Privacy Statement

Your privacy is important, and we respect it. We do not sell any of your personal data.

This is the Privacy Statement of Spectral AI, Inc. all its entities and subsidiaries (‘Spectral’, ‘we’, ‘us’ and ’our’), and it applies to us as long as we process personal data that belongs to individuals (‘you’). Our services and products are branded under name “Spectral MD”.

What is the purpose and scope of this Privacy Statement?

This Privacy Statement aims to explain you in a simple and easy language what personal data is collected and what is done with it. This Privacy Statement is relevant to you if

  • you are a visitor on our websites or webpages that include www.spectral-ai.com, or www.spectral-ai.com
  • you have shared your personal data through a form or page on any our websites
  • you have sent an email to Spectral.

This Privacy Statement also applies to you if you are one-person business (es), legal representative (s) or contact person (s) acting on behalf of our corporate customer (s). This Privacy Statement does not apply to job applicants, employees and/or third party contractors working with us.

Why do we collect your personal data?

We collect your personal data to provide you with a service you have asked, or to fulfil our contractual obligation of ensuring appropriate functioning of product or device we may have sold, leased or rented to a corporate client like hospital or for clinical trials or to answer a query you may have raised with us or to fulfill a legal obligation or to analyze and improve our website, services and products.

What types of personal data do we collect? And, when?

Personal data is any information that identifies you directly or indirectly. This includes your first name, last name, email, address etc. We process the following personal data about you:

  • Identification data, such as first name, last name, email address, or telephone number. At times, we may collect demographic information such as post-code, preferences and interests.
  • Socio-demographic data, such as gender, education, job position and marital status.
  • Online behavior and information about your devices, such as your IP address and device ID of your mobile device or computer and the pages you visit on our websites.
  • Audio-visual data, when visiting you are one of our premises, or when you are contacting us via phone. Whenever explicitly permitted or under a legal obligation, we may record calls, customer feedback via video screening, diagnose through a conference/video call, online chats as well as surveillance footage.
  • Professional Characteristics, such as, your trade, industry, employment status, profession, work or trade skill levels, and experience;
  • Your interactions with us on social media, such as Meta (Facebook and Instagram), X (formerly Twitter), LinkedIn and YouTube. We follow public messages, posts, likes and responses to and about us on the internet.
  • Relationship History, such as details of your contact with us, as well as order history;
  • Other Personal data or information that you provide us.

Sensitive Data

Sensitive personal data is special category personal data, such as personal data relating to your health, ethnicity, religious or political beliefs, genetic or biometric data, as well as data related to criminal offences such as fraud. We collect sensitive data such as images of your wound and other related information based on a contract with a corporate customer or as part of clinical trials.

Children’s Data

We do not purposely collect Children’s data. If you are under the age of sixteen, you must ask your parent or guardian for permission to use this website. In situations wherein a hospital or clinic who is our corporate customer decides to provide us with Children’s data, this is collected based on consent.

We do not collect any personal data about you unless you voluntarily provide it to us. In addition, we may receive your data from:

  • Corporate customers, such as a hospital that has purchased a device from us and has chosen to store your personal data in our environment;
  • Clinical research organizations that support us in clinical research;
  • Publicly Available Information, such as LinkedIn, product review websites, or local trade or industry associations’ registries, or following the monitoring of social media channels for feedback and direct mentions of Spectral.

We collect your personal data based on following legitimate purposes:

  • When we collect and process your personal data upon a visit to our website or filling out a form or when you have sent us an a request via email or any other format, it is based on your consent. For example, you consent by accepting the cookie banner on website or by submitting a contact form on our website;
  • When we process your personal data based in receipt from a corporate customer, it is based on our contractual agreement with the corporate customer;
  • When we collect and process your personal data based as part of clinical trials, it is based on consent or contractual agreement with an individual or contract with a clinical research organization;
  • When we collect and process your personal data based as publicly available information, it is based on our legitimate interest.

What do we do with your personal data?

Processing means every activity that can be carried out in connection with personal data, such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with applicable laws. We only use your personal data to:

  • provide and administer our products and services;
  • process and fulfill orders and keep you informed about the status of your order;
  • communicate about and administer our products, services, events, programs and promotions (such as by sending alerts, promotional materials, newsletters and other marketing communications);
  • conduct and facilitate surveys, contests, and market research initiatives;
  • run artificial intelligence based algorithms (known as ‘Predictive Wound Healing’) to analyze a wound image and make recommendations to users (e.g. doctors) of our device(s);
  • perform data analytics (such as market research, trend analysis, financial analysis and customer segmentation);
  • engage in ads, retargeting and evaluate the effectiveness of our marketing efforts (including advertising on social media);
  • process, evaluate and respond to your requests, and inquiries;
  • conduct marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand);
  • operate, evaluate and improve our business;
  • maintain and enhance the reliability, safety and security of our products, services, website, network services, information resources and employees.

