Last updated: February 3, 2020
Arterys has created this Privacy Notice to describe our data practices with regards to the personal information we collect about users of the Arterys website available at https://www.arterys.com/ and about users of the Arterys product. This Notice applies to all user personal information collected by Arterys through this website and the Arterys product, but does not apply to any patient personal information or patient health information as this is covered under applicable health institution policies.
This Notice applies to the protection of personal data established by the General Data Protection Regulation (GDPR) 2016/679 and also undertakes to apply to any regulation that may come into force in the USA or any territory in which Arterys is active in.
GDPR Data Controller Information: Personal data is processed by Arterys Inc, whose head office is located at 51 Federal Street, Suite 305, San Francisco, CA 94107, with a representative at Arterys France, 50 rue Étienne Marcel, 75002, Paris, France (SIREN 823 394 424).
Information We Collect
We collect personally identifiable information about you when you use our website and the Arterys product.
NOTE: We do not knowingly collect personally identifiable information from persons under 16 years of age, and no part of the website or product is directed to persons under 16.
Information you provide to us or to a third party
We collect the personal information you voluntarily provide to us, such as your name, contact information, company, and title, when you register for an Arterys product account (an “Account”), when you sign a contract, or when you request a demo or further information from the website. We also receive your contact information that you provided to a third party event host and that you have consented to be included in an attendee list that is forwarded to vendors.
Information collected by technologies
Log files – As is true of most websites, we gather certain information automatically and store it log files. These logs contain the Internet domain from which you access the site (e.g. search engine); the IP address which is automatically assigned to your computer when you get on the Internet; the type of operating system and browser you use; the time and date you visited; the pages you viewed; and the address of the website you linked from, if any. If you sign in to the Arterys product to use its features, our logs will contain an individual identifier and show the services you have accessed. Arterys uses log information to help us identify popular features, to resolve user problems, and to improve the design of our product.
Mouse clicks/movement – We use an analytics system to help improve product usability and the customer experience. This involves collecting the mouse movements and mouse clicks associated with a user.
How we use your personal information
The personal data collected is used as part of the services provided by Arterys through its website and the Arterys product. Using the data minimization principle, Arterys commits to collect only the personal data strictly necessary and are for the following purposes:
- processing a request for information and providing product marketing information that we think will be of use to you,
- creating and managing your user account,
- software updates,
- educational and product support,
- management of your registration for events organized by Arterys.
Regarding the GDPR, processing has legal bases in the context of a customer contract and regulatory compliance, and by consent for direct marketing activities.
In compliance with the regulation applicable to the use of your personal data, Arterys reserves the right to use your data for information purposes on its products and services or for any other purpose evident and necessary to the information of the user.
In general, Arterys uses your personal information to respond to your requests or to aid us in serving you better. We use personal information to perform data analysis and audits, safeguard and protect our site and the Arterys product, enhance, improve and modify the site and the Arterys product, create Accounts, identify usage trends, provide improved administration of our site and related products, identify you as a user in our system, send you administrative email notifications, respond to your inquiries, and to provide you the services you request.
Arterys also creates anonymous data records by excluding information that makes the data personally identifiable to you. We use such anonymous data records for any purpose, except where required to do otherwise under applicable law.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. There will always be human intervention into decisions based on automated processing, if any.
How we share your information
Arterys shares or transfers your personal information as described below and as described elsewhere in this Notice:
- Arterys may share your personal information to comply with a legal requirement or legal process served on or by Arterys, or in connection with a merger, financing, acquisition or dissolution transaction,
- We will share your personal information with third party service providers to: provide you with the services that we offer through our website or products; to conduct quality assurance testing; to facilitate creation of Accounts; to provide technical support; and/or to provide other services to Arterys. In this case, all third parties are committed to follow applicable data protection regulations. This obligation is provided in the contracts that bind these third parties to Arterys according to data protection rules.
Personal information is processed in the country in which it was collected and in other countries where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your personal information, you consent to such transfer.
