Privacy Policy

RamSoft is committed to protecting your privacy. This privacy policy describes our collection, use, and disclosure of your personal information when you utilize RamSoft offerings and products. By using RamSoft Services, you agree to the collection and use of information in accordance with this Privacy Policy.‍

PLEASE READ THIS PRIVACY POLICY IN FULL. IF YOU DO NOT AGREE TO THE BELOW TERMS,THEN PLEASE DO NOT USE THIS SITE.

Definitions

‍

For the purposes of this Privacy Policy:

You means the individual or entity accessing or using the Service, whether in their own representative capacity or on behalf of another.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Privacy Policy) refers to RamSoft, Inc.

• Affiliate means  any entity, subsidiaries, joint venture partners, or other companies under the control of RamSoft, Inc.
• Account means a unique account created for you to access our Service or parts of our Service.
• Website refers to any publicly available online RamSoft offering including, but not limited to, the RamSoft Site at ramsoft.com & RamSoft Communities at https://rs.force.com/customers/s/login/
• Service refers to any RamSoft offering or product.

Service Provider means any natural person or legal entity who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

• Third-Party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
• Personal Data is any information that relates to an identified or identifiable individual.
• Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

 ‍

Collecting and Using your Personal Data

‍

Categories of Information Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Mailing Address including State, Province, ZIP/Postal Code, City
• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your device type, browser type (desktop, mobile phone, tablet, or other), the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and other similar tracking technologies to track your activity on our Service and store certain information.  You can instruct your browser to limit the types of Cookies used while using our Service. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

For more information about the cookies we use and your choices regarding cookies, please refer to our Cookies Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor your usage of our Service.
• For the performance of a contract, including the development, compliance and undertaking of the purchase contract for the     products, items or services you have purchased or of any other contract with us through the Service.
• To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide you with news, special offers and general  information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
• To manage your requests: To attend to and manage your requests to us.

We may share your personal information in the following situations:

• With  Service Providers: We may share your personal information with Service Providers to monitor and analyze your use of our Service, to show advertisements to you to help support and maintain our Service, to contact you, to advertise on third party websites to you after you visited our Service or for payment processing.
• With Affiliates: We may share your information with our Affiliates, in which case we will require those Affiliates to comply with this Privacy Policy.
• With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.

Retention of Your Personal Data

‍

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our agreements and policies.

Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

‍

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. This means that your information may be transferred to — and maintained on — computers located outside of your state ,province, country, or other governmental jurisdiction and subject to data protection laws that may differ from those in your jurisdiction.

Your consent to this Privacy Policy followed by your submission of personal information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. The Company will not transfer your Personal Data to another organization, or a country, unless the Company determines there are adequate controls over the privacy and security of such Personal data in place.

Disclosure of Your Personal Data

‍

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice to you before your Personal Data is transferred. It is possible your data may become subject to a different Privacy Policy as a result of a merger, acquisition, or asset sale.

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data, if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other Legal Requirements

The Company may disclose your Personal Data based on the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

‍

When necessary, the Company will limit the disclosures to the minimum extent required to comply with the above.

Security of Your Personal Data

‍

The security of your Personal Data is important to us. No method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security from hackers and cyberattacks. The Company maintains suitable cyber insurance coverage to supplement the potential of such an event occurring.

‍

Children's Privacy

‍

Our Service does not address and is not intended to address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at privacy@ramsoft.com. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

Additional Information for Certain Jurisdictions

‍

Below provides additional information about the collection, use, and sharing of privacy data in various regions of the world. These separate provisions may be applicable to you based on location of you or the data.

I - California Consumer Privacy Act (CCPA)

‍

1. Definitions

For the purposes of this section of this Privacy Policy:

• Personal Data, for the purposes of the CCPA (California Consumer Privacy Act), Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal data includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with you:

                           i. Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

                          ii. Characteristics of protected classification under California or federal law.

                         iii. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

                         iv.  Biometric information.

                          v. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.

                         vi. Geolocation data.

                        vii. Audio, electronic, visual, thermal, olfactory, or similar information.

                       viii. Professional or employment-related information.

                         ix. Education information

                          x. Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

o   Personal data does not include your information that is deidentified or aggregate information or publicly available information.

• Business, for the purpose of the CCPA (California Consumer Privacy Act), refers a legal entity that collects consumers’ personal information and determines the purposes and means of the processing of consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.
• Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident.
• Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information to another business or a third party for monetary or other valuable consideration.

‍

2. Your Rights Under CCPA

Under this Privacy Policy, and by law if you are a resident of California, you may exercise the following rights:

• The right to notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to access / the right to request. The CCPA may permit you to request and obtain from us information regarding the disclosure of your Personal Data that has been collected in the past 12 months by us or our subsidiaries to a third-party for the third party’s direct marketing purposes.
• The right to say no to the sale of Personal Data. You may also have the right to ask us any not to sell your Personal Data to third parties.
• The right to know about your Personal Data. You may have the right to request and obtain from us information regarding the disclosure of the following:
   
  • The categories of Personal Data collected
   
  • The sources from which the Personal Data was collected
   
  • The business or commercial purpose for collecting or selling the Personal Data
   
  • Categories of third parties with whom we share Personal Data
   
  • The specific pieces of Personal Data we collected about you
 
• The right to delete Personal Data. You may also have the right to request the deletion of your Personal Data that we have collected in the past 12 months. To do so, send us an email at privacy@ramsoft.com or contact us using the information found under the Contact Us section of this website.
• The right not to be discriminated against. We do not discriminate against you for exercising any of your Consumer’s rights, including by:
   
  • Denying goods or services to you
   
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
   
  • Providing a different level or quality of goods or services to you
   
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

3. Do Not Sell My Personal Information

‍

We do not sell personal information. However, if you wish to further ensure your personal information is not sold, you may send us an email at privacy@ramsoft.com or contact us using the information found under the Contact Us section of this website.

