The Health Insurance Portability and Accountability Act of 1996, as amended and supplemented by the Health Information Technology for Clinical Health Act of the American Recovery and Reinvestment Act of 2009, and their respective implementing regulations as amended from time to time (collectively “HIPAA”), some of the demographic, health and/or health-related information that we collect as part of providing the Services may be considered “protected health information” or “PHI.” Specifically, when we receive identifiable information about you from or on behalf of your doctors, healthcare specialists, professionals, providers, or organizations (“Healthcare Providers”) that information is PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We may only use and disclose your PHI in compliance with HIPAA and as permitted pursuant to the agreements between us and the Healthcare Providers we work with.
1. Types of Information We Collect
a. Personal Information that we collect about you. We collect Personal Information about our users. “Personal Information” is information relating to an individual that can be used to contact or identify you or individuals about whom you enter information as part of your activities on our Website or Services, such as first name, last name, phone number, street address, comments, company name and address, title, photograph, education, health and medical information, ethnicity, nationality, age, height, weight, eye color, hair color, username and/or e-mail address in combination with a password or security questions and answers, information that you or your clinician enter when creating or updating your account, or that we receive about you from a third party, such as a lab, as well as information that is linked to the forgoing information .
b. “Aggregated Information”. After stripping out any information that directly identifies you, or directly relates to you, from the Personal Information that we collect about you, we may combine that information with information we collect about other users.
c. Cookies and Pixel Tags which collect information about users of our Website. We may also use tools such as cookies and pixel tags to gather information as well. “Cookies” are small pieces of information that a website sends to your device while you are viewing the Website. We use both session Cookies (which expire once you close your web browser), persistent Cookies (which stay on your device until you delete them) and third-party Cookies (which are placed by a website from a domain other than ours) to provide you with a more personal and interactive experience. Persistent Cookies can be removed by following web browser help file directions. "Pixel Tags" (sometimes called "web beacons" or "clear gifs") are a snippet of code that collects information about a visitor’s behavior on a website, and then sends the information back to the originating platform to be processed and reported.
d. Unique Device Identifiers. Like most website providers, we passively collect certain information from your devices, such as your IP address, browser information, unique device identifier (“UDID”) and/or your mobile operating system.
e. User-Provided Information. We collect information that you provide directly to us when you engage in the following:
- When you request or schedule a product demonstration
- When you register for one or more of our newsletters
- When you engage with or participate in our services, products, or other offerings, including when you:
- When you register for an account through your healthcare provider
- When you complete your account profile and make any updates thereto (e.g., enter User Content (as defined in the Terms of Service) including without limitation medical history information
- When you communicate with us via e-mail, telephone, video conference, text message, or other methods
- When you communicate or engage with us on our social media accounts (e.g., Facebook, Instagram, LinkedIn, Twitter, Pinterest)
- When you inquire about, apply for, or initiate employment with EDC
- When you are working for EDC
h. Geolocation. If you access the Website through a desktop or mobile device, we will collect, monitor and/or remotely store geo-location data.
i. Third-Parties. We may also obtain information from other sources and combine that with information we collect directly. For example:
- To use our Services, you must have an account with a healthcare provider who also uses Services. Your healthcare provider may provide us with additional personal information about you, including your demographic, contact and medical information.
- We may also collect information about you from third parties, including but not limited to identity verification services, fraud detection service providers, credit bureaus, mailing list providers and publicly available sources. If you create or log into your account through a social media site, we will have access to certain information from that site, such as your name, account information and friends lists, in accordance with the authorization procedures determined by such social media site.
We use third-party services, such as Google Analytics, Google AdWords, Facebook Pixel, DoubleClick and Twitter Conversion Tracking, to track and analyze online behavior of our Users. We do this to better understand how you use the Website and Service, with a view to offering improvements for all Users, and to tailor our business and marketing activities accordingly.
- When you interact with us through social media networks, such as when you follow us, share content or contact us through Facebook, Twitter, Instagram, YouTube, Snapchat or other sites, we may receive information about you, including your profile information, picture, user ID associated with the social media account, friends list, and any other information you permit the social media network to share with third parties. The data we receive is dependent upon your privacy settings with the social network in question.
