Privacy Policy – Oncospace Website (Last Updated 13 June 2022) 

1. Scope

This document contains the following privacy policy:

2.

2.1 Introduction

Oncospace, Inc., a Maryland, USA, corporation (“us,” “we,” or “Oncospace”), is committed to respecting the privacy of our customers, users of Oncospace products, services and applications, including our websites (collectively, the “Services”) in accordance with applicable data protection laws including but not limited to the principles of the Privacy Act of 1974, the EU General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Maryland Personal Information Protection Act.

2.2 Your Consent to, and Agreement with, this Privacy Policy

Please read this Privacy Policy carefully to understand our policies and practices regarding Personal Data and Sensitive Personal Data (both defined below) and how Oncospace will treat each of them.

2.3 “Personal Data” and “Sensitive Personal Data”

As used in this Privacy Policy

2.4 The Purpose of Data Collected

2.4.1 Oncospace Product

We may use Personal Data and/or Sensitive Personal Data:

2.4.2 Oncospace Trials

As part of product evaluation and the pre-sales process, you may be assigned a trial user account, to which you can upload data using the Oncospace Trials Uploader feature of our Customer Tools application. Data uploaded using this tool is anonymized prior to upload, and can be examined by you to ensure that this anonymization meets your requirements and legal obligations.

The anonymized uploaded data will be removed from the Oncospace Trial Customer account within 30 days of your trial ending, or earlier if specifically requested by you. We undertake to use this data only for the following purpose:

It may be that your uploaded data is of interest to Oncospace Product Development – for example, if you have an old, new or unusual CT Scanner that provides DICOM images in an unusual format. In such cases, Oncospace staff may contact you to request that the minimum amount of such data be retained for development and testing purposes. Only and only if you agree, such data may be retained by Oncospace as part of ongoing test data.

2.5 Information Collected for Tracking and Customization (Cookies)

2.5.1 What are Cookies?

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded by your browser. These cookies help us make the website function properly, make the website more secure, provide a better user experience, and allow us to understand how the website performs, what works, what doesn’t and where it needs improvement. To find out more about cookies, visit wikipedia.org or https://www.allaboutcookies.org/.

2.5.2 How do We Use Them?

As with most online services, our website uses first-party and third-party cookies for a number of purposes. First-party cookies are mostly necessary for the website to function the right way. More importantly, they do not collect any of your personally identifiable data.

The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, and the services it provides. Third-party cookies provide you with a better user experience and help speed up your future interactions with our website.

For improving your return visits to our website, cookies are retained for a period no less than 6 months.

2.5.3 What Types of Cookies do we use?

The cookies used on our Oncospace product web application are grouped into the following categories.

Advertisement cookies are not used by Oncospace. 

Further, these types of cookies can be either:

2.5.4 How Can You Manage Your Cookies?

You can manage your cookie preferences on Oncospace.com by clicking “Settings” and enabling or disabling the cookie categories according to your preferences. However, you are required not to block any cookies necessary for the correct and secure functioning of the Oncospace web application.

2.6 Data Security

We use reasonable and appropriate technical, physical, and administrative safeguards that are designed to enhance the security, confidentiality, integrity and accessibility of Personal Data and Sensitive Personal Data. We incorporate secure storage and transmission technologies including anonymization, pseudonymization, de-identification, data removal, redundancy, encryption, firewalls, physical access controls, auditing and monitoring protocols.

Despite Oncospace maintaining and continuously improving its security controls and overall information security maturity, we cannot in all instances, however, ensure or warrant the security of all information transmitted via Oncospace’s Services and cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach or interference with our systems.

Oncospace applies anonymization, pseudonymization, de-identification and/or removal of Personal Data and Sensitive Personal Data, as described in Section 8.4 of Oncospace’s DICOM Conformance Statement. However, some information available by accessing the Services, such as the date and time and which a plan was generated, could be used in combination with data from your existing hospital information systems in order to further re-identify patient data. You acknowledge that unauthorized or malicious access to both the Services and to your hospital information systems may result in exposure to a more significant information security breach.

2.7 Your Information Choices and Changes

If you would like to submit a request to access, rectify, erase, restrict or object to the processing of Personal Data that you have previously provided to us, or if you would like to submit a request to receive an electronic copy of Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact the Oncospace Privacy Officer at privacy@oncospace.com. We will respond to your request consistent with applicable law.

In your request, please make clear what Personal Data you would like to have changed, whether you would like to have the Personal Data suppressed from our database, or otherwise let us know what limitations you would like to put on our use of the Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with your account, your email address or other account information, that you use to send us your request, and we may need to verify your identity before implementing your request.

