What information do we collect?

RetinaRisk collects personally identifiable information related to login and the information that the user provides. This can include email address, name, basic demographic info, and health-related information. 

RetinaRisk collects information on current users at any given time and former users for a period of time established in the chapter covering storage time.

Why do we collect your information?

Any of the information we collect from you may be used in one of the following ways:

  • We only store personally identifiable health data to be able to show users their own history, i.e. provided values.
  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve customer service (your information helps us to more effectively respond to customer service requests and support needs)
  • To process transactions (for subscribers)
  • We anonymize information that we store and process for any further purpose.

Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever in a personally identifiable form, without your consent, other than for the express purpose of delivering the purchased product or service requested.

Basis for processing personally identifiable information

RetinaRisk bases its processing on personally identifiable information on the user’s consent. This includes the process of anonymization of personally identifiable information.

RetinaRisk also processes personally identifiable information based on a contract when users become paying subscribers.

How do we protect your information?

All personally identifiable information, including health data, is kept by either Amazon Web Service (AWS) or Google Firebase which are processors for RetinaRisk. Any personally identifiable data is encrypted on our servers at AWS or Google.

Transfer to a non-EEA Country

RetinaRisk is aware that stringent conditions apply to the transfer of personal data to countries located outside the European Economic Area. RetinaRisk does not do so under any circumstances unless the relevant conditions are met as explained below.

RetinaRisk stores all data with AWS. The data is therefore moved to a non-EEA Country. AWS is subject to the Privacy Shield programme. Read AWS Privacy Policy here: https://aws.amazon.com/privacy/

Storage time

Personally identifiable information is stored for 5 years from your last entry. Anonymized information is stored for an unlimited amount of time.

Do we use cookies

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our App, conducting our business, or servicing you, so long as those parties agree to keep this information confidential and have agreed to a Data Processing Agreement. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, research, advertising, or other uses.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Terms and Conditions

Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at www.retinarisk.com

Rights of the data subjects

If you have given your consent to the processing of certain personally identifiable information, you are entitled to withdraw your consent at any time. That right, however, does not affect the legality of the processing that took place before the consent was revoked. 

You also enjoy other rights, such as the right to access your personally identifiable information, the right to correct incorrect or misleading personally identifiable information, the right to delete your personally identifiable information, the right to prevent the processing of personally identifiable information about you, and the right to transfer your own personally identifiable information. Keep in mind that your rights are not always void and may be subject to various conditions.

You can contact us at privacy@retinarisk.com if you have any such request

You may also lodge a complaint with any suitable Supervisory Authority if you believe that RetinaRisk is not processing your personally identifiable information applicably.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page, and/or send an email notifying you of any changes.

This policy was last modified on the 1st of September 2023

Contacting Us

If you have any questions regarding this privacy policy you may contact us using the information below.

Grandagarður 16
101 Reykjavík