Privacy Policy

I. RESPONSIBLE

The responsible party within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:

Prescrip.ai

Darmstadt, Germany

Email: hello@prescrip.ai

Internet: www.prescrip.ai

Represented by: Umme Jobira Ahmad, Sayda Nasrin, Riazuddin Kawsar

Registration number: an early stage startup (Not a registered company)

VAT identification number according to Section 27a UStG: (Not a registered company yet)

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer of the responsible party is:

Prescrip.ai

Darmstadt, Germany

Email: hello@prescrip.ai

Internet: www.prescrip.ai

III. GENERAL INFORMATION ON DATA PROCESSING

Personal data is generally only processed to the extent necessary to provide a functional website including content and services. Processing usually only takes place with the consent of the data subject. In exceptional cases, processing takes place without the consent of the data subject if this is not possible for actual reasons and the processing of the data is permitted by law.

Article 6(1)(a) GDPR serves as the legal basis for the processing of personal data, provided that the consent of the data subject has been obtained for the processing of personal data.

Art. 6 (1) (b) GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measure

Art. 6 (1) (c) GDPR serves as the legal basis for the processing of personal data, insofar as the processing of personal data is necessary to fulfill a legal obligation to which the company is subject.

Art. 6 (1) (f) GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the processing to safeguard a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.

The personal data of the data subject shall be erased or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this is provided for by relevant national or European regulations. Data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

IV. USE OF THE WEBSITE

Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing computer.The following data is collected: IP address, Date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the website, access status (HTTP status), amount of data transferred, web browser, language and version of the browser, operating system and website from which you accessed the website. The data is stored in the system’s log files. This data is not stored together with other personal data of the user.

The legal basis for this is Art. 6 (1) lit. f GDPR.

The collection and temporary storage of the IP address is necessary to enable the website to be displayed on your device. For this purpose, your IP address must be stored for the duration of your visit to the website. This data is not evaluated for marketing purposes.

The data is deleted when the respective session is ended. If this data is stored in log files, this is the case after nine days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or altered so that it is no longer possible to assign the calling client.

The collection of data for the provision of the website and the storage of data in log files are essential for the provision of the website. There is therefore no possibility of objection.

V. USE OF COOKIES

The website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is accessed again. Cookies cannot transmit viruses to the end device or run programs themselves.

Cookies are used to make a website more user-friendly. Some elements of the website require that the browser that is accessing the website can be identified even after a page change.

Transient cookies are automatically deleted when the session is closed. These include session cookies, which store the so-called session ID, which can be used to assign various requests from the web browser to the shared session. This makes it possible to recognize the end device when the session is reopened.

Persistent cookies are automatically deleted after a specified storage period, which can vary depending on the cookie. The associated settings can be deleted at any time in the web browser settings.

The following data is stored in the cookies: log-in information, language settings, entered search terms, number of visits to the website, Use of individual functions of the website

The legal basis for this is Art. 6 (1) (f) GDPR.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after changing pages.

The user data collected through technically necessary cookies is not used to create user profiles.

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website’s functions.

VI. E-MAIL CONTACT

If you contact us by email, we will store your email address, the title you provide and the content of the communication. The data will be used exclusively to process the conversation.

The legal basis for the processing of data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding or fulfilling a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

The processing of personal data from the email serves solely to process the contact. This also represents the necessary legitimate interest in processing the data.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The data subject has the option to withdraw his or her consent to the processing of personal data at any time. When contacting us by email, the storage of personal data can be revoked at any time, but in such a case the conversation cannot be continued. In this case, all personal data stored during the contact process will be deleted.

VII. GOOGLE ANALYTICS

The website uses “Google Analytics”, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: “Google”). Google uses cookies, i.e. small text files that are stored on your device and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. If the website has the IP address transmitted by the cookie anonymized using the “_anonymizeIp()” extension (hereinafter referred to as: “IP anonymization”) activated (hereinafter referred to as: “IP anonymization”), Google will shorten your IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate the use of the website on behalf of the controller, to compile reports on website usage and to provide other services related to website usage and internet usage. Pseudonymous usage profiles may be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other Google data.

The website only uses Google Analytics with the previously described activated IP anonymization. This means that your IP address will only be processed by Google in a shortened form. This means that it cannot be linked to a specific person.

The legal basis for the processing is the legitimate interest in the analysis, optimization and economic operation of the website within the meaning of Art. 6 (1) lit. f. GDPR.

