1. Introduction
This Privacy Notice explains how ASP Global Manufacturing GmbH, Im Majorenacker 10, 8207 Schaffhausen, Switzerland (“ASP”, “we”, “us”, “our”), collects, uses, stores, discloses, and otherwise processes personal data in connection with the ASP™ Assist mobile application and the related ASP™ Assist administrative portal.
This Privacy Notice applies to individuals who use ASP™ Assist as ASP employees, contractors, or internal testers; employees, contractors, or representatives of customer hospitals or other healthcare organizations; and users who contact ASP for technical, training, or service-related support concerning ASP™ Assist.
This Privacy Notice applies specifically and only to ASP™ Assist and its related app-connected services.
2. Data Controller and Data Processor
In accordance with the ASP Assist Licensed Application End User License Agreement, the customer acquiring the license(s), and using the services, is the data controller and ASP acts as the data processor.
Unless otherwise stated, , the Data Processor under this Privacy Notice is ASP Global Manufacturing GmbH, Im Majorenacker 10, 8207 Schaffhausen, Switzerland. Privacy questions or requests may be sent to [email protected].
Where local ASP affiliates or other ASP entities assist with onboarding, user administration, or support, they may process personal data in accordance with this ASP Assist Privacy Notice.
3. What personal data do we collect and process?
3.1 Account and profile data
This may include name, surname, business email address, country, hospital or organization name, and job or role information, together with account identifier and invitation or access status where applicable.
3.2 Authentication and access data
ASP™ Assist uses password-based login. We may process authentication records, account-access data, and session-related technical information necessary to authenticate users and maintain account security.
3.3 App activity and usage data
This may include searches performed in the app, selected filters and viewed content, compatibility checks and related interactions, saved favorites or lists, report-generation activity, training participation and progress, and related operational usage records.
Search activity is stored at tenant level on the server, while user-level search history may be displayed to the logged-in user within the mobile app.
3.4 Device and technical data
This may include device type and model, operating system and version, app version, language or region settings, diagnostic data, crash data, and performance or troubleshooting information generated through the operation of the app or related monitoring tools.
3.5 Scan, upload, and submitted content (User Content)
Where relevant to the app’s functions, this may include scan results such as barcodes, QR codes, or similar identifiers, and images captured in the app for device-related processing.
Device images are processed but not stored after processing.
3.6 Support and User Content Data
If you contact ASP regarding ASP™ Assist, we may collect contact details, support request content, screenshots, attachments or files you submit, communications history, and case or ticket records. Support requests route to a configured email inbox and support chat channel.
3.7 Training and learning data
Where the app includes training or educational features, this may include course participation, training status, test results, and completion records. This information is intended for the logged-in mobile-app user and is not currently exposed.
3.8 Sensitive data
ASP™ Assist is not intended for the upload or processing of patient-identifiable information, medical records, or other special category personal data.
Users must not submit unnecessary sensitive, patient, or confidential data through image uploads, support tickets, free-text entries, or attachments.
4. Where do we collect personal data from?
We may collect personal data directly from you; from your employer, hospital, or organization when access is requested or provisioned; from ASP personnel or authorized administrators who create or manage access; automatically through your use of the app and related systems; and from service providers that support hosting, diagnostics, communications, support, or infrastructure.
5. How and why do we process personal data?
We may process personal data to provide ASP™ Assist and its core functionality, including account creation, authentication, compatibility search, scan-related processing, favorites, reporting, and training features.
We may process personal data to administer organizations and user access, including onboarding, access provisioning, user direct support management, and service administration.
We may process aggregated and anonymized personal data to operate, maintain, and improve the app and admin portal, including troubleshooting, diagnostics, stability monitoring, and service quality improvement.
We may process personal data to provide support and service communications, including responses to support requests and operational notices.
We may process personal data to deliver training and educational content and, where relevant, to track completion within the product experience.
We may process personal data to maintain security, prevent misuse, investigate incidents, and protect ASP, users, and systems.
We may process aggregated and anonymized personal data to produce operational analytics and service-planning insights consistent with the current implementation of the product.
ASP™ Assist uses push notifications for service-related purposes such as database updates, training reminders, news and studies, and IFU review-status updates. ASP™ Assist does not send marketing emails through the product.
