PRIVACY POLICY

1. Effective as of January 5th, 2016

This privacy policy governs your use of Figure 1, a software application (“Application”) that was created by Figure 1, Inc. The Application includes a method for viewing medical images, a database of medical images, and mechanisms for users to upload images to the database or send them to each other.

What information does the Application obtain and how is it used?

User Provided Information

The Application obtains the information you provide when you download and register the Application.

2. Part 1: Personal User Information

When you register with us and use the Application, you provide:

  1. your username
  2. your password
  3. your email address
  4. your specialty (selected from a drop-down menu).

We will store your username, country and specialty on an unencrypted server. Your password is cryptographically hashed and your email address is encrypted. These information elements are referred to collectively as your “Personal User Information.” We collect and hold this information for the purpose of administering your use of the Application.

You are solely responsible for (1) maintaining the strict confidentiality of your Personal User Information, (2) not allowing another person to use your Personal User Information to access the Services, (3) any and all damages or losses that may be incurred or suffered as a result of any activities that occur under your Personal User Information. You agree to immediately notify Figure 1, Inc. in writing by email to privacy@figure1.com of any unauthorized use of your Personal User Information or any other breach of security. Figure 1, Inc. is not and shall not be liable for any harm arising from or relating to the theft of your Personal User Information, your disclosure of your Personal User Information, or the use of your Personal User Information by another person or entity.

3. Part 2: User-Provided Case Information

(a) When you use the application, you may:

  1. upload images
  2. create image captions and tags
  3. share the image as private or public.

We will store your uploaded images, image captions, date created, number of times the tag is used, common variations of image tags (such as misspellings) and information on whether the tag appears in searches. The Application stores only de-identified images, not the original unedited image, which may contain personally identifying features. (See list of identifying features in Section 7 of the Terms of Service). We do not store IP addresses or location information relating to images uploaded by users.

(b) When you use the application, you may provide comments. We will store your comments made, the date of comment and the username connected to the comment.

(c) When you use the application, you may “favorite” images for easy reference later. We will store which images on Figure 1 you have “favorited”, as well as the date favorited and the username connected to the image favorited.

(d) When you use the application, you may flag images provided by other users (e.g., to indicate that identifiable information may have been improperly included in an image, caption, or comment). We will store the images that you flag, the subcategory of the flagged image, the date flagged and the username referenced to the flagged image.

(e) We will also store the date your account was created, the Application version, and the last login date.

These informational elements shall be referred to as “User-Provided Case Information.” All User-Provided Case Information that you generate in the Application must comply with local, national, provincial, state, and federal privacy legislation and best practices. Identifying information must be removed from any uploaded images and should not be included in any captions or comments. The Application is already enabled with Figure 1, Inc.’s proprietary features, such as automatic and manual information-blocking tools, to help you remove direct identifiers and other common identifiers from User-Provided Case Information, but the existence of these tools does not release you from any obligations under local, national, provincial, state, and federal laws to maintain the privacy of patients or other users.

(f) Optional User Provided Information

  1. You also have the option to ask to be verified as a licensed healthcare professional. If you choose this option, you will be asked to provide us with additional information, which we will cross-reference with publicly available data to ensure that you actually are a licensed healthcare professional. If you are verified, we will store your status as a “verified healthcare professional”.
  2. You also have the option to invite colleagues to join Figure 1 so that they can use the Application too. If you choose to do this, the Application will access the address book on your mobile device to enable you to choose which of your colleagues you would like to invite to the Application. We only store the email addresses of those colleagues you invite to join the Application for the purpose of sending them an invitation email from our server. We do not store your complete address book.
  3. You will also have the option to expand your user profile with additional information. If you choose this option, you may complete any of the following fields: real name, state, country, and institution, and you may include a short biography and upload a profile picture. Information you provide will be visible to all verified healthcare professionals using the Application or the website. You are responsible for the accuracy of all of the information you provide.
  4. On occasion, we may survey our users or solicit comments and opinions from our users. You have the option to respond to our inquiries. If you choose this option, the information will be used to learn more about healthcare to help improve your experience on Figure 1 and for other purposes of Figure 1. We only store this information in the aggregate with the exception of comments, which will be linked to your user profile.

(g) Automatically Collected Information

In addition, the Application may collect certain information automatically, such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system and information about the way you use the Application in order to improve the Application and deliver the services.

All information stored on our server will not be accessible by third parties. We do not collect user level search activity or viewing activity. This is compiled only at an aggregate, in order to help us better understand how users are using our Application, so that we can optimize your experiences.

We may also use the information provided by you to contact you from time to time to provide you with important information, push notifications and marketing promotions. You will be given the option to opt-out of these notifications.

Does the Application collect precise real time location information of the device?

This Application does not collect precise information about the location of your mobile device.

Do third parties see and/or have access to information obtained by the Application?

We will disclose User Provided and Automatically Collected Information, within or outside your jurisdiction, as described above in the following circumstances:

What are my opt-out rights?

