Cerebria Privacy Notice 

This privacy notice is effective as of the 6th March 2023 

CEREBRIA is a company founded to improve the safety and treatment of patients using state of the art machine learning and artificial intelligence. Using computer algorithms, and multiple live inputs, we work hand-in-hand with physicians to provide a range of early warning and enhancement tools to reduce procedural risk and avoid complications. In providing this service, we are committed to maintaining your trust and confidence with respect to your privacy. 

This privacy notice explains how we collect, use and share your personal data when you use our website and participate in our business activities.  

1. About our privacy notice  
2. Personal information we collect 
3. How we use your personal data 
4. How we share your personal data 
5. How we store your personal data 
6. Your data protection rights 
7. How to contact us  

1. About our privacy notice 

This privacy notice applies to our website and business activities, that refer or link to this privacy notice (the “Services”).  For the purposes of any data you provide, or that is collected by us for or in connection the Services, Cerebria Ltd will be the controller of your data.  

It is important that you read this privacy notice so that you are fully aware of when and how we are collecting or processing your personal data, and why we are using your data.  

Historic versions of our privacy notices can be obtained by contacting us at info@cerebria.ai.  

2. Personal information we collect 

We collect information about you in multiple ways directly from you, and through automated technologies.  

Data collected from automated technologies 

We store log files and use cookies. We use these technologies to collect and analyse technical information including:  

  • IP address 

  • Device type 

  • Your operating system version 

  • Your browser type and version 

  • Referring and exiting pages and URLs 

  • The number of clicks on a page 

  • Pages viewed and the order of those pages 

  • The amount of time spent on particular pages 

Your web browser or device may offer settings that allow you to choose whether cookies are permitted. It may also offer you the chance to review and erase cookies (including cookies you receive from your use of the Services).  

Please note that, if you limit or restrict our ability to use cookies, this may have an impact on your experience in using the website. For example, the performance of the website may be affected.  

Data you provide to us 

The types of personal information that we collect directly from you depends on the content and features of the Services you use and how you otherwise interact with us and may include:  

  • Data you provide when you participate in a formative or summative evaluation as part of our product development activities, such as your name, email address, medical specialty, hospital and role.  

  • Information that you communicate to us, such as questions or information you send to customer support. 

Data from your use of the Services 

The Services may automatically collect information on how you and your device interact with the Service such as:  

  • Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data.  

  • Usage data, such as logs of when you visit or use our Services, browsing actions and patterns. To link you with this log of activity, cookies, device information, and IP address.  

We collect this data through our servers and the use of cookies. We use cookies to collect data to link you and your device(s) with your activity when using our Services.  

3. How we use your personal data 

How we use your data will depend on a number of factors. These include; how the data was collected, who provided the data, which Service you use, how you use the Service, and any choices you have made about your data. 

We will only collect and process your data where we have a lawful basis for doing so. Lawful bases include consent (where you have provided it to us), contract (where processing is necessary for the performance of a contract, and “legitimate interests”.  

Where we rely on your consent to process your data (such as direct marketing) you have the right to withdraw or decline your consent at any time. Where we rely on legitimate interests, you have the right to object to those legitimate interests. If you have any questions around what basis we are processing any of your data, please contact us at info@cerebria.ai.  

We will use your personal data in the following circumstances: 

To provide the Services to you 

We use cookies to remember information about your browser and any settings or preferences.  

To keep in touch with you 

We may contact you via email in order to respond to a website enquiry. Please be aware that we will not provide you with direct marketing unless you have specifically given us your consent. 

Developing our Services 

We use your data, including any feedback that you provide to us, surveys you voluntarily complete, and data about your engagement with the Services, to develop our Services and provide you with a better experience going forward.  

We use cookies to analyse how the Services are accessed, used or are performing. This information is then used to maintain, operate and enhance the Services with the aim of improving your overall experience. We use first party analytics tools to track page views and user behaviour within the Services.  

We also use these cookies to create insights and provide aggregated information about how you use the Services, the content you interact with, and how you interact with our website. 

Product Development Activities 

Data you provide when you participate in a formative or summative evaluation will be securely stored in our Quality Management System. We use legitimate business interests as the legal basis for using this data to support our product development activities. This data may be included in submissions to regulatory authorities to support licencing applications for our products. 

