Image

Privacy Policy

Latest version: 31 May 2019
Last updated: 23 January 2019

Your privacy is important to us. This privacy policy explains what personal data Virti collects from you through our products and how we use that data.
Virti serves a number of users in different ways. References to products in this statement include Virti’s services, which are offered through our websites and our apps.
Please read product-specific details in this privacy statement for additional information.
This policy applies to any users of the services of Virti or its affiliates anywhere in the world, and to anyone else who contacts Virti or otherwise submits information to Virti, unless noted below.
In this policy, "we", "us" or "Virti" means VirtiHealth Limited t/a Virti, with its registered office address at Front Suite, First Floor, 131 High Street, Teddington, TW11 8HH. We are registered with the ICO as a data controller under registration number ZA601432.

Summary
Full details are set out in the relevant sections of this policy. In brief:

  • We normally receive your personal data from you, but sometimes it might be from a third party with whom we are mutually acquainted
  • We use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
  • We only provide your personal data to third parties for our business purposes or as permitted by law;
  • We may share your data with commercial partners if you have indicated an interest in receiving communications relating to their products or services (such as medical training);
  • You have legal rights in relation to your personal data which you can exercise on request;
  • We store personal data for specified periods;
  • Our website uses cookies and we collect analytics information from the use of our products; and
  • You can contact us to enquire about any of the contents of this Policy.
  1. 1. Data Protection Principles
We are committed to complying with data protection law and principles, which means that your data will be:
  1. a. Processed lawfully, fairly and in a transparent way;
  2. b. Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
  3. c. Adequate, relevant and limited to what is necessary for those purposes;
  4. d. Accurate and, where necessary, kept up to date;
  5. e. Kept for no longer than is necessary for those purposes; and
  6. f. Processed securely.

