Introduction
Welcome to Zensara Inc.'s Privacy Policy. Zensara Inc. ("Zensara," "we," "us," or "our") respects your privacy and is committed to protecting your personal data.
This privacy policy will inform you about how we look after your personal data when you use our AI healthcare platform, including our medical AI scribe for clinicians, and tell you about your privacy rights and how the law protects you.
This policy applies to the personal data we collect from you or that you provide to us. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.
You can get in touch with us at any time about the way we handle and safeguard your information.
Data Controller and Contact Details
Zensara Inc. is the data controller responsible for your personal data. Our company is incorporated as a C-Corp in Delaware, USA.
Company Information
Name: Zensara Inc.
Incorporation: C-Corp in Delaware, USA
Registered Address: 8 The Green, Dover, DE 19901, USA
Contact Information
Website: www.zensara.ai
Support Email: support@zensara.ai
Data Protection Officer (DPO) Email: dpo@zensara.ai
If you have any questions about this privacy policy or our data protection practices, please contact our Data Protection Officer at the email provided above.
Changes to the Privacy Policy
We keep our privacy policy under regular review and may update it from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-Party Links
Our website and services may contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We encourage you to read the privacy policies of any website you visit.
The Data We Collect About You
Depending on the level of your engagement with our website or the Services, we may collect, use, store, and transfer different kinds of personal data about you as follows:
General personal information
This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, gender, contact number, and email address. Where you are a Practitioner, we may also collect information relating to your qualifications, registrations, training, and educational background.
Payment and claim information
We may collect information from you in order to pay for services, or for us to make claims on your behalf. This may include credit card information, bank account details, and Medicare card and claim details.
Device information
This includes your device ID, device type, geo-location information, computer, and connection information, statistics on page views, traffic to and from the sites, ad data, IP address, and standard web log information.
Health information
This includes any health information that Practitioners provide when accessing or using our website, Platform or other services. We may collect health information from you for the purposes of facilitating the delivery of healthcare services by you. We may also collect health information of Patients from Practitioners, including where a Practitioner has treated a Patient arising out of, or in connection with the Platform. This may include information that a Practitioner provides directly to us, or otherwise makes available to us. The types of health information may include your medical history, clinical notes, test results, disease status, and prescribed medications (amongst others).
Additional information
This includes information you provide to us through customer surveys, directly through our website or indirectly through your use of our website or Platform or online presence or through other websites or accounts from which you permit us to collect information.
De-identified health information
We may de-identify your health information and use it to provide the Platform functionality and to improve the Platform and other services.
Information for our business improvement
We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our website, Platform and other services are being used to help us improve our services and provide benefits back to our users. When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you so that there is no reasonable likelihood of re-identification occurring. When we use this information for the purposes of business improvement, it is always in de-identified form.
Information collected by cookies
We may collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited. We may also collect some personal information when using cookies, such as where a cookie is linked to your account. There are more details about cookies in section 9.Information collected for recruitment purposesWhen you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.
How Your Personal Data is Collected
We collect your personal information when you engage with us or from third parties. In many instances, we collect personal information directly from you. Here are some of the main ways.
Registration
When you register on our website or Platform.
Communication
Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform.
Interaction
When you interact with our sites, Platform, services, content, and advertising or use our Platform or services.
We may also collect information (including health information) from Practitioners (including the relevant medical clinic). For example, when you undertake a consultation with a Practitioner arising out of, or in connection with the Platform, we may collect health information about you from the Practitioner.
This may include information about the diagnosis, conditions, treatment, advice or other information relating to your health, or your consultation with the Practitioner. We may also collect information about you from our related companies, third party service providers, and other organizations that we partner with. For example:
when you are referred to a pharmacy or specialist, we may collect information relating to that engagement;
when you apply for a job or position with us, we may collect information about you from any recruitment consultant, your previous employers, referees, CV checking agencies or others who may be able to provide information to assist us with our decision; and
where you are a Practitioner, we may collect information about your qualifications, registrations, training, and education background from third party sources, for purposes which include verifying your status as a qualified medical practitioner.