4. Website

‍

You can opt out of receiving advertisements that are personalized and served by our Service Providers by indicating this on our “Cookie Settings” banner.

The opt out will place a cookie on your computer that is unique to the browser you use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.

5. Exercising Your CCPA Data Protection Rights

‍

In order to exercise any of your rights under the CCPA, and if you are a California resident, you may reach out using the information provided in the Contact Us section of this policy or by sending us an email at privacy@ramsoft.com.

The Company will endeavor to disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. We may extend the period to provide the required information to you once by an additional 45 days when reasonable, necessary, and with prior notice to you.

II - California Online Privacy Protection Act (CalOPPA)

‍

1. Definitions

For the purposes of this section of this Privacy Policy:

• Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

2. “Do Not Track” Policy

Our Service does not respond to Do Not Track signals or other mechanisms that provide you the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time.

However, some third-party websites located on our sites may keep track of your browsing activities and collect personally identifiable information about your online activities over time and across different websites. If you are visiting such websites, you must set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

Review or requests about data collection

We understand that you may have preferences about how your data is used. If you would like to review or request changes to any of your personally identifiable information that is collected by us, please email us at privacy@ramsoft.com.

III - PIPEDA

1.Statement

• The privacy of personal information is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA). This Policy is based on the standards required by PIPEDA as interpreted by the Organization.
• The Organization recognizes Individuals’ right to privacy with respect to their Personal Information. This Policy describes the way that the Organization collects, uses, safeguards, discloses, and disposes of Personal Information
• This Policy applies to all Stakeholders and Individuals in connection with personal information that is collected, used or disclosed during Organization activity.
• Except as provided in PIPEDA, the Organization’s Board of Directors will have the authority to interpret any provision of this Policy that is contradictory, ambiguous, or unclear. The Organization is obligated to follow and abide by PIPEDA in all matters involving the collection, use, and disclosure of Personal Information.
• In addition to fulfilling the legal obligations required by PIPEDA, the Organization’s Stakeholders will not:
• Publish, communicate, divulge, or disclose to any unauthorized person, firm, corporation, or third party any Personal Information without the express written consent of the Individual Knowingly place themselves in a position where they are under obligation to any organization to disclose Personal Information
• In the performance of their official duties, disclose Personal Information to family members, friends, colleagues, or organizations in which their family members, friends, or colleagues have an interest Derive personal benefit from Personal Information that they have acquired during the course of fulfilling their duties with the Organization
• Accept any gift or favor that could be construed as being given in anticipation of, or in recognition for, the disclosure of Personal Information.

2.Collection of Personal Information

• Identifiers - A real name or alias, postal address, signature, home phone number or mobile phone number, bank account number, credit card number, debit card number or other financial information, physical characteristics or description, e-mail address; account name, Social Security Number (SSN),driver's license number or state identification card number, passport number, or other similar identifiers.

• Protected Classification Characteristics - Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex(including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

• Commercial Information - Records of personal property, products or services purchased, obtained, considered, or other purchasing or consuming histories or tendencies.
• Inferences Drawn From Other Personal Information- Profile reflecting a person’s preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

• Biometric Information - Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

• Internet or Other Similar Network Activity- Browsing history, search history, and information on a consumer's interaction with a website, application, or advertisement.
• Geolocation Data - Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation; and, with permission in on your mobile device settings, and precise geolocation information from GPS based functionality on your mobile devices.

• Sensory Data - Audio, electronic, visual, thermal, olfactory, or similar information.
• Professional or Employment Related Information- Current or past job history, performance evaluations, disciplinary records, workplace injury records, disability accommodations, and complaint records.

• Emergency Contact Information- Such as the name, phone number, address, and e-mail address of another person in the context of having an emergency contact on file, Personal information necessary for us to collect and retain to administer benefits for you and another person relating to you (e.g., your spouse, domestic partner, and dependents), such as their name, Social Security Number, date of birth, telephone number, e-mail, and address.

• Using the website - We collect certain information from your activity on our website, starting when you first arrive and accessing it on an electronic device. We may collect your IP address, device ID, advertising identifiers, browser type, operating system, internet service provider, pages visited (including clicks and duration), and other related log information. For mobile phones, we may collect your device’s GPS signal or other information about nearby Wi-Fi access points and cell towers.

• Creating a User Profile or Account - We may collect information directly from you or an agent authorized to act on your behalf. For example, if you, or someone acting on your behalf, provides your name and e-mail to create a profile or an account. We also collect information indirectly from you or your authorized agent. This can be done through information we collect from you while providing content, products, or services

3. REVIEW OR REQUESTS ABOUT DATACOLLECTION

 We understand that you may have preferences about how your data is used. If you would like to review or

request changes to any of your personally identifiable information that is collected by us, please email us

at privacy@ramsoft.com.