Arterys undertakes to prove that personal data transferred outside the EU will be compliant to GDPR. Such transfers must be done: (a) on the basis of an adequacy decision, (b) appropriate safeguards or (c) binding corporate rules (BCR).
Storage Period Of Your Personal Data
Arterys retains your personal data only for the duration necessary for the operations for which they were collected and in compliance with the applicable regulations in force. Your personal data used in the Account/contract creation is kept for the duration of the contract and for an additional ten (10) years for purposes of regulatory compliance and commercial, without prejudice of the obligations of conservation or the limitation periods. Prospect data is retained for a period of three (3) years from the date of the data collection or from the last contact with Arterys.
Upon your request, we will delete or anonymize your personal data so that you can no longer be identified, unless the law authorizes or compels us to keep certain personal data, especially in the following situations:
- If there is an unresolved issue with your account, such as unpaid or unresolved claim or litigation, we will retain the necessary personal data until the issue is resolved;
- If we are required to retain personal data as a result of legal, tax, auditing and accounting obligations, we will retain the necessary personal data for the period required by applicable law.
How we protect your information
Arterys’ goal is to protect personal information submitted through its site and its products. Arterys maintains technical, administrative and physical safeguards designed to protect against unauthorized disclosure, alteration, use or destruction of the personal information you provide. Arterys implements all the measures at its disposal to create an environment for preserving the quality, security, and integrity of your personal data.
Arterys also employs reasonable technologies to help keep the personal information you provide on this site secure including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices.
However, we cannot ensure or warrant against all risks with regard to the security of that information, so information you choose to transmit to Arterys and which we store is provided to us at your own risk. Arterys does not guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards. In addition, other services or Internet sites that may be accessible through Arterys have separate data and privacy practices independent of us, and we disclaim any responsibility or liability for their policies or actions.
Data Subject Rights
Except as limited by applicable law, such as medical device regulation compliance, your data subject rights are, as per the EU GDPR:
- Right to be informed and to request access to the personal data we process;
- Right to rectification: the right to ask us to update your personal data when they are inaccurate or incomplete;
- Right to erasure: the right to ask us to permanently delete your personal data;
- Right to restriction of processing: the right to ask us to stop temporarily or permanently the processing of all or part of your personal data;
- Right to object: the right to refuse at any time the processing of your personal data for personal reasons or for direct marketing purposes;
- Right to data portability: the right to request a copy of your personal data in electronic format and the right to transmit such personal data for use by a third party service;
Opt out of marketing emails
We will periodically send you newsletters and emails that directly promote the use of the website and our product. When you receive newsletters or promotional communications from us, you are always invited to indicate a preference to stop receiving further promotional communications from us and will have the opportunity to “opt-out” or withdraw your consent by following the unsubscribe instructions provided in the email you receive or by directly contacting us at the address listed on the Contact Us page of our site and indicating that you no longer want to receive promotional materials relating to this site. Despite your indicated email preferences, we may send you service related communications, including notices of any updates to our Terms of Service or this Notice.
Changes to this Notice
We may revise this Notice from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we do, we will post the changes on the website and update the last updated date. Any revisions will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We encourage you to periodically review this Notice, to see if there have been any changes that may affect you.
Questions, contacting Arterys, reporting violations
If you have any questions, concerns or complaints about this Notice or our data collection or processing practices, or if you want to report any security violations to us, please contact us at Arterys Inc, Suite 305, 51 Federal Street, San Francisco, CA, 94107, USA or Arterys France, 50 rue Étienne Marcel, 75002, Paris, France. Or by email at firstname.lastname@example.org.
Arterys will address any discrepancies and grievances of all Users with respect to processing of information expeditiously. For this purpose, Arterys has designated its Privacy Grievance Officer, who will address the grievances of the Users within one month from the date of receipt of grievance, and who can be reached by: sending a letter marked to the attention of Privacy Grievance Officer to Arterys, Suite 305, 51 Federal Street, San Francisco, CA, 94107, USA or sending an email to email@example.com. Regarding the GDPR, you have the right to lodge a complaint with a supervisory authority in your country.