This notice (the “Policy”) describes Gene42’s privacy policy as it pertains to how Gene42 processes data through its PhenoTips® software (“Software”) as part of providing services (“Services”) at https://cloud.phenotips.com (the “Portal”). The Software may send and/or receive data from one or more Gene42’s Services (“Services”) in order to provide workflow assistance, suggestions, to improve the user experience, and to evaluate and improve the functionality of the Services over time. Examples of Services are: extracting Human Phenotype Ontology (HPO) terms from free-text notes, suggesting gene matches based on selected HPO terms, and suggesting genes based on phenotype information. In order to provide, evaluate, and improve the Services, data including but not limited to, free-text clinical notes from certain sections of the PhenoTips® patient form, and other relevant data including your PhenoTips® server IP address, Web Browser User Agent, API Key, PhenoTips® Record Number, and responses to phenotype suggestions (collectively “Data”) will be collected and uploaded to the server on which the Services are hosted.

Gene42 (“Gene42”, “Us” or “We”) is committed to protecting the privacy of User Information (as defined herein).

By using our Services, you are agreeing to the terms in our Terms of Service (https://phenotips.com/cloud-terms/) and to be bound by this Privacy Policy. If you do not want to agree to this Privacy Policy or the Terms of Use, you must not access or use our Services.

1. 1. Information We Collect. When registering to use our Software and Services, We may require you to provide Us with your personal contact information such as your name, company affiliation, and e-mail address (“User Information”). During the registration process you may be required to provide credit card payment details (“Financial Data”). Once you have opted in to using our Services, Data will be collected and uploaded to the server on which the Services are hosted. Unless you have a contract with Us that specifies otherwise, do not provide any patient identifiable information (e.g., patient name, patient address, etc.) when you submit the Data. You are responsible for removing all patient identifiable information and fully de-identifying the Data before you provide Us with the Data. When you provide Us with Data, you represent that the Data is fully de-identified and that you are doing so in compliance with the requirements of all applicable laws and regulations applicable to your jurisdiction including, but not limited, to those pertaining to privacy and informed consent.
   2. How We Use Your Information and Data. We use User Information and the Data to enable access to the Platform and our Services. We may use User Information to contact you about changes to our Services, Privacy Policy, or Terms of Service. We use the Data to operate, maintain, enhance, improve and provide all features of the Services.
   3. Information Sharing with Third Parties. We may work with business partners in making our Platform available to you. Our policy is to require companies with whom We do business to support the same privacy policies We do. When using these third parties for services, We will share information only as necessary for them to provide related services or assist Us in providing our Services. These parties are not allowed to use User Information or Data except for the purpose of providing these services.
   4. Sharing of De-Identified User Information and Data. We will remove identifying information from User Information and may work with it as de-identified information (“De-identified Information”). De-identified Information is information in a form where information about one individual would be indistinguishable from information relating to other individuals. De-identified Information is not in a form that allows anyone studying the information to personally identify any user. We may share this De-identified Information, and the Data you submit (which is de-identified by you) for various purposes including, to assist Us to improve its Services, to perform research, to allow others to perform research, or to provide users with statistics related to particular results. We may share De-identified Information and Data (which has been de-identified by you) with its business partners, research partners or customers.
   5. International Transfers and Storage of Collected Information. The User Information and Data may be stored or processed in locations other than the jurisdiction in which you live or work. In such cases We will work to ensure that any vendor We use in that location has the appropriate protections in place. By using our Services you consent to the collection, storage, and processing of User Information and Data in any country to which We may transfer User Information and/or Data in the course of our business operations.
   6. Law Enforcement and Protection of Users and the Products and Services. To the extent permitted by law, We may disclose User Information or Data to governmental authorities or third parties pursuant to a legal request, subpoena or other legal process. We may also use or disclose User Information as permitted by law to apply or enforce the Terms of Use, in the event you have breached our Terms of Use, or to protect Gene42’s rights, interest, or property as well as those of our affiliates. Following such disclosure to any third party, User Information may be accessible by others to the extent permitted or required by applicable law.
   7. How We Protect Information. We use robust security measures to protect User Information and Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of User Information and Data. When you access our Services using modern web browsers, Secure Socket Layer (SSL) technology protects User Information and Data using both server authentication and data encryption. These technologies help ensure that User Information and Data are safe and secure. Unfortunately, no website, server or database is completely secure. We cannot guarantee that User Information or Data will not be disclosed, misused or lost by accident or by the unauthorized acts of others. You are responsible for maintaining the security and confidentiality of your usernames and passwords.
   8. Other Rights. You have the right to review and amend any of the User Information that We are storing if you think it is out of date or incorrect. You have the right to withdraw the consent to the use of User Information at any time and to ask that User Information be removed from Gene42 databases. We will use reasonable efforts to process any change you make; provided, however, that requests to delete information are subject to Gene42’s internal reporting and retention policies and all applicable legal obligations. To make any of these requests, please send an email to legal@phenotips.com.
   9. Data Retention. Except where otherwise allowed by law, We keep identifiable information, such as User Information, only for as long as it is necessary for Us to provide you with access to our Platform unless you consent to allow Us to keep it for a longer period of time. If you no longer need access to the Platform, you may deactivate contact Us at legal@phenotips.com to notify Us so that We can remove User Information.
   10. Changes to This Policy. We recognize that information privacy is an ongoing responsibility, and so We will from time to time update this Policy, as We undertake new personal data practices or adopt new privacy policies. Changes to this Policy are effective as of the effective date listed above, and indicates the last time this Policy was revised or materially changed.
   11. Assignment. User Information and Data will remain subject to the terms of this Policy even if We undergo an organizational transition. However, We may transfer User Information and Data to a successor entity upon a merger, acquisition, consolidation, or other reorganization in which We participate. You hereby consent to such transfers and We may assign and transfer all of the rights, benefits, duties, and obligations of this Policy, under the circumstances described in this paragraph.
   12. Separate Agreement. In some cases, you (or the organization you work for) may enter into a separate agreement with Us to gain access to our Services. In the event there is a conflict between the terms of that agreement and this Policy, the terms of the agreement will supersede the conflicting term of the Policy.
   13. Data Subjects in the EU and UK. Gene42 Inc. is a company located outside of the European Union and United Kingdom. In order to comply with Art 27 EU GDPR and Art 27 UK GDPR, we appointed Prighter as a representative and your point of contact in the European Union and United Kingdom. If you want to make use of your GDPR or UK GDPR data privacy rights, please visit: https://gdpr-rep.eu/q/14564763
       
       Contact PrighterGDPR-Rep
       
       PrighterGDPR-Rep
       Maetzler Rechtsanwalts GmbH & Co KG
       Attorneys at Law
       c/o Gene42 Inc. (o/a PhenoTips)
       Schellinggasse 3/10, 1010 Vienna, Austria
       
       Contact PrighterUK-Rep
       
       PrighterUK-Rep
       Prighter Ltd
       c/o Gene42 Inc. (o/a PhenoTips)
       Kemp House 160 City Road
       London EC1V 2NX
       UNITED KINGDOM
       
       Please add the following subject to all correspondence: ID-14564763
       
       
   14. Contacting Us. Questions regarding this Policy or the information practices of our Services should be directed to legal@phenotips.com or by post to Attention: cloud.phenotips.org Services Privacy Questions at 18 King Street East, Suite 1400, Toronto, Ontario M5C 1C4.