(Effective: November 12, 2019)
We recognise the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws.
- We collect and use your messages and content from your Slack public channels, Atlassian Confluence wiki spaces and Google Drive documents only in volumes necessary to provide you with a Slack application to implement the core functions: discovery and search knowledge entities implemented as Question and Answer pairs (Q&A pairs), factual messages or Wiki documents.
- We store knowledge entities, until you decide to uninstall our applications, to provide you with the ability to search answers for the new questions from your channels and to show you periodic statistics. All other messages, are either ignored or removed automatically after knowledge discovery analysis in a short period of time (up to 2 days).
- We store all of your data on Google Cloud infrastructure and they are automatically encrypted at rest. This helps guard against unauthorised access and service interruptions. From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, entire hardware infrastructure is secured and hardened.
- Your data are handled automatically by algorithms. We authorise only trusted individuals to have legitimate access to systems and data repositories containing customer data. This strict authorisation extends to job duties including debugging and maintenance activities. Access to customer data is only allowed for a legitimate debugging or maintenance purpose. At this moment only two engineers in our company have this access level.
- We don’t share any of your data with any third party except in cases we legally obliged to provide access according to the laws.
HealthTech GmbH («We», «Company» or «Memonia») is the controller of all private information collected, stored and used by Memonia for the purpose of service provision, protection of legitimate HealthTech GmbH interests as well as those of the society, state and your own interests as a client.
We take the confidentiality of our clients very seriously and take responsibility for the safety of our clients' private information.
We are fully compliant with the data protection legislation of Germany and the European Union. This document is designed to explain how your data is handled in accordance with the EU General Data Protection Regulation (GDPR).
This Policy outlines the following:
- The collection and storage of your private data as a client and our website and Slack application user and the way it is handled;
- Sources of obtaining such data;
- How we use the data;
- How we store the data;
- Who we can disclose the data to;
- How your data is protected as per current data protection legislation.
Collection, processing and use of personal data
What personal data is collected
Private data is defined by any information related to yourself, which allows to identify you as a private individual such as your name and surname, e-mail address, username and messages from public channels. We collect data the moment you install our Slack application, authorise yourself on our websites or when you contact us directly. The information which can not be directly linked to a certain private individual, a company or any of your messages in Slack channels (e.g.website or slack app usage statistics) is not considered to be private.
We collect the following categories of private data:
- Slack workspace and channels general information: a system identifier, name, status, timestamps;
- Slack message attributes (user system ids, message text, timestamps) from your Slack public channels to automatic analysis for knowledge discovery and extraction functions.
- Slack user system identifiers (without personal information) related to discovered knowledge
- (if applicable) Atlassian Confluence space names and the derivative of Wiki documents in corresponding spaces
- Messages sent to us via email and social media.
- The geographical location of your personal computer or other devices in real time mode using your IP-address, type of browser and language used when you visit our website.
When we use your personal data and how long we store it for
Your data are handled automatically by our algorithms to provide the core functions of Memonia Slack application most of the time.
Your personal data is used for the following purposes:
- Automated discovery of knowledge entities (question and answer pairs (Q&A), factual messages, wiki documents).
All other messages nad content, not related to extracted knowledge, are either ignored or removed automatically after
knowledge discovery analysis in a short period of time (up to 2 days);
- Automated and manual search for discovered knowledge for new questions from your public channels;
- Automated user expertise discovery function
- (if applicable) Confluence space names and Google Drive file names are used to show in Slack messages and dialogues.
- (if applicable) The derivatives of your Confluence Wiki and Google Drive documents are used to provide you automatic and manual semantic search
- We can disclose your personal data to government and law enforcement agencies only in order to comply with the current legislation;
- We use your personal contact data to maintain the relationship with you as a Client and improve our service;
We are not storing your data longer than required by the process of providing core functions of Slack application.
In order to determine the duration your data is stored we consider the quantity, nature and sensitivity of your personal data; purposes we need the data for and whether it can be achieved by other means.
We also take into consideration the possibility of grievance procedures along with our business rights protection if requested.
When you uninstall Slack application we’re completely removing all of your data related to Slack workspace, channels and messages in 2 days.
When you uninstall Atlassian Confluence integration we’re completely removing all of your data related to your Confluence instance in 2 days.
Safety of your personal data
We start from the fundamental premise that our customers own their data and control how it is used.
We follow safety procedures whilst storing and disclosing your personal data. From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, entire hardware infrastructure is secured and hardened.
All of the data we’re using is encrypted in transit and at rest.
All of the site and Slack application connectivity is encrypted using TLS/SSL (Transport Layer Security) technology. TLS is standard encryption of personal data to be safely passed on via the Internet.
We store all of your data on Google Cloud infrastructure from Google Inc. (“Google”). and they are automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorised access and service interruptions.
We authorise only trusted individuals to have legitimate access to systems and data repositories containing customer data. This strict authorisation extends to job duties including debugging and maintenance activities. Access to these systems is under the umbrella of strict policies that are clearly displayed for employees to read and also in the tools they use. Access to customer data is only allowed for a legitimate debugging or maintenance purpose.
Your personal data can be disclosed to third parties for the purposes listed below:
- Government, law enforcement and regulatory agencies;
- Legal or other professional consultants, judges or law enforcement agencies to protect our business rights as per the legal contract signed by both parties.
We keep your private data whilst you are using our Slack application. You can refuse to provide your consent for private data processing at any time and delete your personal data by uninstalling your slack app.
You can also prevent sending and processing of your data collected by cookies in the process of our website use (including your IP-address) by downloading and installing a plug-in following the link.
Our website contains links to external websites. We can not be held responsible for the confidentiality policies of external websites or their actions such as collecting and processing of your personal data.
Your Users Rights
You have right to:
- Request the information about whether we store any personal data and reason for that.
- Request access to your personal data.
- Request the correction of your personal data.
- Request the deletion of your personal information unless we have good reasons to keep it for further processing.
- Request the transmission of your personal data in digital and structured form to yourself or other party (data transfer right).
- Consent withdrawal. On limited occasions, when you gave your consent to collect, process and disclose your personal data for a certain purpose, you can withdraw your consent to process such information at any time. We will stop processing your personal information upon notification receipt about consent withdrawal unless we have other legal grounds to proceed. You can withdraw your consent to use your personal data by sending a request to firstname.lastname@example.org.
Access to your private data is free of charge. However, we can charge a small fee in case if your request is too complex or unreasonable. As an alternative, we might refuse to carry out the request under such circumstances.
Security Issues Fix Policy
This section describes how and when we resolve security issues. It does not describe the complete disclosure or advisory process that we follow.
Every security issue includes a severity level which is based on our CVSS score for each specific vulnerability.
CVSS is an industry standard vulnerability metric.
Service Level Agreement
We have defined the following time frames for fixing security issues and corresponding security levels with the CVSS V3 qualitative severity rating scale:
- Critical severity issues (9.0 - 10.0): within 2 days of being reported
- High severity issues (7.0 - 8.9): within 1 week of being reported
- Medium severity issues (4.0 - 6.9): within 3 weeks of being reported
- Low severity issues (0.1 - 3.9): within 2 months of being reported
Changes To Our Policy