Privacy Policy

 

Proximie Ltd (“Proximie”), a UK Limited Company, on its own behalf and on behalf of its affiliates and/or wholly owned subsidiaries, believes that protecting your data privacy is one of our most important responsibilities. We’ve developed a privacy policy that covers how we collect, use, and securely store your personal information. The scope of this Privacy Notice applies to www.proximie.com and my.proximie.com, beta.proximie.com and Proximie native applications on macOS, Windows, Android and iOS.

The General Data Protection Regulation and relevant Member State laws require us to provide people with information about what personal data we process, what are their rights, how they can exercise those rights, and how to make complaints.

This Privacy Policy provides that information in a way we have tried to make clear and transparent. If you would like more information about what data we process, for what purpose or how long we keep it for, please use the contact details provided at the end to ask us.

If you do not agree with this Privacy Policy, do not access or use our services or interact with any other aspect of our business.

 

Who we are

When we refer to ‘we’, ‘us’ and ‘our’, we mean Proximie Ltd as the “Data Controllers”.

Access to Personal Information and Your Rights

 

The General Data Protection Regulation (GDPR) requires organizations like us to provide a lawful basis to collect and use your information. Our lawful basis to collect and use information from our EEA users include when:

  • We need it in order to provide you with the services and to carry out the core activities related to our provision of the services.
  • We need to comply with a legal obligation.
  • We have a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests.
  • You give us your consent to do so for a specific purpose.

 

 

The right of access (also known as subject access requests).

Under GDPR you have the right to obtain:

  • Confirmation that your data is being processed;
  • Access to your personal data; and
  • Other supplementary information – that largely corresponds to the information provided in this privacy notice.

We will provide this information to you free of charge unless the request is ‘manifestly unfounded or excessive’, when we may choose to charge an administration fee or refuse to respond. We will endeavour to provide the information as soon as possible, and never more than one month after receipt of your request. To ensure data security we will request evidence of identification before we supply any personal data.

 

 

The right to rectification

Where you tell us that the information, we hold on our records about you, is incorrect, we will update the data as quickly as possible, and no longer than one month after you have let us know.

 

The right to erasure (also known as the right to be forgotten)

The GDPR introduces the right to have your personal data erased. However, this is not absolute and only applies in certain and specific circumstances.

Proximie’s lawful basis for processing personal data is ‘for the performance of a task carried out in the public interest or in the exercise of official authority’. The right to erasure does not apply for this lawful basis.

 

The right to restrict processing

You have the right to request that we restrict the processing of your personal data in certain circumstances. For example:

  • You contest the accuracy of the data we hold. In this instance we will restrict your data until we have verified the accuracy of the data;
  • The data has been unlawfully processed, but you oppose erasure and request restriction instead. This is unlikely, however if this is the case we will retain your data in this instance;
  • We no longer need the data, and it will be removed under our data retention policy, but you require us to retain the information in order to establish, exercise or defend a legal claim. This is unlikely, however if this is the case we will retain your data in this instance;
  • You have objected to us processing your personal data under the ‘right to object’ and we are considering whether our legitimate grounds override those of the individual.

 

The right to data portability

You have the right to request organisations provide you with a copy of your personal data to allow you to move, copy or transfer it from one IT environment to another.

 

The right to object

You have the right to object to the processing of your personal data in the performance of our tasks.

 

The right to automated decision making including data profiling

you have the right to object to us using automated processing techniques, such as profiling, in order to provide services – we can confirm that we do not, at present, carry out any automated processing of your data.

 

The right to stop contacting you for marketing purposes or follow-up on any recruitment process.

 

 

Processing and usage of data 

Our service enables the effective transfer of clinical and surgical expertise in a simple, scalable and compliant fashion. Our award-winning, patented, augmented reality solution enables healthcare professionals to interact with each other across a wide variety of clinical and surgical applications, regardless of geographical location.

 

Proximie processes audio visual data of surgical operations performed in a clinical environment. This video is securely live streamed and securely stored on our cloud servers and is only accessible to health care professionals who are securely authenticated on the Proximie platform.  The capture of any personal data in audio visual feeds is avoided, unless it is clinically unavoidable.  We advise organisations who use the service to avoid capturing any identifiable personal data in audio visual recordings, secure messages and session names.

Even where Proximie has a legitimate interest in processing your personal data, it will not do so to the extent that processing would override your interests, rights and freedoms to protect your personal data.