Providing support 

We use your data to respond to and resolve complaints arising from Service issues.  

Providing insights to others 

We may use your data to produce and share insights, where these insights do not identify you.  

Security reasons 

We use cookies to detect security threats, and any other malicious activity on the Services.  

4. How we share your personal data 

Suppliers and Service Providers 

Depending on how you use the services, we share your personal data with:  

  • email service providers  

  • website provider (Squarespace) 

  • Quality Management System provider (Greenlight Guru) 

as necessary to provide the Services, complete a transaction or fulfill your request or otherwise on our behalf based on our instructions. Your personal data may be accessed, stored or processed by these services.  

We use data processors who are third parties to provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us and will retain it for the period we instruct. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.  

With regulators or where required by law 

In some circumstances, we may be legally required to use or disclose information about you. Examples of when this might be necessary include, to:  

  • comply with a regulator’s investigation, or to prevent or act in respect of suspected or actual illegal activities taking place via the Services;  

  • enforce any other agreements we have with you or others;  

  • investigate and defend ourselves against third-party claims or allegations; and  

  • our  the security and integrity of the Services, including the protection of our employee’s rights.  

Where we need to use your personal data for one of the reasons listed above, we will attempt to notify you of such, unless prohibited by law or court order or in case of emergency.  

If we are acquired by another company 

We will share your data with other companies as part of any sale process, merger, or change of control of our business. Any entity that purchases us or part of our business will have the right to continue to use your data only in the ways set out in this privacy notice, unless you agree otherwise.  

5. How we store your personal data 

Cross-border transfers of data 

We process and store data inside the European Union and the United Kingdom and we rely on legally provided mechanisms to lawfully transfer data across borders. 

Data retention 

As a general rule, we retain your data as long as required to provide you with the Services. This is subject to your exercise of rights (set out in section 6) and any data that might be retained after closure of your account, as detailed below.  

Security 

We intend to implement industry standard security safeguards designed to protect your data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, we cannot guarantee the security of any information that you provide when using the Services. In the rare event of any reportable data breach, we will notify you as soon as possible and in accordance with regulatory requirements.  

6. Your data protection rights 

You have rights under data protection law, namely the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation)  (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with these. Where data is processed by a controller or processor established in the European Union or comprises the data of people of the European Union, it also includes the EU General Data Protection Regulation (EU GDPR).  

These rights include: 

  • Your right of access – You have the right to ask us for copies of your personal information  

  • Your right to rectification – In addition to the controls described above, you have the right to ask us to rectify personal data you think is inaccurate and the right to ask us to complete information you think is incomplete.  

  • Your right to erasure – You have the right to ask us to delete your personal data in certain circumstances.  

  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstance, e.g. if we have no legal right to keep using it, or if your data is inaccurate or unlawfully held.  

  • Your right to data portability – You have the right to ask that we transfer all or specified personal data you gave us to another organisation, or to you, in certain circumstances, by means of a copy of the data provided in a machine-readable form (e.g. pdf, word, excel etc.).  

  • Your right to restrict data processing – You have the right to ask us to restrict processing of your personal data in certain circumstances, e.g. you have an issue with the content of the information that we hold. This may be used as an alternative to erasing your data.  

You are not required to pay any charge for exercising your rights. If you wish to exercise any of these rights, please contact us using the details in Section 7. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.  

7. How to contact us 

Cerebria Ltd is a company registered in England (company number 11495251) with it’s registered office at Finsgate 5-7, Cranwood Street, London, EC1 V9EE (collectively referred to as “Cerebria, “we”, “our” and “us” in this privacy notice).  

 

If you have any questions about this privacy notice, concerns how your personal data is used by us, or wish to make a request to exercise your legal rights, you can contact us using the details below: 

E-mail: info@cerebria.ai 

Postal Address: Finsgate 5-7, Cranwood Street, London. EC1 V9EE 

If you are not satisfied with our response, or if we cannot resolve your complaint you can also contact the Information Commissioner’s Office (“ICO”). Please note that nothing prevents you from taking a matter to the ICO before having spoken to us, nor does anything prevent you from taking a matter to the relevant data protection regulator in your home country.  

The ICO’s address:             

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk