teamplay Privacy Notice

Last Update March 15, 2023

Protecting the security and privacy of your personal data is important to Siemens Healthcare GmbH (“Siemens Healthineers”). Therefore, Siemens Healthineers operates the teamplay digital health platform, the Digital Marketplace, and the applications/services offered therein (“Services”) in compliance with applicable data privacy laws. The teamplay Privacy Notice explains which personal data Siemens Healthineers collects about you when you register with teamplay, how we use your personal data, and your rights to your personal data.

Categories of personal data processed and purpose of the processing

When registering for, visiting, and using the Services, Siemens Healthineers processes the following personal data about you

• Personal data that you actively provide to Siemens Healthineers within the Services, e.g., information that you actively enter when registering for the Service or creating a user account or using contact and other forms offered within the Service. For example, to contact Siemens Healthineers with your inquiries and questions.

  Depending on your user status (affiliated or non‐affiliated) Siemens Healthineers processes in particular: Full name, address, email address, phone number, institutions you are affiliated with, country, credentials, configuration data such as preferences, for example, preferred language, layout options.

• Information that is automatically sent to Siemens Healthineers by your web browser or device, such as your IP‐address or other device identifier, device type, browser type (if applicable), referring site, sites accessed during your visit, the date, and time of each visitor request

We process your personal data for the following purposes:

• To offer the Services and functions and to administer your use of the Services.
• To verify your identity.
• To answer and fulfill your specific requests.
• To make you a visible searchable user within Services.
• To maintain and improve our Services.
• To prevent an illegal use of our Services.

We only process your personal data if we are permitted by applicable law to do so. If you are located within the European Economic Area, the legal basis for Siemens Healthineers processing data about you is that such processing is necessary for the purposes of:

1. Siemens Healthineers exercising its rights and performing its obligations in connection with any contract we make with you (Article 6 (1) (b) General Data Protection Regulation)

2. compliance with Siemens Healthineers’ legal obligations (Article 6 (1) (c) General Data Protection Regulation)

3. legitimate interests pursued by Siemens Healthineers (Article 6 (1) (f) General Data Protection Regulation)

Generally, the legitimate interest pursued by Siemens Healthineers in relation to our use of your personal data is the efficient operation, management, and support of the Service, but we may disclose other legitimate interests for specific uses.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for Siemens Healthineers processing that personal data is that you have consented (Article 6 (1) (a) General Data Protection Regulation).

Transfer and disclosure of personal data

For the purposes mentioned above Siemens Healthineers may transfer or disclose your personal data to:

• Microsoft Ireland Ltd. and Microsoft Corporation, USA (operation of Azure cloud infrastructure)
• Okta Inc. (Auth0), USA (Authentication service)
• Infosys Ltd., India (Authentication service)
• Siemens SOP IT, Portugal (Authentication service)
• Identity & Access Management Solutions GmbH & Co. KG, Germany (Authentication service)
• LaunchDarkly.com/Catamorphic Co, USA (Feature Toggle Management)
• Siemens Healthcare Private Limited, India (Services development, 3rd Level Support)
• Siemens Healthcare s.r.o., Slovakia (Services development, 3rd Level Support)
• Siemens Healthineers Affiliates (Remote Maintenance services)
• Courts, law enforcement authorities, regulators, or attorneys if it is necessary to comply with the law or for the establishment, exercise, or defense of legal claims.
• Service providers, so‐called data processors, such as hosting or IT maintenance service providers, which only act upon Instructions of Siemens Healthineers and are contractually bound to act in compliance with applicable data protection law.
• Solution partners (third parties) offering solutions (e.g., applications) on the teamplay digital health platform, under the condition that an affiliated institution has instructed Siemens Healthineers to enable you to access such partner solutions.

If you are located within the European Economic Area, please be aware that sometimes the recipients to whom Siemens Healthineers transfers or discloses your personal data are in countries where the applicable laws do not offer the same level of data protection as the laws of your country. In such cases, and if required by applicable law, Siemens Healthineers takes measures to implement appropriate and suitable safeguards for the protection of your personal data. In particular:

Siemens Healthineers uses data transfer mechanisms compliant with Articles 44 et seq. GDPR which provides appropriate safeguards for the transfer of personal data to such a third country, for example by

1. EU Standard Contractual Clauses for the transfer of personal data to third countries; or
2. approved Binding Corporate Rules.

You may request further information about the safeguards implemented in relation to specific transfers by contacting dataprivacy.func@siemens‐healthineers.com.

Retention Periods

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations.

Your rights

The data protection law applicable to Siemens Healthineers when processing your personal data may entitle you to specific rights in relation to your personal data. You can find out more about those rights by contacting dataprivacy.func@siemens‐ healthineers.com. In particular, and subject to the respective statutory requirements, if you are located within the European Economic Area, you are entitled to:

• Obtain from Siemens Healthineers confirmation of whether personal data concerning you is being processed, and where that is the case, access to the personal data;
• Obtain from Siemens Healthineers the rectification of inaccurate personal data about you;
• Obtain from Siemens Healthineers the erasure of your personal data;
• Obtain from Siemens Healthineers restrictions of processing your personal data;
• Data portability concerning personal data, that you actively provided; and
• Object, on grounds relating to your particular situation, to processing of personal data concerning you.

Data Privacy Contact

The Siemens Healthineers Data Privacy Organization provides support with any data privacy‐related questions, comments, concerns, or complaints or in case you want to exercise any of your data privacy‐related rights. The Siemens Healthineers Data Privacy Organization may be contacted at: dataprivacy.func@siemens‐ healthineers.com.

The Siemens Healthineers Data Protection Officer and the Siemens Healthineers Data Privacy Organization will always use best efforts to address and remedy your request or complaint. In addition to contacting the Data Protection Officer of Siemens Healthineers and the Siemens Healthineers Data Privacy Organization, you also have the possibility at any time to contact the competent data protection supervisory authority with your inquiry or complaint.

Do Not Track

At this time, our Internet sites do not recognize or respond to “Do Not Track” browser signals.

Web Analytics Services

Siemens Healthineers monitors the runtime behavior of the Services for quality assurance and tracks page views by users based on pseudonyms for the purpose of identifying product improvements. For this purpose, temporary cookies are created and deleted immediately after creation. In this context Siemens Healthineers uses the “Microsoft Azure Application Insights” service of Microsoft Corporation, Redmond, USA.

Children

This Service is not directed to children under the age of 18. We will not knowingly collect personal data from children under the age of 18 via this Service without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, according to local law and regulations, or to protect a child.

Security

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, Siemens Healthineers uses reasonable physical, technical, and organizational security measures. Unfortunately, there is no complete assurance of security in transit or storage of any information that you transmit, no complete assurance that information will not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or organizational measures.

California Privacy Rights

California’s “Shine The Light” law permits our customers who are California residents to request annually a list of their personal information, if any, that we disclosed to third‐parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third‐parties. At this time, we currently do not share any personal information with third‐parties for their direct marketing purposes.

Amendments to the Privacy Notice

We may update this Privacy Notice from time to time. The data of the latest update is indicated at the top of this Privacy Notice.