We may also use your personal data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by applicable law.

Proximie Ltd uses AWS servers hosted in the US (which are covered by the EU-US Privacy shield), United Kingdom, United Arab Emirates and Kingdom of Saudi Arabia and in other jurisdictions. Proximie is expanding its territories and always seeks to geolocate and protect data where possible.

 

If you are an EEA resident, your personal data held by Proximie may be transferred to, and stored at, destinations outside the EEA that may not be subject to equivalent data protection laws, including the United States. When you sign up for service with Proximie or inquire about our services, we transfer your information to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.

 

Accordingly, by using our services, you authorize the transfer of your information to the United States, where we are also based, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy and any applicable terms of service or other agreement between you and Proximie. In some cases, Proximie may seek specific consent for the use or transfer of your information overseas at the time of collection. If you do not consent, we may be unable to provide you with the services you requested.

 

The United States, the United Kingdom, the United Arab Emirates and the Kingdom of Saudi Arabia and other countries where we operate may not have protections for personal information equivalent to those in your home country.

 

Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Policy.

 

 

 

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

 

This Service does use these “cookies” for session management. The app may use third party code and libraries that use “cookies” to collect information and improve our and their services. Data sent to these third-party’s services will not involve electronic patient health or personal identifiable information. You do not have the option to refuse these cookies. You will not be able to use Proximie without accepting their use.

 

You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work. As mentioned above, you will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the services. Where you have not set your permissions, we may also separately prompt you regarding our use of cookies on the site or the Proximie’s platforms.

 

Links to third-party websites

Our services and websites may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.

 

Individual applicants as part of the recruitment process.

When you apply for a job with us, we will rely on your consent under article 6(1)(a) of the GDPR to process your data.  If your application includes any special categories of data, for example relating to a monitoring of our application relating to minorities, disability or any additional needs you may have, we will rely on your explicit consent under Article 9(2)(a).

We need this information to process your application, and to keep a record of the applications made.  We may keep your CV and personal contact details in order to offer you further opportunities in the future.

We hold your data for three years after the process is complete, if you are unsuccessful.

Potential clients sourced through individual marketing campaigns

When you respond to our marketing campaigns, we will keep your personal contact details with your consent under article 6(1)(a) of GDPR.  We may also collect names and contact details through other suppliers who provide marketing databases.  In these cases we will always assure ourselves that we have your consent to contact you.  In compliance with the Privacy and Electronic Communication Regulations, we will always offer an ‘opt-out’ as part of these campaigns.

We need your personal data in order to offer our services to you, and we keep a database of contact details in our systems.

We hold your personal data in this respect for three years, or until you tell us you no longer wish to receive marketing contact from us, at which point we delete it.

 

Important notes concerning data processing

 

Google Analytics

 

Proximie uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the responsible body for the data processing that occurs via this website has their basis outside of the European Economic area and Switzerland, then the associated Google Analytics data processing is carried out by Google LLC. Google Ireland Limited and Google LLC. will hereinafter be referred to as “Google”.

 

Google Analytics uses “cookies”, which are text files saved on the site visitor’s computer, to help the website analyze their use of the site. The information generated by the cookie (including the truncated IP address) about the use of the website will normally be transmitted to and stored by Google.

 

Google Analytics is used exclusively with the extension “_anonymizeIp ()”. This extension ensures an anonymization of the IP address by truncation and excludes a direct personal reference. Via this extension Google truncates the site visitor’s IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional situations will the site visitor’s full IP address be transmitted to Google servers in the United States and truncated there. The IP address, that is provided by the site visitor’s browser in using Google Analytics will not be merged by Google with other data from Google.

 

On behalf of the site operator, Google will use the information collected to evaluate the use of the website, to compile reports on website activity and to provide other website and internet related services to the site operator (Art. 6 (1)( f) GDPR). The legitimate interest in data processing lies in the optimization of www.proximie.com, my.proximie.com, beta.proximie.com and their mobile clients, the analysis of the use of these websites and the improvement of their content and features. The interests of the users are adequately protected by the pseudonymization of their IP address. No other personal data is collected.

Google LLC has certified their compliance with the EU-U.S. Privacy Shield Framework and on that basis they provides a guarantee to comply with European data protection law. The data sent and linked to the Google Analytics cookies, e.g. pseudonymised IP addresses will be automatically deleted after 50 months. The deletion of data whose retention period has been reached is done automatically once a month.

