PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE EMBIE CLINIC SERVICES.

You must be 16 years or older to use our Services. It is expressly prohibited for minors under the age of 16 to create and use an Embie account. 

Protecting your data, privacy and personal data is very important to Embie (“us”, “our” or “we”). It is vitally important to us that our users feel secure when using our Services.

This privacy policy (the “Privacy Policy”, together with our user and patient Terms & Conditions at Embieapp.com/terms-and-conditions, our Clinic Staff Terms & Conditions at embieclinic.com/terms-staff our Cookie Policy at Embieapp.com/cookie-policy and any other documents referred therein), sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read this Privacy Policy carefully to understand the types of data we collect from you, how we use it, the circumstances under which we will share it with third parties, and your rights in relation to your personal data.

When using “Embie” through our mobile application (“App”), Clinical Dashboard (“CD”) or accessing our websites Embieapp.com, embieclinic.com (“Websites”), collectively referred to as “Properties” or any service and/or product we may provide you (the “Services”), you will be asked to indicate your acknowledgment of, and where applicable, give your consent to the practices described in this policy. 

This Privacy Policy applies where we provide Services directly to you in accordance with our Terms & Conditions. As well as providing Services directly to individuals, we are also commissioned by clinics to deliver our services to their patients and provide clinics with a portal through which the clinic can manage their relationship with patients, including communicating with patients and recording and accessing their data. In such instances, the clinic is the data controller and we are appointed as a data processor. Where this is the case, this Privacy Policy does not apply, we only process patients’ personal data in accordance with the clinic’s instructions, we have arrangements in place with the clinic to keep the personal data safe, and patients should ask the clinic for information about how their personal data is used.

Our Properties may contain links to third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third-party websites.

References within this Privacy Policy to the “GDPR” (General Data Protection Regulation) are to the EU GDPR and/or the UK GDPR as the context requires.

Who is Embie

This Privacy Policy applies to any personal data processed by Embie (As operated by Embie Clinic, Ltd), Trumpeldor 17, Unit 6, Tel Aviv, Israel,  registered with the Israeli Corporations Authority under the commercial register number 515923969

Embie is the data controller of all processing activities to which this Privacy Policy applies (see above).

Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed to info@embieapp.com. 

GDPR Representative

In the UK: Rickert Services UK Ltd, Trojan House, Top Floor, 34 Arcadia Avenue, London (United Kingdom), N32JU (Company number 13136258), Director: Thomas Rickert

In the EU: Rickert Rechtsanwaltsgesellschaft m.b.H., Colmantstr. 15, 53115 Bonn (Germany), CEO: Thomas Rickert

General overview of our data processing in connection with the Services

We may collect and process the following data about you:

Information that you provide to us. You will be asked to provide us with your information when you:

  • fill in forms on our Properties, or correspond with us by email or otherwise;
  • register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
  • use the Services;
  • report a problem with our Services; or
  • complete any surveys we ask you to fill in that we use for research purposes (these are optional).

The information you will be asked to provide us for these purposes may include your identification and/or sensitive data such as: email address, symptoms, medications / prescriptions, lab and ultrasound results, personal details (e.g. age, sex, date of birth), physical description (e.g. height, weight) , physical health data, mental health data, data regarding risk situations and risk behavior, genetic data related to population studies, genetic research, etc., composition of the family, data about the sex life, images, medical diagnosis, fertility treatment history, current treatment cycles (treatment protocols, labs, ultrasound, egg report, embryo report, transfer report, cycle report), previous treatment cycles (treatment protocols, labs, ultrasound, egg report, embryo report, transfer report, cycle report), calendar appointments.

Information that your fertility clinic provides to us. When using our properties through a fertility clinic or medical body, they may provide us with information through: 

  • filling in forms on our Properties,
  • correspond with us by email or otherwise;
  • Sending data to our Properties via 3rd party APIs, such as pathology lab results, Ultrasound Machines, Embryoscopes, etc.,
  • use the Services;
  • report a problem with our Services; or

The information a clinic provides us for these purposes may include your identification and/or sensitive data such as: Email address, symptoms, Medications / prescriptions, lab and ultrasound results, Personal details (e.g. age, sex, date of birth), Physical description (e.g. Height, weight) , Physical health data, Mental health data, Data regarding risk situations and risk behavior, Genetic data related to population studies, genetic research, etc., Composition of the family, Data about the sex life, Images, Medical Diagnosis, Fertility Treatment history, Current Treatment Cycles (Treatment Protocols, Labs, Ultrasound, Egg Report, Embryo Report, Transfer Report, Cycle Report), Previous Treatment Cycles (Treatment Protocols, Labs, Ultrasound, Egg Report, Embryo Report, Transfer Report, Cycle Report), Calendar Appointments.

