Introduction and Scope

NeuPath Health Inc., its subsidiaries and affiliates (collectively “NeuPath”) are committed to protecting your Personal Information and complying with applicable data protection and privacy laws. This Privacy Policy governs the use of Personal Information by NeuPath on the NeuPath company site (“Site”) and through related services offered through the Site (the “Services”). Note that this policy does not cover uses of personal information collected through other NeuPath websites: for information on how those sites collect Personal Information, or when and if applicable personal health information, please visit those sites.

Data Controller and Data Processor

NeuPath’s business customers are the data controllers for most of the information that is entered into the NeuPath web application, website, and supporting systems or that is shared periodically with NeuPath employees to deliver services. This positions NeuPath as the data processor for most information stored and processed by NeuPath. There are some pieces of information that are collected directly by NeuPath to facilitate security, logging, and application performance. These items include IP address and behavior within the NeuPath platform. For these pieces of information, NeuPath acts as the data controller and processor. Additionally, NeuPath employs a variety of technologies and partners that periodically act as sub-processors (detailed list below). If users have any questions or concerns about the processing and handling of their personal information, they may reach out to NeuPath directly by email at privacy@neupath.com.

Types of Data Collected

The NeuPath web application and supporting applications collect the following types of personal data: cookies, usage data (e.g., page and link clicks, time on page), email address, phone number, first name, last name, province, state, country, ZIP/Postal code, city, address, and company name.

Complete details on each type of personal data collected are provided in the dedicated sections of this Privacy Policy or by specific explanation texts displayed before the data collection.

The NeuPath web application may collect personal data that the user may freely provide, or, in case of usage data, collect when using this website, the NeuPath web application, and its supporting applications.

Specific data is required for the NeuPath web application and supporting applications to provide services. If data is mandatory, it is noted throughout the website and NeuPath web application. If the NeuPath website or NeuPath web application specifically states that data is not mandatory, users are free to not share this data without consequences to the availability or the functioning of the service.

Users who are uncertain about which personal data is mandatory are welcome to contact NeuPath at privacy@neupath.com.

Any use of cookies–or other tracking tools–by the NeuPath website, the NeuPath web application, and its supporting applications serves the purpose of providing the service for which NeuPath has been engaged, in addition to any other purposes described in the present document and the Cookie Policy.

Mode, Place, and Methods of Processing the Data

NeuPath takes appropriate security measures to prevent unauthorized access, disclosure, modification, or data destruction.

Data is processed using computers or tech-enabled tools, following organizational policies and procedures strictly related to the purposes indicated. In some cases, data may be accessible to NeuPath employees involved with the NeuPath website’s operation, the NeuPath web application (platform), and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by NeuPath. External parties may include third-party technical service providers, hosting providers, and IT companies.

Legal Basis of Processing

NeuPath may process personal data relating to users if one of the following applies:

  • Users have given their consent for one or more specific purposes.

  • Provision of data is necessary for the performance of an agreement with the user.

  • Processing is necessary for compliance with a legal obligation.

  • Processing is necessary for the legitimate interests pursued by the controller or by a third party.

In any case, NeuPath will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

Place

The data is processed at NeuPath’s operating offices, hosting facilities, and, for some data, third-party sub-processors. The majority of data is stored and processed within Canada. In some cases data may be stored within the US or EU via third-party sub-processors.

Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. To find out more about the processing of such transferred data, users can consult the section containing details about the processing of personal data. Users are entitled to learn about cross-border data transfers. If any such transfer occurs, users can find out more by checking the relevant sections of this document or inquiring directly with NeuPath.

Retention Time

Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected.

Therefore:

  • Personal data collected for the performance of a contract between NeuPath and a business customer is retained until such contract has been entirely performed or the business customer asks for the data to be deleted.

  • Personal data collected for NeuPath’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding NeuPath’s legitimate interests within the relevant sections of this document or by contacting NeuPath.

NeuPath may be allowed to retain personal information for a more extended period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, NeuPath may be obliged to retain personal data for a more extended period whenever required to perform a legal obligation or upon order of an authority.

Once the retention period expires, the user’s personal data will be securely deleted.

The Purposes of Processing

The data concerning the user is collected to allow NeuPath to provide its services, as well as for the following purposes: analytics, user database management, managing contacts and sending messages, handling payments, interaction with external social networks and platforms, remarketing and behavioral targeting, contacting the user, displaying content from external platforms, hosting and backend infrastructure, interaction with live chat platforms, and spam protection.

