For the purpose of processing personal data, 3dex may engage data processors and/or, at its sole discretion, hire other persons to perform certain functions on behalf of 3dex. In such cases, 3dex shall take necessary measures to ensure that such data is processed by the personal data processors in accordance with instructions of 3dex and applicable legislation. 3dex shall also require personal data processors to implement appropriate measures for the security of personal data. In such cases, 3dex shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.
3dex services is responsible for safeguarding your personal information (information you have voluntarily disclosed to us) and using this information only for the purpose for which it was collected (as explained to you prior to collection and agreed by you).
The following is general information on 3dex’s privacy practices. Please read our privacy statement and let us know if you have any questions.
How we are compliant with the EU GDPR regulation
This is a notice to inform you of the 3dex policy about all the information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means to collect, store, transfer, use or otherwise act on information.
- We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
- 3dex takes seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
- 3dex undertakes to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
- Our policy complies with the Supreme Courts of Delaware laws accordingly implemented, including that required by the European Union general data protection regulation (GDPR) and data protection regulation of every country we do business.
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
The operations of 3dex are in accordance with the European Union’s general data protection regulation (GDPR), effective May 25, 2018. 3dex has made the GDPR a priority, and we are and have always been fully aligned with the regulation’s intended result: the protection of your privacy and personal data
This policy (together with our terms and conditions and any other documents referred to in it) sets out:
- How we are compliant with EU GDPR regulation
- Personal information we collect about you PIPEDA (Personal Information Protection and Electronic Documents Act)
- Types of data collected
- Cookies and other technologies
- How we use your information
- Our promotional updates and communications
- Who we give your information to
- How we store your information
- Technology Centered Services subjects
- Transfer to third parties
- Enforcement, recourse and liability
- How we protect your information
- How long we keep your information
- Your rights as a data subject
- Privacy shield
- European union GDPR compliance (data processing notice)
- Complaints to a data protection authority
- Contact us
- Changes to this policy
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of European economic area data protection law, (the “data protection law”), the data controller is Nino Riazati, his email is [email protected] his office address is at PO Box 52288 Irvine, CA 92619. USA
Personal information we collect about you (PIPEDA)
According to the federal personal information protection and electronic documents act, 2000 (PIPEDA), “personal information” means information about an identifiable individual. The information you provide to 3dex is considered personal information it is possible to relate it back to you through your name, address, email address, telephone number and any other information that can identify you.
If information cannot be related to an identifiable individual it is considered anonymous information (such as laboratory results identified by alpha-numeric identifier instead of an individual’s name). Whenever possible, 3dex works with anonymous information. This privacy statement does not apply to anonymous information.
Types of data we collect from you
- Information you provide to us – These are information you provide when you register for an account to use our services. They may include your name, phone number, email address, etc
- Information We Collect and Store As You Access and Use the Site – these are non-personal information such as your IP address, cookies, device you use as at the time you browse through our website, and certain device data
This terms also applies to personal data within the scope of 3dex privacy shield certification:
For the purposes of this statement, “personal data” means information that relates to a natural person (a “data subject”) and can be linked either directly or indirectly to that data subject. In addition, certain personal data covered by 3dex’s privacy shield certification may be subject to more specific privacy policies of 3dex or to contracts.
In the case of any conflict between these policies and contracts and the principles, the principles will control. Other data may include
Information we receive from other sources:
We receive information about you from other service users, from third-party services, from our related companies, and from our business and channel partners.
Other users of the services: other users of our services may provide information about you when they submit content through the services. We also receive your email address from other service users when they provide it in order to invite you to the services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company’s account.
3dex companies: we receive information about you from companies that are owned or operated by 3dex, in accordance with their terms and policies.
3dex partners: we work with a global network of healthcare/Partners who provide consultation, and other services around our Client services. Some of these partners also help us to market and promote our services, generate leads for us, and resell our products. We receive information from these partners, such as technical contact information, company name, what 3dex service you have opted for or may be interested in, evaluation information you have provided, and what country you are in.
