No information proving such.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
We will hold the above data for as long as it is necessary in order to provide you with the Services, deal with any specific issues that may arise or, otherwise, as it is required by law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed in Section 3 above.
Once your account is terminated, we will delete the personal data relating to your account within 1 month.
If you were a user of the UK Doctor Chat services (which is no longer available since 23 March 2018), your consultation details may be retained by us for a period up to 10 years according to the UK Records Management Code of Practice Retention Schedule, or if otherwise required by Care Quality Commission (“CQC”).
If your personal data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as the shorter period expires.
We restrict access to your personal data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your personal data that is no longer needed is either irreversibly anonymized (and the anonymized data may be retained) or securely destroyed.
You can delete your account based on the information provided at https://help.ada.com/hc/en-us/articles/360000319269
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
6.1 We use technical service providers to operate and maintain our Services, who act as our processors based on a data processing agreement.
Companies who have access to your data are:
- Amazon Web Services (Infrastructure)
- Google Cloud Platform (Infrastructure)
- Hetzner Online GmbH (Infrastructure)
- MongoDB Cloud Services, Inc (Infrastructure)
- Adjust (Tracking)
- Amplitude (Tracking)
- Customer.io (Tracking)
- Facebook SDK (Tracking)
- New Relic (Tracking and Monitoring)
- Sentry (Tracking)
- Formspree.io (Customer Support)
- Zendesk (Customer Support)
- IP Find (Country Information)
- Contentful (Website Content Management)
- Prismic (Website Content Management)
6.4 If we are required on the basis of EU law or the law of a Member State to disclose or share your personal data.
Use justification: Legal obligation, Article 6 (1) (c) GDPR.
The personal data that we collect from you is stored in the European Union on Cloud Servers of Amazon Web Services EMEA S.A.R.L. (“AWS”) with a business seat in Luxembourg and on the Cloud Servers of Google Commerce Limited (“GCL”), a company incorporated under the laws of Ireland, with offices at Gordon House, Barrow Street, Dublin 4, Ireland. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR).
Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
Please contact us if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA.
Last modified: 29 April 2020
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
The policy does not require users to be notified in case of a data breach.
This includes the use of data brokers and independent verification authorities (such as background check providers).
3.3 Facebook Login
Types of data: Facebook ID, email (if provided in Facebook account), and phone number (if provided in Facebook account) and time and date of the login.
Due to the girth of this section, you can read each use in section 3 under the "Use justification" clause.
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
3.12 Monitor usage to ensure proper use, functioning, maintenance and improvement of the medical reasoning system and related Services
Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purposes. Under no circumstances will we use the collected data to determine your identity. We may send you transactional emails (e.g. account creation verification email, reset password email, double opt-in email regarding the newsletter subscription, welcome email) and process the page interaction accordingly, to ensure proper reception and assess the service in order to improve it.
Right to object: You have a right to object under the conditions of Article 21 DSGVO. Below you will find more detailed information:
— Right to object where the processing is based on legitimate interests: As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
— Right to object where we process your personal data for statistical purposes: If we process your personal data for statistical purposes pursuant to Article 9 (2) (j) DSGVO, Section 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such an objection, we will no longer process the personal data concerned for this purpose unless the processing is necessary to fulfil a task in the public interest, or the discontinuation of processing is likely to make it impossible or seriously impair the realization of statistical purposes and the continuation of processing is necessary for the fulfilment of statistical purposes.
Due to the girth of this section, you can read each use in section 3 under the "Types of data" clause.
May 26, 2021