Please note that we may need to retain certain information (other than PHI) for record-keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

We will try to respond to, and if appropriate, comply with, your request(s) as soon as reasonably practicable.

If you make use of (some of) your choices and rights, you may not be able to use, in whole or in part, certain of the Services.

2.8 Your Express Representation of Authorization and Compliance

Prior to using the Oncospace Services, you expressly represent and warrant that you are authorized to use the Services, that you are authorized to disclose and transfer to us all data provided, and that you will at all times comply with applicable national, state and regional laws relating to the handling, storage, use, privacy, and protection of data to be processed in connection with the Services (including as applicable obtaining the express and informed consent and authorization of the “Data Subject”, such term to include personnel, subcontractors and patients as applicable). You also represent and warrant that all information you provide to us will be current, true, accurate, verifiable and complete. It is entirely your choice whether or not to submit, use or disclose Personal Data and Sensitive Personal Data through Oncospace’s Services. If you choose not to provide the required data, you may not be able to use certain features of Oncospace’s Services.

In order to access the Services, Oncospace will integrate your existing corporate identity (such as Azure Active Directory). You are solely responsible for maintaining the confidentiality of all user logins and passwords and for ensuring that your login and password is used only by you. Oncospace strongly recommends that you consider enhanced identity protection measures such as multi-factor authentication to further secure access to the Services and your other systems.

You are solely responsible for:

You may not circumvent or otherwise interfere with any user authentication or security of the Services.

You must notify us (privacy@oncospace.com) within 24 hours if any of your account data is lost, stolen or used without permission.

2.9 Information We Receive from Third Parties

From time to time, Oncospace may obtain information about you from third party sources, such as public databases and websites, resellers and distributors, joint marketing or business partners, security and fraud detection firms and social media platforms. Examples of the information we may receive from other sources include account information, page-view information, contact information from business partners, search results and links, (including paid listings, such as sponsored links), and credit history information from credit bureaus.

2.10 Sharing of Personal Information

We do not share personal information (Personal Data and Sensitive Personal Data) with third parties other than as follows:

2.11 Data Retention and Deletion

We retain personal and sensitive personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion or return is possible.

2.12 California Users Only–Your Privacy Rights

California Shine the Light Law: The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires businesses that collect personal information of California residents to make certain disclosures regarding how they collect, use and disclose such information. This section addresses those requirements. For a description of all of our data collection, use and disclosure practices, please read this Privacy Notice in its entirety.

California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:

As a processor of such data, Oncospace expects all such resident requests to be proxied via the respective Oncospace customer (entity) that supplied the information to Oncospace in the first place. To do so, these entities may write to Oncospace at privacy@oncospace.com.

2.13 Data Collected

Categories of Personal Information We CollectCategories of Third Parties with Which We Share Information for Business Purposes
Non-patient Identifiers (such as clinic name, address, email address)Corporate affiliates, vendors, service providers and third-party business partners (as identified above)
Any categories of sensitive personal information as explained in this document.N/A
Legally Protected Classifications (such as gender and marital status)N/A
Commercial Information (such as transaction data)Vendors, service providers, and third-party business partners (as identified above)
Internet or Other Network or Device Activity (such as app usage)Vendors and service providers
Approximate Location Information (such as location inferred from your IP address, city, country)Vendors and service providers
Professional or Employment-Related Data (such as the name of your employer)Vendors, service providers, and third-party business partners (as identified above)
Education Information (such as degrees and certifications)Vendors and service providers
Inferences drawn from any of the information identified aboveN/A

2.14 Personal Data of Minors

Special information for parents: The Oncospace Services are not directed to children, as defined under applicable law, and we do not knowingly collect Personal Data from children. It is, however, Oncospace policy to comply with the law when it requires parent or guardian permission before collecting, using or disclosing Personal Data of children. We are committed to protecting the privacy needs of children and we strongly encourage our customers to communicate with parents and guardians to take an active role in their children’s online activities and interests. If a parent or guardian becomes aware that his or her child has provided you with his or her Personal Data without their consent, please contact us. If we become aware that a child has provided us with Personal Data, we will delete his/her data from our files.

2.15 Changes to this Notice

We may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. If such changes are material in nature, we will provide you with additional notice (such as adding a statement to the main website page or sending you an email notification).

2.16 Inquiries or Concerns

If you have any questions about this notice, please contact the Oncospace Privacy Officer at privacy@oncospace.com.