ANKYRAS Privacy Policy

General Information on data protection:

In compliance with the obligation provided in Article 13 of European Regulation (EU) 2016/679, April 27, about the protection of natural persons with regard to the processing of personal data and on the free movement of such data, from now on GDPR (General Data Protection Regulation), we inform you of the following:

Institution providing the service:

Galgo Medical SL

Tlf: (+34) 93 328 39 64

C/ París 179, 2 2

Barcelona, Barcelona 08036

CIF - B66090127

Email: ankyras.info@galgomedical.com

Data Protection Officer: Héctor Fernández, email: data-protection@ankyras.com

About:

ANKYRAS is intended to assist healthcare professionals in the selection of a proper braided device for treatment of intracranial aneurysms, also allowing them to assess the fit of each particular braided device in the patients’ anatomy. The service allows the prediction of the final position of the device after being placed inside the vascular patient anatomy, the changes in the braided device geometry after being placed inside the vascular patient anatomy and the geometrical characteristics of the braided device such as the radial expansion and the local surface porosity.

It is intended for use by qualified medical professionals experienced in examining and evaluating 3D rotational angiography images, for the purpose of obtaining diagnostic information as part of a comprehensive diagnostic decision-making process.

ANKYRAS is intended to view only 3D rotational angiography images and CT scanners stored in a DICOM format.

To provide this service through the internet we (Galgo Medical SL) need to collect the following:

Your personal data, in order to identify you (the user) every time you sign on ANKYRAS. The personal data we store is any information that can identify you in relation to the service provided by ANKYRAS. The data collected is detailed in section “Personal Data Collection”.

Your case data, in order to allow you to identify your cases uploaded to ANKYRAS. Your case data corresponds to patient data for which you are the owner of and you have previously requested the consentient to use it. The data collected is detailed in section “User Data Collection”.

Personal Data Collection:

We collect your personal data when you first sign up on ANKYRAS. This information is used to identify you every time you sign in ANKYRAS and provide you the services included in ANKYRAS, which were detailed on the “About” section.

When you first register for an ANKYRAS account on www.ankyrasonline.com we collect:

Your name.

Your email address.

Your institution affiliation.

The country where the institution is located.

Optionally your telephone number.

Your role in your institution.

We do not collect special categories of data, such as information about your race, political opinions, religion, health or sexual orientation.

When you register for an ANKYRAS account, we assign you a unique identifier (ID) that we use to recognize you when you are signed in ANKYRAS. This number will uniquely identify you if you sign in using the same account on a new device.

Any personal data stored in ANKYRAS can only be shared with a third party under your previous and mandatory consentient.

We do not use your personal data for marketing analysis.

Purpose of the Personal Data management:

Identifying you every time you sign on ANKYRAS and give you access to your case data stored in ANKYRAS. Additionally, we use your personal data exclusively for sending information that you request, including information about updates on the service or on the terms of use.

You can revoke your consent at any time to the storage of your personal data (including your email address) and to the use of your data. You can do this through the corresponding form on the ANKYRAS website. The legal basis for processing your data for the above purpose is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR.

Legitimation for the Personal Data storage:

Legal basis of the treatment

In compliance with the provisions of Article 13 of the European Data Protection Regulation, you are informed that the legal basis for this treatment is as follows:

Your active consent through the acceptance of the terms of use and privacy policy.

Necessary treatment for the execution of a contract in which you are a party or for the application at the request of the latter of pre-contractual measures.

Obligation to provide data and consequences of not doing so

It is essential to fill the requested personal data in order to do a first sign on ANKYRAS. If you do not provide us with your personal data, we are not able to give you access to ANKYRAS.

User Case Data Collection:

We collect data from your cases every time you upload a new case or when you edit an existing case. This information is used to identify your cases to provide you the services included in ANKYRAS, which were detailed in the “About” section. You can only view the case data corresponding to the cases you have uploaded.

ANKYRAS performs medical simulations based on 3D volumetric images described on the ANKYRAS IFU and mentioned in the “About” section. When you upload a new case to your ANKYRAS account on www.ankyrasonline.com we can collect:

User need: type of treatment to be done on the patient, you can edit this value through ANKYRAS platform and set it to “none”.

