RamSoft is committed to protecting your privacy. This privacy policy describes our collection, use, and disclosure of your personal information when you utilize RamSoft offerings and products. By using RamSoft Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Please read this privacy policy in full. If you do not agree to the terms below then please do not use this site or services.

Definitions

For the purposes of this Privacy Policy:

You means the individual or entity accessing or using the Service, whether in their own representative capacity or on behalf of another.

Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to RamSoft Inc., and its subsidiaries, alliances and affiliates.

Affiliate means any entity, subsidiaries, joint venture partners, or other companies under the control of RamSoft, Inc.
Account means a unique account created for you to access our Service or parts of our Service.
Service refers to any RamSoft offering or product.‍
Service Provider means any natural person or legal entity who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

Third-party social media service refers to any website or any social network website through which a User can log in or create an account to use the Service.
Personal Data is any information that relates to an identified or identifiable individual.
Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
Website refers to any publicly available online RamSoft offering including, but not limited to, the RamSoft Site at ramsoft.com, OmegaAI® at https://www.omegaai.com/, Blume® found at https://blume.omegaai.com/ and RamSoft Communities at https://support.ramsoft.com/en/support/login.

Collecting and Using Your Personal Data

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to: Email address, First name and last name, Phone number, Mailing Address including State, Province, ZIP/Postal code, City.

Usage Data

Usage Data may be collected automatically when using the Service. Usage Data may include but is not limited to information such as your device type, browser type (desktop, mobile phone, tablet, or other), the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and unique device identifiers.

Tracking Technologies and Cookies

We use Cookies and other similar tracking technologies to track your activity on our Service and store certain information. You can instruct your browser to limit the types of Cookies used while using our Service. However, if you do not accept Cookies, you may not be able to use some parts of our Service. For more information about the cookies we use and your choices regarding cookies, please refer to our Cookies policy.

USE OF YOUR PERSONAL DATA

The Company may use Personal Data for the following purposes:

To provide and maintain our Service.
For the performance of a contract, including the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
To manage your requests: To attend to and manage your requests to us.

We may share your personal information in the following situations:

With Service Providers: We may share your personal information with Service Providers to monitor and analyze your use of our Service, to contact you, or for payment processing.
With Affiliates: We may share your information with our Affiliates, in which case we will require those Affiliates to comply with this Privacy Policy.
With Business partners: We may share your information with our business partners to offer you certain products, services, or promotions.

Retention of Your Personal Data

We will retain and use your Personal Data to the extent necessary to comply with our legal obligations or comply with applicable laws, resolve disputes, and enforce our agreements and policies. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed by the Company in any place where the parties involved in the processing are located. This means that your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction and subject to data protection laws that may differ from those in your jurisdiction.
Your consent to this Privacy Policy followed by your submission of personal information represents your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred and your data may become subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data, if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other Legal Requirements

The Company may disclose your Personal Data based on the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of the Company, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public and protect against legal liability. When necessary, the Company will limit the disclosures to the minimum extent required to comply with the above.

Security of Your Personal Data

The security of your Personal Data is important to us. No method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security from hackers and cyberattacks. The Company maintains suitable cyber insurance coverage to supplement the potential of such an event occurring.

Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Company will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws. Where the breach is likely to result in a high risk to the rights and freedoms of individuals, the Company will also notify the affected individuals without undue delay. Notification will include, to the extent possible, the nature of the breach, the categories and approximate number of individuals and records affected, the likely consequences of the breach, and the measures taken or proposed to address the breach.

Deletion of Personal Data

Upon issuing written instructions to RamSoft to cease processing of Personal Data, whether due to withdrawal of consent, fulfillment of the specified purpose, or any other reason, RamSoft shall restrict further active processing of the relevant Personal Data.
Please note that complete erasure of Personal Data, including from backup systems, archived records, or infrastructure logs, may not be technically feasible. In such cases, RamSoft will:

Extend confidentiality obligations to such retained Personal Data;
Restrict any further active processing of this data solely to those purposes that make erasure infeasible; and
Maintain such protections for as long as the data is retained.

