AskMed.ai Data Subject Rights Policy

1. Introduction

AskMed.ai is committed to protecting the privacy and personal data of our users. This policy outlines the procedures and mechanisms we have in place to fulfill data subject rights in compliance with applicable data protection regulations. This includes rights related to accessing, erasing, modifying, and porting personal data.

2. Scope

This policy applies to all personal data processed by AskMed.ai, specifically email personally identifiable information (PII) and question history, which are stored in Firebase.

3. Data Subject Rights

3.1 Right of Access

Users have the right to request access to their personal data held by AskMed.ai. This includes the right to obtain confirmation as to whether or not personal data concerning them is being processed and, where that is the case, access to the personal data.

Procedure:

Users can submit an access request via email to help@askmed.ai.
Upon receipt of the request, the admin will verify the identity of the requester.
The admin will provide the requested data in a structured, commonly used, and machine-readable format within 30 days of the request.

3.2 Right to Erasure (Right to be Forgotten)

Users have the right to request the erasure of their personal data from AskMed.ai systems.

Procedure:

Users can submit an erasure request via email to help@askmed.ai.
Upon receipt of the request, the admin will verify the identity of the requester.
The admin will delete the user’s email PII and question history from Firebase within 30 days of the request.
The user will be notified via email once the data has been deleted.

3.3 Right to Rectification

Users have the right to request the correction of inaccurate personal data concerning them.

Procedure:

Users can submit a rectification request via email to help@askmed.ai.
Upon receipt of the request, the admin will verify the identity of the requester.
The admin will make the necessary corrections to the user’s personal data within 30 days of the request.
The user will be notified via email once the data has been rectified.

3.4 Right to Data Portability

Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Procedure:

Users can submit a portability request via email to help@askmed.ai.
Upon receipt of the request, the admin will verify the identity of the requester.
The admin will provide the requested data in a structured, commonly used, and machine-readable format within 30 days of the request.

4. Verification of Identity

For all data subject rights requests, the admin will take steps to verify the identity of the requester to ensure that the request is legitimate. This may include requesting additional information from the user to confirm their identity.

5. Response Time

AskMed.ai will respond to all data subject rights requests within 30 days of receipt. If a request is complex or if we receive numerous requests, we may extend this period by an additional 60 days. In such cases, the user will be informed of the extension and the reasons for it within the initial 30-day period.

6. Record-Keeping

AskMed.ai will maintain records of all data subject rights requests and the actions taken to fulfill them. This documentation will include the request details, verification steps, and the response provided to the user.

7. Contact Information

For any questions or concerns regarding this policy or to submit a data subject rights request, users can contact us at:

Email: help@askmed.ai

8. Policy Review

This policy will be reviewed regularly and updated as necessary to ensure ongoing compliance with data protection regulations and to reflect changes in our practices or services.

Effective Date: 30July2024