For research and analytics purposes, we use de-identified data so that your privacy remains protected.

Who do we share your personal data with?

We do not sell, rent, or lease our customer lists to third parties.

To offer you the best possible services and to remain competitive in our business, we share certain data of yours; internally, i.e., within other Spectral AI departments/entities and externally, i.e., with third parties (e.g. suppliers who provide us with services).

Specifically, we share your data with the following parties:

  • With departments/entities within Spectral AI, for centralized storage and processing the data for efficiency purposes;
  • To comply with our regulatory obligations or upon legal request, we may disclose your data to the relevant government, supervisory and judicial authorities such as public authorities, regulators and other healthcare sector supervisors;
  • When we use services of other service providers or other third parties to carry out certain activities in the normal course of business such as designing, developing and maintaining internet-based tools and applications (including placing advertisements on apps, websites and social media); IT service providers who may provide application or infrastructure (such as cloud) services; for marketing activities or events and managing customer communications; preparing reports and statistics, printing materials and designing products; etc.; we may have to share your data with such third parties;

Whenever we share your personal data, we take the necessary safeguards like legal binding contracts with mention of technical measures to protect your personal data. And, when personal data is transferred cross-border, we perform necessary due diligence inline applicable laws and rely on standardized contractual clauses, adequacy decisions, industrial standards etc.

How do we protect your personal data?

We are committed to ensuring that your information is secure.

We take appropriate technical and organizational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed.

To further protect your personal data, our employees are subject to confidentiality obligations and shall not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.

How long do we keep your personal data?

We keep your personal data as long as necessary for the purpose for which it was originally collected, and our legal obligations.

What are your rights? And, how can you exercise those rights?

We respect the following rights about your data:

  • Right to access information – You have the right to ask us for an overview of your personal data that we process.
  • Right to rectification – If your personal data is incorrect, you have the right to ask us to rectify it.
  • Right to object to processing – You can object to us using your personal data for our own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data. You may not object to us processing your personal data if we are legally required to do so or if it is necessary to fulfill a contract with you.
  • Right to restrict processing – You have the right to ask us to restrict using your personal data if you believe the personal data is inaccurate; if are processing the data unlawfully; if you believe that we no longer need the data, but you want us to keep it for use in a legal claim; or if you have objected to us processing your data for our own legitimate interests.
  • Right to data portability – You have the right to ask us to transfer your personal data directly to you or to another organization. Where technically feasible, and based on applicable local law, we will transfer your personal data.
  • Right to erasure – You may ask us to erase your online personal data and your right to  erasure would be applicable if we no longer need it for its original purpose; you withdraw your consent for processing it or if you object to us processing your data for our own legitimate interests or if a local law requires us to erase your personal data.
  • Right to complain – Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to the sector-specific data protection officer. You can also contact the data protection authority in your country, if applicable.

When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you to verify your identity. In some cases we may deny your request and, if permitted by law, we will notify you of the reason for denial.

We aim to answer your rights request within one calendar month. Should we require more time (than one month) to complete your request, or deny it, we will notify you immediately and provide reasons for the delay.

To exercise one of the above rights, or any other query relating to your personal data, you can write to us at privacy@spectral-ai.com.

Note: In case you have provided the data to an organization other than Spectral, you must exercise your right with that organization, as Spectral may not have not your personal information or, based on agreement with them, we may not be allowed to provide such information directly to you. In event of you exercising your rights with us in such a scenario, we would not be able to answer your rights request.

How can you contact us for more information?

To learn more about our privacy statement and how we use your personal data, you can send us an email, call us or visit your local branch or office.

Spectral AI, Inc.

2515 McKinney Avenue, Ste. 1000

Dallas, TX 75201

Email: privacy@spectral-ai.com

Phone: +972 499 4934

How often do we update the Privacy Statement?

In ever changing world, we keep our Privacy Statement under regular review to make sure it is up to date and accurate. The date of the last update can be found at the beginning of this Privacy Policy. We recommend that you visit this page regularly to check for any updates that may have been made.