Other partners: we receive information about you and your activities on and off the services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our services and online advertisements.
Cookies and other technologies
Most web browsers automatically accept cookies and similar technologies, but if you prefer, you can change your browser to prevent that and your help screen will tell you how to do this. We also give you information about disabling cookies. However, you may not be able to take full advantage of our website if you do so.
A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser or exit the app. Others are used to remember you when you return to the platform and will last for longer.
We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.
3dex also uses persistent cookies for a number of legitimate interests, such as to be able to track the number of unique visitors to the site. Additionally, persistent cookies enable 3dex to tailor content and related subject matter to match your preferred interests and/or for the purposes of not showing you the same content and related subject matter repeatedly.
We may also employ cookies to compile anonymous, aggregated statistics that allow us to understand how users use our site and to help us improve the structure of our website. We cannot identify you personally in this way.
Types of cookies we use on our website
- Strictly needed cookies. These cookies are necessary for the Website to work correctly. They will allow you to move around our website and use its capabilities. These files do not identify you as a person. If you do not agree to use this type of file this may affect the proper work of the website or its components.
- Cookies related to performance, efficiency, and analytics. These files help us understand how you interact with our website by providing information about the areas visited and the amount of time spent on the website, as well as showing problems in the operation of the Internet resource, for example, error messages. This will help us to improve the work of the website.
- Cookies related to analytics. These files help us to measure the effectiveness of advertising campaigns and optimize the content of websites for those who are interested in our advertising. This type of cookies shall not be used for your identification. All information that is collected and analysed is anonymous.
- Advertising cookies. These cookies record information about your online activities, including visits to our website, as well as information about the links and advertising that you have chosen to view. 3dex uses such files to collect data about your activity on the Internet and determine your interests, which allows 3dex to provide advertising that suits your interests and on which you have given your consent.
The website capture limited data (user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to the Website. 3dex may use this data to analyze patterns and to perform system maintenance. You have several options on how to manage cookies on your device. All browsers allow you to block or delete cookies from your device. You may consult the privacy features in your browser to understand what you should do if you need to manage cookies.
How we use your information
Your personal information is used and disclosed only for the purposes for which it is collected as consented by you, unless otherwise required by the law.
If information is disclosed to third parties, we will not disclose more information than is required.
You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed here. For a list of data processors we use, please send us a message and we will send you our data processors.
We use information held about you in the following ways:
We may use your personal information for the following purposes:
- To ensure 3dex is relevant to your needs.
- To deliver services and information about 3dex that you request.
- To assess your suitability as a user on Client Centered Services where you have sent us a Healthcare provider related enquiry through our website.
- To assist 3dex in creating and publishing content most relevant to you.
- To alert you to update information about 3dex and 3dex services if you so request.
- To allow you access to limited-entry areas of 3dex as appropriate.
In some cases our use of your information is based on your consent, for example where you contact us from our contact us feature in which case you can withdraw your consent at any time by following the unsubscribe link on 3dex emails. In other cases we process your personal information because it is necessary to deliver a service you have requested.
- Processing your information in relation to Client Centered Service opportunities with 3dex. 3dex has a legitimate interest in processing data relating to healthcare’s name, institution and contact details for future Client Centered Services;
- To correct technical errors and to technically process your personal information;
- To protect the security and integrity of 3dex;
- To protect any 3dex property or rights or obligations and/or the property, rights or obligations of third parties where 3dex may have an obligation or liability in respect of these; and
- To take precautions against potential liability on the part of 3dex.
To ensure that we are appropriately balancing 3dex’s legitimate interests against your rights and interests, you are entitled to object to such processing at any time as described under “your personal data rights” below.
3dex may also process and disclose your personal information to the extent required by law, applicable regulation or judicial process.
Please keep in mind that 3dex does not trade or sell your personal information.