Information we collect about you. Although we will not use it to attempt to identify you, we may collect the following data during each of your visits to the Properties:

  • Device Data: geolocation data, Mobile device IDs, IP addresses
  • Usage data: technical information about your device, including device-specific information such as your hardware model, operating system version, unique device identifiers, and mobile network information; details of your visits to the Properties, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our Properties (including date and time).
  • Analytics data: your IP address, operating system and browser type; information about which app store you downloaded our App from; length of visits to certain pages, and page interaction information (such as scrolling, finger gestures, clicks, and mouse-overs).

If you are using our Services on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data. For the avoidance of any doubt, any reference in this Privacy Policy to “your data” shall include data about other individuals that you have provided us with.

Specific processing activities

PROVIDE THE SERVICES AND COMMUNICATE WITH YOU REGARDING OUR SERVICES

  • Purpose: We use your personal data in order to provide our Service with its basic functionalities (as described in our Terms of Service) and communicate with you regarding the Service. 
  • Types of data: [Information that you provide to us] and [Information we collect about you] (as described above).
  • Legal Basis: Identification Data is processed based on the Consent you provided when you created your user account (Article 6 (1) (a) GDPR), and on the Necessity for the provision of the service (Article 6 (1) (b) GDPR), Legitimate interest in sending and receiving the below mentioned communications, to improve our products and services and better engage with you (Article 6 (1) (f) GDPR); sensitive data (i.e. Health data) is processed based on Explicit Consent (Article 9 (2) (a) GDPR).
  • Retention Period: Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes. This is subject to your right to withdraw consent, where applicable (see below).

ACCESS TO THE WEBSITE

  • Purposes: We use the following data to provide you with access to our Website, ensure that the Website can establish an internet connection smoothly and is easy to use; to analyze the system security and stability, as well as for additional administrative and analytical purposes.
  • Types of data: IP address of the requesting device, date and time of access, name and URL of the requested file, Website from which access is obtained (“Referrer URL”), browser used and, where applicable, your device’s operating system and the identity of your access provider.
  • Legal Basis: The processing of your personal data is based on the necessity for the performance of the contract between you and Embie (art. 6 (1) (b) GDPR) and in relation to system security and stability, administrative and analytical purposes, in pursuit of our legitimate interests is undertaking such activities (art. 6(1)(f)). Special categories of personal data (sensitive personal data) about your health are processed based on the explicit consent you provided when you created your user account (art. 9 (2) (a) GDPR). You are not obliged to provide the above personal data. However, you will not be able to access the Website if such personal data are not provided.
  • Retention Period: Your data is removed after 14 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full. This is subject to your right to withdraw consent, where applicable (see below).

PROFILED DIRECT MARKETING OF OUR OWN AND THIRD PARTIES’ PRODUCTS

  • Types of data: Email address, usage data, and other Information that you provide to us and Information we collect about you (as described above).
  • Purpose: To send profiled direct marketing (updates on products/services, promotions, special offers, news and events) or communication that we believe will be of interest to you. This may include marketing communications of ours or third parties’ products to you. You can modify your marketing settings at any time by using the link at the bottom of each marketing email, or by updating your notifications settings in the app.
  • Legal basis: Your consent (Article 6 (1) (a) GDPR), Legitimate interest in sending and receiving the above mentioned communications, to improve our products and services and better engage with you (Article 6 (1) (f) GDPR). We may also use certain health data to personalize the newsletter service content and to improve your user experience. In this case, the legal basis for the processing is your explicit consent (Art. 9 (2) (a) GDPR)
  • Retention Period: You can at any time unsubscribe from our newsletter by clicking on the unsubscribe link in the email. Your personal data is stored for this purpose until you choose to unsubscribe from the newsletter. This is subject to your right to withdraw consent, where applicable (see below).

ANALYZE, DEVELOP AND IMPROVE TECHNICAL FUNCTIONALITIES, AND ENSURE  THE SECURITY OF OUR PLATFORM AND WEBSITE

    • Purposes: We continuously strive to provide the best experience possible. We therefore may use your personal data to analyze, develop, and improve technical functionalities and ensure the security of our platform and website.
    • Types of data:  For this purpose we may process the personal data collected for the other purposes outlined in this Privacy Policy.
  • Legal Basis: The processing is based on our legitimate interest of developing/improving, ensuring the technical functionality and the security of our platform and website (art. 6 (1) (f) GDPR). Special categories of personal data (sensitive personal data) about your health may be processed for this statistical purpose in accordance with the appropriate safeguards (art. 9 (2) (j) GDPR – art. 89 GDPR).
  • Retention Period: Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.

