Welcome to impedia.org (the «site»), the website of the Institute of Medical Procedures («IMP», «we», «us» or «our»), a Swiss non-profit association with its registered office at Freiburgstrasse 3, in 3010 Berne, Switzerland.
If you have any questions regarding how we collect or process personal data, please contact us at the address set out above.
In order for you to better understand what data we collect and for what purpose, we would first like to briefly explain our vision and the intended use of our services:
IMP has launched the platform IMPEDIA (the «platform»), that collects user generated content from medical professionals and institutions in all relevant disciplines. The platform is intended to facilitate planning, visualization and documentation of surgical procedures. It can be used in the context of any type of surgical procedure, regardless of the medical indication and patient population. It is aimed at health care professionals, such as surgeons, nurses and other hospital staff, and at institutions of medical education and training («health care professionals»).
The collected content, such as outcome and best practice insights, shall be made available to all IMPEDIA -connected professionals in templates or even to the public. The aim is to improve the quality and safety as well as the effectiveness and sustainability of medical treatment.
Personal data is understood to be all information that relates to an identified or identifiable person. In general, we collect your personal data when you provide it to us directly, automatically when you use our services or from third party sources.
We process your data only for specified purposes and only in legally permissible cases. You will find below the individual data processing operations and their legal basis. The following reasons are possible:
You will find a reference to the legal bases in the respective processing operations hereinafter.
If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of this consent unless we have another legal basis. You may revoke your consent at any time. Data processing that has already taken place is not affected by this.
To use the services, with the exception of the site itself, you have to create a user-specific account (the «account»). When you register an account, we collect your full name, your e-mail address, job title, Institute and clinic. We mainly use this information to set-up, validate and administer your account. We also use it to associate your user content with a particular medical specialty.
Once a registered user, you may provide additional information in your personal account which describes you, your biography, your academic background, institutional affiliations, credentials, professional experiences and/or your surgical discipline and speciality. Providing additional information to your account is not required and entirely optional, but it may allow you to derive greater benefits from using the services, such as receiving discipline specific content. This additional information can be updated or removed by you at any time, and you may choose whether to make some of this information publicly visible to other users.
When you access the site or use our services, the provider of the services automatically collects and stores information in so-called server log files, which your devices via browser and/or iOS application transmits to us. These are:
The log files are stored and used in order to guarantee the functionality of the site and the services and to ensure the security of our information technology systems. This is our legitimate interest and serves as the legal basis.
Sometimes we automatically receive location data from your device. For example, if you upload a photo to our services to attach to a surgical procedure, we may automatically receive metadata, such as the place and time you took the photo, from your device. Please be aware that the default settings on your devices may include the metadata of your photos or videos. If you do not want metadata to be shared, please change your settings on your device.
Usually, this information is transmitted to a Google server in the USA and stored there on a website with activated IP-anonymization. That means an abbreviation of the users’ IP address from members of EU states or other contracting states. Exceptionally, the complete IP address is transmitted to Google / USA and shortened then. On behalf of the website operator Google uses this information to evaluate the users’ website or app, to collect activities and to offer further services regarding use of website, app or internet in general towards the operator. Google Analytics and Firebase do not connect your IP address (transmitted by your browser) with other Google data. The Privacy Shield Agreement applies to the transfer of data to the USA.
You can prevent cookies from being stored by setting your browser software accordingly. This often – however – implies that if so, you are not able to use all services to the full extent. For information on how Google Analytics and Firebase collect and process data, as well as how you can control information sent to Google, review Google’s site «How Google uses information from sites or apps that use our services» currently located at www.google.com/policies/privacy/partners.You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout. If you choose not to reject the cookies, this will accordingly be deemed to be your consent.
Crash- and Bug-reporting-tools
We want to provide our services as error-free as possible and constantly improve them. However, not all malfunctions, such as programming errors, can be ruled out from the outset. Therefore, we use various so-called crash or bug reporting tools, such as Bugsnag (Bugsnag Inc., 939 Harrison St, San Francisco, CA 94107 USA), AppCenter (a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA) and/or Rollbar (Rollbar Inc., 510 Federal Street Suite 401 San Francisco, CA 94107 USA). These are technical error analysis services that analyse, evaluate and categorise occurred errors. To improve the accessibility and technical stability of our services by monitoring functionality, system stability and identifying code errors, we may transmit the following information directly to these providers in the event of a software error such as:
An evaluation for advertising purposes does not take place. The data is collected anonymously, not used in a personalised manner and is subsequently deleted. This analysis helps us to further improve our services and to correct undetected code errors. It is therefore in our legitimate interest, as the data serves the sole purpose of error identification and analysis.
The Privacy Shield Agreement applies to the transfer of data to the USA.