We May Share Your Information with:
Any member of our group, which means our subsidiaries, our partner physician, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
Selected Third Parties
Our selected third parties may include:
If 3dex or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of 3dex, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Delaware / Delaware Do Not Track Disclosures
Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals). Currently, 3dex do not monitor or take any action with respect to these signals or other mechanisms.
Where we store your information
3dex has a data privacy officer who is responsible for ensuring that your personal information is collected, used, disclosed (shared) and retained in compliance with applicable privacy regulations.
However, the data that we collect from you may be transferred to, and stored at, a destination outside the European economic area (“EEA”) that may not be subject to equivalent data protection law.
In order to store it
In order to enable us to provide products or services to you and fulfil our contract with you. This includes Client Centered Services fulfilment, processing of, and the provision of support services.
How we store and secure information we collect
Information storage and security
We use industry standard technical and organizational measures to secure the information we store.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the internet, we cannot guarantee that data, during transmission through the internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
If you use our server or data center services, responsibility for securing storage and access to the information you put into the services rests with you and not 3dex. We strongly recommend that server or data center users configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.
How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Information you share on the services: if your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow other users to make full use of the services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
Marketing information: if you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our services, such as when you last opened an email from us or ceased using your 3dex account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How to access and control your information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
Consent to provide personal information
We inform you when we need to collect your personal information and why we are collecting it.
3dex only collects information from you after you give us your consent. The only exception is when the law requires the collection, use or disclosure of a person’s information without consent (e.g. Reporting infectious diseases for public health safety).
Providing us with personal information is entirely voluntary. By giving us your personal information, you consent to allow us to use and disclose your personal information as described to you. If you do not agree with the use and disclosure of your information, please do not provide us with your personal information.
Some of our services can only be offered if you provide personal information so, if you choose not to provide your information, we may not be able to provide you with those services.
You may withdraw consent at any time. You will be informed of the effect that withdrawing your consent will have.
Your withdrawal of consent will only apply from the point that you withdrew consent. Your withdrawal of consent is not retroactive.
This means we will not remove information that has already been disclosed.
Client Centered Services subjects
3dex collects anonymized medical and health information about the individuals who take part in Client Centered Services through Healthcare (Partner). The Healthcare who examine the individuals before and during the Client Centered Services, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such anonymized information to third parties who may be providing services for the Client Centered Services. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.
Transfer to third parties
To facilitate the purposes of Client centered Service, personal data may be shared in the normal course and scope of business with third parties to whom 3dex has chosen to outsource work. In the event that personal data is transferred to a third party, 3dex requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the principles of the privacy shield. In certain circumstances, 3dex may remain responsible and liable under privacy shield principles if such third parties process the personal data in a manner inconsistent with the privacy shield principles
Your rights as a data subject
In some jurisdictions (for example, the member states of the European Union) you may be entitled to certain rights in and to your personal data, subject to certain conditions and exceptions contained in applicable law. These rights may include the following:
- Request us to confirm whether your personal data is processed by us, and if we do, to obtain access to your personal data and certain information about it.
- Require the correction of your personal data if it is inaccurate or incomplete.
- Direct us to stop processing your personal data under certain circumstances.
- Erase or delete your personal data, for example, where the data is no longer needed to achieve the purpose for which it was collected.
- Restrict the further processing of personal data
- Request us not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (we currently do not engage in such processing and will notify you prior to doing so).
- Request to receive your personal data for transmission to, or to directly transmit to, another data controller in a structured, commonly-used and machine-readable format.
To protect your privacy and the security of your personal data, we will take reasonable steps to verify your identity before complying with such rights requests.
Legal bases for processing (for EEA users):
If you are an individual in the European economic area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the services, including to operate the services, provide customer support and personalized features and to protect the safety and security of the services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. Your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, and this may mean no longer using the services
Our COPPA policy towards children
The services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. 3dex.com complies with both the Children’s Online Privacy Protection Act of 1998 (COPPA) and, with regard to EU data subjects, with GDPR. While children under the age of eighteen (16) may use the Site only with the consent of his or her parent or legal guardian, please be advised that this Site is not directed or otherwise promoted for use by children under the age of sixteen (16).