Children’S Privacy

Our services may involve the collection and processing of personal information relating to individuals who are below the age required to provide valid consent under applicable data protection laws.
Where required by applicable law, we obtain verifiable consent from a parent or legal guardian prior to collecting or processing such personal information.
We implement appropriate safeguards to ensure that the personal information of minors is processed in accordance with applicable legal and regulatory requirements.
If you are a parent or legal guardian and believe that personal information relating to a minor has been collected or processed without appropriate consent, please contact us at privacy@ramsoft.com, and we will take appropriate steps in accordance with applicable law.

‍

Additional Information for Certain Jurisdictions

Below provides additional information about the collection, use, and sharing of privacy data in various regions of the world. These separate provisions may be applicable to you based on the location of you or the data.

I - CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

The CCPA (California Consumer Privacy Act), is available here . In order to exercise any of your rights under the CCPA, and if you are a California resident, you may reach out using the information provided in the Contact Us section of this policy or by sending us an email at privacy@ramsoft.com. The Company will endeavor to disclose and deliver the required information within 45 days of receiving your verifiable request. We may extend the period to provide the required information to you once by an additional 45 days when reasonable,necessary, and with prior notice to you.

Additional Consumer Rights Under the CCPA:

Right to Know / Access: You have the right to request that the Company disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting or sharing Personal Information, and the categories of third parties with whom we share Personal Information.

Right to Correction: You have the right to request the correction of inaccurate Personal Information that the Company maintains about you.

Right to Non-Discrimination: The Company will not discriminate against you for exercising any of your rights under the CCPA.

Do Not Sell My Information & Opt-Out Mechanism Under the CCPA, California residents have the right to opt out of the sale of their personal information. If you wish to exercise this right, you can submit a request by emailing us at privacy@ramsoft.com. Once we receive your request, we will process it in accordance with the requirements of the CCPA and ensure that your personal information is not sold unless you provide explicit consent in the future.

II - PIPEDA

PIPEDA Legislations and related regulations are available at this link. We understand that you may have preferences about how your data is used. If you would like to review or request changes to any of your personally identifiable information that is collected by us, in relation to PIPEDA, please email us at privacy@ramsoft.com.

III - Digital Personal Data Protection Act (DPDPA) - India

If you are located in India, the processing of your personal data will be governed by the provisions of the Digital Personal Data Protection Act, 2023 ("DPDPAct").

Under the DPDP Act, individuals whose personal data is processed are referred to as"Data Principals", and organizations that determine the purpose and means of processing such data are referred to as "Data Fiduciaries."RamSoft may process personal data on behalf of its customers in connection with the services provided through its platforms. In such cases, RamSoft acts as a Data Processor under the Digital Personal Data Protection Act, 2023.

A Data Processor refers to any person or entity that processes personal data on behalf of a Data Fiduciary and strictly in accordance with the instructions provided by the Data Fiduciary.

As a Data Principal, you have the following rights under applicable law:

Right to Access Information: You have the right to request confirmation as to whether your personal data is being processed and to obtain information regarding the categories of personal data being processed, the purpose of processing, and the entities with whom such data has been shared..
Right to Withdraw Consent: Where personal data is processed based on your consent, you may withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal.
Right to Grievance Redressal: You have the right to raise grievances regarding the processing of your personal data. RamSoft will acknowledge and address such grievances within a reasonable time in accordance with applicable laws.
Right to Nominate: You have the right to nominate another individual who may exercise your rights under applicable data protection laws in the event of your death or incapacity.

Grievance Redressal Mechanism: If you have any concerns, complaints, or requests relating to the processing of your personal data, you may contact our Data Protection Officer or Grievance Officer using the details provided below. RamSoft will review and respond to such requests in accordance with applicable data protection laws.

Data Protection Officer Contact: Email: dpo@ramsoft.com

IV. European Economic Area —GDPR

A. General

This Data Protection Policy establishes consistent data protection standards across the company for processing personal data within the European Union and the European Economic Area (EU/EEA), transferring personal data to company locations outside the EU/EEA and to safeguard data transferred outside the EU/EEA.

1. Contact

Data Processor: The data processor responsible for data processing pursuant to the GDPR is: RamSoftInc., 8 King Street East, Toronto, ON, Canada.

EU-GDPR Representative: Our EU-GDPR representative is the AF Pharma Service Europe SL Muntaner 281, 08021 Barcelona, Spain.

