Privacy Policy
Privacy information of emergo technologies GmbH (operating under the name "Nabu Med") in accordance with Articles 13 and 14 of the GDPR.
A. Data Protection Information in Relation to the Business Relationship
Introduction
emergo technologies GmbH places great importance on the protection of your personal data. This privacy policy informs you about how your data is processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), and other data protection regulations.
Responsible Body
The data controller within the meaning of the General Data Protection Regulation is: emergo technologies GmbH, Egger-Lienz-Straße 116, 6020 Innsbruck, Austria. Email: office@emergo.dev. Website: nabu-med.ai
Categories of personal data and data sources
We process your personal data obtained from you during our business relationship, as well as data acquired from publicly accessible sources (e.g., commercial register or media). Personal data includes your personal details and contact information (e.g., name, address), telephone data, contract data, and billing data. Furthermore, it may also include transaction data and electronic log and identification data (e.g., IP address, cookies). Upon subscription, we also process your payment information (e.g., credit card details, bank account information), billing data (e.g., billing address), and details of the selected subscription (e.g., type, duration).
Legal Bases and Purposes for Data Processing
We process your data only if at least one of the following legal bases is met: within the scope of your consent (Art. 6(1)(a) GDPR), e.g. consent to statistics cookies (Google Analytics) — consent can be withdrawn at any time with future effect; to fulfil contractual obligations (Art. 6(1)(b) GDPR), where processing is necessary to fulfil a contract or pre-contractual measures; to fulfil legal obligations (Art. 6(1)(c) GDPR), e.g. retaining invoices; and to safeguard legitimate interests (Art. 6(1)(f) GDPR), e.g. ensuring IT security and operations, managing and developing our services, and asserting, exercising or defending legal claims.
Recipients or categories of recipients
Recipients may include internal departments (employees responsible for handling your requests) and external service providers (IT and hosting providers, payment service providers, and providers of analytics tools). In particular, we use Stripe Payments as a payment service provider for processing subscription payments and — only with your consent — Google Ireland Limited (Google Analytics) for statistical analysis of how our website is used. We have concluded data processing agreements (DPAs) with all service providers processing data on our behalf, in accordance with Article 28 GDPR. Further recipients may include authorities and public institutions (to fulfil legal obligations) as well as lawyers and courts (for asserting or defending claims).
Retention period of your data
We retain your personal data for as long as necessary to provide our services, fulfil our legal and contractual obligations to you, resolve disputes, comply with statutory retention periods, or enforce our claims. Data related to subscriptions are stored for the duration of the subscription and in accordance with legal retention periods (e.g., 7 years under Austrian law).
Your Rights Under the GDPR (Data Subject Rights)
You have the right to access, rectify, erase or restrict the processing of your stored data, a right to revoke consent, a right to object to processing, and a right to data portability, all in accordance with the provisions of data protection law. Complaints can be addressed to the competent data protection authority: www.dsb.gv.at.
Data transfer to third countries
In certain cases, it may be necessary to transfer personal data to countries outside the European Economic Area (EEA). Such transfers are conducted exclusively in compliance with the GDPR requirements, particularly through adequacy decisions by the European Commission, standard contractual clauses according to Art. 46 GDPR, or other suitable safeguards. Examples of such transfers may occur when using cloud services or software providers whose servers are located outside the EU (e.g., in the USA). This particularly pertains to the use of Google Analytics (only with your consent), Calendly and Stripe, where data may be transferred to the USA. Standard contractual clauses are in place. We point out that in the USA, authorities (e.g., under the Cloud Act) may have access to data.
Automated Decision-Making
Automated decision-making as defined by Article 22 GDPR does not take place.
Provision of personal data
The provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual obligations. In some instances, it may be necessary for contract formation for an individual to provide us with personal data, which we subsequently need to process. Failure to provide such data would result in the contract not being concluded.
B. Additional information regarding the use of the website, tools and platforms
Hosting
This website is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) in an ISO 27001 certified data center in Germany. When you visit the website, technically necessary data (e.g., IP address, time of access, page requested) is processed in server logs. Processing is based on our legitimate interest in the secure and stable operation of the website (Art. 6(1)(f) GDPR).
Cookies and web analytics (Google Analytics)
This website uses statistics cookies only with your consent. On your first visit, a cookie banner asks whether we may use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for pseudonymized, statistical analysis of website usage. Without your consent, no analytics cookies are set and no data is transmitted to Google. The legal basis is your consent (Art. 6(1)(a) GDPR, § 165(3) TKG 2021). Data collected by Google Analytics (truncated IP address, device and usage data) is deleted after 14 months at the latest. You can withdraw or change your consent at any time with future effect via the "Cookie settings" link in the footer of our website.
Subscriptions on our website
When you subscribe on our website, we process additional information necessary for the conclusion and management of the subscription. This includes your payment data (e.g., credit card information, bank details), billing information (e.g., billing address), and details about the selected subscription (e.g., type, duration). These data are transmitted to Stripe Payments as a payment service provider to facilitate the payment process. The processing is based on Article 6(1)(b) GDPR (fulfilment of the subscription contract) and Article 6(1)(c) GDPR (compliance with legal obligations, such as tax retention requirements).
Microsoft services (Exchange, Teams)
We utilize various services from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, for email communication and conducting online meetings. This includes Microsoft Exchange for managing our email traffic (email addresses, email content, and metadata such as timestamps and IP addresses may be processed) and Microsoft Teams for online meetings (name, email address, chat history, conversation content). Processing is carried out in accordance with Article 6(1)(b) GDPR or on the basis of our legitimate interest under Article 6(1)(f) GDPR. Further information can be found in Microsoft's privacy statement.
Appointment scheduling (Calendly)
To arrange appointments and demos we use Calendly (Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA). The Calendly booking widget on our website only loads once you actively open it — no data is transmitted to Calendly before that. When you book an appointment, the data you provide (e.g., name, email address, preferred time) is processed to arrange the appointment. Processing is based on Article 6(1)(b) GDPR (pre-contractual measures) or Article 6(1)(f) GDPR (efficient communication). Where data is transferred to the USA, standard contractual clauses are in place. Further information can be found in Calendly's privacy policy.
Social Media (LinkedIn)
We maintain a company profile on LinkedIn to engage with users and inform them about our services and updates. When using this platform, the provider's privacy policy applies, for which we may share responsibility concerning data processing (Art. 26 GDPR). We only process personal data if you directly interact with us (e.g., through comments, messages). This processing is based on our legitimate interest according to Art. 6(1)(f) GDPR. You can object to the processing by emailing us at datenschutz@emergo.dev.