 

The website visitor may refuse the use of cookies by selecting the appropriate settings in their browser. The website visitor can also prevent Google from collecting information (including their IP address) via cookies and processing this information by downloading this browser plugin and installing it: http://tools.google.com/dlpage/gaoptout

 

Further information concerning data processing and use by Google, the settings and deactivation possibilities can be found in the Google Privacy Policy (https://policies.google.com/privacy) as well as in the Google Ads Settings (https://adssettings.google.com/authenticated).

 

Tableau 

Proximie utilises Tableau on premise solutions within encrypted AWS workspaces. This data is anonymised at source, never connects to services outside of Proximies virtual private clouds and is utilised to understand legitimate business interests such as:

  • Anonymised user churn (logins per month)
  • Number of video sessions views

 

Only high level metrics are derived and utilised for Proximie to understand commercial growth and macro usage of the platform.

Microsoft Dynamics 365

Proximies commercial team may store user data within Dynamics 365 during the commercial lifecycle. Only data which is directly required for contractual agreements will exist in this platform. This data includes:

  • User information for contract points of contact
  • Number of contact attempts
  • Lead times and metrics for client onboarding and support
  • Sales targets

 

Data within Microsoft Dynamics is routinely removed and only used for interim performance metrics, and to make sure client contact remains within SLA agreements..

 

Intercom 

Proximie utilises Intercom for customer support. When the user logs into Proximie, or enquires as an anonymous user an account is set up within the Intercom platform for the lifecycle of either the Proximie Session or support/inquiry request duration. Within Proximie’s process this data is deleted inline with Intercoms GDPR process and guidelines.

 

Atlassian

Proximie utilises Atlassian products (JIRA, Jira service desk, confluence) to aid with support response and documentation. When a user files a support request via Intercom,  Jira service desk form, or by email, a ticket is filed which includes the user’s details. This data is stored on Atlassian’s servers. Proximies legitimate business interests are to make sure support requests are tracked to the user who flagged themselves for help and lead time metrics until a solution is found. This data is routinely removed on success and metrics gathered. Data is removed following Proximie and Atlassian guidelines.

Subprocessors 

To support delivery of our Services, Proximie Ltd. (or one of its Affiliates listed below) may engage and use data processors with access to certain Customer Data or Authorized Users Data (each, a “Subprocessor”). This page provides important information about the identity, location and role of each Subprocessor.

Third Parties

Proximie currently uses third party Subprocessors to provide infrastructure services, and to help us provide customer support and notifications (text, push, and email). Prior to engaging any third party Subprocessor, Proximie performs diligence to evaluate their privacy, security and confidentiality practices, and requires of its applicable obligations.

 

NB: No Electronic Patient Information will exist outside of the Proximie cloud (country or region specific Servers hosting services). Only User information may exist outside of this for communication, support and anonymous analytics tracking only.

 

Infrastructure Subprocessors

Entity NameEntity subprocessing activitiesEntity CountryEntity policies
Slack TechnologiesCommunications PlatformUnited States of Americahttps://slack.com/intl/en-gb/privacy-policy
Microsoft AzureServers hosting servicesUnited States of Americahttps://azure.microsoft.com/en-gb/support/legal/
Sahara NetServers hosting services (for use in KSA only)Kingdom of Saudi Arabiahttps://security.sahara.com/
Amazon Web ServicesServers hosting servicesUnited States of Americahttps://aws.amazon.com/privacy/

 

https://aws.amazon.com/compliance/

 

https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/

Microsoft Dynamics 365Analytics and CRM ServicesUnited States of Americahttps://privacy.microsoft.com/en-gb/privacystatement

https://docs.microsoft.com/en-gb/dynamics365/get-started/gdpr/

Microsoft Office 356Communications and Documentation PlatformUnited States of Americahttps://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-information-protection-for-gdpr?view=o365-worldwide

 

https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/privacy-security-and-transparency

Google Cloud Firebase (previously Google Analytics)Analytics and Communications servicesUnited States of Americahttps://firebase.google.com/support/privacy

https://firebase.google.com/policies/analytics

https://policies.google.com/privacy

Atlassian (Jira Service Desk, Confluence, Jira)Communications, documentation and customer support services servicesUnited States of Americahttps://www.atlassian.com/legal/privacy-policy
TableauAnalytics servicesUnited States of Americahttps://www.tableau.com/en-gb/legal/regional-privacy-laws
IntercomCommunications and customer support services servicesUnited States of Americahttps://www.intercom.com/legal/terms-and-policies

 

Proximie Affiliates

Depending on the nature of the Services provided, Proximie may also engage one or more of the following Affiliates as Sub-processors to deliver some or all of the Services provided to a Customer:

 

Proximie SALRegistered in the Republic of Lebanon in the Register of Commerce of Beirut
Proximie INCRegistered in the Commonwealth of Massachusetts in the United States of America.