The website uses Google Analytics to analyse the use of the website and to continuously improve individual functions and offers as well as the user experience. The statistical evaluation of user behaviour can improve the offer and make it more interesting for the user. This also represents the legitimate interest in the processing of the above data by Google.

The storage of cookies generated by Google Analytics can be prevented by making the appropriate settings in your web browser. Please note that in this case, not all functions of the website may be available. If you want to prevent the collection of data generated by the cookie and related to user behavior (including your IP address) as well as the processing of this data by Google, you can download and install the web browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en .

In order to oblige Google to process the transmitted data only in accordance with the instructions and to comply with the applicable data protection regulations, the controller has concluded a data processing agreement with Google.

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to and certified itself under the Privacy Shield Agreement concluded between the European Union and the USA. This means that Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on data usage by Google, setting and objection options, and data protection can be found on the following Google websites:

Terms of Use: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy Policy: http://www.google.de/intl/de/policies/privacy
Use of data by Google when you use our partners’ websites or apps: https://www.google.com/intl/de/policies/privacy/partners
Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
Settings for personalized advertising by Google: http://www.google.de/settings/ads

VIII. DOUBLECLICK

The website uses “Doubleclick”, an online marketing tool from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: “Google”). Doubleclick uses cookies, i.e. small text files that are stored locally in the cache of the web browser on the end device. The information stored in the cookies can be recorded and evaluated by Google or by third parties. Google uses a cookie ID to record which ads are displayed in which web browser. This can prevent ads from being displayed multiple times. DoubleClick can also use the cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a DoubleClick ad appears and the advertiser’s website is later accessed using the same web browser and something is purchased there. According to Google, the aforementioned cookies do not contain any personal data. By using DoubleClick, your browser automatically establishes a direct connection to the Google server. The website has no influence on the extent and further use of the data collected through the use of DoubleClick by Google. Google apparently receives the information that the user has accessed the corresponding part of the website or clicked on an ad. If you have a user account with Google and are registered, Google can assign the visit to the user account. Even if the user is not registered with Google or has not logged in, there is a possibility that Google will find out and save the IP address.

The legal basis for the processing is the legitimate interest in the analysis, optimization and economic operation of the website within the meaning of Art. 6 (1) lit. f. GDPR.

The website uses DoubleClick for marketing and optimization purposes, in particular to display relevant and interesting advertisements, to improve campaign performance reports or to avoid seeing the same advertisements multiple times. This also represents the legitimate interest in processing the above data.

The installation of cookies can be prevented by deleting existing cookies and deactivating the storage of cookies in the web browser settings. Please note that in this case, not all functions of the website may be fully available. Preventing the storage of cookies is also possible by setting the web browser to block cookies from the domain googleadservices.com ( https://www.google.de/settings/ads ). Please note that this setting will be deleted if the cookies are deleted. In addition, interest-based ads can be deactivated via the link http://www.aboutads.info/choices . Please note that this setting will also be deleted if the cookies are deleted.

In addition, Google has submitted to and certified itself under the Privacy Shield Agreement concluded between the European Union and the USA. As a result, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

For more information about DoubleClick by Google, see

https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090

IX. GOOGLE WEBFONTS

The website uses external fonts, so-called “Google Fonts”. Google Fonts is a service provided by Google. These web fonts are integrated by calling a server, usually a Google server in the USA. This transmits to the server which pages of the website have been visited. The IP address of the browser on the device of the visitor to these websites is stored by Google. You can find more information in Google’s privacy policy, which you can access here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

The legal basis for this is Art. 6 (1) lit. f GDPR.

The use of Google Webfonts is based on our legitimate interest in the proper provision of the website, in particular a uniform and appealing presentation of our online offerings.

X. FACEBOOK CONNECT

We use “Facebook Connect” on our website, a service provided by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”). Facebook Connect makes it easier to register for services on the Internet. Instead of using a registration form on our website, you can enter your Facebook login details and then use our service. By using Facebook Connect, your web browser automatically establishes a direct connection to the Facebook server. To log in, you will be redirected to the Facebook page. There you can log in with your usage data. This will link your Facebook user account to our service. We have no influence on the scope and further use of data collected by Facebook through the use of Facebook Connect. To the best of our knowledge, Facebook receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you have a Facebook user account and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will find out and store your IP address and possibly other identification features.

We use Facebook Connect to make the registration and login process easier and shorter for you. This is also where our legitimate interest in processing the above data lies.

You can prevent Facebook from processing the above information by using our registration form and not using Facebook Connect.