  1. 2. Collection of Personal Information
Virti Limited acts as the data controller for the information you provide or that is collected by Virti or its affiliates. Virti collects data to operate effectively as a business and to provide you, the user, with tailored services and products.
In some cases, you may have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary in order for us to provide services, you may not be able to use that product.
We provide further information below, on the types of personal data we obtain and how we use them, which apply when you use our products and services.
  1. i. Data provided during account registration
At the registration process on the Virti platform, (whether accessed through our website or our mobile applications) you are asked to provide the following information:
  1. a. Your first and last name
  2. b. Your email address
  3. c. Your profession
  4. d. Your medical speciality
  5. e. Your profile password
This basic information is necessary to complete your user registration and for you to use our apps and services (for more information on what we use your data for, see section 3). If you decline to provide this information during the registration process, you cannot create an account on the platform and use our services.
We may retain additional personal information captured during the onboarding processes of legacy products (for example, past versions of our Virti app collected additional information that we do not collect anymore).
We reserve the right to confirm the accuracy of registration data for medical verification purposes using external third-party sources, such as open government databases or other data in the public domain.
To complete your Virti profile, we ask for you to optionally provide your registered hospital. We do not specifically ask for location data, but we do infer your location based on your IP address during registration and for opt-ins. In addition to IP address, our platform automatically collects data about your device, including the model, platform, locale code and UUID (universally unique identifier).
  1. ii. App and service engagement data
When you begin to use our app or services, we monitor engagement and feature usage on our platform by recording every interaction you have with products you are registered on. This includes, but is not limited to, page visits, surgical content viewed and assessments taken on our platform (including performance metrics associated with assessments such as score and duration).
  1. iii. Cookies and other data collection technologies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date, a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user (except for IP addresses in some cases), but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use these kinds of cookies:
Strictly Necessary Cookies: These cookies are essential to provide you with services from our website and to enable you to use its features. For example, they allow you to log in to secure areas of our site and quickly load the content of the pages you request. Without these cookies, the services that you ask for cannot be provided. We only use these cookies to provide you with those services.
Functionality Cookies: These cookies allow our site to remember the choices you make, such as remembering your login details and remembering the changes you make to other parts of our site which you can customise (your preferences). The purpose of these cookies is to provide you with convenience and a more personal experience on our site.
Analytical/Performance Cookies: These cookies are used to collect information about traffic to our site and how users use our site. We may use traffic log cookies to track the pages you view. The purpose of these cookies is to analyse web page traffic to further optimise how users access relevant content.
Google Analytics: The site uses Google Analytics (an analytical/performance cookie) to analyse how it is used. The cookie collects standard internet log information and visitor behaviour information in an anonymised form, from which individual users are unidentifiable. This information is transmitted to Google and processed to compile statistical reports on activity on the Site. These reports allow us to optimise our user experience. Google provides a browser add-on for users who wish to prevent their data from being used by Google Analytics. Further information is available at https://tools.google.com/dlpage/gaoptout/.
Third Parties: Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
Most browsers allow you to refuse to accept cookies or delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies via the support pages of your browser operator. However, disabling cookies may lead to limited access to our online services.
In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information is to diagnose service issues and to administer and track your usage of our platforms.
  1. iv. Third party aggregate data
Some of our service providers may gather non-personal digital properties to enrich aggregate analytics, including Firebase-Fabric and Google Analytics.
  1. v. Correspondence
We may process personal information contained in or relating to any enquiry or communication that you send to us or that we send to you. This could include customer support queries from our users, enquiries from journalists or any other correspondence. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us, such as your name, email address, phone number, job title, address or social media username.
  1. vi. Commercial information
If we have some commercial relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship) then we may receive personal information, such as your contact details, any related communications, and any related documents (such as contracts, POs, invoices, proposals and so on). We process these for the purposes of administering our commercial relationship with you or your employer.
  1. vii. Video data
We process videos relating to surgical procedures which we may receive from partner surgeons, hospitals or other institutions, which are user-submitted or which are available from public sources. While normally all such video footage is anonymised, it is possible that some videos (such as those sourced publicly) may contain personal information – i.e. footage from which an individual may be identifiable. We use these videos for the purposes of developing and testing machine learning techniques, generating data to provide insights, and improve our products and services.
