Latest version: 31 May 2019
Last updated: 23 January 2019
A cookie is a small file placed on your device that enables Virti features and functionality, including serving relevant ads to you. For example, cookies enable us to identify your device and secure your access to Virti and our sites generally.
When cookies are used
Types of cookies we use
We use two types of cookies: persistent cookies and session cookies. A persistent cookie helps us recognize you as an existing user, so it’s easier for you to return to our sites and services without signing in again. A persistent cookie stays in your browser and will be read by Strivr when you return to one of our sites. Session cookies only last for as long as the session, typically the current visit to our website or a browser session.
1. Analytics cookies
Virti uses Google Analytics cookies to collect information about how visitors use our sites. These cookies collect information in the aggregate to provide insight into how our website is being used. You may install a Google Analytics Opt-Out Browser Add-on by going here: https://tools.google.com/dlpage/gaoptout.
Google Tag Manager is a script that facilitates the installation of non-essential Google Analytics Cookies and marketing cookies. It is not a cookie, but it is essential to the property function of our sites and does not have an expiration date.
2. Marketing cookies
We also use a marketing database management program that deploys cookies when users interact with marketing communications, such as an email or marketing-based landing page on our sites. These cookies collect unique identifiers, IP addresses, which pages users visit, or users’ history arriving at our sites. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting.
3. Third party cookies
Third party cookies are cookies set by someone other than the site owner for purposes such as collecting information on user behavior, demographics, or personalized marketing. When using our sites, you may encounter embedded content, such as YouTube videos, or you may be directed to other websites for such activities as surveys, or for job applications. These websites and embedded content may use their own cookies. We do not have control over the placement of cookies by other websites, even if you are directed to them from our sites.
Most browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may limit your overall user experience, since it will no longer be personalized to you or it may not save customized settings like login information.
If you do not want to receive cookies, you can change your browser settings on your computer or other device. If you use our sites or services without changing your browser settings, you accept the receipt of all cookies on our sites. Most browsers provide functionality that will allow you to review and erase cookies, including our cookies.
Collection of your data from our analytics cookies can be deleted. If cookies are deleted, the information collected prior to the deletion preference change may still be used, however, we will stop using the disabled cookie to collect any further information from you.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org and we will try to resolve your concerns.
Your privacy is important to us. This privacy statement explains what personal data VirtiHealth LTD ("Virti", "we", "us", "our") collects from you, through our products and how we use that data.
Virti serves a number of group of users in different ways. References to products in this statement include Virti services, which are offered through our websites and app.
Please read product-specific details in this privacy statement, which provide additional information about some Virti products.
This policy applies to any users of the services of Virti or its affiliates anywhere in the world, and to anyone else who contacts Virti or otherwise submits information to Virti, unless noted below.
1. Data Protection Principles
We are committed to complying with data protection law and principles, which means that your data will be:
Processed lawfully, fairly and in a transparent way;
Collected for specific, explicit and legitimate purposes stated in this policy and not used in any way that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary for those purposes;
Accurate and, where necessary, kept up to date;
Kept for no longer than is necessary for those purposes; and
2. Collection of Personal Information
Virti acts as the data controller for the information you provide or that is collected by Virti or its affiliates. Virti collects data to operate effectively as a business and to provide you, the user, with tailored services and products. You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary in order for us to provide services to you, you may not be able to use that product. We provide further information, below, on the types of personal data we obtain and how we use them, throughout your use of our service and products.
Data provided during account registration
At the registration process on the Virti platform, you are asked to provide the following information:
Your first and last name
Your email address
Your medical speciality
Your profile password
This basic information is necessary to complete your user registration and for you to use our app and services (for more information on what we use your data for, see section 3) If you decline to provide this information during the registration process you will not be able to create an account on the app and use our services. We do not store additional personal information captured on onboarding processes of legacy products, e.g past versions of the app collected additional information that we do not collect anymore. Virti reserve the right to confirm the accuracy of registration data for medical verification purposes using external third party sources, such as publicly available sources such as open government databases or other data in the public domain. In order to optionally complete your Virti profile, we ask for you to also provide your registered hospital. We do not specifically ask for location data but we do infer your location based on your IP address during registration and for opt-ins. In addition to IP address, our platform automatically collects data about your device, including the model, platform, locale code and UUID (universally unique identifier). If you are a surgeon or organisation contributing content through one of our platforms, you will be asked for your email address which we will store, along with your questionnaire responses, in accordance with this policy.
App and service engagement data
When you begin to use our app or services, we monitor engagement and feature usage on our platform by recording every interaction you have with products you are registered on. This includes, but is not limited to, page visits, surgical content viewed and assessments taken on our platform (including performance metrics associated with assessments such as score and duration).
Cookies and other data collection technologies
Third party aggregate data
Our third parties may gather non-persona digital properties to enrich aggregate analytics, including Firebase-Fabric, Braze, AppSee and Google Analytics.
3. How Virti uses Personal Information
Virti uses your personal information for the following reasons:
To operate effectively as a business and to perform essential business operations, including developing and providing products optimised for medical professionals.
