Privacy Policy

Privacy Policy

This Privacy Policy (referred to as "Policy" or "Privacy Policy") applies to users of the website https://scriptoware.com. It will be periodically reviewed and updated in compliance with relevant laws and regulations (HIPAA/GDPR/CCPA). The purpose of this Privacy Policy is to inform you about:

  1. Definitions of terms as per GDPR
  2. Who SCRIPTOWARE is
  3. Where to find us and how to reach out to us
  4. Categories of personal data, purposes, legal grounds, collection methods, and retention duration
  5. Disclosure of your personal data to third parties
  6. Your rights and how to exercise them
  7. Children’s personal data: We do not process data for individuals under 16 years old!
  8. Security measures employed by SCRIPTOWARE to protect your personal data
  9. Links to external websites
  10. Updates to this Privacy Policy
  11. Information related to the Data Protection Supervisory Authority

1. Definitions of terms as per GDPR

  • Personal Data:Any information related to an identified or identifiable natural person ("data subject"). An identifiable person can be identified, directly or indirectly, through identifiers such as a name, ID number, location data, online identifier, or one or more specific factors tied to their physical, genetic, mental, economic, cultural, or social identity.
  • Processing:Any operation or set of operations performed on personal data, including but not limited to collection, storage, use, disclosure, and destruction.
  • Restriction of Processing:Marking personal data to limit its future processing.
  • Controller:A person or entity that determines the purposes and means of processing personal data, either alone or jointly with others.
  • Processor:A person or entity that processes personal data on behalf of the controller.
  • Recipient:Any individual or entity, public or private, to whom personal data is disclosed, excluding public authorities that might access data for legal purposes.
  • Third Party:Any individual or entity outside of the data subject, controller, processor, or persons authorized by the controller to process data.
  • Data Breach:A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of personal data.

2. Who is SCRIPTOWARE?

The official website https://scriptoware.com (referred to as the "Platform") is operated by SCRIPTOWARE, an international software company with headquarters in Romania and the USA. INNOVATOR ARTIFICIAL TECH S.R.L. is the Romanian entity based in Bucharest, registered under Trade Register no. J40/10801/2017, with fiscal code CUI 37862579. SCRIPTOWARE INC is incorporated in Delaware, USA, located at 8 The Green, Apartment B, Dover City, Kent County, 19901.

In compliance with GDPR and local legislation, SCRIPTOWARE acts as the data controller concerning personal data processed through the website https://scriptoware.com Visitors and users who register on our website are considered data subjects.

SCRIPTOWARE ensures the confidentiality and security of personal data, processing it only for specific, legitimate, and legal purposes, as outlined in the GDPR.

3. How to Contact Us and Where We Are Located?

For inquiries related to the personal data we process, feel free to contact us via email at info@scriptoware.com

4. Categories of Personal Data, Purpose, Legal Grounds, Collection Method, and Retention Duration

Typically, we collect personal data directly from you, giving you control over the information you provide.

To identify the personal data we process, we have categorized them based on the purpose of processing.

Category A: Account Creation on the Platform

Data Subject: The patient and the doctor create a user account on the Platform. References to "doctor" in this Policy include both medical and non-medical staff, such as nurses, receptionists, medical unit administrators, or other medical representatives with user accounts.

Personal Data: Name, surname, and email address. For the patient’s profile, optional data may include country and city of residence, phone number, personal numeric code, and avatar image. For the doctor’s profile, additional data processed may include country and city of residence, phone number, professional title, and medical specialization.

Purpose and Legal Grounds: SCRIPTOWARE processes personal data to create user accounts and provide access to the Platform's functions. This processing is carried out with the consent of the data subject, in accordance with Art. 6 para. (1) lit. (a) of the GDPR.

Collection Method and Retention Period: Personal data is collected directly from the data subject during the account creation process. Data is retained as long as the user account remains active on the Platform.