You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

However, the Application will not allow you to opt out of any announcements and messages related to the implementation of this Policy and your obligations thereunder. As such, should your uploaded images, image captions, or comments contain identifying information about a patient (as described in the Terms of Service,) you will receive messages from Figure 1 notifying you of a potential privacy violation associated with this content.

You may also delete your account by going to your profile and tapping and holding the “Logout” button. You will be asked to confirm that you would like to delete your account. If you confirm, your profile information and all images associated with your profile will be automatically deleted from the Figure 1 server. We cannot guarantee, however, that we will be able to recall images that have been provided to third-parties, such as medical journals or medical education websites.

4. Data Retention Policy, Managing Your Information

We will retain User Provided Information as described above for as long as you use the Application, and will delete it if you delete your account, which can be done easily on the profile tab in the app or by contacting us via privacy@figure1.com. You may also permanently delete images from the Application. Once an image is deleted by the user, it will be deleted from our server along with all references to the image, such as all associated comments or favorites. We cannot guarantee, however, that we will be able to recall images that have been provided to third-parties, such as medical journals or medical education websites.

If you contact Figure 1, Inc. to delete your account, the change will be processed within seven (7) calendar days.

5. Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic and procedural safeguards to protect information we process and maintain.

For example, your password is cryptographically hashed and your email address is encrypted.

We limit access to your information to authorized employees and contractors who need to know that information in order to operate, develop or improve the Application. Please be aware that, although we will take reasonable steps to safeguard and maintain security of Personal User Information, User-Provided Case Information, Optional User Provided Information, and Automatically Collected Information that we process and maintain, no security system can prevent all potential security breaches. Please refer to the Terms of Service for more details about Figure 1, Inc.’s and your obligations with respect to the proper use of the Application and notification obligations thereunder.

6. Changes

This Privacy Policy may be updated from time to time for any reason. Each time you use the Application, the most current version of the Privacy Policy will apply. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You are advised to consult this Privacy Policy regularly for any changes. Unless stated otherwise, the most current version of the Privacy Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of your privacy without the consent of affected users.

7. Your Consent

By using the Services, you are consenting to our processing of Personal User Information, User-Provided Case Information, Optional User Provided Information, and Automatically Collected Information as set forth in this Privacy Policy now and as amended by us. “Processing” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

Contact us – If you have any questions regarding privacy while using the Application, have questions about our practices, or wish to make a complaint about our handling of your personal data, please contact us via email or anonymously here. We will make every effort to investigate and respond to your complaint in a timely way.

Any and all good-faith disclosures of privacy concerns under this Policy will not be used to restrict or prohibit you from continuing to use the Application to the extent permitted by law. However, disclosure of any unlawful practices implicating the Privacy Policy to Figure 1, Inc. does not release you from your obligations to notify local, national, provincial, state, and federal authorities of any violation of law related to your use of the Application.

8. Notice to California Residents

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. With respect to these entities, this Policy applies only to their activities within the State of California. To make such a request, please send an email to privacy@figure1.com or write us at:

296 Richmond Street West, Suite 600, Toronto, Ontario, M5V 1X2

9. ADDITIONAL TERMS FOR UNITED KINGDOM, NORWAY, ICELAND, KAZAKHSTAN, TURKEY, THE RUSSIAN FEDERATION, SOUTH AMERICA, UKRAINE, UZBEKISTAN, AND EUROPEAN UNION RESIDENTS

If you are a resident of the United Kingdom, Norway, Iceland, Turkey, the Russian Federation, Ukraine, the European Union or South America, legislation* permits you to request that we tell you what personal information we hold about you and how we process it and that we provide you with a copy of that information. You are also entitled to access, rectify, change, update, delete, revoke, or improve upon your personal information at any time. You can exercise this right free of charge. We may ask you to provide further information to confirm your identity before considering your request. To make such a request, please send an email to privacy@figure1.com or write us at:

296 Richmond Street West, Suite 600, Toronto, Ontario M5V 1X2, or

Digital +Ethics: 15 rue Rougemont, 75009 Paris (if you are a resident of France).

We may ask you to provide further information to confirm your identity before considering your request.

If you use the Application to invite colleagues to join Figure 1 or to share photos with a colleague, you must first have their consent to use their e-mail address for this purpose. Figure 1 will rely on your obtaining that consent.

For purposes of providing the Application Figure 1 may transfer your personal data to servers located in the United States or other countries outside of the European Economic Area/Ukraine which provide for a different level of data protection. By using, and continuing to use the Application, you agree to that transfer.

The data we hold is used solely for the purposes of operating the Figure 1 site and communicating with you. We will not provide it to any third parties, other than service providers acting on our behalf to assist in running the Figure 1 App. The information we request from you is mandatory unless indicated otherwise and is necessary to enable Figure 1 to provide you with the Figure 1 App. You are also entitled to object to any processing of your personal data on reasonable grounds.

If you are a resident of Ukraine, you are hereby informed that that Figure 1 shall be your personal data controller processing information defined as Personal User Information, User-Provided Case Information, Optional User Provided Information, and Automatically Collected Information. Apart from the rights listed in this section above, you also have the following rights as regards personal data protection:

  1. the right to bring the means of legal protection in case of violation of personal data protection legislation;
  2. the right to obtain the information about the terms for granting access to your personal data, including the information on the third parties to whom your personal data is transferred.
  3. the right to obtain no later than thirty calendar days from the moment of the request submission, except for the cases, established by law, a response regarding the fact whether your personal data are processed, as well as to obtain the content of your personal data currently processed;
  4. the right to protect your personal data from illegal processing and unintended loss, damage resulting from purposeful concealment, nondisclosure or untimely disclosure, as well as to protect the information that is inaccurate, or discrediting honor, dignity and business reputation of the individual;
  5. the right to claim for the protection of your rights with respect to your personal data to the Parliament Commissioner of Ukraine on Protection of Human Rights or court;
  6. the right to bring the means of legal protection in case of violation of personal data protection legislation;
  7. to make a reservation with regard to restrictions of the right to processing your personal data when granting consent to your personal data processing;
  8. to withdraw your consent for personal data processing;
  9. to know the mechanism of automatic personal data processing;
  10. to be protected from an automated decision that has legal consequences for you.

*Legislation

10. ADDITIONAL TERMS FOR AUSTRALIA, NEW ZEALAND, CHINA, INDIA, ISRAEL, JAPAN AND SOUTH AFRICA RESIDENTS

If you are a resident of the Australia, New Zealand, India, Israel, Japan, the PRC or South Africa privacy legislation permits you to request that we tell you what personal information we hold about you and provide you with a copy of that information. You also have the right to request that we correct your personal information if it is inaccurate, out-of-date or incomplete. We may ask you to provide further information to confirm your identity before considering your request. To make an access and/or correction request, please send an email to privacy@figure1.com or write us at:

296 Richmond Street West, Suite 600, Toronto, Ontario M5V 1X2

If you use the Application to invite colleagues to join Figure 1 or to share photos with a colleague, you must first have their consent to use their e-mail address for this purpose. Figure 1 will rely on your obtaining that consent.

It is not mandatory or legally required for you to provide us with any of your personal information. However, if you do not provide the information that we ask for, you may not be able to access and use all of the Application’s features available to users.

Figure 1 may transfer your personal data to servers located in other countries for purposes of providing the Application. By using, and continuing to use the Application, you agree to that transfer. If you are an Australian resident, you acknowledge that by providing your consent to the transfer to servers located outside Australia, we are not required to take reasonable steps to ensure your personal information is handled in accordance with Australian privacy law.

If you are a user in the PRC, if you notice any personal information leakage or otherwise have any complaint about the protection of your personal information, please contact privacy@figure1.com. We will respond within fifteen days of the receipt of your email.

11. ADDITIONAL TERMS FOR LEBANESE RESIDENTS

If you are a user in Lebanon, by clicking on the “AGREE” or “I ACCEPT” button of the Terms of Service or accessing or using the Site, Services or App, you are confirming your approval to have this Privacy Policy drafted in the English language.

12. ADDITIONAL TERMS FOR SOUTH KOREAN RESIDENTS

If you are a resident of South Korea, we will collect and use your Personal User Information, Optional User Provided Information, and Automatically Collected Information (hereinafter collectively referred to as “Personal Information”, after your express prior consent.

It is not mandatory for you to provide us with any of your Personal Information. However, if you do not provide the information that we ask for, you may not be able to access and use all or parts of the Application’s features available to users.

Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilizations and Information Protection permit you to request that we tell you what personal information we hold about you and how we process it and that we provide you with a copy of that information. You are also entitled to access, rectify, change, update, delete, revoke, or improve upon your personal information at any time. You can exercise this right free of charge. To make an access and/or correction request, please send an email to privacy@figure1.com or write to us at: Figure 1. Inc., 296 Richmond Street West, Toronto, Ontario, M5V 1X2.The contact details of our Privacy Officer in charge of protecting and managing your personal information, and handling inquiries and complaints concerning Personal Information, are as follows:

All of your Personal Information will be stored, processed and transmitted after encryption.

You may block cookies by activating settings on the browser that allows you to refuse the settings of all or some cookies. Click here for more information about cookies.

We may transfer your Personal Information to servers located in other countries for purposes of providing the Application, after your express prior consent. Our servers are currently located in the U.S.

We do not disclose your Personal Information to any third parties, including service providers.

When we destroy personal information, we will take commercially reasonable and technically possible measures to ensure that the information is not restored or regenerated. If we need to retain personal information instead of destroying it, we will store and manage such personal information or personal information file separately from other personal information, to the extent technically possible. If the personal information that needs to be destroyed is in the form of an electronic file, we will permanently delete such information in an irrevocable manner. Any other document, printout, letter and other recorded media will be destroyed by incinerating or shredding into pieces.

If you use the Application to invite colleagues to join Figure 1 or to share photos with a colleague, you must first have their consent to use their email address for this purpose. Figure 1 will rely on your obtaining that consent. The Application will allow you to directly share information and/or send invitations to your colleagues. Figure 1 will not collect or store the email addresses of your colleagues during this process.