Data Protection Officer (DPO): For matters relating to personal data protection under the GDPR, you may contact our Data Protection Officer at: Email: dpo@ramsoft.com

2. Scope of Data Protection

Dataprotection applies to personal data, i.e. all information relating to anidentified or identifiable natural person. If you have any questions about this Privacy Policy, please contact us via e-mail: privacy@ramsoft.com. Depending on the type of request, validation of your identity may be required.

3. Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.

Right to access – We will confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.
Right to rectification – If any of the data we have stored is incorrect, we would certainly be happy to correct it.
Right to erasure – We will comply with your request as far as legally possible.

Please note that complete erasure of Personal Data, including from backup systems,archived records, or infrastructure logs, may not be technically feasible. In such cases, RamSoft will extend confidentiality obligations to such retained data, restrict further active processing of this data solely to those purposes that make erasure infeasible, and maintain such protections for as long as the data is retained.

Right to restriction of processing – Should you wish to restrict use, we will comply with your request as far as legally possible.
Right to withdraw your consent – Should you wish to revoke any previously granted consent, we will comply with your request. Revocation does not affect the permissibility of the processing of your data received previously.
Right to be informed – Individuals have the right to know how their data is collected, used, and processed.
Right to data portability – Individuals can request that their data be transferred to another controller or provided to them in a structured, commonly used, and machine-readable format.
Right to object – Individuals can object to the processing of their personal data in certain circumstances, including direct marketing.

4. Retention period

The data processed by us will be retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized, subject to the deletion limitations described in the Deletion of Personal Data section of this policy.

5. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption to protect your data in transit. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

6. Children

Our services may involve the collection and processing of personal information relating to individuals who are below the age required to provide valid consent under applicable data protection laws. Where required by applicable law, we obtain verifiable consent from a parent or legal guardian prior to collecting or processing such personal information. We implement appropriate safeguards to ensure that the personal information of minors is processed in accordance with applicable legal and regulatory requirements. If you are a parent or legal guardian and believe that personal information relating to a minor has been collected or processed without appropriate consent, please contact us at privacy@ramsoft.com,and we will take appropriate steps in accordance with applicable law.

7. Transfer

The Company may only transfer personal data from within the EU/EEA to entities located outside of this region (including granting access from a third country)under specific conditions

The third country must be recognized by the EU Commission as providing an equivalent level of data protection.
The transfer must adhere to the EU's standard contractual clauses.
Other approved safeguards as outlined under applicable GDPR provisions may be used.
In limited cases where the above options are not feasible, transfers may be permitted under specific exemptions (e.g., legal claims).

8.Monitoring and Reporting on the Regulations of Third Countries

The Company operating in jurisdictions outside of the company's primary region must immediately inform the Data Protection Officer if local laws impede the company's ability to fulfil data protection obligations or significantly impact the data protection guarantees provided under this policy.
The Company will assess the situation to identify practical solutions that align with the policy's objectives.
If the Company is compelled by a public authority to withhold information about data disclosures from the supervisory authority, it must actively seek to overturn this restriction and provide annual summaries of disclosure requests to the relevant authorities.
Transfers of personal data to public authorities must be justified, proportionate, and limited to what is necessary in an open society.
Data subjects have the right to enforce this provision.

B. Data processing when using our website

1. Technical provision of website

Regardless of whether you use services on our website, your device automatically transmitscertain data for technical reasons when you access our website. The following data may be stored:

Date and time of access
Browser type and version
Operating system
URL of the website previously visited
Volume of data transmitted
Requested domain
Notification of successful data retrieval
Search term when using a web browser
Abbreviated/anonymized IP
Full IP address
Diagnostic information in the event of errors

2. Contact, Contact form

The processing of your data in the context of contacting us via contact form, e-mail or support is carried out, depending on the content of the inquiry, in the case of purely informational inquiries on the basis of your consent, or insofar as the contact is in connection with pre-contractual performance obligations. For providing you with the contact form, we use the service of Salesforce Marketing Cloud, which processes the data on our behalf.

3. Newsletter

We provide you with a newsletter you can register to on our website. To send you the newsletter, we process your e-mail address you provided when registering.You may withdraw your consent at any time by sending an e-mail requesting the same to privacy@ramsoft.com or by following the instructions at the bottom of a newsletter e-mail to click"Unsubscribe".