Users can find further detailed information about such purposes of processing and the specific personal data used for each purpose in the respective sections of this document.

Detailed Information on the Processing of Personal Data

Personal data is collected for the following purposes and using the following services and third parties:

Analytics

The services contained in this section enable NeuPath to monitor and analyze web traffic and can be used to keep track of user behavior.

HubSpot Analytics (HubSpot, Inc.)

HubSpot Analytics is an analytics service provided by HubSpot, Inc.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this application, to prepare reports on its activities, and to share the reports with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy

Twitter Ads Conversion Tracking (Twitter, Inc.)

Twitter Ads conversion tracking is an analytics service provided by Twitter, Inc. that connects data from the Twitter advertising network with actions performed on this application.

Personal data collected: cookies and usage Data.

Place of processing: US – Privacy Policy.

Google Ads Conversion Tracking (Google Inc.)

Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on this application.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy. Privacy Shield participant.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

Personal Data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

Contacting the User

Mailing List or Newsletter (The NeuPath Web Application)

By registering on the mailing list or for the newsletter, the user’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning the NeuPath web application. The user’s email address may also be added to this list due to signing up via the NeuPath website or the NeuPath web application, or after making a purchase.

Personal data collected: address, city, company name, cookies, country, email address, first name, last name, phone number, province, state, usage data, and ZIP/Postal code.

Phone Contact (The NeuPath Web Application)

Users that provide their phone number might be contacted for commercial or promotional purposes related to the NeuPath web application or for fulfilling support requests.

Personal Data collected: phone number.

Contact Form (The NeuPath Web Application)

By filling in the contact form with their data, users authorize the NeuPath web application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

Personal data collected: address, city, company name, country, email address, first name, last name, phone number, job role, province, state, and ZIP/Postal code.

Displaying Content from External Platforms

This type of service allows users to view content hosted on external platforms directly from the pages of the NeuPath web application and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Google Fonts (Google Inc.)

Google Fonts is a typeface visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy. Privacy Shield participant.

YouTube Video Widget (Google Inc.)

YouTube is a video content visualization service provided by Google Inc. that allows the NeuPath website and NeuPath web application to incorporate content of this kind on its pages.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

Handling Payments

Payment processing services enable the NeuPath web application to process payments by credit card, bank transfer, or other means. The NeuPath web application shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable sending timed messages to the user, such as emails containing invoices or notifications concerning the payment.

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: US – Privacy Policy.

Hosting and Back-End Infrastructure

This type of service has the purpose of hosting data and files that enable the NeuPath website and the NeuPath web application to run and be distributed. Additionally, these services provide the infrastructure to run specific features or parts of the application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

Microsoft Azure (Microsoft Corporation)

Microsoft Azure Web Services is a hosting and backend service provided by Microsoft Corporation.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: See the Microsoft privacy policy – Privacy Policy.

MedStack (MedStack)

MedStack is a security based hosting and backend service provided by MedStack.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: See the MedStack privacy policy – Privacy Policy.

Heroku (Salesforce)

Heroku is a hosting and backend service provided by Salesforce.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: See the Salesforce privacy policy – Privacy Policy.

Managing Contacts and Sending Messages

This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the user.

These services may also collect data concerning the date and time when the message was viewed by the user and when the user interacted with it, such as by clicking on links included in the message.

HubSpot Email (HubSpot, Inc.)

HubSpot Email is an email address management and message sending service provided by HubSpot, Inc.

Personal data collected: email address and usage data.

Place of processing: US – Privacy Policy.

Twilo SendGrid (Twilio)

Twilio is a cloud communications platform that provides software developers with building blocks to add communications to web and mobile applications or manage email applications provided by Twilio.

Personal data collected: email address and usage data.

Place of processing: US – Privacy Policy.

AdWords Remarketing (Google Inc.)

Google Ads, formerly known as Google AdWords, is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of this application with Google’s advertising network and the DoubleClick cookie.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy  Opt Out.

Remarketing with Google Analytics (Google Inc.)

Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity performed by Google Analytics and its cookies with the Google Ads advertising network and the DoubleClick cookie.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy  Opt Out. Privacy Shield participant.

Spam Protection

This type of service analyzes the traffic of the NeuPath website and the NeuPath application, potentially containing users’ personal data, with the purpose of filtering it from parts of traffic, messages, and content that are recognized as spam.

User Database Management

This type of service allows NeuPath to build user profiles by starting from an email address, a personal name, or other information that the user provides to this application and then tracking user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networking profiles) and used to build private profiles that the NeuPath can display and use for improving this application.

Some of these services may also enable sending timed messages to the user, such as emails based on specific actions performed on the NeuPath website and NeuPath web application.

HubSpot CRM (HubSpot, Inc.)

HubSpot CRM is a user database management service provided by HubSpot, Inc.

Personal data collected: email address, phone number, and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy.

HubSpot Lead Management (HubSpot, Inc.)

HubSpot lead management is a user database management service provided by HubSpot, Inc.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: US – Privacy Policy.

Selling Goods and Services Online

The personal data collected is used to provide the user with services or goods, including payment and possible delivery. The personal data collected to complete the payment may include the credit card information or the bank account used for the transfer, or any other possible means of payment. The kind of data collected by this application depends on the payment system used.

Further Information about Personal Data

The Rights of Users

Users may exercise certain rights regarding their data processed by NeuPath.

In particular, users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent after they have previously given their consent to the processing of their personal data.

  • Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.

  • Access their data. Users have the right to learn if NeuPath is processing their data, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing.

  • Verify and seek rectification. Users have the right to verify their data accuracy and ask for it to be updated or corrected.

  • Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, NeuPath will not process their data for any purpose other than storing it.

  • Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from NeuPath.

  • Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used, machine-readable format, and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user’s consent, on a contract that the user is part of, or on precontractual obligations.

  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details About the Right to Object to Processing

Where personal data is processed for the public interest, in the exercise of an official authority vested in NeuPath or for the legitimate interests pursued by NeuPath, users may object to such processing by providing a ground related to their particular situation to justify the objection.

However, users must know that should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the NeuPath is processing Personal Data for direct marketing purposes, users may refer to the relevant sections of this document.

How to Exercise These Rights

Any requests to exercise user rights can be directed to NeuPath through the contact details provided in this document (privacy@NeuPathcom). These requests can be exercised free of charge and will be addressed by NeuPath as early as possible and always within one month.

Cookie Policy

The NeuPath website and NeuPath web application use cookies.

To learn more and for a detailed cookie notice, the user may consult the Cookie Policy.

Additional Information about Data Collection and Processing

Legal Action

Users’ personal data may be used for legal purposes by NeuPath in court or the stages leading to possible legal action arising from improper use of this application or the related services. The users declare they are aware that NeuPath may be required to reveal personal data upon request of public authorities.

Additional Information About Users’ Personal Data

In addition to the information contained in this privacy notice, this application may provide users with additional and contextual information concerning particular services or the collection and processing of personal data upon request.

System Logs and Maintenance

For operation and maintenance purposes, this application and any third-party services may collect files that record interaction with this application (e.g., system logs) using other personal data (e.g., IP Address) for this purpose.

Information Not Contained in This Notice

More details concerning the collection or processing of personal data may be requested from NeuPath at any time. Users may use the contact information at the beginning of this document.

How “Do Not Track” Requests are Handled

This application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor “Do Not Track” requests, users should read their privacy policies.

Changes to This Privacy Notice

NeuPath reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within this application or–as far as technically and legally feasible–sending a notice to users via any contact information available to NeuPath. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, NeuPath shall collect new consent from the user where required.

Definitions and Legal References

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information—including a personal identification number—allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this application (or obtained by services employed in this application)can include: the IP addresses or domain names of the computers utilized, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the users’ browser and operating system, the various time details per visit (e.g., the time spent on each page within the application), and the information on the path followed within the application with particular reference to the sequence of pages visited, and other parameters about the device operating system or the users’ IT environment.

User

The individual using this application who, unless otherwise specified, coincides with the data subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor

The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.

Sub-Processor

This refers to any additional third party who processes personal data on behalf of the data processor in fulfilling contractual obligations and services.

Data Controller

The person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.

This Application

The information technology system that collects and processes the personal data of the user.

Service

The service provided by the NeuPath platform or NeuPath team.

European Union (EU)

Unless otherwise specified, all references made within this document to the European Union (EU) include all current member states to the European Union and the European Economic Area.

Cookies

Small piece of data stored on the user’s device.

Legal Information

This privacy notice has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy notice relates to the NeuPath website, application, and supporting services unless otherwise stated within this document.