processor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient” means any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party or not. However, authorities which may receive personal data in the course of a specific investigation carried out pursuant to Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in compliance with the purposes of the processing.
“Third party” means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We collect and process the following personal data about you: contact and address information (if you send us your contact information), online identifiers (e.g. your IP address, browser type and version, the operating system used, the referrer URL, the IP address, the file name, the access status, the amount of data transferred, the date and time of the server request) and social media identifiers. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. When you register for an account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number. Where necessary we also collect and process financial information such as payment card numbers.
We process your data for the following purposes:
- for the contact you have requested,
- for processing contracts with you,
- for advertising purposes,
- for quality assurance and
- for our statistics.
Legal bases of data processing
The processing of your data takes place on the following legal bases:
- Your consent according to Art. 6 para. 1 a) and Art. 9 para 2 (a) GDPR,
- to perform a contract with you in accordance with Art. 6 para. 1 b) GDPR
- to fulfil legal obligations under Art. 6 para. 1 c) GDPR or
- because of a legitimate interest under Art. 6 para. 1 f) GDPR.
- for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services or pursuant to a contract with a health professional Under Art. 9 para 2 h) GDPR.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time by contacting us using the contact details above. Our use of the information up to that point will be lawful. You may also be able to use the “Unsubscribe” option in any email from us.
California Consumer Privacy Act
Under the California Consumer Privacy Act (CCPA), residents of California have the right to opt out of the "sale" of their personal information. The meaning of “sale” under CCPA is very broad and includes certain types of sharing of information that may not be traditionally be thought of as a "sale".
security participates in certain digital advertising networks that help us to deliver advertising that is tailored to your interests. This participation may constitute a "sale" of personal information under the CCPA. In order to opt out of this activity, please contact us at address or see our Cookies Policy for more information.
Aside from the above, basma.ai does not currently exchange personal information for money with any third party, and it does not otherwise share personal information in a way that would constitute a "sale" under the CCPA.
However, if you would like to opt-out now of any possible future "sale" of your personal information in the event that our activities change, please contact us at email@example.com using the subject line “California Privacy Do Not Sell My Data”. Please provide us with your name and email address so that we can process the request.
Insofar as we restrict the processing of your personal data to legitimate interests as defined by Art. 6 para. 1 f) GDPR, such interests include the improvement of our services, essential maintenance of our services, protection against abuse and the maintenance of our statistics.
We receive the data from you (including about the equipment you use). If we do not collect the personal data directly from you, we will also inform you of the source of the personal data and, if applicable, whether it comes from publicly available sources.
Recipients or categories of recipients of personal data
When processing your data, we work together with the following service providers who have access to your personal data: providers of web analysis tools and social media platforms and third party contractors, our corporate affiliates and third party service providers (third parties that provide us with services, including but not limited to data hosting and/or other services that allow us to provide you with the products and services you request. Please note that this may include the provision of financial and/or transaction details from payment providers in order to process a transaction). Data is transferred to third countries outside the European Union. This takes place under contractual regulations provided for by law and the specific derogations set out above (consent, to perform a contract with you, to fulfil legal obligations, because of a legitimate interest and/or for health related purposes) which are intended to ensure adequate protection of your data and which you can view on request.
Advertising Partners’ Privacy Policies
Please note that basma.ai has no access to or control over these cookies that are used by third-party advertisers.
Every time our website is accessed, usage data is transmitted by your internet browser and stored in log files (server log files). The data records stored in this process contain the following data: the domain from which the user accesses the website, date and time of access, IP address of the accessing device, website(s) that the user visits in the context of the offering, transferred data volume, browser type and version, operating system used, name of the internet service provider, message whether the access was successful. These log file data records are evaluated in anonymised form to improve the offering and make it more user-friendly, to find and eliminate errors and to control the utilisation of servers.
You can also prevent the collection and processing of this data by Google Inc. by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Social Media PlugIns (Facebook, Twitter, Instagram, Linkedin, YouTube)
Our website integrates plugins from the social networks Facebook (provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA), Instagram (provider Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA), Linkedin (provider LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA), YouTube (provider: YouTube LLC 901 Cherry Ave San Bruno, California 94066 USA) and Twitter (Provider Twitter, Inc, 1355 Market St Suite 900 San Francisco, CA 94103 United States. You can recognise the plug-ins from the networks’ logos or the "Like Button" on our site. When you visit our site, the plugin establishes a direct connection between your browser and the server of the social network. The providers are thereby informed that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate your visit to our site with your user account. We would like to point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by the social networks. You can find further information about this in the networks’ privacy policies by following these links: http://de-de.facebook.com/policy.php, http://instagram.com/about/legal/privacy/, https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
We do not knowingly collect online contact information or personally identifiable offline contact information about children from children.
We do not entice children by the prospect of a special game, prize or activity, to divulge any information about themselves for any reason. We do not permit children under the age of sixteen (16) to register with our site, as we do not knowingly accept or store personal data submitted by children younger than thirteen, nor do we respond to, promote to, market to, or communicate with children known to be younger than thirteen years old.
Changes to this Policy