HEALTH RESEARCH AND ASSESSMENT OF SUITABILITY FOR HEALTH RESEARCH

  • Purpose: We use the following data in an anonymous, aggregated or pseudonymized manner to assess your suitability for health research and to invite you to partake in health research with one of our clinical research partners. For the avoidance of doubt, we do not pass on any personal data to our health research partners without your explicit consent.
  • Types of data: symptoms, Medications / prescriptions, lab and ultrasound results, geolocation data, Personal details (e.g. age, sex, date of birth, ), Physical description (e.g. Height, weight), Physical health data, Mental health data, Data regarding risk situations and risk behavior, Genetic data related to population studies, genetic research, etc., Composition of the family, Data about the sex life.
  • Legal Basis: Explicit Consent (Article 9 (2) (a) GDPR).
  • Retention Period: Your personal data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes. This is subject to your right to withdraw consent, where applicable (see below).

Use of Google User Data

When using Google Authentication to login to Embie Clinic, Google will share your name, email address, language preference, and profile picture with Embie Clinic. In addition, by confirming access to your Google Calendar, you allow Embie Clinic to edit, share, and permanently delete all the calendars you can access using Google Calendar. We use this data to show availability of a staff’s calendar within the Embie Clinic application.

The use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements

Other Purposes

ANONYMIZATION AND AGGREGATION OF PERSONAL DATA

We may render your personal data anonymous in such a manner that you are no longer identifiable from the data. We may use such anonymous data for any purpose including (but not limited) to those set out in this privacy policy.

MANAGE AND DEFEND LEGAL CLAIMS

If necessary we may use your personal data to manage and defend legal claims, e.g. in connection with a dispute or a court proceeding. We will in such case process the personal data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims (Art. 6 (1) (a)) and, in relation to any sensitive data (e.g. health data), on the basis it is necessary for the establishment, exercise or defense of legal claims (Art. 9 (2) (f)). Your personal data is stored for this purpose for such a period as is necessary in order to manage or defend any actual or contemplated legal claim.

Where necessary for this purpose, we may also share certain information with other parties, please see below.

FULFILL LEGAL OBLIGATIONS

Finally, we use your personal data to fulfill legal obligations that we have, e.g. accounting requirements or obligations under data protection laws. We will in such a case process the personal data collected which is necessary in order to fulfill the legal obligation in question (Art. 6 (1) (c)). Your personal data is stored for such a period as is necessary in order to fulfill respective legal obligations. Where necessary for this purpose, we may share your personal data with other parties, see below.

PAYMENT PROCESSING

When you upgrade your Embie services, your personal data such as credit card numbers and/or cell phone numbers, as well as other information about you necessary to ensure that a transaction is properly authorized, such as your address, zip code, and cv number (collectively, “Payment Information”) may be collected by 3rd party such as the Google Play Store or Apple. We do not collect or store any of your payment information on our servers.

Cookies and tracking on our Website

Our Website uses so-called “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s device (computer, tablet, or phone). We use the term “cookies” to refer to all tools that collect data on our Website (e.g. IP addresses, place and time of the visit of the users). The user’s data collected in this way is pseudonymized. The data is not stored together with the user’s other personal data. This processing is carried out on a legal basis or, where required by law, based on your consent.

For detailed information on our user tracking and the cookies we use, the purposes for which we use them and to manage your Cookie preferences see our Cookie Policy.

Data Security

We keep your data safe adopting the best practices and highest standards in terms of security.

All required technical and organizational security measures have been adopted. 

When data is shared between our Properties and the server storage, it is encrypted through https. Our databases are stored in the cloud on servers based in Frankfurt, Germany and Ireland (for our UK Clinic customers) and we guarantee the highest level of security. In order to fetch data from storage, the API of our Properties needs to be used.

All data handling is GDPR (General Data Protection Regulation) and GDPR UK compliant.

Retention Period

In principle, unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage no longer applies. We give a more specific indication as to how long your personal data will be retained in respect of each purpose, above. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent.

Furthermore, data may be stored if this has been provided for by laws to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.

In the event of termination – for whatever reason – of the agreement between the user and the provider, the provider shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 60 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted.

You acknowledge that we may achieve deletion of your personal data by rendering your personal data anonymous in such a manner that you are no longer identifiable from the data.

Transfer to Other Countries

We transfer personal data to our service providers which are located in the European Union (EU) or the European Economic Area (EEA). In order to ensure that your personal data is always protected we ensure that there are adequate safeguards in place. 

The processing of data in Israel is based on the adequacy decision provided by the European Commission and adequacy regulations passed by the UK Government. 