IV. European Economic Area (EEA)

‍

Regulation (GDPR)

A. General

‍

This Data Protection Policy establishes consistent data protection standards across the company for:

• Processing personal data within the European Union and the European Economic Area(EU/EEA).
• Transferring personal data to company locations outside the EU/EEA.
• To safeguard data transferred outside the EU/EEA, this policy implements binding rules referred to as
• "Binding Corporate Rules for Controllers (BCR-C)" for the company.

This policy applies to the processing of personal data for:

• EU/EEA-based companies: Companies within or associated with the company that are located in the EU/EEA or other regions covered by this policy.
• Third-country companies offering goods or services in the EU/EEA: Companies based outside the EU/EEA that provide products or services to individuals within the EU/EEA or monitor their behavior.
• Third-country companies receiving data from the EU/EEA: Companies based outside the EU/EEA that obtain personal data, either directly or indirectly, from companies covered by the first two categories.

• Data processing that occurs outside the European Union or European Economic Area(EU/EEA) is referred to as "third-country processing" in this policy.
• A list of company entities involved in or subject to third-country processing can be found in the accompanying document, "List of Group Companies bound by the Data Protection Policy EU".
• This policy may be extended to countries outside the EU/EEA. In jurisdictions where legal entities have similar data protection rights as individuals, this policy also applies to the data of legal entities.

‍

1. Contact

Data controller: The data controller responsible for data processing pursuant to the GDPR, respectively other applicable regulations relating to data protection is:

• RamSoft Inc.
• 20 Adelaide St. East, Suite 1105
• Toronto, ON M5H 1L6 Canada
• E-mail: privacy@ramsoft.com

EU-GDPR Representative: Our EU-GDPR representative is the Law firm:

• Rickert Rechtsanwaltsgesellschaft mbH
• Colmantstraße 15
• 53115 Bonn
• Germany
• E-Mail: art-27-rep-ramsoft@rickert.law

‍

2. Scope of Data Protection

Data protection applies to personal data, i.e. as defined by the GDPR, all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.

If you have any questions about this Privacy Policy, please contact us via e-mail: privacy@ramsoft.com. Depending on the type of request, validation of your identity may be required.

3. Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.

• Right to access – We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.

• Right to confirmation and right of access – We will gladly confirm whether we are processing any of your personal data, which     data we are processing, and for what purpose we are processing it.
• Right to rectification – If any of the data we have stored is incorrect, we would certainly be happy to correct it.
• Right to erasure – Should you wish your personal data to be deleted, we will comply with your request as far as legally     possible.
• Right to restriction of processing – Should you wish to restrict use, we will comply with your request as far as legally possible.
• Right to withdraw your consent – Should you wish to revoke any previously granted consent, we will comply with your request.     Revocation does not affect the permissibility of the processing of your data up to now.

In addition, you can object to the further processing of your data if we process your data based on our legitimate interest (Art. 6 (1)lit. f), Art. 21 GDPR). If we process your data for the purpose of direct advertising, you have a general right to object. If we do not process your data for advertising purposes, the objection must be based on your situation.

4. Retention period

The data processed by us will be deleted or restricted in its processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, we delete data stored by us as soon as it is no longer required for its intended purpose. Beyond the time of expiry, data will only be retained if it is required for other and legally permissible purposes or if the data must continue to be retained due to legal retention obligations. In these cases, processing is restricted, i.e. blocked, and not processed for other purposes.

5. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption to protect your data in transit. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

6. Children

The Online Offer is not intended for children under the age of 16 and under 13 in specific member states. Our Service does not address and is not intended to address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at privacy@ramsoft.com. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers

7. Transfer

Ramsoft Group Companies may only transfer personal data from within the EU/EEA to entities located outside of this region (including granting access from a third country) under specific conditions:

• The third country must be recognized by the EU Commission as providing an equivalent level of data protection.
• The transfer must adhere to the EU’s standard contractual clauses. The Group Company is responsible for assessing the third country's data protection standards to determine if these clauses can be effectively applied. If not, additional safeguards must be implemented to achieve an EU/EEA- equivalent level of protection.
• Other approved safeguards as outlined in Article 46(2) of the GDPR may be used.
• In limited cases where the above options are not feasible, transfers may be permitted under specific exemptions(e.g., legal claims)

8.Monitoring and Reporting on the Regulations of Third Countries

• Ramsoft Group Companies operating in jurisdictions outside of the company’s primary region must immediately inform the Chief Officer of Corporate Data Protection if local laws impede the company’s ability to fulfil data protection obligations or significantly impact the data protection guarantees provided under this policy.
• The Chief Officer of Corporate Data Protection will assess the situation and collaborate with the affected Group Company to identify practical solutions that align with the policy's objectives. If the issue persists, the Chief Officer will notify the relevant supervisory authority. This includes instances where legally binding requests from law enforcement or state security bodies pose a substantial risk to data protection. The supervisory authority must be informed about the requested data, the requesting entity, and the legal grounds for the disclosure (unless prohibited).
• If a Group Company is compelled by a public authority to withhold information about data disclosures from the supervisory authority, it must actively seek to overturn this restriction and provide annual summaries of disclosure requests to the relevant authorities(including the number of requests, data types, and requesting entities where possible).
• Transfers of personal data to public authorities must be justified, proportionate, and limited to what is necessary in an open society.
• Data subjects have the right to enforce this provision.