We are motivated to provide products which offer outstanding resources for medical professions, including verified surgical content and resources tailored to a users specific role, stage of training, location and medical specialty. To enhance your enjoyment and productivity on our platform, we endeavour to identify and recommend the most relevant content through personalised notifications, based on your profile and recent activities. To ensure your experience with our products is seamless, we continuously re-examine and iteratively optimise user journeys on our platform. We infer your location from your device IP address in order to geo restrict certain content on our platform. Product issues, identified by users and communicated through customer support, are effectively diagnosed and resolved using data collected from interactions on the platform. Decisions on product development and evaluations of product performance are based on aggregate analysis and business intelligence based on non personal data. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We only allow them to process your personal data for specified purposes and in accordance with our instructions. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
To deliver communications of personal interest including product and content releases, motivational training prompts and in response to product queries or support requests.
Direct communications Communications sent by Virti come in the form of emails to the email address provided by you during the registration process and through notifications delivered to your device. Virti may send you communications relating to new and existing product and content releases and updates. We send such communications so that you are aware of changes we are making to the content or features of our products, or new releases, which could affect the usefulness of our core services to you. Third party communications We will ask you during registration whether you want to receive third party communications such as promotional material related to furthering your training outside of our platform. You, of course, have the right to opt out of such email communication at any time by using the unsubscribe link, found at the bottom of every email, or by updating your account setting in the app. Virti will not send you communications unrelated to its core services, unless you specifically tell us you are interested in receiving them.
To inform commercial partners of aggregate engagement and interactions on branded content hosted on our platform.
Some surgical content on our platform may be created in partnership with a medical device or pharmaceutical partner, incorporating a branded device. We share aggregate (non-personal) engagement metrics with our partners to allow them to track the quantity of users viewing and interacting with their content. Metrics can be aggregated by profession, medical specialty, location and hospital affiliation. Additionally, we share aggregate (non-personal) performance metrics of assessments related to their content. Commercial partners use shared metrics only for the purposes of product development and improving delivery of content and training to medical professionals. We will never share your personal information with commercial partners without your explicit consent, which we would obtain separately. You will be informed clearly and in a transparent manner, what type of personal data will be shared. Circumstances where we share your personal information include, but are not limited to, registering your interest for targeted campaigns placed in our products on behalf of our commercial partners. Examples of campaigns include registering for conferences and training events, connecting with a medical device specialist and for marketing research purposes. In order for the commercial partner to verify you as a medical professional and contact you, we will share your name and email address, but only with your explicit permission. Please note that Virti adheres to the NAI, a set of self-regulating principles that require companies to provide notice and choice with respect to Interest-Based Advertising and Ad Delivery and Reporting activities. Moreover, we adhere to the Digital Advertising Alliance (DAA) and European Interactive Digital Advertising Alliance (EDAA) and the Digital Advertising Alliance of Canada (DAAC).
To track and report your performance on relevant Virti training tools to a curriculum/teacher/tutor/program director, with your prior knowledge and consent.
If you accept an electronic invitation to a part of an organisation (or training body), you grant Virti permission to share your Virti profile and relevant activity metrics on the Virti platform with the owner(s) of the organisation. Owners of organisations include, but are not limited to academic institutions, medical device companies and pharmaceutical companies. Activity metrics are limited to content on the platform that belongs to the curriculum. You have the right at anytime to opt out of a curriculum by given written request to email@example.com.
4. Choices and Transparency
In this section, we have summarized the rights that you have under data protection law. The information we provide in this section is a brief summary of your rights under data protection law and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Your principal rights under data protection law are:
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability
the right to object; and
rights in relation to automated decision making and profiling.
You have the right to confirmation as to whether or not we hold or process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, or do one of the following:
We may ask you to verify your identity, or ask for more information about your request; or
Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data being unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary, for example: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. You have the right to request that your personal data is no longer processed for example, due to the inaccuracy of the data or the reason for the data being processed. If you have given additional consent for your data to be shared to a third party, including academic institutions, medical device companies and pharmaceutical companies, you have the right to withdraw this consent at anytime. You have the right to request that your personal data be transferred to another party. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you opted in to third party marketing communications when you registered, you may opt-out at any time within the app, or by emailing firstname.lastname@example.org. Lastly, you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. You may exercise any of your rights in relation to your personal data by written notice to us or by any of the methods specified in section. To contact us in relation to any of these requests, please use the email address email@example.com.
5. Duration of Data Retention
Virti retains personal data for as long as necessary to provide our products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The general rule that establishes a baseline for data retention is the length of time required to store and analyse the data for the purpose it was collected (as described in section 3). Moreover, we are required to maintain appropriate business records, including records of surgeon assessments used for compliance.
6. Information Security and International Transfers
Virti is committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We utilise, for all data storage and processing purposes Amazon Web Services ("AWS") and for processing purposes Google’s G Suite and Braze. Specifically, all our AWS storage containers and databases are located in Ireland (EU) (with possible transit through US storage containers). We have offices in United States of America, Canada and New Zealand, therefore we may have to transfer your data out of the EEA. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards.