aitios® Privacy Notice

Last updated: July 26, 2023

This Privacy Notice is supplied by aitiologic GmbH ("aitiologic", "we", "us" or "our") and describes how Personal Data is collected and used by aitiologic via the aitiologic web application (“aitios®”) and all associated websites developed by aitiologic. This Privacy Notice applies only to the websites and other online properties that directly link to it, which we refer to herein as the "Services".

This Privacy Notice applies to aitiologic where aitiologic is the “controller” of your Personal Data, i.e., the entity that determines the purposes and means for processing such data. aitiologic may in some cases process Personal Data on behalf of users of aitios®, such as where Users load Personal Data including genomics data to aitios®. In that case, aitiologic is a "processor" with respect to such information, and you should refer to the user's own privacy notices to receive additional information about their privacy practices.

If you have any questions about aitiologic's privacy practices, please email: privacy@aitiologic.com .

What data do we collect?

We collect Personal Data. When we use the term “Personal Data” we mean information that relates to a specific person, or that can be used to identify a specific person, such as a name or email address. In this Privacy Notice, we do not include Protected Health Information in the definition of Personal Data because, as discussed below (Protected Health Information), Protected Health Information has different treatment under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations ("HIPAA") and other applicable laws. "Protected Health Information" or "PHI" is individually identifiable health information that is protected by HIPAA.

Protected health information

With respect to aitios®, aitiologic is not a Covered Entity as that term is defined under HIPAA. You may not use aitios® to connect content that includes PHI. You will anonymize or pseudonymize data prior to connecting it to aitios®.

How do we collect your data?

We collect and use Personal Data through your use of the Services in the following ways:

User Account Information/Personally Identifiable Information

When you register with us through the Services and during your use of the Services, we will ask you for Personal Data such as: your name, company or organization name, title, e-mail address, postal address, telephone number.

Automatic Data Collection: Cookies and Similar Technologies

When you use the Services, we automatically collect usage data such as the IP address of the device or internet service you use to connect to the Internet, browser type and version, operating system and platform, and referring URLs, which may, in some instances, constitute Personal Data ("Usage Data").

We use cookies, tracking pixels, and other similar technologies to track activity on our Services and to enhance the functionality of our Services. Cookies are small data files that our web servers send to your browser and which get saved on the hard drive of the computer that you are using to access the Services. If you choose to reject cookies from our Services, for example via your browser settings, you may be unable to use certain Services features, and functionality. If you choose to accept cookies from us and our service providers, you are agreeing to let us and our service providers install cookies on your computer. To learn more about cookies, please visit allaboutcookies.org . Tracking pixels (also known as web beacons, action tags, or transparent GIF files) collect and store information about your visits to our Services, such as page visits, the duration of the visit, the specific link(s) that you clicked during your visit, and the address of the website from which you arrived at the Services.

Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above. We do not currently use technology that recognizes “do not track” signals from your Web browser.

How will we use your data?

We may use your Personal Data to provide and improve aitios® and our other products and services, to ensure contact information is up to date and accurate, to improve our customer service, to reduce risk and prevent fraud, to provide you with a personalized experience on our Services and to communicate with you regarding new service features and related products and services provided by our Collaborators or other partners, events, and other information and notices we believe you may find interesting or useful. We will not sell or provide your information to third parties other than the Collaborators for their own direct marketing purposes.

We use Usage Data collected to provide, maintain, secure, and improve our Services, and to understand your interests when visiting our Services. We may generate statistical information regarding our user-base and use it to analyze our Services or business.

With whom may aitiologic share your personal data?

We share Personal Data with the following categories of recipients:

Service Providers

We may rely on various third-party service providers and contractors to provide services that support the Services and our operations, including, without limitation, maintenance of our databases, distribution of emails on our behalf, data analysis, payment processing and other services of an administrative nature. Such third parties may have access to your Personal Data for the purpose of performing the service for which they have been engaged.

Vendors and Service Providers

We use various third-party service providers , such as Amazon Web Services, that assist us in providing aitios®. For example, we may use third-party vendors to store and authenticate account credentials, store and analyze system logs, send email communications, and for hosting and storing information collected through aitios®. We may need to share your information with these vendors and service providers to enable them to provide these services to us. These service providers and vendors are required to only use your information to provide their services to us and in a manner consistent with this Policy.

Business Transactions

If any of the Collaborators sell all or part of their business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, the Collaborator may transfer your Personal Data to a third party as part of that transaction.

How do we store your data?

We securely store your data on server(s) in Vienna, Austria, and in datacenters in Frankfurt, Germany.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access

You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.

The Right to Rectification

You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.

The Right to Erasure

You have the right to request that Our Company erase your personal data, under certain conditions.

The Right to Restrict Processing

You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The Right to Object to Processing

You have the right to object to Our Company's processing of your personal data, under certain conditions.

The Right to Data Portability

You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: privacy@aitiologic.com.

What about links, third party applications and other privacy terms & conditions?

On the Services, we may provide links to websites or applications maintained by third parties, which we believe you may find useful. aitiologic is not responsible for the privacy practices of these other websites or applications and we encourage you to review the privacy policies of each of those other websites or applications before using such websites and applications. If you click on these third-party links, these other websites or applications may place their own cookies or other files on your computer, collect data, or solicit Personal Data from you. Other websites and applications will have different policies and rules regarding the use or disclosure of the Personal Data you submit to them. We make no representation with regard to the policies or business practices of any websites or applications to which you connect through a link from the Services, and are not responsible for any material contained on, or any transactions that occur between you and any such website or application.

As a processor, aitiologic stores the genomic sequence data (DNA, RNA, etc), derived from humans or other organisms, that you submit to the Services along with metadata and other information related to such sequence data. You agree to and accept full responsibility for obtaining all necessary permissions and informed consents from the donors of all samples from which your submitted sequence data is derived.

You may also be permitted to upload your own data, including reference genomes, to the Services in the course of using the Services. You agree to and accept full responsibility for obtaining all permissions, consents, and rights necessary for uploading and using any such software and data to and with the Services. The software you upload must comply with the aitiologic Terms of Service Policy .

How will the privacy notice change?

This Privacy Notice may be updated periodically. We will notify you of any material changes to this Privacy Notice by posting the revised policy on the Services. You are advised to periodically review this page to ensure continuing familiarity with the most current version of our Privacy Notice. Any changes to our Privacy Notice will become effective upon our posting of the revised Privacy Notice on the Services. Use of the Services following such changes constitutes your acceptance of the revised Privacy Notice then in effect. You will be able to determine when this Privacy Notice was last revised by checking the "Last Updated" information that appears at the top of this page.

How can you contact us?

If you have any questions about our privacy practices, you may contact us using the following email address: privacy@aitiologic.com.