4. Usage of cookies, statistics, advertising, tracking and retargeting

You can find further information on cookies in our Cookie Policy.You can also change the settings of your cookies via the respective change button in the cookie banner of the website. We use Google Analytics, Google Web Fonts, Google reCAPTCHA, Salesforce Marketing Cloud, LinkedIn, and Qualified Chatbot for analytics, marketing, and user interaction purposes. Each of these services processes data on our behalf and is subject to their respective privacy policies.

For communication and notification services in Our Service, we use the services provided by Twilio Inc. You have the option to manage, enable or disable these notifications at any time through the settings on your mobile device. For more information, please see: https://www.twilio.com/en-us/legal/privacy

C. Data processing when using our Service

We require technical operating data to enable the secure operation of our website and app and to be able to provide the contractually agreed services. For the technical provision of Web Browser Application, we use the hosting services of Microsoft Azure to process meta and communication data.

1. Technical provision of the Web Application

2. Technical Provision of the Mobile Application

In order to download the app, personal data is transmitted to the App Store/Play Store. We only process this data to the extent necessary for the download of the application.

When you want to use Blume®, you must register an account, either via Web Browser Application or Mobile Application. You can register with your email address or through a third-party provider's account (Facebook, Apple, Microsoft, orGoogle). Please note that removing third-party login connections does not lead to an automatic deletion of your personal data.

All users, regardless of region, can request the deletion of their Personal Data by contacting us at privacy@ramsoft.com.Upon receiving a valid request, we will take appropriate steps to delete the requested data unless legal or regulatory requirements mandate its retention.Please note that complete erasure of Personal Data, including from backup systems, archived records, or infrastructure logs, may not be technically feasible. In such cases, RamSoft will extend confidentiality obligations to such retained data, restrict further active processing, and maintain such protections for as long as the data is retained.

3. Registration of a Blume user account

While using Our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

4. User account data

First name and last name
E-Mail Address
Password(encrypted)

You can provide us with the following additional information if you want to.

Middle Name
Date of Birth
Language
Social Security Number (or relevant Identification Number)
Health Status
Mother’s Maiden Name
Mailing Address including State, Province, ZIP/Postal code, City, Country
Phone number
Emergency Contact

You can upload your documents, such as historical reports, medical image data, and other document types involved in patient care. If you want, you can share the personal information you uploaded with your healthcare provider. We do not decide on the purpose of the usage of the data, we only host and store the data for you.

‍

5. Manage and share documents

6. Communication and Notifications

For communication and notification services in Our Service, we use the services provided by Twilio Inc., 375 Beale Street, Suite 300, San Francisco CA 94105, USA . Twilio is a provider of communication services and allows us to receive and/or reply to your text messages or send you notifications. The purpose is to enhance your user experience and help you make the most of the Service’s features. You have the option to manage, enable or disable these notifications at any time through the settings on your mobile device.

7. Data subject requests, contacting us, and bug trackin

We use Jira ticketing system, a platform from Atlassian Inc., to handle your claims and inquiries via email and contact forms. Jira also acts as the primary bug tracking tool in support of the Service.

8. Search functionality

We use Elasticsearch for the provision of the search function via the search box and for navigation and filters.

9. Crash reporting and Troubleshooting

We useDatadog for Cloud Monitoring. The service is used for the collection ofapplication logs, crash reports, and records of full user interactions of OurService. The legal basis for data processing is your consent. You can withdrawyour consent for data processing at any time.

10. Browser Refresh within the App

We usethe service Twilio Sync in order to refresh pages in our App. Twilio Syncstores metadata of the processes performed for 120 days before being deletedand does not store any personal or sensitive information generated from theService.

D. Data processing on behalf of healthcare facility

1. Booking appointment

In the context of booking appointments via the calendar function, we process personal data on behalf of the healthcare facility to manage user accounts, to enable functions around appointment booking, to provide customer support and to share with the user relevant information around appointment booking.

‍

Links to Other Websites

Our Service may contain links to other websites that are neither operated nor controlled in any way by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will update the "Last updated" date at the top of this Privacy Policy to reflect the effective dates of the updates. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

For matters related to data protection and privacy, you may contact our privacy team at privacy@ramsoft.com.Your request will be directed to the appropriate individual overseeing compliance with data protection regulations.

For matters relating to personal data protection under the GDPR or DPDPA, you may contact our Data Protection Officer at: dpo@ramsoft.com

Privacy Policy