The transfer of data to service providers located in the US must also be considered legitimate because it relies on Standard Contractual Clauses. If you have questions regarding to which countries your personal data is transferred and which safeguards we take to protect your personal data, or to request a copy of such safeguards respectively information where they are available, please contact us at info@embieapp.com.

Sharing of personal data

We share information with certain recipients as explained below:

SERVICE PROVIDERS

We use certain third-party service providers which provide for example IT services to us. Where a third-party service provider processes personal data on our behalf they act as data processors and we are responsible for the use of your personal data. They must not use your personal data for their own purposes and they are obligated to protect your personal data. A full list of our third-party processors can be found here.

PARTNERS

We may share aggregated information with our partners, e.g. reports based on research which do not include any personal data.

The transfer of personal data is based on your explicit consent. Such data will only be shared with the partners if you have given your explicit consent to this.

Partners include, but are not limited to pharmaceutical companies, universities and other educational or clinical institutions.

OTHER SHARING

In addition to the above, we may if necessary, share your information with other recipients for the following purposes:

  • to allow a merger or an acquisition (based on our legitimate interest of allowing a merger or an acquisition of our business)
  • to manage or defend a legal claim (based on our legitimate interest of managing and defending legal claims)
  • to respond to lawful requests from authorities according to mandatory applicable laws (where necessary to fulfill legal obligation to which we are subject).

Your rights

You have certain rights in relation to the use of your personal data where we are the data controller (see above). If you wish to exercise your rights, please contact us at: info@embieapp.com.

You have the right to:

BE INFORMED

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data, and your rights. This is what we are trying to do by providing you with the information in this Privacy Policy.

ACCESS YOUR PERSONAL DATA

You have the right to request access to your personal data and request a copy of your personal data that we store. If you have created a user account, you can view certain information directly in your account.

UPDATE YOUR PERSONAL DATA

You have the right to request that personal data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account.

WITHDRAW CONSENT

Where we rely on your consent to the use of your personal data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent or any ongoing or future processing carried out on another legal basis. 

DELETE YOUR PERSONAL DATA (RIGHT TO BE FORGOTTEN)

You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your personal data shall be deleted. We may, however, still need to keep your personal data in certain circumstances, for example if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.

RESTRICT THE USE OF YOUR PERSONAL DATA

You have, under certain circumstances, the right to request that the use of your personal data is restricted. If you have requested restriction of the use of your personal data, please note that you cannot use the platform during the time that the use of your personal data is restricted.

OBJECT TO THE USE OF YOUR PERSONAL DATA

Certain use of your personal data is based on our or others’ legitimate interest. You have the right to object to the use of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims, or we have another legal basis to use your personal data.

UNSUBSCRIBE FROM MARKETING COMMUNICATION

You have the right to withdraw your consent to your personal data being used for direct marketing purposes at any time. You can opt-out from marketing communication by clicking on an unsubscribe link in the communication.

NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED DECISION-MAKING

You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your personal data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.

TRANSFER YOUR PERSONAL DATA (DATA PORTABILITY)

You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.

LODGE A COMPLAINT

As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in Article 77 GDPR. 

Competent supervisory authorities within the EU, Iceland, Liechtenstein and Norway are listed here.

The competent supervisory authority in the UK is the Information Commissioner’s Office whose details are found here.

Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.

Privacy information for California residents

If you are a California resident, California law requires us to provide you with some additional information regarding your rights with respect to your “personal information” (as defined in the California Consumer Privacy Act (hereinafter the “CCPA”) that came into force on January 1st, 2020).

We did not during the preceding 12 months, do not currently, and will not in the future sell or transfer your personal data to third parties (and will never do it without providing a right to opt out).

We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed above, but only with the third-party processors with whom we have a data protection agreement in place. A full list of our third-party processors can be found here.

CCPA provides Californian consumers the following rights (which does not interfere with GDPR):

  • Right to request disclosure of any personal information we collected (Article (1798.100) (a) CCPA). This means in particular that you have the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected, the purpose of the collection, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information that have been collected (Article 1798.110 (a) CCPA).
  • Right to request deletion of any personal information that we collected from you (Article (1798.105) CCPA). This means that after we have verified your request to delete your personal information, we shall delete it from our records and direct any service providers to delete your personal information from their records, except when Article 1798.105 (d) CCPA is applicable (e.g. in case the personal information is necessary to provide the Services, to detect security incidents, to identify and repair errors that impair existing intended functionality of the App, to engage statistical research in the public interest, or to comply with a legal obligation).

In addition to the possibility to contact us by sending an e-mail to info@embieapp.com, you can exercise any rights under CCPA.

Changes to this policy

Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.

Top