Security & Privacy Policy

(Effective: November 12, 2019)

We recognise the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws.

In summary:

  1. We collect and use your messages and content from your Slack public channels, Atlassian Confluence wiki spaces and Google Drive documents only in volumes necessary to provide you with a Slack application to implement the core functions: discovery and search knowledge entities implemented as Question and Answer pairs (Q&A pairs), factual messages or Wiki documents.
  2. We store knowledge entities, until you decide to uninstall our applications, to provide you with the ability to search answers for the new questions from your channels and to show you periodic statistics. All other messages, are either ignored or removed automatically after knowledge discovery analysis in a short period of time (up to 2 days).
  3. We store all of your data on Google Cloud infrastructure and they are automatically encrypted at rest. This helps guard against unauthorised access and service interruptions. From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, entire hardware infrastructure is secured and hardened.
  4. Your data are handled automatically by algorithms. We authorise only trusted individuals to have legitimate access to systems and data repositories containing customer data. This strict authorisation extends to job duties including debugging and maintenance activities. Access to customer data is only allowed for a legitimate debugging or maintenance purpose. At this moment only two engineers in our company have this access level.
  5. We don’t share any of your data with any third party except in cases we legally obliged to provide access according to the laws.

Compliance

HealthTech GmbH («We», «Company» or «Memonia») is the controller of all private information collected, stored and used by Memonia for the purpose of service provision, protection of legitimate HealthTech GmbH interests as well as those of the society, state and your own interests as a client.

We take the confidentiality of our clients very seriously and take responsibility for the safety of our clients' private information.

We are fully compliant with the data protection legislation of Germany and the European Union. This document is designed to explain how your data is handled in accordance with the EU General Data Protection Regulation (GDPR).

This Policy outlines the following:

Collection, processing and use of personal data

What personal data is collected

Private data is defined by any information related to yourself, which allows to identify you as a private individual such as your name and surname, e-mail address, username and messages from public channels. We collect data the moment you install our Slack application, authorise yourself on our websites or when you contact us directly. The information which can not be directly linked to a certain private individual, a company or any of your messages in Slack channels (e.g.website or slack app usage statistics) is not considered to be private.

We collect the following categories of private data:

  1. Slack workspace and channels general information: a system identifier, name, status, timestamps;
  2. Slack message attributes (user system ids, message text, timestamps) from your Slack public channels to automatic analysis for knowledge discovery and extraction functions.
  3. Slack user system identifiers (without personal information) related to discovered knowledge
  4. (if applicable) Atlassian Confluence space names and the derivative of Wiki documents in corresponding spaces
  5. Messages sent to us via email and social media.
  6. The geographical location of your personal computer or other devices in real time mode using your IP-address, type of browser and language used when you visit our website.

When we use your personal data and how long we store it for

Your data are handled automatically by our algorithms to provide the core functions of Memonia Slack application most of the time.

Your personal data is used for the following purposes:

  1. Automated discovery of knowledge entities (question and answer pairs (Q&A), factual messages, wiki documents). All other messages nad content, not related to extracted knowledge, are either ignored or removed automatically after knowledge discovery analysis in a short period of time (up to 2 days);
  2. Automated and manual search for discovered knowledge for new questions from your public channels;
  3. Automated user expertise discovery function
  4. (if applicable) Confluence space names and Google Drive file names are used to show in Slack messages and dialogues.
  5. (if applicable) The derivatives of your Confluence Wiki and Google Drive documents are used to provide you automatic and manual semantic search
  6. We can disclose your personal data to government and law enforcement agencies only in order to comply with the current legislation;
  7. We use your personal contact data to maintain the relationship with you as a Client and improve our service;

We are not storing your data longer than required by the process of providing core functions of Slack application. In order to determine the duration your data is stored we consider the quantity, nature and sensitivity of your personal data; purposes we need the data for and whether it can be achieved by other means. We also take into consideration the possibility of grievance procedures along with our business rights protection if requested.

When you uninstall Slack application we’re completely removing all of your data related to Slack workspace, channels and messages in 2 days.

When you uninstall Atlassian Confluence integration we’re completely removing all of your data related to your Confluence instance in 2 days.

Safety of your personal data

We start from the fundamental premise that our customers own their data and control how it is used.