We primarily collect your personal data directly from you. We may also receive personal data about you from third parties. This data may namely include the following categories:
As already mentioned, we use all of this personal data about you primarily to provide you with our services in accordance with their purpose. We may further use it to:
In connection with the collection and use described above, we may disclose your personal information to third parties as follows:
Your account is publicly viewable by other registered users if you join a team and/or publish content with visibility set to public.
We may share your information with third parties that help us provide our services, including in the areas of website and database hosting and maintenance, telecommunications, information security, fraud detection and prevention, email management, data analytics, marketing, advertising, member support, and identity and professional credential verification.
As part of IMP’s intention to drive quality of medical treatment, we may share your information with research institutions that perform research related to their respective missions. We require these institutions to agree that they will only use and share the data as needed for the approved research purpose. We may publish or allow others to publish insights learned from such research activities.
We may share your data with educational institutions that use your data as part of their respective educational offerings. We require these institutions to agree to use and share this data only for the approved educational purpose.
We may share your personal information in connection with a business transaction (or potential transaction) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, IMP or our corporate affiliates (including, in connection with a bankruptcy or similar proceedings).
We may share your information with third parties, as required or permitted by applicable law, if we believe it is reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us, which may involve disclosure to law enforcement, courts, or governmental authorities.
Other third parties
With your consent
We also may share your personal information with a third party in a manner not addressed by this policy with your consent.
Under certain circumstances, your personal data may also be transferred to companies abroad within the scope of commissioned processing. These companies are obligated to data protection to the same extent as we are. If the level of data protection in the country to which data is transferred does not correspond to that in Switzerland or the European Union, we contractually ensure that the same level of protection is guaranteed as in Switzerland or the European Union. This can be done through standard data protection clauses of the European Commission or a supervisory authority or approved and authorised codes of conduct together with binding and enforceable obligations of the recipient or authorised certification mechanisms together with binding and enforceable obligations of the recipient.
If data is transferred to a company in the USA, we ensure that this company is certified in accordance with the Swiss or EU-US Privacy Shield Agreement, thereby ensuring that the level of data protection in Switzerland or the EU is complied with. In the absence of certification, we obtain the necessary guarantees by contract.
You sharing information with third parties
As mentioned before, we technically enable you to process third party data through our services. We also enable you technically to inform third parties about such information. You are for example able to send a specific treatment report to another involved health care professional. However, we have no control over whether and which patient data you may share over our services. You are solely responsible to acquire the necessary consent of the person/patient concerned.
We take data security very seriously and we strive to protect your personal information. We use a variety of industry-standard security technologies and procedures designed to help protect your information from unauthorized access, use, or disclosure (such as access control procedures, network firewalls, and physical security). Unfortunately, there’s no such thing as completely secure data transmission or storage, so we can’t guarantee that our security will not be breached (by technical measures or through violation of our policies and procedures). In the event of a data security breach, we will take all essential actions as required under applicable laws.
The site may contain links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave this site and to read the privacy policies of every site that collects personal information. If you decide to access any of the third-party sites linked to our site, you do this entirely at your own risk. Any links to any partner of the site is the responsibility of that partner.
IMP will generally only store your personal information for as long as necessary to fulfil the purposes for which we originally collected it. However, depending on the type of personal data to be processed and the purpose of processing, the actual retention periods may vary. In addition, there are laws and local regulations that set minimum periods for the retention of personal data. The actual retention period for your personal data thus depends on whether we process your personal data as part of a contractual relationship with you, based on your explicit consent, whether we process the personal data for our own legitimate interests or whether IMP is legally obliged to retain the personal data for a certain period or to comply with certain legal obligations.
Please remember that when you generate content yourself and make it publicly available through our services, this content and you as the generator are public. Transparency of user content is critical to its effectiveness and trustworthiness.
You have the legal right to receive information from us about which personal data is stored about you. You can also request the correction of incorrect data or the deletion of personal data, provided that this does not conflict with any legal obligations to maintain data privacy or any legal permissions that allow processing. Furthermore, you may, under certain circumstances, have the processing of your personal data restricted or object to it. You also have the right to demand that we return the personal data you have provided to us (right to data portability). You have the right to receive the data in a structured, commonly used and machine-readable format. You may revoke your consent to any data processing procedure.
Please note that the exercise of your rights may be subject to legal restrictions. We reserve the right to assert these, e.g. if we are obliged to retain or process certain data, if we have an overriding interest in doing so or if we need the data to assert claims. Please note that the exercise of your rights may, under certain circumstances, conflict with contractual agreements and may have corresponding effects on the performance of the contract (e.g. early termination of the contract or cost consequences).
The exercise of your rights requires that you prove your identity (e.g. by means of a copy of your identity card if your identity cannot be established in any other way).
If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
V1.0 – Berne, 08.08.2022