In addition, Facebook has submitted to and certified itself under the Privacy Shield Agreement concluded between the European Union and the USA. As a result, Facebook is committed to complying with the standards and regulations of European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Information from the third-party provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information from the third-party provider on data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy

XI. FACEBOOK PIXEL

The website uses “Facebook Pixel” (hereinafter referred to as: “Pixel”), an analysis program of the social network Facebook.com of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as: “Facebook”), to track the actions of users who have previously seen or clicked on a Facebook ad. The data collected is collected anonymously and is used for evaluation for market research purposes. Facebook can link this data to an existing Facebook account and also use it for its own advertising purposes, in accordance with Facebook’s data usage policy.

The user can allow Facebook and its partners to place advertisements on and outside of Facebook. A cookie can also be stored on the computer for these purposes.

The legal basis for the processing is the legitimate interest in the analysis, optimization and economic operation of the website within the meaning of Art. 6 (1) lit. f. GDPR.

The website uses pixels for marketing and optimization purposes, in particular to display relevant and interesting ads, to improve campaign performance reports or to avoid seeing the same ads multiple times. This also represents the legitimate interest in processing the above data.

Consent can be revoked here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. In addition, Facebook has submitted to and certified itself under the Privacy Shield Agreement concluded between the European Union and the USA. As a result, Facebook is committed to complying with the standards and regulations of European data protection law. Further information can be found in the entry linked below:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Information from the third-party provider: Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 4, IRELAND, Fax: +0016505435325. Further information on data usage by Facebook, setting and objection options, and data protection can be found on the following Facebook websites:

https://www.facebook.com/about/privacy/

XII. ENCRYPTED DATA TRANSMISSION

you visit our website, all data is transmitted via SSL technology over an encrypted connection. The SSL certificate required for this, which is installed on the server, was issued by an independent organization.

You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https://.

As soon as the encrypted SSL/TSL connection is established, the entries you send to us can no longer be read by third parties.

XIII. RIGHTS OF THE DATA SUBJECT

If personal data is processed, users are “data subjects” within the meaning of the GDPR and have the following rights vis-à-vis the controller:

Right to information

The data subject may request confirmation from the controller as to whether or not personal data are being processed.

If such processing takes place, the controller may be requested to provide the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(4) the envisaged duration for which the personal data will be stored or, if specific information is not possible, the criteria used to determine that period;

(5) the existence of a right to rectification or erasure of personal data, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information as to their source, where the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.

Right to rectification

There is a right to request rectification and/or completion from the controller if the personal data processed are incorrect or incomplete. The controller must carry out the rectification immediately.

Right to restriction of processing

The restriction of the processing of personal data can be requested under the following conditions:

(1) if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and the erasure of the personal data is opposed and the use of the personal data is requested to be restricted instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but they are required to assert, exercise or defend legal claims, or

(4) if an objection to processing has been lodged pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject.

If the processing of personal data has been restricted, these data – with the exception of storage – may only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above-mentioned requirements, the data subject shall be informed by the controller before the restriction is lifted.

Right to erasure

a) Obligation to delete

You have the right to request that the controller erase the personal data without undue delay and the controller is obliged to erase those data without undue delay where one of the following reasons applies:

(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) The consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR is withdrawn and there is no other legal basis for the processing.

(3) An objection to the processing is lodged pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing is lodged pursuant to Art. 21 Para. 2 GDPR.

(4) The personal data were processed unlawfully.

(5) The erasure of personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged to erase them pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that data subjects have requested the erasure by such controllers of all links to these personal data or of copies or replications of these personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render the achievement of the objectives of that processing impossible or seriously compromises it, or

(5) to assert, exercise or defend legal claims.

Right to information

If the right to rectification, erasure or restriction of processing has been asserted vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data were disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure.

You have the right to be informed by the controller about these recipients.

Right to data portability

You have the right to receive the personal data provided to the controller in a structured, common and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, provided that

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

You have the right to object at any time to the processing of your personal data based on point (e) or (f) of Article 6(1) of the GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data unless he can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If processing for direct marketing purposes has been objected to, the personal data will no longer be processed for these purposes.

In connection with the use of information society services, it is possible to exercise the right of objection by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent to data protection at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation.

Automated decision-making in individual cases, including profiling

There is a right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning the data subject or similarly significantly affects him or her. This shall not apply if the decision

(1) is necessary for the conclusion or performance of a contract between the data subject and the controller,

(2) is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or

(3) with the express consent of the data subject.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.

With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the data subject’s habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data infringes the GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Privacy Policy

This website uses cookies.