Category B: Use of the Platform and Its Functions by the Doctor in Medical Assistance, Diagnosis, and Treatment Activities

  • Data subject:The patient who benefits from services provided by doctors using the Platform as a technical or software tool in their work.
  • Personal data:In addition to the personal data mentioned in Category A, SCRIPTOWARE may process medical data such as medical imaging analysis (MRI, CT, PET-CT, X-ray, ultrasound), symptoms, past illnesses, allergies, diagnosis, medical tests, medications administered in the past, blood type, medical recommendations, family medical history, information about family members and kinship relations, medical data contained in referral notes and medical reports, and genetic data. SCRIPTOWARE may also process the content of medical-specific conversations between the patient and the doctor or medical entity through the Platform.
  • Purpose and legal basis:SCRIPTOWARE uses personal data to provide services, including (i) hosting your MRI, CT, X-ray, Ultrasound, and PET-CT Examinations on the SCRIPTOWARE Platform, as well as documents in PDF, DOC, and JPG formats, and viewing them; (ii) facilitating patient-doctor collaboration for purposes related to establishing a medical diagnosis, providing medical services and healthcare, at your request, including evaluation and interpretation of the Examinations and documents in point (i) by doctors; (iii) online submission of your medical imaging Examinations at your request.

    Personal data is processed based on the explicit consent of the data subject, as provided by Art. 6 para. (1) lit. a) of the GDPR, when processing is necessary for purposes related to providing medical services and assistance or establishing a medical diagnosis and treatment by doctors or medical entities with accounts on the Platform, following your request and considering the existing patient-doctor relationship. Consent for personal data processing in this section can be withdrawn at any time by the data subject through a written request sent to info@scriptoware.com Withdrawal of consent does not affect the legality of processing carried out up to that point.

    In this Policy, any reference to medical entities includes clinics, hospitals, and any medical institutions, both public and private, with which SCRIPTOWARE has contractual relationships, as long as such medical entities have an active user account on the Platform.
  • Collection method and retention period:Personal data is collected directly by the data subject by uploading medical information and documents (MRI, CT, PET-CT, X-ray, ultrasound, medical blood tests, medical reports, documents containing medical diagnoses, etc.) to their account on the Platform. Personal data is also collected directly when the data subject communicates with the doctor or medical entity through the messaging and chat functions integrated into the Platform. At the patient's request, the medical entity and/or the doctor who treated the patient can also collect personal data indirectly by uploading such data.

    Medical data is processed by SCRIPTOWARE as a result of collaboration between the patient and a doctor or medical entity with an active account on the Platform within the medical assistance, diagnosis, and treatment services offered by the doctor or medical entity using the Platform as a technical tool or software in their activity.

    Under no circumstances, except for the indirect collection of data in the situations presented in this policy, does SCRIPTOWARE process medical data without a prior request initiated by the patient regarding the collaboration mentioned above with a doctor or medical entity with an active account on the Platform.

    Personal data is stored as long as the data subject's account is active on the Platform, unless otherwise provided by law. If there is no legal requirement, we will store medical data only as long as necessary for processing data for the purposes indicated in this Policy. From the moment you deactivate your account on the Platform, your personal data will be deleted or anonymized. As stated below, SCRIPTOWARE may use your anonymized data for statistical and scientific research.

    Considering the specificity of our activity of hosting medical documentation and Examinations to facilitate collaboration between doctors or medical entities with active accounts on the Platform and their patients, and our activity in scientific research and statistics in the medical field (e.g., development of AI-type systems), your medical data will be stored in accordance with specific legal provisions in the health field.

    Additionally, your data may be stored to comply with a legal obligation to which we are subject, such as reporting to competent health authorities or conducting checks by legal authorities. In accordance with specific health regulations, the medical history cannot be deleted. Data related to payments and invoicing will be stored in accordance with applicable legislation.

    To store your data electronically, we use our own servers or those of other companies specializing in electronic archiving.

    *Please note that SCRIPTOWARE does not provide healthcare, diagnostic, or treatment activities, having only the function of hosting the data collected according to this Policy and mediating the relationship between patients and doctors or medical entities having active accounts on the Platform. SCRIPTOWARE is not responsible for the processing activities carried out in their own name by doctors or medical entities as data controllers and in such cases, it is possible to collect the data from doctors/medical entities, SCRIPTOWARE being the processor. In this regard, please refer to their privacy policies / / GDPR information notes / any other GDPR documents available (on their websites in physical format / in any other electronic format).