However, the application involves recordings of patients, including children under the age of 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to protect or delete such information if required to do so. If you become aware that a child has provided us with personal information, please contact our support services.
How we protect your information
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS 1.3 (a strong protocol), x25519 (a strong key exchange), and aes_128_gcm (a strong cipher). Where we have given you (or where you have chosen) a password which enables you to access certain parts of our platforms, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our platforms; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
Your Delaware Privacy Rights (CCPA)
We may elect to share information about you with third parties for those third parties’ direct marketing purposes. Delaware Civil Code § 1798.83 permits Delaware residents who have supplied personal information (as defined in the law) to us, under certain circumstances, request and obtain certain information regarding our disclosure, if any, of personal information to third parties for their direct marketing purposes.
If this law applies to you, you may obtain the categories of personal information shared by us and the names and addresses of all third parties that received personal information for their direct marketing purposes from us during the immediately prior calendar year (e.g., requests made in 2016 will receive information about 2015 sharing activities).
To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a Delaware resident and provide a current Delaware address for our response. To make such a request (limit one request per year), please send an email to: [email protected], with “Delaware Privacy Rights” as the subject line
As Directed By Your Healthcare provider
We may disclose your PHI as directed by Your Healthcare provider but only as permitted by Your Healthcare provider’s notice of privacy practices and as permitted under our business associate agreement with Your Healthcare provider and applicable provisions of HIPAA.
Your right to withdraw consent
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us [email protected] You can also change your marketing preferences at any time as described in ‘our promotional updates and communications’ section.
You can also exercise the rights listed above at any time by contacting us at [email protected]
If your request or concern is not satisfactorily resolved by us, you may contact our data protection officer, his email is [email protected]
He can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Data Privacy Regulatory Frameworks and Requirements
GDPR Data Privacy User Rights
If you are an EU resident and 3dex is processing, and/or transmitting your personal data, then you – as an “EU data subject” – benefit from the following rights and privileges under the General Data Protection Regulation (GDPR):
- Right of Access: you have the right to obtain from us, as controllers, confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following personal data and information:
- the purposes of the processing;
- the categories of personal data concerned; i.e name, email, phone number etc
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations’;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority (for a list of supervisory authorities, see https://edpb.europa.eu/about-edpb/board/members_en);
- where the personal data are not collected from you, any available information as to their source;
- The existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Right to Rectification: you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerned, provided during registration by him or her. Taking into account the purposes of the processing, the user have the right to request his incomplete personal data be completed, including by means of providing a supplementary statement.
- Right to Erasure (Right to be Forgotten): you have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) your persona data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
- Right to Restriction of Processing: you have the right to obtain from us the restriction of processing if you: a) contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the personal data, but you require them to establish, exercise to defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
- Right to Data Portability: where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data– or have directly transmitted – to another controller.
Right to Object: you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate grounds for the processing which override your interests, rights and freedoms or for our establishment, exercise or defense of legal claims.
Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces you under your sole control, like your personal bitbucket repository
Notice for Delaware Consumers – Your Privacy Rights under the (CCPA)
Under Delaware ’s “shine the light” law, Delaware residents have the right to request in writing from businesses with whom they have an established business relationship
- A list of the categories of personal information, such as name, address, email address, and the type of services provided to that customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and
- The names and addresses of all such third parties. To request the above information, please email us at [email protected] or write to us at:
Attn: Privacy and Data Protection Officer: PO Box 52288 Irvine, CA 92619 USA
We will respond to such written requests within 30 days following receipt at the mailing address above. We reserve the right not to respond to requests submitted other than to the address specified above or otherwise exempted by law. Please note that we are required only to respond to each user once per calendar year.
Complaint to a Data Protection Authority
You have the right to submit a complaint concerning our data processing activities to our data protection officer.
If you have any queries regarding our data collection and protection practices or your rights, please do not hesitate to contact our data protection officer, at [email protected]