9. Additional Notes

This explanation focuses on technical data collected automatically. Data collected through user actions

might be subject to different processing purposes and retention periods.

‍

B. Data processing when using our website

1. Technical provision of website

Regardless of whether you use services on our website, your device automatically transmits certain data for technical reasons when you access our website https://www.ramsoft.com. The following data that you may send us will be stored:

• Date and time of access
• Browser type and version
• Operating system
• URL of the website previously visited
• Volume of data transmitted
• Requested domain
• Notification of successful data retrieval
• Search term when using a web browser
• Abbreviated/anonymized IP
• Full IP address
• Diagnostic information in the event of errors

The processing is carried out in accordance with Art. 6 (1)lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored and processed for purely technical reasons to operate the website and to provide you with access to it. Website access data is used for error analysis and ensuring system security. Based on your IP address, we also use geolocation to determine the region from which you are visiting our website. We use this information to check whether we can offer you service in your region and to provide you our website in your local language, which corresponds to our legitimate interests pursuant to Art.6 (1) lit. f) GDPR. The storage of the full IP address for a maximum period of7 days is also justified by our legitimate interest in achieving the listed purposes, Art. 6 (1) lit. f) GDPR.

2. Data processing in countries outside the European Union or European Economic Area

We use different service providers to provide and optimize our website as well as for the provision of our services and several functions. This means regularly that your personal data will be transferred to servers of our service providers to be stored and processed by them on our behalf.

Generally, we only process the personal data that you actively and knowingly provide to us, for example in the context of concluding a contract or registering a customer account. In cases where the processing is based on consent, we will inform you below about the respectively personal data processed by us as well as the used service provider to provide you full transparency and information for your decision on granting consent.

Unless otherwise stated, we use service providers of the following categories:

• (Cloud) Service provider (e.g., customer relationship     service provider)
• Tool provider (e.g., newsletter, contact form),
• Marketing- and analysis service provider.

We select our service providers after careful consideration and compliance with the legal framework, i.e., by concluding a data processing agreement in accordance with Art. 28 of the GDPR. Insofar as our service providers are not located in the EU or the EEA, they are either located in a country that has a so-called adequacy decision according to the GDPR or, when there is no adequacy decision, we have agreed suitable guarantees pursuant to the GDPR with them to secure the data transfer and to ensure an adequate level of data protection (e.g., Standard Contractual Clauses, with which providers undertake to comply with the European data protection law). Our currently used service providers are based in Canada (adequacy decision) and the US (Standard Contractual Clauses). For more information, please contact us through the email address privacy@ramsoft.com.

a. RamSoft Community Portal, Account

On our website we provide you with the option to register an account to our RamSoft Community Portal. Your registration is required for the use of certain functions, offers and support services on our websites as well as for the fulfillment of a contract and/or for the implementation of pre-contractual measures (e.g., to book additional services later).

In case of registering, we will send you an e-mail to your e-mail-address used during registration in which we ask you to confirm your registration (so-called double-opt-in procedure). In the event of important changes to our offers, services or functions, for example regarding the scope of the offer or in the event of technically necessary changes, we will use thee-mail address provided during registration to inform you about this.

The data will be deleted if you have not confirmed your registration within 14 days or as soon as they are no longer required to achieve the purpose for which they were collected. This is the case if your account to our Community Portal shall be terminated or modified. You have the possibility to terminate your account at any time. Your account will be deleted automatically after 90 days of inactivity. Legal retention periods remain unaffected.

b. Customer Support, CRM

For customer support we provide you with multiple channels to get the support you need. We provide a general support hotline for all and several support channels (Support tickets, WhatsApp, SMS) that can only be used when you have a RamSoft Community Portal Account.

i. CRM

For handling customer requests and providing customer support we use a so-called Customer Relationship Management tool (“CRM”) from service provider that processes the data on our behalf. Correspondingly, your contact data (e.g., name, e-mail address, phone number) may be stored in said system.

ii. Support Hotline

If you do not have an account to our RamSoft Community Portal, we provide you with a support hotline via phone (+1 (888) 343-9146option 2 for support). When calling the support hotline, we will ask you to provide us with certain information on the services you booked (e.g., Company name, Name of contact person/caller, Contract number, Service booked) to verify you represent the company you act on behalf of and information on the support case (e.g., Description of issue, Technical information on the system used.). Also, we will process your phone number used for calling the support hotline.

The aforementioned data processing is necessary to provide you with the support needed and concluded in our service contract with you. Legal basis is the fulfilling of the contract respectively to implement pre-contractual measures according to Art. 6 (1) lit. b) GDPR. We process your data at least until the support request is fully completed. After that, we will delete your data, unless there are further legal or statutory retention periods that permit or make further data storage necessary.

3. Contact, Contact form

The processing of your data in the context of contacting us via contact form, e-mail or support is carried out, depending on the content of the inquiry, in the case of purely informational inquiries on the basis of your(presumed) consent pursuant to Art. 6 (1) lit. a) GDPR, or pursuant to Art. 6(1) lit. b) GDPR, insofar as the contact is in connection with (pre-)contractual performance obligations.