    **For the avoidance of doubt, we mention that SCRIPTOWARE/the Platform does not mediate the provision of telemedicine services, its purpose being to technically facilitate the provision of these services by doctors or medical entities.

Category C: Subscribe to the newsletter

  • Data subject:Visitors to our website who do not have an active user account on the Platform, as well as patients and doctors who create a user account on the Platform, subscribe to our newsletter.
  • Personal data:Email address.
  • Purpose and legal basis:SCRIPTOWARE processes personal data in order to transmit personalized communications to the data subjects.

    According to Art. 6 para. (1) lit. a) of the GDPR, personal data processing takes place with the data subject's consent.
  • Collection method and retention period:By voluntarily transmitting their personal information when signing up for our newsletter, the data subject directly initiates the collection of their personal information. Personal data is stored for as long as you remain a subscriber to the newsletter or until you unsubscribe from the newsletter.

Category D: Visiting the Platform

  • Data Subject:Visitors to our website without an active user account, as well as patients and doctors with active accounts who use the Platform's functions.
  • Personal Data:
    • Essential Data:Basic technical information required for connecting to the internet, which may include details such as the type of device used to access the Platform (device type, operating system, screen resolution, language, location, browser type, etc.), a shortened version of the IP address, and cookie preferences related to personal data processing.
    • Non-Essential Data:Statistical data such as the city of connection, demographic information, visitor count, session duration, sections viewed, and other data related to online behaviors and interests of website visitors.
  • Purpose and Legal Basis:SCRIPTOWARE may process the personal data collected via the Platform for the following purposes and legal grounds:
    • Essential Data:Technical data is necessary to ensure the functionality, optimization, and security of the Platform. It is used to facilitate access (e.g., adjusting the site layout according to device specifications) and to detect and prevent improper use. This data is processed under Art. 6 para. 1 letter f) of the GDPR, which permits data processing for legitimate interests related to the operation of the Platform.
    • Non-Essential Data:This data is collected to enhance our services and for marketing purposes. We may gather aggregated analytics using cookies from third parties such as Google Analytics, which helps site owners measure user interactions with webpage content.
      You have the option to disable or restrict the use of cookies through your browser settings. Additionally, cookies already stored can be deleted at any time. For more details on how to modify or remove cookie data, please refer to our Cookie Policy.
      This personal data is processed under Art. 6 para. 1 letter a) of the GDPR, based on your consent.
  • Collection Method and Retention Period:Data is collected automatically when you access the Platform, through both essential and non-essential cookies. Personal data is stored as per the time frames indicated in our Cookie Policy.

Category E: Using the "Schedule a demo" Feature

  • Data Subject:Visitors to our website without an active user account, as well as patients and doctors with active accounts, who wish to use the "Schedule a demo" function.
  • Personal Data:Name, surname, email address, and phone number.
  • Purpose and Legal Basis:SCRIPTOWARE processes your personal data when you fill out the "Schedule a demo" form to schedule a free phone call with a SCRIPTOWARE representative. This call aims to provide more information about the services integrated into the SCRIPTOWARE Platform, including patient archive uploads, investigation transmissions, and communication (including video) between patients and doctors.
    This processing is carried out under Art. 6 para. 1 letter f) of the GDPR, which allows data processing for legitimate interests.
  • Collection Method and Retention Period:Personal data is collected directly from the data subject when voluntarily provided on the "Schedule a demo" form available on the Platform. Data is retained for the duration necessary to fulfill our legitimate interests.