6. What legal bases do we rely on?
Where GDPR or equivalent laws apply, ASP may rely on one or more of the following legal bases: performance of a contract; steps taken at your request prior to entering into a contract; compliance with legal obligations; legitimate interests in operating, securing, administering, supporting, and improving ASP™ Assist; and consent, where required by applicable law.
Where ASP relies on legitimate interests, those interests may include service delivery, user support, technical maintenance, diagnostics, analytics, security monitoring, misuse prevention, and responsible business operations.
Where processing is based on consent, consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
7. What happens if you do not provide requested information?
Where personal data is necessary for account creation, authentication, support, contractual performance, or required operational functions, ASP may not be able to provide all or part of ASP™ Assist if such information is not provided.
8. Do we make automated decisions about you?
ASP™ Assist is not intended to make decisions producing legal effects or similarly significant effects based solely on automated processing.
9. Do we use cookies or similar technologies?
ASP™ Assist may use app-based technical tools, monitoring services, software development kits, logs, and similar technologies to support authentication, app functionality, diagnostics, security, performance monitoring, beta distribution, and related operational support.
Where separate website experiences are linked to ASP™ Assist, those website experiences may be governed by their own Cookies Policies and Privacy Notices.
10. Who do we share personal data with?
We may share personal data with ASP authorized personnel only on a need for basis, for this application support, operations, administration, management, training, compliance, and related internal services purposes.
Authorized ASP administrators may access user and subscription-related data for hospitals or other customer organizations where necessary for provisioning, support, troubleshooting, or service administration.
We may share personal data with legal advisers, auditors, insurers, regulators, courts, law enforcement, or other authorities where required by law or necessary to protect rights, safety, systems, or business operations.
In connection with a merger, acquisition, financing, restructuring, sale of assets, or similar transaction, personal data may be disclosed as part of the relevant process subject to applicable legal safeguards.
11. International transfers
ASP™ Assist data is hosted within the AWS infrastructure located in the US. Personal data may also be accessed or processed in other countries where ASP.
ASP will implement appropriate safeguards for international transfers, which may include adequacy decisions, standard contractual clauses, or equivalent protections.
12. How long do we keep personal data?
ASP retains personal data only for the duration of the license agreement with the customer and/or the validity of the license assigned to a user by the customer.
13. How do we keep personal data secure?
ASP uses technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.
The controls in place include encryption at rest, encryption in transit using HTTPS, environment separation, and role-based access control.
No system can be guaranteed to be completely secure. Users are responsible for maintaining the confidentiality of their credentials and for using the app in accordance with applicable instructions and restrictions.
14. Organization-level visibility and administrator access
If you use ASP™ Assist through an organization account, authorized ASP administrators may access user and subscription-related data where necessary for service administration, provisioning, troubleshooting, or operational support.
Favorites are private and not shareable. Exports are not currently logged. Administrators can view aggregated reports related to searched devices.
15. Communications and notifications
ASP™ Assist may send service-related push notifications and operational notices. These notifications may relate to database updates, training reminders, news and studies, and IFU review-status updates.
ASP™ Assist does not send marketing emails through the product.
Where notification permissions are managed by the device operating system, users may manage those preferences through the relevant device settings.
16. Intended Users
ASP™ Assist is intended solely for professional and business use by persons who have reached the age of majority under applicable law. It is not intended for use by individuals who have not reached such age.
17. Your rights
Subject to applicable Data Protection Laws, you may have the right to be informed about how your personal data is used; request access, correction, deletion, restriction, objection, portability, or withdrawal of consent where applicable; and lodge a complaint with a competent supervisory authority.
Rights-related requests should be escalated through email-based channels.
18. How can you contact us?
If you have questions about this ASP Assist Privacy Notice, wish to exercise your rights, or want to raise a concern, you may contact ASP Global Manufacturing GmbH, Im Majorenacker 10, 8207 Schaffhausen, Switzerland, at [email protected].
19. Complaints
If you believe ASP has not handled your personal data in accordance with applicable law, you may have the right to lodge a complaint with the competent data-protection authority in your country or region.
20. Changes to this Privacy Notice
ASP may update this ASP Assist Privacy Notice from time to time to reflect changes in law, regulatory expectations, service providers, internal processes, or app functionality. The updated version will be made available through the app notifications , or another appropriate channel, and will indicate the effective date.