For contacting us via our form please fill in all mandatory fields, we use these for the proper operation and assigning of your request. Customer requests are processed and stored in our CRM portal, detailed information on CRM under 2.a.i. For providing you with the contact form, we use the service of the service provider Salesforce Marketing Cloud, 10 Bay Street Suite 400, Toronto, ON M5J 2R8, Canada, which processes the data on our behalf.

Additionally, we use Salesforce Marketing Cloud for analysis and marketing. For this purposes Salesforce Marketing Cloud uses cookies. The information processed with cookies will be merged with your personal data you provide when using our contact form. You can find further information under No.3 section c “Salesforce Marketing Cloud Analysis and Tracking/Marketing”.

The legal basis of the processing regarding the cookies is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via Salesforce Marketing Cloud, you can refuse your consent or revoke it at any time with effect for the future(Cookie-Settings).

In the context of processing via Salesforce Marketing Cloud, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

More information about Salesforce Marketing Cloud’s privacy policy.

More information from Salesforce Marketing Cloud regarding EU data protection regulations.

More information about the cookies used by Salesforce Marketing Cloud can be found here.

We have concluded a Data Processing Agreement with Salesforce Marketing Cloud, so that the processing by Salesforce Marketing Cloud is carried out exclusively on our instructions.

a. Support via RamSoft Community Portal

i. SMS/WhatsApp

When having registered an account to our Community Portal, we offer our customers the possibility to contact us via SMS (+1 909 318-0751)and the messenger service WhatsApp (+1 909 359-9170, Instant-Messaging-Service provided by Meta Platforms, Inc., 1601 Willow Road Menlo Park, CA 94025, USA).

When you contact us via SMS or the messenger service WhatsApp, you automatically transmit your mobile number to us. For WhatsApp, additionally the terms of use and privacy policy of WhatsApp apply www.whatsapp.com/legal.

The legal basis for the communication for support requests via SMS/WhatsApp is the consent given by you upon conclusion of the contract pursuant to Art. 6 (1) lit. a), Art. 7 GDPR.

ii. Chat& Support Ticket via Community Portal

You can receive our support via live chat with one of our customer employees or Open a Support Ticket to start the conversation. For the latter you must log in to the Community Portal.

iii. Ticket system Live Agent

We also use the “Live Agent” function (service ticket system) of a service provider, which processes the data on our behalf. It also collects pseudonymized technical information related to the request (e.g. time, IP address, browser, operating system). A ticket is then created for you, which is sent to you by e-mail. We can use this to process customer inquiries in chronological order of the inquiry date. You will receive the answer to your request by e-mail. The purpose of this processing is our legitimate interest in providing user-friendly and effective customer service and responding to customer inquiries from you. The legal basis is Art. 6 (1) lit. a), f) GDPR.

Your data will only be stored for the duration of the service or until you request the deletion of your data. To do this, you can send us an e-mail at any time to the e-mail address given above.

 4. Newsletter

We provide you with a newsletter you can register to on our website on news related to RamSoft, e.g., on new services and offers or functions as well as non-RamSoft related news, e.g., on general radiology and healthcare topics, medical imaging software as well as events and happenings. To send you the newsletter, we process your e-mail address you provided when registering for the newsletter. The legal basis for the processing is your consent in accordance with Art. 6 (1) lit. a) GDPR. After registering your e-mail address, you will receive an e-mail from us confirming that you have successfully subscribed to the newsletter. We are also entitled to keep your IP addresses as well as the registration times in order to check your registration status and to adequately clarify any possible misuse of your data. The legal basis for this is Art. 6 (1) lit. a), lit. c), Art. 7 GDPR.

Your data will be stored in an electronic newsletter system for the duration of your subscription. For this purpose and for sending the newsletter, we use the newsletter service of WordPress of the processor WPEngine, Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom, which processes the data on our behalf. We have concluded a Data Processing Agreement according to Art. 28 GDPR with WP Engine.

Since we base our processing on your consent, this means that you have the right to revoke your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. In this case, we will immediately remove you from our newsletter distribution list to comply with your request. You may withdraw your consent at any time by sending an e-mail to privacy@ramsoft.com or by following the instructions at the bottom of a newsletter e-mail to click “Unsubscribe” and adjust your email preferences. If you send us an e-mail, please let us know what you want your revocation to refer to so that we can match your request.

5. Usage of cookies, statistics, advertising, tracking and retargeting

We use “cookies” to provide you with a variety of features and improve your user experience. Cookies are small text files that are temporarily stored on your computer via your browser.

If you do not want us to use cookies, you can change your browser settings accordingly. Please note that if you completely disable the use of cookies, the functionality and scope of the website may be impaired.

You can find further information on cookies, in particular the categories of cookies as well as the respective cookies in our Cookie Policy. Also, you can change the settings of your cookies via the respective change button in the cookie banner of the website.

a. Google Analytics

The “Google Analytics” service is used on this website. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics is a web analysis service and enables us to draw conclusions about user behavior on our website by setting cookies and the information thus obtained. The information generated by the cookies is sent to a Google server in the USA and stored there. Google Analytics sets cookies in your browser for the duration of two years from your last visit. On our website, the Google Analytics service is used exclusively pseudonymously. Your IP address is only recorded in abbreviated form and thus anonymized.

