Data Processors (Sub-Processors)
Which process the data that is stored/uploaded into the Collective Minds® platform (acting as Processors) to provide the Services
Subprocessor | Processing Activity | Purpose | Country/Region | Main safety measures |
Amazon Web Services Germany GmbH (AWS) | Hosting provider | To store the Platform and the data contained in the Platform: The Collective Minds® platform is hosted here. | Germany | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to uploading the data into AWS GmbH Servers. Encryption and enforced safety measures provided by AWS to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures, including the signature of the EU SCCs. |
Optional Sub-processors
Depending on the premium services you decide to activate or use (only available on-demand and when explicitly agreed with each Data Controller)
General information to take into account:
We only share data with Sub-Processors at the request of a user/Data Controller. We never provide access to our system/Platform to AI providers/partners, the datasets are only sent to them through a secure and verified channel.
In any case, the data is curated and minimized (using anonymization techniques) before being shaed with any AI providers/partners. Therefore, we never share with them directly identifiable data, only previously pseudonyimised and minimised/anonymised datasets (each Data Controller holds the pseudonymisation key, which cannot be shared) and only the necessary information for the Sub-Processor to process the data.
Datasets sent by Collective Minds must be deleted or returned once the results have been obtained and the AI provider/artner has processed them (unless otherwise explicitly instructed by the Data Controller).
Subprocessor | Processing Activity | Purpose | Country/Region | Main safety measures |
Icometrix | AI analysis of Radiological data | AI engine(s): icobrain-dm, icobrain-ms, icobrain-tbi, icolung, | Belgium | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Gleamer | AI analysis of Radiological data | AI engine(s): boneview | France | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Incepto Medical | AI analysis of Radiological data | AI engine(s): Keros, Arva | France | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Contextflow | AI analysis of Radiological data | AI engine(s): SEARCH lung CT | Austria | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Radiobotics | AI analysis of Radiological data | AI engine(s): RBknee | Denmark | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
AISentia | AI analysis of Radiological data | AI engine(s): AAA | United Kingdom | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Subtle Medical | AI analysis of Radiological data | AI engine(s): SubtleMR, SubtlePET | United States of America | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. Signature of the Processor-to-Processor EU Comission Standard Contractual Clauses (SCCs). |
BrainScan | AI analysis of Radiological data | AI engine(s): BrainScan | Poland | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Smart Soft Healthcare | AI analysis of Radiological data | AI engine(s): CoLumbo | Bulgaria | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. |
Lunit | AI analysis of Radiological data | South Corea | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to transfer any dataset to the Sub-Processor. Encryption and enforced safety measures and other measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of additional undertakings and safety measures. South Corea is under an EU adequacy decision and not required to sign SCCs. |
Data Processors (when we are acting as data Controllers)
That help us process data about users, clients, and partners who access, use, and interact with our services
Subprocessor | Categories of data and data subjects | Processing Activity | Purpose | Country/Region | Main safety measures |
Amazon Web Services Germany GmbH (AWS) | Encrypted and pseudoyimised users, clients, and partners data | Hosting provider | To store the Platform and the data contained in the Platform: The Collective Minds® platform is hosted here | Germany | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to uploading the data into AWS GmbH Servers. Encryption and enforced safety measures provided by AWS to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of strong additional undertakings and safety measures, including the signature of the EU SCCs. |
Google Cloud Platform | Encrypted and pseudoyimised users, clients, Institutions and partners data | Office functionality | Email, document storage, chat, etc. | Ireland | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to uploading and or sharing the data. Encryption and enforced safety measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of strong additional undertakings and safety measures, including the signature of the EU SCCs. In accordance with our internal policies, we will process only the minimum data necessary to provide the services and will prioritise the use of pseudonymised data when referring to users, customers, etc. |
Mailjet | Users’ email data | Messaging gateway | Email and SMS for marketing campaigns and general news/updates concerning the company. | France | Encryption and enforced safety measures provided by AWS to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature strong undertakings and safety measures. |
Google Analytics | Encrypted and pseudonymised users’ navigation data (not directly identifiable: approximate location and navigation) | Platform usage analysis | Analyse and understand community usage of the service to improve user experience | Germany | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to uploading and or sharing the data. Encryption and enforced safety measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of strong additional undertakings and safety measures, including the signature of the EU SCCs. |
HubSpot | Encrypted users, clients, partners and providers data | CRM Provider | Internal management of customer, contact and relationship information | United States of America | Pseudonymisation and data minimisation (anonymisation techniques) and encryption prior to uploading and or sharing the data. Encryption and enforced safety measures to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature of strong additional undertakings and safety measures, including the signature of the EU SCCs. |
Fortnox | Clients and providers data | Invoicing and billing | Invoicing and billing customers for services and development. | Sweden | Encryption and enforced safety measures provided by AWS to ensure confidentiality, integrity and availability. Signature of a DPA that includes the signature strong undertakings and safety measures |
Last update: June 2023