Pathology: type of vascular disease, you can edit this value through ANKYRAS platform and set it to “none”.

Aneurysm type: aneurysm category (giant, wide neck…), you can edit this value through ANKYRAS platform and set it to “none”.

Pretreatment: patient has been previously treated, you can edit this value through ANKYRAS platform and set it to “none”.

Aneurysm Location: aneurysm vascular location, you can edit this value through ANKYRAS platform and set it to “none”.

Patient sex: you can edit this value through ANKYRAS platform and set it to “none”. This data is obtained from the DICOM Tags.

Patient Age: you can edit this value through ANKYRAS platform and set it to “none”. This data is obtained from the DICOM Tags.

Hospital on which the image was taken from the patient: This data is obtained from the DICOM Tags.

Patient name stored on the scanner tags: This data is obtained from the DICOM Tags and can be anonymized on extraction process from the scanner.

The Study Series stored on the scanner tags value.

Study UID stored on the scanner tags.

Study Description stored on the scanner tags.

The Case Data is of your own property, we implicitly assume that it has been previously collected with the consentient of the patient.

We do not share any case data with third parties without your previous and mandatory consent. Any study obtained from your case data stored in ANKYRAS cannot be performed without your previous and mandatory consent. Any public study obtained from your case data stored in ANKYRAS will include your data under the conditions agreed by you as well as those included in the consent agreement.

You can delete any of the cases and associated data using ANKYRAS at any time sign in to ANKYRAS.

Purpose of User Case Data Collection:

To identify you and give you access to your cases every time you sign in to ANKYRAS.

To allow you to identify each case and associate it to the corresponding patient.

Legitimation for the Personal Data storage:

Legal basis of the treatment

In compliance with the provisions of Article 13 of the European Data Protection Regulation, you are informed that the legal basis for this treatment is as follows:

Your active consent through the acceptance of the terms of use and privacy policy every time you upload a new case.

The necessary identification of each patient by you (the user).

Obligation to provide data and consequences of not doing so

The case data is of your own property. You can modify it through ANKYRAS as it was mentioned on section “User Case Data Collection”. You can upload anonymized DICOMS to ANKYRAS. The identification of the image with the patient is of your own interest, ANKYRAS just provides the tools to do it, but it is up to you to decide on how to organize and store this data.

Security of your personal and user case data:

We have implemented appropriate technical and organizational controls to protect your personal and user case data against unauthorized processing and against accidental loss, damage or destruction. You are responsible for choosing a secure password when we ask you to set up a password to sign in to ANKYRAS. This password should be kept confidential. This password should not be used on any other site. You should not share your password with anyone.

Every data transaction between you and the ANKYRAS server is done under https protocol, to protect the privacy and integrity of the exchanged data while in transit.

Rights:

You can contact us with regard to the following rights in relation to your personal data:

If you would like to have a copy of the personal data we hold on you or if you think that we hold incorrect personal data about you, please write to the Data Protection Officer at Galgo Medical, S.L, C/ París 179, 2-2, Barcelona 08036 or email data-protection@ankyras.com. We will deal with requests for copies of your personal data or for correction of your personal data within one month. Should your request be complex or should you have a large number of requests, complying with it might take a longer period of time. If more than a month is required to do so, we will inform you. Obtaining a copy of your personal data or exercising any other rights will not have a fee. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Any consent you have provided us to use your personal data can be withdraw any time.

Where applicable, you may also have the right to receive a machine-readable copy of your personal data.

You have the right to ask us to delete your personal data or restrict how it is used. There may be exceptions to this right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your personal data for certain purposes.

If you want to make any of these requests, please contact data-protection@ankyras.com.

We may need to request specific information from you to help us confirm your identity.

You have the right to ask us to delete any user case data as long as you give us information to identify it and remove it from the storage.

Data Storage:

The data storage is provided to ANKYRAS by HETZNER on a server located in Germany, within the EU and under the data protection regulation of the European Union, in accordance with Article 28 GDPR, for more information visit HETZNER . Any change on the external data contractors will be informed to the users and will be always compliant with the EU GDPR.