With the help of Google Analytics, the following data is collected and processed:

• IP address (anonymized)
• Usage data
• Click path
• App updates
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Flash version
• Location information
• Purchase activity
• Widget interactions
• Date and time of the visit

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. When first visiting our website, we ask you for your consent. If you do not want Google Analytics to collect and process the data, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

The data may be transferred to the following recipients in addition to Google Ireland Limited as part of the processing:

– Google LLC, 1600 Amphitheatre Parkway Mountain View, CA94043, USA.

– Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA94043, USA.

Within the scope of processing by Google Analytics, data maybe transmitted to the USA. Between Google Ireland Limited and Google LLC, the security of the transmission is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 (1) lit. a) GDPR.

b. Google Web Fonts

The Google Web Fonts service is used on this website. The service is provided by Google Ireland Limited Google Building Gordon House, 4Barrow St, Dublin, D04 E5W5, Ireland. With the help of Google Web Fonts, we can load and display external fonts, so-called Google Fonts, on our website.

As part of the processing via Google Web Fonts, the following personal data is collected and processed by Google:

• IP address

The legal basis for this processing is Art. 6 (1) lit. f)GDPR – a legitimate interest. Our legitimate interest in processing is to present the website in an attractive and user-friendly manner. Local hosting ensures that no data is transmitted to Google, no corresponding data transfer takes place.

The personal data are kept for as long as they are required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

c. Google reCAPTCHA

We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on this website. This function is primarily used to distinguish whether an entry is made by a natural person or is misused by machine and automated processing.

As a rule, the following data is collected and processed:

• IP address
• Date
• Referrer URL
• Complete screenshot of the browser window
• Device information
• Browser Plugins
• Cookies, if applicable

 Further information on Google reCAPTCHA as well as Google’s privacy policy can be viewed at: https://www.google.com/intl/de/policies/privacy/  

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. If you do not want the data to be collected and processed via Google reCAPTCHA, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

The personal data will be kept for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

In the context of processing via reCAPTCHA, data may be transmitted to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 (1) lit. a) GDPR.

d. Salesforce Marketing Cloud Analysis and Tracking/Marketing

On this website, we use the service Salesforce Marketing Cloud for the purposes of analysis of the usage of our web services and for tracking/marketing measures to provide you with advertising that really interests you.

For the purpose of analysis and as part of the optimization of our marketing measures, the following data may be collected and processed via Salesforce Marketing Cloud:

• Geographic position
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the application is used
• Mobile apps data
• Salesforce Marketing Cloud subscription service     credentials
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

 The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via Salesforce Marketing Cloud, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

In the context of processing via Salesforce Marketing Cloud, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

More information about Salesforce Marketing Cloud’s privacy policy.

More information from Salesforce Marketing Cloud regarding EU data protection regulations.

More information about the cookies used by Salesforce Marketing Cloud can be found here.

e. LinkedIn

We use the Retargeting Tool as well as the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service is used to be able to show you interest-specific and relevant offers and recommendations after you have found out about certain services, information and offers on the website. The information in this regard is stored in a cookie. Lastly, LinkedIn is used for Lead Generation and marketing outreach to further match corporate interests to the correct audience. Further information on data processing can be found in the LinkedIn’s Privacy Policy.

As a rule, the following data is collected and processed:

• First and Last Name
• Email Address
• Phone Number
• IP address
• Device information
• Browser information
• Referrer URL
• Timestamp
• Any other data such as personal preferences, requirements, or comments

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via LinkedIn, you can refuse your consent or revoke it at any time with effect for the future (Cookie-Settings).

The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

In the context of processing via LinkedIn, data may be transferred to the USA and Singapore. The security of the transfer is regularly secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance as part of the consent management system in accordance with Art. 49 (1)lit. a) GDPR.

f. Qualified Chatbot

On this website, we use the service Qualified Chatbot for the purposes of improving user interaction, providing customer support, and enhancing the overall user experience. Qualified Chatbot enables automated communication with visitors to our website, allowing us to address inquiries and offer assistance in real-time.

For the purpose of analysis and optimization of our customer support measures, the following data may be collected and processed via Qualified Chatbot:

• Geographic position
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the chatbot is used
• Mobile apps data
• Qualified Chatbot subscription service credentials
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a) GDPR. If you do not want the data to be collected and processed via Qualified Chatbot, you can refuse your consent or revoke it at any time with effect for the future (Cookie Settings).

In the context of processing via Qualified Chatbot, standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1)lit. a) GDPR may serve as the legal basis for the transfer to third countries.

• More information about Qualified Chatbot’s privacy policy
• More information from Qualified Chatbot regarding data processing
• More information about the cookies used by Qualified Chatbot can be found here

‍

C. Data processing when using our Service

1. Technical provision of the Web Application

We require technical operating data to enable the secure operation of our website and app and to be able to provide the contractually agreed services.

Therefore, we only collect and process the data that your internet browser or the mobile device you use (e.g., smartphone, tablet) automatically transmits to us. This happens every time you visit our website unless you have suppressed the transmission of this data by configuring your browser accordingly. Processed are:

• IP address used
• Host name of the device/device ID used
• Time of access and time zone
• The client's file request (domain name, file name, and URL)
• The HTTP response code
• The website from which you linked to us
• The App and version you are using,
• The amount of data transferred and the access status (file transferred, file not found, etc.
• Operating system used
• Internet browser used
• First and last name / Username
• Country
• Language Settings

The processing is carried out in accordance with Art. 6 (1) lit. f) GDPR based on our legitimate interest in improving the stability and functionality of Our Service. The data is stored and processed for purely technical reasons to operate the Services and to provide you with access to it. Web Browser Application is used for error analysis and ensuring system security. Based on your IP address, we also use geolocation to determine the region from which you are visiting our Web Browser Application. We use this information to check whether we can offer our Web Browser Application in your region and to provide you services in your local language, which corresponds to our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. The storage of the full IP address is also justified by our legitimate interest in achieving the listed purposes, Art. 6 (1) lit. f) GDPR and to maintain security of the Service.

For the technical provision of Web Browser Application, we use the hosting services of Microsoft Azure to process meta and communication data.

2. Technical Provision of the Mobile Application

Download of the Application

In order to download the app, personal data is transmitted to the App Store/Play Store, in particular username, email address and customer number of the account, time of download and the individual device ID. We have no influence on this data collection and are not responsible for it. We only process this data to the extent necessary for the download of the application.

Application Provision

We require technical operating data to enable the secure operation of our Mobile Application and to be able to provide the contractually agreed services.

Therefore, we only collect and process the data that your internet browser or the mobile device you use (e.g., smartphone, tablet) automatically transmits to us. This happens every time you visit our Website unless you have suppressed the transmission of this data by configuring your browser accordingly. Processed are:

• IP address used
• Host name of the device/device ID used
• Unique Device ID
• MAC-Address
• Time of access and time zone
• The client's file request (domain name, file name, and URL)
• The HTTP response code
• The amount of data transferred and the access status (file transferred, file not found, etc.)
• Operating system used
• Internet browser used
• First and last name / Username
• Country
• Language Settings

The processing is carried out in accordance with Art. 6 (1) lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our Mobile Application. The data is stored and processed for purely technical reasons to operate Our Services and to provide you with access to it. Access data to Our Services is used for error analysis and ensuring system security. Based on your IP address, we also use geolocation to determine the region from which you are visiting our Mobile Application. We use this information to check whether we can offer you service in your region and to provide you our Mobile Application in your local language, which corresponds to our legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. The storage of the full IP address is also justified by our legitimate interest in achieving the listed purposes, Art. 6 (1) lit. f) GDPR.

3. Registration of a Blume user account

When you want to use Blume, you must register an account, either via Web Browser Application or Mobile Application. Your registration is required for the use of the functions, offers and support services within Blume (e.g., to book doctors’ appointments). Legal basis is the fulfilment of a contract between you and RamSoft (Agreement to the Terms of Use).

Register via your email address

You can register an account with your email address. We will send you an e-mail to your email-address used during registration in which we ask you to confirm your registration (so-called double-opt-in procedure). In the event of important changes to our offers, services, or functions, for example regarding the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you about this.

The data will be deleted if you have not confirmed your registration within 14 days or as soon as they are no longer required to achieve the purpose for which they were collected. You have the possibility to terminate your account at any time. Your account will be deleted automatically after 90 days of inactivity. Legal retention periods remain unaffected.

Register with a third-party provider’s account (Facebook, Apple, Microsoft, or Google)

You can also register an account with your e-mail address in your third-party provider’s account.

• Facebook:https://developers.facebook.com/docs/facebook-login/ios/
• Apple:https://developer.apple.com/sign-in-with-apple/
• Google:  https://developers.google.com/identity/sign-in/ios/sign-in
• Microsoft:https://support.microsoft.com/en-us/account-billing/sign-in-and-start-apps-from-the-my-apps-portal

The legal basis for processing your personal data is our legitimate interest in a secure login process and increasing the convenience of Blume. If you no longer wish to log in through the provider into Our Service, you must remove this connection in your user account with the respective provider and log out of Blume. In this case, you will no longer be able to access Blume via the provider. Please note that this does not lead to an automatic deletion of your personal data.

4. User account data

While using Our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Firstname and last name
• E-MailAddress
• Password(encrypted)

The processing of data is carried out to fulfil the contract between RamSoft and the user (Agreement to the Terms of Use) in accordance with Art. 6 (1) lit. b) GDPR.

You can provide us with the following additional information if you want to.

• Middle Name
• Date of Birth
• Language
• Social Security Number (or relevant Identification Number)
• Health Status
• Mother’s Maiden Name
• Mailing Address including State, Province, ZIP/Postal code, City, Country
• Phone number
• Emergency Contact

Legal basis for this processing is your consent according to Art 6 (1) lit. a) GDPR. Consent may be withdrawn at any time. Your data will be deleted immediately after withdrawal unless there is a legal obligation to retain the data.

Furthermore, you can also provide us with the following additional information such as:

• Gender
• Races
• Ethnicity
• Birth Sex
• Allergies (e.g., Contrast Allergy, Iodinated Contrast)
• Weight, Height, and Body Mass Index
• Physician

Legal basis for this processing is your consent according to Art. 6 (1) lit. a) GDPR, Art. 9 (2) lit. a) GDPR. Consent may be withdrawn at any time. Your data will be deleted immediately after withdrawal unless there is a legal obligation to retain the data.

The personal data collected in the context of the use of Our Service is transmitted in encrypted form and also stored in encrypted form until manually deleted by user, user account is deleted by user, or deleted by users’ healthcare facility, upon users’ request.

5. Manage and share documents

You can upload your documents, such as historical reports, medical image data, and other document types involved in patient care. If you want, you can share the personal information you uploaded with your healthcare provider. We do not decide on the purpose of the usage of the data, we only host and store the data for you.

For this purpose, we may process the following data: Your last name (and maiden name), First name and documents shared by you. The legal basis for this purpose is your consent according to Art. 6 (1) lit. a), Art. 9 (2) lit. a) GDPR.

We will store the documents you upload until you delete them or delete your user account with us.

To avoid involuntary or accidental deletions, we store the document for a period of 7 days from the date we receive your deletion request. After this period, the document will be permanently deleted by us.

6. Communication and Notifications

For communication and notification services in Our Service, we use the services provided by Twilio Inc., 375 Beale Street, Suite 300, San Francisco CA 94105, USA. Twilio is a provider of communication services and allows us to receive and/or reply to your text messages or send you notifications. The purpose is to enhance your user experience and help you make the most of the Service’s features. You have the option to manage, enable or disable these notifications at any time through the settings on your mobile device.

For more information, please see: https://www.twilio.com/en-us/legal/privacy

Legal basis for this is your consent according to Art. 6 (1) lit. a) GDPR. Consent may be withdrawn at any time. Your data will be deleted immediately after withdrawal unless there is a legal obligation to retain the data. Twilio acts as data processor for us and is bound to our instruction by a data processing agreement (e.g., according to Art. 28 GDPR) and so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR https://www.twilio.com/en-us/legal/data-protection-addendum. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

7. Data subject requests, contacting us, and bug tracking

We use Jira ticketing system, a platform from Atlassian Inc. (San Francisco, Harrison Street Location), 1098 Harrison Street, San Francisco, California 94103, USA to handle your claims and inquiries via email and contact forms. Jira also acts as the primary bug tracking tool in support of the Service and is used to field application specific errors reported by application users. Legal basis is our legitimate interest to process your requests as soon as possible.

For more information see: https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers and https://www.atlassian.com/legal/data-transfer-impact-assessment.

8. Search functionality

We use Elasticsearch the search technology service of the provider Elasticsearch, 800 West El Camino Real, Suite 350, Mountain View, California 94040, USA.

For the provision of the search function via the search box and for navigation and filters, the provider collects and indexes application data for performance and availability purposes.

If personal data is also processed in this context, the processing is based on our legitimate interest in providing an error tolerant search.

Elasticsearch acts as data processor for us and is bound to our instruction by a data processing agreement (e.g., according to Art. 28 GDPR) and standard contractual clauses, which provides an adequate level of data protection. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

9. Crash reporting and Troubleshooting

We use Datadog, a service of the service provider Datadog Inc. 620 8th Avenue, Floor 45, New York, NY 10018 United States   for Cloud Monitoring. The service is used for the collection of application logs, crash reports, and records of full user interactions of Our Service to report incident data with session replay.

Datadog records information about the behavior of website visitors, allowing us to analyze it and improve the user experience of our application[NP1] . Datadog processes information on clicks, mouse movements, inputs (with the exception of sensitive information), scrolling movements, browser used, device type, IP address, pages visited and session duration.

The legal basis for data processing is your consent Art. 6 (1) lit. a) GDPR. You can withdraw your consent for data processing at any time.

For more information see https://www.datadoghq.com/legal/privacy/ and Data subject Request Form .

Datadog ensures an adequate level of data protection via the standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries.

For specific security controls Datadog have put in place to safeguard your information can be viewed in https://www.datadoghq.com/security/

10. Browser Refresh within the App

We use the service Twilio Sync of the service provider Twilio Inc, 375 Beale Street, Suite 300, San Francisco CA 94105, USA in order to service to refresh pages in our App. Twilio Sync acts as a passthrough service to update changes made in the application and reflect those changes in the web browser or mobile app session of the user. Twilio Sync stores metadata of the processes performed for 120 days before being deleted and does not store any personal or sensitive information generated from the Service.

For more information, please see: https://www.twilio.com/en-us/legal/privacy

C. Data processing on behalf of healthcare facility

1. Booking appointment

In the context of booking appointments via the calendar function, we process personal data on behalf of the healthcare facility to manage user accounts, to enable functions around appointment booking, to provide customer support and to share with the user relevant information around appointment booking. For this purpose, we process the following personal data, first and last name, as well as the appointment history, including reason for appointment, doctor's specialty, date of appointment, place of appointment, status of appointment (upcoming, past, cancelled, confirmed), Details and documents related to the appointment.

‍

Links to Other Websites

‍

Our Service may contain links to other websites that are neither operated nor controlled in any way by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We do not guarantee the accuracy, timeliness, or suitability of any content located on a third-party website. Further, any links to third-party websites should not be construed as endorsements of the products, services, or sponsoring organizations of that linked website.

Changes to Privacy Policy

‍

We may update our Privacy Policy from time to time. We will notify you of any material changes to this policy by posting the new Privacy Policy on this page.

We will let you know via email or other prominent notice, prior to the change becoming effective. We will update the “Last updated” date at the top of this Privacy Policy to reflect the effective dates of the updates.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

‍

If you have any questions about this Privacy Policy or wish to exercise any of the rights outlined in this policy, please contact us via email: privacy@ramsoft.com. Depending on the request type, we may require validation of your identity.