Category F: Using the Lead Magnets Marketing Feature

  • Data Subject:Visitors to our website without an active user account, as well as patients and doctors with active accounts who use the lead magnets marketing feature.
  • Personal Data:Name, surname, email address, and Name of the employing company.
  • Purpose and Legal Basis:SCRIPTOWARE processes your personal data when you complete the fields related to the marketing function through the lead magnets services for the following purposes:
    1. To provide materials about SCRIPTOWARE’s activities and services through the Platform, as well as other relevant information.
    2. To enable subsequent contact via human operators or electronic means, providing additional information.
    3. To send further materials or information similar to what was initially received.
    Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR, which allows processing when it is necessary for the purpose of our legitimate interests. For future contact via electronic means, personal data is processed based on the data subject’s consent, in accordance with Art. 6 para. 1 letter a) of the GDPR.
  • Collection Method and Retention Period:Personal data is collected directly from the data subject when they voluntarily provide it via the lead magnets services. The data subject can object to the processing or withdraw consent at any time by sending a written request to the email address info@scriptoware.com.

    Data is stored for the period necessary to fulfill our legitimate interests, or until the data subject withdraws consent.

Category G: Contacting Us

  • Data Subject:Visitors to our website without an active user account, as well as patients and doctors with active accounts who wish to contact us through the Platform.
  • Personal Data:
    • Email address (when contacting via email or live chat)
    • Name, surname, email address, phone number, and message content (when contacting via the contact form or support ticket)
  • Purpose and Legal Basis:SCRIPTOWARE processes personal data when you contact us:
    1. Via email, live chat, the contact form, or the support form on the Platform.
    2. To provide additional information about our services, Platform functionality, your account, or any questions regarding the use of the Platform.
    Personal data in this category is processed under Art. 6 para. 1 letter f) of the GDPR, which allows processing when necessary for the legitimate interests of the Platform's functionality.
  • Collection Method and Retention Period:Personal data is provided voluntarily by the data subject when they contact us. Data is stored for the period necessary to fulfill our legitimate interests.
  • Scientific Research and Statistics:SCRIPTOWARE may use anonymized medical data from patients for statistical and scientific research purposes. This includes:
    • The development of advanced systems (e.g., machine learning, AI systems for diagnostics).
    • Anonymized data may be transferred to third parties for statistical research or AI system development, excluding clinical trial research.
    By combining research results, SCRIPTOWARE seeks to advance knowledge in the medical field, particularly in diagnosing and treating widespread diseases. This research can lead to knowledge-based policies that improve quality of life and the efficiency of social health services.

    SCRIPTOWARE ensures that data used in research remains anonymized and confidential, adhering to Art. 89 para. 1 of the GDPR. SCRIPTOWARE also guarantees the rights of data subjects, including the rights to access, rectification, deletion, restriction of processing, objection, and data portability, especially in relation to access, rectification, restriction, and opposition.

5. Sharing Your Personal Information with Affiliates

We disclose personal information to our affiliates as necessary to deliver our services or perform routine business functions. Any personal information shared with our affiliates will be protected in accordance with GDPR standards. SCRIPTOWARE INC, Inc.’s affiliate is Innovator Artificial Tech S.R.L., based in Romania, as outlined earlier.

Disclosure of Your Personal Information to Third Parties

  • Our team members and staff:The employees and members of SCRIPTOWARE who access personal data are trained to ensure the privacy and confidentiality of the personal data they manage for business activities. The access to personal data is restricted to the information necessary for them to carry out their specific responsibilities.
  • Vendors and Partners:To facilitate our operations, we collaborate with various partners who assist in the development of our projects. Consequently, we may share some of your personal data with them. In these instances, the personal data provided will be limited to what is essential for the partner to perform their role in our projects, and we have implemented contractual measures to ensure they adhere to this Privacy Policy and all applicable laws.

    Additionally, we collaborate with other companies to handle certain technical or administrative tasks, including data hosting, payment processing, marketing, IT support, security services, software development, legal services, and others.

    When using third parties to provide such services, we only provide them with the data necessary to carry out their specific tasks, ensuring compliance with GDPR guidelines.

    Where applicable, when our partners process your personal data on our behalf, we make sure they do so in compliance with all applicable data protection laws and in accordance with our instructions.

    For transactions, including the purchase of services, billing, and payment-related queries, we rely on the Stripe payment processor, which operates as an independent entity. SCRIPTOWARE does not have access to your banking information provided for purchasing services on our Platform. For details regarding Stripe’s data handling practices and security measures, please review their privacy policy here.
  • Legal Obligations:Your personal data may be disclosed to government authorities or law enforcement agencies if required by applicable law.

