PRIVACY POLICY

1. GENERAL PROVISIONS

This Privacy Policy (“Policy”) describes how NexorTech d.o.o., headquartered in Sarajevo, Džemala Bijedića 162/2, as the data controller, collects, uses, stores, and protects the personal data of users who use the application for generating medical reports through speech and artificial intelligence (“Application”).

This Policy is aligned with the Law on Protection of Personal Data of Bosnia and Herzegovina (“Official Gazette of BiH”, Nos. 49/06, 76/11, and 89/11).

2. DATA WE COLLECT

When registering and using the Application, we may collect the following categories of personal data:

User (doctor) data:

  • Full name
  • Email address
  • License/authorization number
  • Name of healthcare institution
  • Contact details (phone, address)
  • IP address, device, and session information

Technical and usage data:

  • Application usage logs
  • Recorded audio files (temporarily, for transcription purposes)
  • Software version and device technical details

Note: Patient data entered during dictation is not subject to this Policy, as it is not stored permanently without patient consent and is processed exclusively within the user’s responsibility.

3. PURPOSE OF PROCESSING

Personal data of Application users is collected and processed for the following purposes:

  • Enabling Application functionalities
  • Transcription and report generation
  • Internal analysis for system improvement
  • Communication with users and technical support
  • Legal compliance and security monitoring

4. LEGAL BASIS

The legal basis for data processing is:

  • Performance of the contract between the user and the Service Provider
  • Legitimate interest of the Service Provider for improving the Application and preventing misuse
  • User consent where required (see below)

5. DATA ACCESS AND TRANSFER

Access to data is restricted exclusively to authorized employees of the Service Provider.

Data is not shared with third parties unless there is a legal obligation (e.g., a court order).

6. DATA STORAGE

Data is stored on secure servers in accordance with technical and organizational protection measures.

Audio recordings and transcripts are deleted after the report is completed, unless the user explicitly requests their storage.

The user has the right to access, correct, and delete their data at any time.

7. YOUR RIGHTS

In accordance with the Law on Protection of Personal Data of BiH, users have the following rights:

  • Right to information about processing
  • Right to access data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to object and restrict processing
  • Right to lodge a complaint with the Personal Data Protection Agency of BiH