Cookies Policy
We use cookies and/or other tracking technologies to distinguish you from other users of the Services and to remember your preferences. This helps us to provide you with a good experience when you use the Services and also allows us to improve the Services.
Web cookies are small files that are placed on your computer or mobile device by a website when you visit it. They contain details of your browsing history on that website and distinguish you from other users. Cookies send data back to the originating website on each subsequent visit or allow another website or app to recognise the cookie. Cookies are useful because they allow a website or app to recognise a user’s device and, for instance, remember your preferences and generally improve your online user experience. Like most websites and apps, we use cookies.
Although this cookies policy refers to the general term “cookie”, which is the main method used by the Services to store information, the browser’s local storage space is also used for the same purpose and we may use other tracking technologies through the Services. As a result, the information included in this cookie policy is likewise applicable to all such tracking technologies that we use.
Why do we use cookies?
To let you do things on the Services – for example, cookies enable you to log in to secure areas of our Services.
To collect anonymous statistics – the information collected by cookies enables us to improve the Services through usage figures and patterns.
To improve your experience of the Services – for example, to prevent you having to re-enter details when you have already done so, or by ensuring that users can find what they are looking for easily.
You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. If you refuse the use of cookies in this way you may not be able to access the full functionality of our website. Please refer to your internet browser’s instructions or help screens to learn more about these functions.
We may also use third party analytics tools such as Google Analytics, Meta Pixel, Mixpanel, Braze or Segment to help us gather and analyze information relating to your use of our website and Platform. We do this in compliance with regulations.
We may update our use of cookies from time to time and consequently, we may update this policy. We, therefore, recommend that you check this cookies policy regularly.
How We Use Your Personal Data
We use your personal information to enable us to deliver and improve our products and services.
Unless permitted or required by law, we won't use your health information without your consent.
We adhere to privacy by design principles by integrating data protection from the outset of designing our systems and business practices. Our measures include robust encryption, stringent access controls, and continuous threat monitoring. Privacy impact assessments are conducted regularly to ensure potential risks are identified and mitigated, ensuring data protection is a foundational aspect of our operations.
We implement rigorous de-identification techniques to ensure personal and health data are anonymized, stripping identifiable markers to prevent re-identification. These processes are reinforced by stringent security protocols, including multi-layered encryption, and access controls, to safeguard the integrity and confidentiality of the de-identified data.
If we use personal information already collected in a manner different from that stated within this Privacy Policy, we will notify users via an updated information notice. This notice will inform you of the new use of the data and provide you with choices regarding its use.
Access
To enable you to access and use our website, Platform, and other services.
Improvement
Design, provide, improve, and manage our website, Platform and other services, business and your experience, such as to perform analytics, conduct research, and for advertising and marketing.
Health care services
To facilitate the delivery of healthcare services to Patients. For example, information relating to Patients' medical history, complaints or symptoms may be collected and used by the Platform so that Practitioners can make treatment decisions.
De-identified information for Platform functions and improvement
We may de-identify and/or aggregate your personal information, including your health information, for the purposes of using that de-identified information to provide certain functionality and develop and improve the Platform.Some of our Platform functionality may involve the use of third party services. Where these are used, de-identified information may be disclosed to those third parties in order to provide you with that functionality.
Support
Send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
Contact
Contact you when we need to tell you something important about the website, Platform and other services, or your information.
Marketing
Send you marketing and promotional messages and other information that may be of interest to you including information sent by, or on behalf of, our business partners that we think you may find interesting.
Law
Comply with laws, and assist government or law enforcement agencies where we are required and authorized to do so.
Employment
Consider your employment application.
Other purposes when de-identified and/or aggregated
We may also de-identify and/or aggregate your personal information for other purposes that may not be set out in this Privacy Policy. We may also share this de-identified information with our partners for those partners other purposes, which are not set out in this Privacy Policy. This may include, for example, partners using de-identified information to assist them in marketing products and services that are likely to be relevant to your interests and preference.
Marketing Policy
We may use your information for marketing purposes, but you can opt-out at any time.
We and our carefully selected business partners may send you direct marketing communications and information about our services or products. This may take the form of emails, SMS, mail or other forms of communication. We'll always conduct our marketing practices in accordance with privacy laws and other applicable laws.
If we do send you marketing messages using your information, you'll be able to opt out at any time – either by using the unsubscribe facility in the relevant message or by contacting us.
We may also market our services to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We'll always do this in accordance with our legal requirements.
We will not:
use any of your health information to send you marketing communications; or
disclose any of your health information to a third party in order for them to market to you.
Data Security
All information you provide to us is stored on our secure servers, and we take a number of measures to keep your information safe and in compliance with regulations.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
By contracting with us or using our Services, you consent to the collection, storage, processing and transfer of your information in and to the United States or other countries and territories, pursuant to the laws of the United States. Some of these countries may not offer the same level of privacy protection as your own.
We do transfer certain Aggregated Data in and to the USA or other countries and territories (however for the avoidance of doubt, such does not contain any personal data) to help us improve our services to you and other users of the Services.
Data Storage
By default, we store all personal information for our users on servers located within the United States, complying fully with relevant local legislation.
For users in Canada, all personal data is stored in Canada.
For users in the UK, all personal data is stored in the United Kingdom.
For users in the EU, all personal data is stored in Belgium.
If you wish to use our Platform but your local laws require us to store your personal information within your country, please contact us at dpo@zensara.ai.
Please note that some functionalities of our Platform depend on third-party services, whose servers may be located internationally.
Whenever these third-party services are utilized, we ensure that data processing agreements are entered into. These agreements are crucial as they enforce compliance with data protection standards and legal requirements, safeguarding your personal information from unauthorized use or disclosure.
This contractual measure helps maintain the integrity and confidentiality of your data while enabling us to provide enhanced functionality through external services.
Disclosures of Your Personal Data
The above purposes and activities may require us to pass on some of our personal data to the following third parties:
Our service providers acting as our processors, including:
Google Ireland Limited, sub-processor providing of data hosting services in connection to the Services;
Other suppliers, which we may appoint from time to time to provide various services to us, such as IT and system administration services.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
Specific third parties authorized by you to receive information held by us, including Practitioners and Patients (as applicable) and other parties involved in the delivery of healthcare services such as pharmacies; and/or
Regulators, local authorities, and other public or regulatory authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances;
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you and for no other reasons.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Data Retention
We retain your personal data for as long as we need it for the purposes we have collected it for, such as contracting with you for your use of our Services. We may retain your personal data for a longer period if you make a complaint under this privacy policy or our Terms of service, or if we have a reasonable belief that litigation may arise in relation to our relationship with you. We may also be required to retain certain personal data from you to comply with our legal and regulatory requirements.
In some circumstances you can ask us to delete your data: see your legal rights section below for further information.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
You have rights in relation to your personal information. You can contact us to exercise any of your rights in relation to your information.
Here are the things you can ask us to do in relation to your information at any time while you use our website, Platform or other services:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to be informed. You have the right to be informed how your personal data will be used. This privacy policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
if you want us to establish the data’s accuracy;
where our use of the data is unlawful but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
For employees:
Your general personal information
This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, contact number, email address and image.
Educational and social information
This includes details of your education, references from your institutions of study, and information relating to your interests and extra-curricular activities. It also includes lifestyle information and social circumstances, for example ‘life events’ such as marriage, divorce, bereavement, or adoption or birth of children.
Sensitive information
This includes information concerning your health and medical conditions, certain criminal convictions and offences, racial or ethnic origin, religious or philosophical beliefs, sexual orientation.
Financial information
This includes your bank account number, tax identifier and status (including residence status), and credit checks (where required).
Work related information
This includes details of your work history, professional activities and interests, involvement with and membership of industry bodies and professional associations and any personal information captured in the work product(s) you create while employed by us.
If you are a current or former employee and you have any questions in relation to our handling of your personal information, please contact us at dpo@zensara.ai.
How to Complain
If you are unhappy with the way in which we have handled your personal data please get in touch with us by sending an email to dpo@zensara.ai.
If you are not satisfied with how we handle your query or manage your information, including our response to your requests, you are also entitled to make a complaint to the Secretary of the US Department of Health and Human Services.– however we would appreciate the chance to deal with your concerns before you approach the Secretary so please contact us in the first instance.