6. Your Rights Concerning Personal Data Processing and How to Exercise Them

As the data controller, SCRIPTOWARE has put in place technical and organizational safeguards to ensure the protection of your rights as a data subject, including:

  • Right of Access:You are entitled to confirm whether your personal data is being processed and, if so, to access the data and obtain information on how it is processed.
  • Right to Data Portability:You can request your personal data in a structured, commonly used, and machine-readable format and, when feasible, transfer this data directly to another controller.
  • Right to Object:You have the right to object to the processing of your data when it is necessary for public interest or legitimate interests pursued by us. You also have the right to object if your data is used for direct marketing.
  • Right to Rectification:You can request the correction of any inaccurate personal data about you. Any changes must be communicated to the recipients of the data unless this proves to be impractical or overly burdensome.
  • Right to Erasure (Right to Be Forgotten):You have the right to request the deletion of your personal data without undue delay when: (i) the data is no longer needed for the purposes it was collected, (ii) you withdraw your consent and there’s no other legal basis for processing, (iii) you object to processing with no overriding legitimate grounds, (iv) the data was unlawfully processed, (v) the data must be erased to comply with a legal obligation, or (vi) the data was collected for information society services.
  • Right to Restriction of Processing:You can request that we limit the processing of your personal data if: (i) you dispute the accuracy of the data, (ii) the processing is unlawful and you request a restriction instead of deletion, (iii) the data is no longer required by us but is needed for you to establish legal claims, or (iv) you object to processing pending verification of the overriding grounds.
  • Right Not to Be Subject to Automated Decisions:You have the right not to be subject to decisions made solely based on automated processes, including profiling, which would have significant legal consequences for you. We assure you that SCRIPTOWARE does not use algorithms or artificial intelligence to make automated decisions without human involvement.

    To exercise any of these rights, you can contact us via email at info@scriptoware.com

7. Children’s Personal Data

We do not process personal data for individuals under the age of 16.

SCRIPTOWARE does not collect personal data from children under 16. If you are under 16, please refrain from submitting any personal data to us.

8. Security Measures for Protecting Your Personal Information

SCRIPTOWARE is committed to safeguarding the privacy and security of your personal data. We have implemented rigorous technical and organizational safeguards to prevent unauthorized access, alteration, disclosure, or destruction of your personal information.

Our data systems are accessed through individual accounts and passwords that are regularly updated and controlled.

Access to personal data is restricted based on job responsibilities, and only authorized personnel have access.

Devices used to access data are secured with passwords, antivirus protection, and firewalls.

We conduct regular audits to ensure that your data is protected from unauthorized access or misuse.

Where appropriate, we anonymize personal data to prevent identification of individuals.

We continually assess and improve our data security measures and provide ongoing training to our staff to maintain compliance with data protection regulations.

9. Links to External Websites

Our website may include links to third-party websites. Please note that this Privacy Policy does not govern how these external websites process your data. We recommend reviewing the privacy policies of any third-party sites you visit through links on our site.

10. Updates to This Privacy Policy

To keep you informed about how we use your personal data, we may update this Privacy Policy from time to time. The most recent version will be available on our website, and we encourage you to review it periodically.

For any questions regarding our Privacy Policy, please contact us at: info@scriptoware.com.

11. Data Protection Authorities (DPAs)

If you believe your rights under Regulation No. 679/2016 have been violated, you may file a complaint either with us at info@scriptoware.com or with the relevant Data Protection Authority (DPA) in your country.

Find your National DPA here.

For California Residents

As a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA).

"Data subject" is equivalent to "consumer," and "controller" is equivalent to "business."

You may opt out of the sale or sharing of your personal information by emailing us at info@scriptoware.com.

HIPAA Compliance

SCRIPTOWARE INC, is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and holds the HIPAA Seal of Compliance certification.

For Romanian Citizens

For residents of Romania, please refer to our applicable Privacy Policy here: Romanian Privacy Policy.