Security

Proximie has implemented administrative, physical, and technical safeguards to help protect the personal data that we transmit and maintain. Secure services and tools used by Proximie include:

 

  • ISO 9001, HIPAA, Cyber Essentials and NHS DSPT Certification
  • Encryption of video in transit and at rest using 128 and 256 AES encryption
  • Mandatory internal security, GDPR, and HIPAA training for all staff
  • Regular (CREST accredited) penetration testing.
  • Adherence to the Secure Software Development Lifecycle which includes static analysis and manual security processes within Product and Engineering.
  • Use of AWS and Azure ISO 27001 certified cloud services.

 

However, no system or service can provide a 100% guarantee of security, especially a service that relies upon the public internet. Therefore, you acknowledge the risk that third parties may gain unauthorized access to your information. Keep your account password secret and please let us know immediately if you think your password was compromised. Remember, you are responsible for any activity under your account using your account password or other credentials.

 

Your Rights as a California Resident

 

This section applies only to California consumers. It describes how we collect, use, and share California consumers’ personal information in our role as a business, and the rights applicable to such residents. For purposes of this section “personal information” has the meaning given in the California Consumer Privacy Act (“CCPA”).  Proximie does not sell your personal information or your end users’ personal information.

We process your personal information only in order to provide the services and we do not retain, use, or disclose your personal information outside of the scope of the agreement we have with you.

 

 

 

How We Collect, Use, and Share your Personal Information

We have collected the following statutory categories of personal information in the past twelve (12) months:

  • Identifiers, such as name, e-mail address, mailing address, fax number and phone number. We collect this information directly from you or from third party sources.
  • Information collected in connection with your use of our services, including communications usage information and the communications content processed through the services.
  • Internet or network information, such as browsing and search history. We collect this information directly from your device.
  • Geolocation data, such as IP address. We collect this information from your device.
  • Financial information, such as payment details or financial account numbers in the process of providing you with our services. We collect this information from you.
  • Inferences based on your use of the services and browsing history.
  • Other personal information, in instances when you interact with us online, by phone or e-mail in the context of receiving support from our sales and customer service teams

 

 

Your California Rights

You have certain rights regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

  • The right of access means that you have the right to request that we disclose what personal information we have collected, used and disclosed about you in the past 12 months.
  • The right of deletion means that you have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions.
  • The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
  • Proximie does not sell personal information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199).
  • “California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California consumers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy, as we do, only to disclose personal information of consumers to third parties for the third parties’ direct marketing purposes if the consumer has opted into such information-sharing.

 

Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The specific pieces of Personal Information we collected about you
  • The categories of Personal Information we collected about you.
  • The categories of sources from which the Personal Information is collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • If we sold or disclosed your Personal Information for a business purpose

 

 

Right to Delete

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the rights of other consumers to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

How to Exercise your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.

 

Please email us at CCPA@Proximie.com  if you would like to exercise your rights pursuant to CCPA or learn more about your rights or our privacy practices.

Updates & Changes to this Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our processing of your personal data and privacy practices. We may also engage with different SubProcessors. We will post a prominent notice on each of Proximie’s websites to notify you of any significant changes to our Privacy Policy and indicate at the top of the Privacy Policy when it was most recently updated..

 

This policy is effective as of 2020-04-29

 

Contact Us

 

If you have any questions or comments about this Privacy Policy, the use of cookies, if you would like us to update personal data we have about you or your preferences, or to exercise your rights, please email our Data Protection Officer at dpo@proximie.com or write to us at:

Data Protection Officer

Proximie Ltd

The Harley Building

77 New Cavendish Street

London

W1W 6XB

 

 

In the unlikely event that you wish to lodge a complaint about our collection, transfer or processing of your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO) via their website www.ico.org.uk or in writing to:

 

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Find out how we can add value to your organisation...

Proximie is the only augmented reality healthcare solution that works at scale, is affordable and accessible to all.

Our Solution