  1. viii. Patient data
We are not the data controller of any patient data in our possession, but may, from time to time, receive it in connection with surgical videos or other media hosted by us for a clinic, hospital or other institution. In those circumstances, we act as a data processor for the institution and we do not determine the data received by us or the uses to which it is put. The purposes for which we host that data, the duration of our hosting and who can access it are all determined by and agreed with, the institution. If you are a patient and have any queries about the data we may process in relation to you, you should contact the relevant institution.
  1. ix. Personal data we obtain from others
Your personal information may be provided to us by someone other than you. We might be introduced to you in correspondence by a mutual commercial partner, for example, or we might receive personal information through other users of our products or services. We may also obtain your personal information in the course of our market research, if you have a public profile associated with an entity with whom we do business or wish to do business.
  1. 3. How Virti uses Personal Information
We have set out below, in table format, a description of all the ways we may use your personal data. We are also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the lawful basis of our legitimate interests, then we also need to identify those legitimate interests and have done so below.
Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you require further information.
(Art 6.1(f) GDPR), namely developing, improving, maintaining and monitoring our platform, apps and services and evaluating their performance.
(Art 6.1(b) GDPR).
  1. 4. Providing your personal data to others
    1. . Your institution

Type of Data

Purpose/Activity
Legal Basis for Processing

App and service engagement data, cookies, IP address, third-party aggregate data

Analysing the use of, and improving, our platform, apps and services, diagnosing and resolving product issues (including those identified by users and communicated through customer support), and security monitoring. Decisions on product development and evaluations of product performance are based on aggregated (non-personal) data.
To ensure your experience with our products is seamless, we continuously re-examine and iteratively optimise user journeys on our platform.
Our legitimate interests 
Correspondence and contact details
To communicate with you. If you have indicated your interest in our business, products or services (or have an account with us) then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time).
Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries.
Where correspondence relates to marketing, our legitimate interests in developing our business.
Where correspondence relates to registered use of our Site, or to any contract or potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you 
Account registration data, app and service engagement data
IP Address
Operating our site, platform, apps and services, providing them, ensuring their security, verifying logins, and communicating with you. We may use your data to validate your status as a clinical professional before providing you with access to certain products which are intended only for professional use.
To provide you with notifications. We are motivated to provide products which offer outstanding resources for medical professions, including verified surgical content and resources tailored to a user’s specific role, stage of training, location and medical specialty. To enhance your enjoyment and productivity on our platform, we identify and recommend the most relevant content through personalised notifications, based on your profile and recent activities.
We infer your location from your device IP address in order to geo restrict certain content on our platform.
Performance of a contract with you (i.e. delivering our services to you).
Our legitimate interests, namely properly administering our business, services and communications.
Contact details (registered users)
Direct communications
Communications sent by Virti come in the form of emails to the email address you provided during the registration process and through notifications delivered to your device. Virti may send you communications relating to new and existing product and content releases and updates. We send such communications so that you are aware of changes we are making to the content or features of our products, or new releases, which could affect the usefulness of our core services to you. We may also ask you to complete product surveys from time to time, although you have the option to unsubscribe.
Third party communications
We will ask you during registration whether you want to receive third party communications such as promotional material related to furthering your training outside of our platform. You, of course, have the right to opt out of such email communication at any time by using the unsubscribe link, found at the bottom of every email, or by updating your account setting in the app. Virti will not send you communications unrelated to its core services, unless you specifically tell us you are interested in receiving them.
Performance of a contract with you (when providing you with service-related communications).
Our legitimate interests in developing our business and our relationships with our commercial partners (when providing you with promotional or third party communications).
Videos
Developing and testing machine learning techniques, generating data which provides insights enabling us to build features of, and improve, our products and services.
Our legitimate interests, namely the development and improvement of our products and services.
Commercial information
Administering our commercial relationship with those with whom we do business.
Performance of a contract with you.
Our legitimate interests, namely properly administering our business and communications, and developing commercial relationships.
Any personal data
For the purposes of legal compliance (e.g. maintaining tax records)
Compliance with our legal obligations (Art 6.1(c) GDPR)
For the purposes of bringing and defending legal claims
Our legitimate interests, namely being able to conduct and defend legal claims to preserve our rights and those of others.