We follow safety procedures whilst storing and disclosing your personal data. From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, entire hardware infrastructure is secured and hardened.

All of the data we’re using is encrypted in transit and at rest.

All of the site and Slack application connectivity is encrypted using TLS/SSL (Transport Layer Security) technology. TLS is standard encryption of personal data to be safely passed on via the Internet.

We store all of your data on Google Cloud infrastructure from Google Inc. (“Google”). and they are automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorised access and service interruptions.

We authorise only trusted individuals to have legitimate access to systems and data repositories containing customer data. This strict authorisation extends to job duties including debugging and maintenance activities. Access to these systems is under the umbrella of strict policies that are clearly displayed for employees to read and also in the tools they use. Access to customer data is only allowed for a legitimate debugging or maintenance purpose.

Your personal data can be disclosed to third parties for the purposes listed below:

  1. Government, law enforcement and regulatory agencies;
  2. Legal or other professional consultants, judges or law enforcement agencies to protect our business rights as per the legal contract signed by both parties.

Your account

We keep your private data whilst you are using our Slack application. You can refuse to provide your consent for private data processing at any time and delete your personal data by uninstalling your slack app.

Cookies

To optimise our website functionality we use cookies. Cookies are used for website traffic analysis, navigation management and other functions. By using our web-site you agree that we can store and use cookies on your device. You can deactivate cookies in your browser settings. This may reduce the available functions on the website, but will not affect your user access level. Cookies are small text files, transferred to your hard drive through web-browser for the purpose of user’s identifying whilst browsing our website.

Google Analytics

Our website uses Google Analytics – web-analysis service by Google Inc. (“Google”). Google Analytics uses cookies to help to identify how users browse the website. IP-anonymiser is in place and only in exceptional cases, full IP-address is sent to Google server in the USA to be shortened. Google, representing HealthTech GmbH, uses this information to evaluate website traffic, create activity reports and for other services, related to the usage of the website. Your IP-address, sent by your browser, can not be used in conjunction with other information obtained by Google. You can choose to unable cookies by adjusting the settings of your browser.

You can also prevent sending and processing of your data collected by cookies in the process of our website use (including your IP-address) by downloading and installing a plug-in following the link.

External Websites

Our website contains links to external websites. We can not be held responsible for the confidentiality policies of external websites or their actions such as collecting and processing of your personal data.

Your Users Rights

You have right to:

  1. Request the information about whether we store any personal data and reason for that.
  2. Request access to your personal data.
  3. Request the correction of your personal data.
  4. Request the deletion of your personal information unless we have good reasons to keep it for further processing.
  5. Request the transmission of your personal data in digital and structured form to yourself or other party (data transfer right).
  6. Consent withdrawal. On limited occasions, when you gave your consent to collect, process and disclose your personal data for a certain purpose, you can withdraw your consent to process such information at any time. We will stop processing your personal information upon notification receipt about consent withdrawal unless we have other legal grounds to proceed. You can withdraw your consent to use your personal data by sending a request to support@memonia.com.

Access to your private data is free of charge. However, we can charge a small fee in case if your request is too complex or unreasonable. As an alternative, we might refuse to carry out the request under such circumstances.

If you have any further questions regarding our Privacy Policy or how we process your personal data, please get in touch with one of our representatives via email: support@memonia.com.

Security Issues Fix Policy

This section describes how and when we resolve security issues. It does not describe the complete disclosure or advisory process that we follow.

Every security issue includes a severity level which is based on our CVSS score for each specific vulnerability. CVSS is an industry standard vulnerability metric.

Service Level Agreement

We have defined the following time frames for fixing security issues and corresponding security levels with the CVSS V3 qualitative severity rating scale:

  1. Critical severity issues (9.0 - 10.0): within 2 days of being reported
  2. High severity issues (7.0 - 8.9): within 1 week of being reported
  3. Medium severity issues (4.0 - 6.9): within 3 weeks of being reported
  4. Low severity issues (0.1 - 3.9): within 2 months of being reported

Changes To Our Policy

We reserve the right to change our data protection measures if this becomes necessary due to technical or legal developments. In such cases, we will be updating the information content of our Privacy Policy. Please check this page regularly to get the latest version of this document.