Data Touch Surgery Collects
Touch Surgery collects data to operate effectively and provide you the best product experience. Some of this data is provided to us directly by you during the registration process as well as the verification stages. More data is also obtained by recording how you interact with the app, for instance by learning the specialties or procedures in which you might be interested.
We also obtain data from third parties. We protect data obtained by us and from third parties according to the practices described in this statement, plus any additional restrictions imposed by you and the source of the data. Third-party sources vary over time, but have included:
- Data brokers from which we purchase demographic data to supplement the data we collect.
- Social networks when you grant permission to Touch Surgery to access your data on one or more networks. For example when you sign into Touch Surgery with credentials from a social networking app.
- Service providers that help us determine a location based on your IP address in order to customize certain products to your location.
- Partners with which we offer co-branded services or engage in joint marketing activities, and
- Publicly-available sources such as open government databases or other data in the public domain.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide a product or feature, you may not be able to use that product or feature in the future.
The data we collect includes the following:
Name and contact data: We collect your First and Last name as well as Email address.
Credentials: We collect passwords, and similar security information used for authentication and account access.
Demographic data: Gender, Country, City, Profession, Medical Occupation (where applicable), Medical school (where applicable), Medical ID (where applicable), the Hospital at which you are employed (where applicable), Interests, and Profile picture.
Device data: We collect data from the device used to connect to our app including Device(s) make and model, Platform, IP address and location.
What we do with the info we gather
Touch Surgery uses data we collect for three basic purposes, described in more details below: (1) to operate our business and provide the products we offer, including improving and personalizing our products; (2) to send communication, including promotional communications; and, (3) recommend products & further education learning materials.
The principal purposes for which we collect and store your personal information are to tailor our product to your training requirements, respond to your enquiries, get in touch with you about other products and promotional offers, recommend products which we think might be of interest to you, and generally maintain the account you hold with us, together with improving our app and website.
In carrying out these purposes, we combine data we collect to give you a more seamless, consistent and personalized experience. For example, we can use your interests and the information about the procedures you elect to learn in the app to make personalized app recommendations.
1) Providing and improving our products: We use data to provide and improve the products we offer and perform essential business operations. This includes operating the products, maintaining and improving the performance of the products, including, but not limited to, developing new features, research, and providing customer support. Examples of such uses include the following.
- Providing the Products. We use data to provide our products to you. Often, those products include personalized features and recommendations that enhance your productivity and enjoyment, and automatically tailor your product experiences based on the data we have about your activities, interests and location.
- Customer support. We use data to diagnose product problems, provide other customer care and support services.
- Product Improvement. We use data to continually improve our products, including adding new features or capabilities
- Business Operations. We use data to develop aggregate analysis and business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our business.
2) Communications: We use data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means to inform you when a new procedure has been added to the app, remind you about unfinished training material, update you or inquire about a service.
3) Enterprise Simulations: We host a range of simulations on our platform, including those built with enterprise partners. By engaging in these modules the user agrees that their data will be shared in the following ways:
- Aggregate Data
- Engagement Data Sharing: We share aggregate engagement data, not raw data, with our partners to show the quantity of users who are engaging with their content, split by profession, surgical specialty, location and institutional/hospital links.
- Non Aggregate Data
- Referral Engagement Data Sharing: We share aggregated and non aggregated engagement data with our partners who re-direct users to our app either by direct referral through residency programs or by any other means. Non aggregated data contains user’s personal information such as user’s ‘firstname’, ‘lastname’, ‘profession’ or any other personal information the user may have shared with the referring partner. If an app user was referred to Touch Surgery products and services through one of our partners, the user will have agreed that the partner who referred them to Touch Surgery will have access to the user’s content engagement on our platform. The data we share with our partners will include but not be exclusively limited to engagement information related to the partner’s commissioned content on our platform. For example a teaching hospital partner might invite surgical students to use the Touch Surgery app in order to learn surgical procedures on our platform. These surgical procedures could be public procedures available to everyone or private procedures commissioned specifically by the partner and made available by invitation only. This partner will want to track how referred students are progressing. The referral hospital will already have user’s personal data, therefore, engagement dashboards may also include this personal data.
- Advertising & Campaigns: We use data we collect to run targeted advertising campaigns on behalf of our partners, for instance we might invite a user on the app to attend a conference in their field of specialty in which we think they might be interested. The user’s interests, location, profession, medical occupation, app usage and surgical simulation data is used to map users to events or other resources. If a user opts into a campaign of interest, their contact details will be shared with the event organiser/healthcare professional in order for appropriate contact to be made. The user has the option to opt out of engaging in these campaigns and your information will not be shared.
- Advertising Industry Best Practices and Commitments. Touch Surgery adheres to the NAI, a set of self-regulating principles that require companies to provide notice and choice with respect to Interest-Based Advertising and Ad Delivery and Reporting activities.
We also adhere to the following self-regulation programs:
- In the US: Digital Advertising Alliance (DAA)
- In Europe: European Interactive Digital Advertising Alliance (EDAA)
- In Canada: Ad Choices: Digital Advertising Alliance of Canada (DAAC) / Choix de Pub: l’Alliance de la publicité numérique du Canada (DAAC)
4) Geolocation data: We collect user’s IP address, country and city data. This location information is used to tailor our app contents to the user’s specific location. Some procedures on our platform are bespoke and proprietary, only available in some locales. In order to make sure that we respect the geo restrictions of these procedures, we require the user’s location data which might be acquired through an IP address or direct input from the user.
This data is also used to comply with local data protection regulations that may exist in some jurisdictions and not in others. For example some US states such as California have data privacy regulations such as ‘The California Online Privacy Protection Act’ that is only applicable to businesses that collect and process private personal data about individuals residing in California.
Reason we share Personal Data
We only share your data with our partner companies who commission the different surgical procedures and learning simulations on offer in our app. We share this data in aggregate format, never in raw format. For example a company that helped us build a simulation for an Orthopaedic procedure might want to know if people are using the app to learn their techniques. They might also want to know how effective it is and if people are finding the simulation beneficial. They might also want to know what improvements they can make to the procedures for a better learning experience. It is at this stage that we use the data we collect from you to answer these questions.
For app and virtual residency program users who opt into our targeted advertising campaigns, we share data with our partners once a match has been made so that an appropriate contact can be initiated.
We will never share your data with any party without your consent. Moreover, we never share your data with anyone other than for the explicit purposes laid down by the user and Touch Surgery mutually.
How to Access & Control your Personal Data
You can view or edit your personal data by simply contacting us and stating your wish to see, amend, update or delete any data we hold about you. (email@example.com)
Cookies & Similar Technologies
We may use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Where we store & process Personal Data
Touch Surgery stores data in a Cloud environment. Currently we use Amazon Web Services (“AWS”). We choose the regions in which our users content will be stored, allowing us to deploy AWS services in those locations, in accordance with our specific geographic requirements.
AWS datacenters are built in clusters in various regions around the globe. For example, an AWS customer, in this instance Touch Surgery residing in any European country can choose to deploy its AWS services exclusively in the EU region or elsewhere depending on their specific business needs or geographic requirements. If the AWS Customer chooses the EU region, user’s content will be physically located in AWS datacenters in and around Europe ; The EU region has a number of AWS datacenters, primarily in Ireland, Frankfurt and London. Customers can replicate and backup their users content in more than one region, and AWS will not move or replicate customer content outside of the customer’s chosen regions, except as legally required and as necessary to maintain the AWS services.
Retention of Personal Data
Touch Surgery retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The criteria used to determine the retention periods include:
- How long is the personal data needed to provide the products and operate our business? This includes such things as maintaining and improving the performance of those products, keeping our systems secure, and maintaining appropriate business records. This is the general rule that establishes the baseline for most data retention periods.
- Do customers provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? We maintain data in our systems until such a time that a user no longer wishes to be kept in our database.
- Is there an automated control, that enables the customer to access and delete the personal data at any time? for example, the user can at any given time contact Touch surgery to request access, update or deletion of their personal data from our system
Other Important Privacy Information
European Privacy Law (GDPR):
Touch Surgery adheres to applicable data protection laws in the European Economic Area and the United States, which if applicable includes the following rights:
- If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
- You have a right to request from us as defined in the law, access to and rectification of your personal data;
- You have a right to object to the processing of your personal data; and
- You have a right to lodge a complaint with a data protection authority.
When we process personal data about you, we do so with your consent and/or as necessary to provide the products you use; operate our business; meet our contractual and legal obligations; protect the security of our systems and our customers; or fulfill other legitimate interests of Touch Surgery as described in the “What we do with the info we gather” and “Reasons We Share Personal Data” sections above.
When we transfer personal data from the European Economic Area, we do so based on a variety of legal mechanisms, as described in “Where We Store and Process Personal Data” above.
Security of Personal Data
Touch Surgery is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide in AWS cloud computing infrastructure that have limited access and are in controlled facilities. When we transmit highly confidential data over the Internet, we protect it through the use of encryption.
If you would like further information about Privacy at Touch Surgery, you will find more information at this link. You can also contact at firstname.lastname@example.org