Record-keeping and hosting, back-up and restoration of our systems
Our legitimate interests, namely ensuring the resilience of our IT systems and the integrity and recoverability of our data.
In some circumstances, we may disclose personal data to your employer or institution or their collaborators, for example, if we are tracking and reporting your performance with Virti training tools to a curriculum or residency program director. We would only do this with your prior knowledge and consent. This could include account registration data, correspondence data, commercial data or usage/engagement data relating to your use of our product.
For example, when you accept an electronic invitation to a part of a curriculum (or Virtual Residency Program), you will be asked to consent to us sharing your Virti profile and relevant activity metrics on the Virti platform with the owner(s) of the curriculum. Owners of curriculums include, but are not limited to academic institutions, medical device companies and pharmaceutical companies. Activity metrics are limited to content on the platform that belongs to the curriculum. You can opt out of a curriculum at any time by sending a written request to privacy@virti.com.
  1. i. Our advisors
We may disclose personal data to our legal and professional advisors and/or insurers to receive legal or professional advice and to manage legal disputes or potential legal disputes. We may also disclose your personal data as necessary in court proceedings or in an administrative or out-of-court procedure.
  1. ii. Our service providers
We may disclose personal data to our service providers in connection with the uses described above. For example, we may disclose:
  1. a. Any personal data in our possession to suppliers which host the servers on which our data is stored (for example, we use Amazon Redshift, part of Amazon Web Services), or to freelance staff or contractors whose duties involve handling the relevant personal data (for example, we use Desk.com to manage user support and helpdesk queries, and Tableau for data visualisation and analytics);
  2. b. Correspondence data to providers of messaging, email or email marketing services. For example, we use AWS Pinpoint to automate and deliver correspondence and notifications to our users, which means providing them with certain account information, such as user ID and email address;
  3. c. Commercial information to our accountants or payment processing service providers;
  4. d. Usage and engagement data to providers of analytic services, such as those listed above; and
  5. e. Relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
  • iii. Commercial partners
  • Some surgical content on our platform may be created in partnership with a medical device, pharmaceutical or institutional partner, incorporating branded products or content. We share aggregate (non-personal) engagement metrics with our partners to allow them to track the quantity of users viewing and interacting with their content. Metrics can be aggregated by profession, medical specialty, location and hospital affiliation. Additionally, we share aggregate (non-personal) performance metrics of assessments related to their content. Commercial partners use shared metrics only for the purposes of product development and improving the delivery of content and training to medical professionals.
    We never share your personal information with commercial partners without your explicit consent, which we would obtain separately. You will be informed clearly and in a transparent manner on what type of personal data will be shared. As an example, we may we share your personal information to register your interest in targeted campaigns placed in our products on behalf of our commercial partners. Targeted campaigns may include registering for conferences and training events, connecting with a medical device specialist, or marketing research. For the commercial partner to verify your professional status and contact you, we will share your name and email address, but only with your explicit permission.
    Virti adheres to the NAI, a set of self-regulating principles that require companies to provide notice and choice with respect to interest-based advertising, and ad delivery and reporting activities. Moreover, we adhere to the principles set out by the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA) and the Digital Advertising Alliance of Canada (DAAC).
    1. iv. Disclosures designated by you
    We may disclose your personal information to third parties designated by you, such as other users of our products to whom you have elected to show user-submitted content or anyone to whom you have asked us to forward correspondence.
    1. v. Compliance
    We may disclose your personal data where such disclosure is necessary for compliance with legal obligations to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
    1. vi. Intra-group and restructuring
    We may disclose your personal information to the affiliated companies in our corporate group, since we share certain resources and information. Also, if any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner or in connection with the relevant negotiations.
    1. vii. The public
    We may disclose personal information featured in the content we provide to the public (i.e. to users of our website and mobile applications). The nature of the content we provide is that it is usually free of all personal information, for example, surgical subjects are not normally identifiable. However, in very limited circumstances, some user-submitted content which we make available may feature personal information. The user is responsible for ensuring that all appropriate consents have been obtained for that content to be made available.
    All our third-party service providers and other entities in our group are required to take appropriate security measures to protect your personal data, in line with our policies. We only allow our nominated data processors to process your personal data for specified purposes and in accordance with our instructions.
    1. 5. Choices and Transparency
    In this section, we have summarised the rights that you have under data protection law. You should read the relevant materials from the regulatory authorities for the full details of these rights.
    Your principal rights under data protection law are:
    1. . The right to be informed;
    2. a. The right of access;
    3. b. The right to rectification;
    4. c. The right to erasure;
    5. d. The right to restrict processing;
    6. e. The right to data portability
    7. f. The right to object; and
    8. g. The right not to be subject to automated decision-making and profiling.
    Right to be informed / right of access: You have the right to confirm whether or not we hold or process your personal data and, where we do, access the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:
    1. h. We may ask you to verify your identity, or ask for more information about your request; or
    2. i. Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
    Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
    Right to erasure: In some circumstances, you have the right to erase your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data is unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions are where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
    The right to restrict processing: You have the right to request that your personal data is no longer processed, for example, due to data inaccuracy or the purpose for which the data is processed. To the extent that the legal basis for our processing of your personal information is consent (for example, if you have given consent for your data to be shared to a third party, such as academic institutions, medical device companies or pharmaceutical companies), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you opted in to third party marketing communications when you registered, you may opt out at any time within the app, or by emailing privacy@virti.com.
    The right to data portability: You have the right to request that your personal data be transferred to another party if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means.
    The right to object: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
    The right not to be subject to automated decision-making: Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
    You may exercise any of your personal data rights by written notice to us. To contact us in relation to any of these requests, please use the email address privacy@virti.com.
    1. 6. Duration of Data Retention
    Virti retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes, such as complying with our legal obligations and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes the period of data retention is that data is stored and analysed only for the length of time required to fulfill the purposes for which they were collected (as described in section 3).
    As exceptions to that general rule:
    1. . Data which is aggregated and anonymized (and which therefore no longer constitutes personal data) may be kept by us indefinitely;
    2. a. We maintain system backups for disaster recovery purposes. That means that information which is deleted from our live systems may still remain in backup until the backup is overwritten (although we would make no use of it while in backup); and
    3. b. We may retain your personal data longer than the usual retention period where necessary in connection with any legal claim, or where necessary to comply with law. For example , we are required to maintain appropriate business records, including records of surgeon assessments used for compliance.
  • 7. Information Security and International Transfers
  • Virti is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes, Amazon Web Services (“AWS”) and, for processing purposes, Google’s G Suite. Specifically, all our AWS storage containers and databases are located in Ireland (EU), with possible transit through US storage containers.
    Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA. These third parties may transfer your personal data to their own service providers located outside the EEA. If so, we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an "adequacy decision", or with appropriate safeguards, such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.
    Aside from our head office in the United Kingdom, we have offices in the United States of America, Canada, and the United Arab Emirates and may transfer your data out of the EEA to those countries. Transfers to each of these countries will be protected by appropriate safeguards.
    1. 8. Changes to this Privacy Policy and Further Information
    We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at https://www.virti.com/Privacy. If we make a change to this policy that is in our view material, we will notify you via an app notification or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy.
    Our website, and content provided through our products and services, may contain links to third party websites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party referred to on the Sites, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.
    If you would like further information about privacy at Virti, you will find more information, please contact us at privacy@virti.com.

    Your privacy is important to us. This privacy statement explains what personal data VirtiHealth LTD ("Virti", "we", "us", "our") collects from you, through our products and how we use that data.
    Virti serves a number of group of users in different ways. References to products in this statement include Virti services, which are offered through our websites and app.
    Please read product-specific details in this privacy statement, which provide additional information about some Virti products.
    This policy applies to any users of the services of Virti or its affiliates anywhere in the world, and to anyone else who contacts Virti or otherwise submits information to Virti, unless noted below.


    1. Data Protection Principles
    We are committed to complying with data protection law and principles, which means that your data will be:
    Processed lawfully, fairly and in a transparent way;
    Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
    Adequate, relevant and limited to what is necessary for those purposes;
    Accurate and, where necessary, kept up to date;
    Kept for no longer than is necessary for those purposes; and
    Processed securely.

    2. Collection of Personal Information
    Virti acts as the data controller for the information you provide or that is collected by Virti or its affiliates. Virti collects data to operate effectively as a business and to provide you, the user, with tailored services and products. You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary in order for us to provide services to you, you may not be able to use that product. We provide further information, below, on the types of personal data we obtain and how we use them, throughout your use of our service and products.

    Data provided during account registration
    At the registration process on the Virti platform, you are asked to provide the following information:
    Your first and last name
    Your email address
    Your profression
    Your medical speciality
    Your profile password
    This basic information is necessary to complete your user registration and for you to use our app and services (for more information on what we use your data for, see section 3) If you decline to provide this information during the registration process you will not be able to create an account on the app and use our services. We do not store additional personal information captured on onboarding processes of legacy products, e.g past versions of the app collected additional information that we do not collect anymore. Virti reserve the right to confirm the accuracy of registration data for medical verification purposes using external third party sources, such as publicly available sources such as open government databases or other data in the public domain. In order to optionally complete your Virti profile, we ask for you to also provide your registered hospital. We do not specifically ask for location data but we do infer your location based on your IP address during registration and for opt-ins. In addition to IP address, our platform automatically collects data about your device, including the model, platform, locale code and UUID (universally unique identifier). If you are a surgeon or organisation contributing content through one of our platforms, you will be asked for your email address which we will store, along with your questionnaire responses, in accordance with this policy.

    App and service engagement data
    When you begin to use our app or services, we monitor engagement and feature usage on our platform by recording every interaction you have with products you are registered on. This includes, but is not limited to, page visits, surgical content viewed and assessments taken on our platform (including performance metrics associated with assessments such as score and duration).

    Cookies and other data collection technologies
    Virti uses cookies and similar technologies on our online services to allow us to store your personal preferences and settings; optimise login processes; maintain a high level of security and to monitor and analyse performance of our online services. On our website, we may use traffic log cookies to track pages you view. The purpose of this is to analyse web page traffic in order to further optimise the journey users must undertake to access content that is relevant to them. You may adjust the settings on your browser to refuse cookies, however, this may lead to limited access to our online services. In addition to cookies, we may log information about your device, including the existence of cookies, your IP address and information about your browser. The purpose of this information collection is to diagnose service issues and to administer and track your usage of our platforms.

    Third party aggregate data
    Our third parties may gather non-persona digital properties to enrich aggregate analytics, including Firebase-Fabric, Braze, AppSee and Google Analytics.

    3. How Virti uses Personal Information
    Virti uses your personal information for the following reasons:

    To operate effectively as a business and to perform essential business operations, including developing and providing products optimised for medical professionals.
    We are motivated to provide products which offer outstanding resources for medical professions, including verified surgical content and resources tailored to a users specific role, stage of training, location and medical specialty. To enhance your enjoyment and productivity on our platform, we endeavour to identify and recommend the most relevant content through personalised notifications, based on your profile and recent activities. To ensure your experience with our products is seamless, we continuously re-examine and iteratively optimise user journeys on our platform. We infer your location from your device IP address in order to geo restrict certain content on our platform. Product issues, identified by users and communicated through customer support, are effectively diagnosed and resolved using data collected from interactions on the platform. Decisions on product development and evaluations of product performance are based on aggregate analysis and business intelligence based on non personal data. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We only allow them to process your personal data for specified purposes and in accordance with our instructions. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

    To deliver communications of personal interest including product and content releases, motivational training prompts and in response to product queries or support requests.
    Direct communications Communications sent by Virti come in the form of emails to the email address provided by you during the registration process and through notifications delivered to your device. Virti may send you communications relating to new and existing product and content releases and updates. We send such communications so that you are aware of changes we are making to the content or features of our products, or new releases, which could affect the usefulness of our core services to you. Third party communications We will ask you during registration whether you want to receive third party communications such as promotional material related to furthering your training outside of our platform. You, of course, have the right to opt out of such email communication at any time by using the unsubscribe link, found at the bottom of every email, or by updating your account setting in the app. Virti will not send you communications unrelated to its core services, unless you specifically tell us you are interested in receiving them.

    To inform commercial partners of aggregate engagement and interactions on branded content hosted on our platform.
    Some surgical content on our platform may be created in partnership with a medical device or pharmaceutical partner, incorporating a branded device. We share aggregate (non-personal) engagement metrics with our partners to allow them to track the quantity of users viewing and interacting with their content. Metrics can be aggregated by profession, medical specialty, location and hospital affiliation. Additionally, we share aggregate (non-personal) performance metrics of assessments related to their content. Commercial partners use shared metrics only for the purposes of product development and improving delivery of content and training to medical professionals. We will never share your personal information with commercial partners without your explicit consent, which we would obtain separately. You will be informed clearly and in a transparent manner, what type of personal data will be shared. Circumstances where we share your personal information include, but are not limited to, registering your interest for targeted campaigns placed in our products on behalf of our commercial partners. Examples of campaigns include registering for conferences and training events, connecting with a medical device specialist and for marketing research purposes. In order for the commercial partner to verify you as a medical professional and contact you, we will share your name and email address, but only with your explicit permission. Please note that Virti adheres to the NAI, a set of self-regulating principles that require companies to provide notice and choice with respect to Interest-Based Advertising and Ad Delivery and Reporting activities. Moreover, we adhere to the Digital Advertising Alliance (DAA) and European Interactive Digital Advertising Alliance (EDAA) and the Digital Advertising Alliance of Canada (DAAC).

    To track and report your performance on relevant Virti training tools to a curriculum/teacher/tutor/program director, with your prior knowledge and consent.
    If you accept an electronic invitation to a part of an organisation (or training body), you grant Virti permission to share your Virti profile and relevant activity metrics on the Virti platform with the owner(s) of the organisation. Owners of organisations include, but are not limited to academic institutions, medical device companies and pharmaceutical companies. Activity metrics are limited to content on the platform that belongs to the curriculum. You have the right at anytime to opt out of a curriculum by given written request to privacy@virti.com.

    4. Choices and Transparency
    In this section, we have summarized the rights that you have under data protection law. The information we provide in this section is a brief summary of your rights under data protection law and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Your principal rights under data protection law are:
    the right to be informed;
    the right of access;
    the right to rectification;
    the right to erasure;
    the right to restrict processing;
    the right to data portability
    the right to object; and
    rights in relation to automated decision making and profiling.
    You have the right to confirmation as to whether or not we hold or process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:
    We may ask you to verify your identity, or ask for more information about your request; or
    Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
    You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data being unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. You have the right to request that your personal data is no longer processed for example, due to the inaccuracy of the data or the reason for the data being processed. If you have given additional consent for your data to be shared to a third party, including academic institutions, medical device companies and pharmaceutical companies, you have the right to withdraw this consent at anytime. You have the right to request that your personal data be transferred to another party. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you opted in to third party marketing communications when you registered, you may opt-out at any time within the app, or by emailing privacy@virti.com. Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. You may exercise any of your rights in relation to your personal data by written notice to us or by any of the methods specified in section. To contact us in relation to any of these requests, please use the email address privacy@virti.com.

    5. Duration of Data Retention
    Virti retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyse the data for the purpose it was collected (as described in section 3). Moreover, we are required to maintain appropriate business records, including records of surgeon assessments used for compliance.

    6. Information Security and International Transfers
    Virti is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes Amazon Web Services ("AWS") and for processing purposes Google’s G Suite and Braze. Specifically, all our AWS storage containers and databases are located in Ireland (EU) (with possible transit through US storage containers). We have offices in United States of America, Canada and New Zealand, therefore we may have to transfer your data out of the EEA. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards.

    7. Changes to this Privacy Policy and Further Information
    We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at www.virti.com/privacy. If we make a change to this policy that, in our sole discretion, is material, we will notify you via an app notification or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy. If you would like further information about privacy at Virti, you will find more information, please contact us at privacy@virti.com

    Ready To Be Part of The Future Of Workforce Training?

    ABOUT

    GET IN TOUCH

    CONNECT