2. How We Use Your Information
a. Personal Information. We may use your Personal Information for the following representative purposes:
Create your account and profile, which is made available to the Clinic and users of the Services
Send communications and administrative e-mails to you
Satisfy our contractual obligations to you and provide the materials, goods and/or services that you request
Send you promotional/marketing information, newsletters, offers or other information
Perform internal operations, processing services, maintain user accounts, resolve disputes, establish, exercise, and defend legal claims, prevent and identify fraud, verify your identity and authenticate users
Personalize and tailor the features, performance and support of the Services
Analyze, benchmark and conduct research on user data and interactions with the Services
Identify your preferences, so we can notify you of new or additional products, services, contests, and/or promotions that might be of interest to you
Improve our services, content, programs, customer service, and overall user experience by aggregating and analyzing user data
Analyze the use of our products and services and information about users of the Services to enhance our marketing efforts
Communicate with you by e-mail, video conferencing, telephone, text message, app notifications, or other means about our company, our products, or other information that we believe may be of interest to you
Send you notices of a transactional, administrative or relationship nature, or as required by law
b. Aggregated Information. We may use Aggregated Information for the following representative purposes:
Perform internal operations on the Services
Improve the Website and customize the user experience
Aggregate the information collected via Cookies and Pixels to use in statistical analysis to help us track trends and analyze patterns
3. Lawful Processing; Legitimate Interests.
Performing a contract with you, or to take steps at your request prior to contracting with you
Protecting your vital interests or the interests of another person
Complying with our legal obligations
Pursuing our legitimate interests, including without limitation:
Providing, improving and customizing our Website and Services;
Administration of our operations;
Maintaining our accreditation status and complying with all reporting obligations related thereto;
Maintaining an ongoing relationship with healthcare providers, donors and prospective donors, and helping to connect them with others;
Understanding how our Website and Services are being used;
Exploring ways to develop and grow our business;
Ensuring the safety and security of our employees and others;
Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks; and
- Meeting our obligations and enforcing our legal rights
4. How We Share and Disclose Personal Information
c. We may disclose your Personal Information to outside individuals and/or companies that help us bring you the services and products we offer and to create, operate, and maintain our Website. For example, we may work with third-parties to: (a) manage a database of customer information; (b) assist us in distributing e-mails; (c) assist us with direct marketing and data collection; (d) provide data storage and analysis; (e) provide fraud prevention; (f) provide customer service; and (g) provide other services designed to assist us in developing and running our Website and/or Services and maximizing our business potential. We require that these outside companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us.
5. Use of Aggregated Information.
a. We use Aggregated Information to maintain and administer the Website, analyze trends, gather demographic information and comply with applicable law. We may share Aggregated Information with third-parties. We may share this information with others without express notice to you or consent from you, and we may, subject to applicable laws, exploit, use and disclose Aggregated Information without limitation of any kind. We authorize certain service providers to utilize Aggregated Information for their business purposes and in accordance with their privacy policies, such as to report on usage or industry trends to their customer base.
c. We may also use Pixel Tags, which help us analyze users’ online behavior and measure the effectiveness of the Website and our advertising and marketing. Pixel Tags or Clear gif files are tiny graphics with a unique label that work in a similar way to cookies and are used to monitor the user’s online activities. In contrast to cookies that are saved on a user’s computer hard disk, clear gif files are embedded invisibly in websites and are about as big as the full stop at the end of this sentence. Where appropriate, we may combine the information collected by such Pixel Tags with the Personal Information of our customers. We may also use other analytical tools to evaluate site performance through the use of aggregated data, which contain no Personal Information. We work with service providers that help us track, collect, and analyze this information.
d. Cookies, Pixel Tags, and/or other analytical tools that we may use on the Website may collect information about your visit, including the pages you view, the features you use, the links you click, and other actions you take in connection with the Website. This information may include your computer's Internet protocol (IP) address, your browser type, your operating system, date and time information, and other technical information about your computer. We may also track certain information about the identity of the Website you visited immediately before coming to the Website. Cookies, pixel tags, and/or other analytical tools in our e-mails may also be used to track your interactions with those messages, such as when you receive, open, or click a link in an e-mail message from us. We may also work with businesses that use tracking technologies to deliver advertisements on our behalf across the Internet. These companies may collect information about your visits to the Website and your interaction with our advertising and other communications, but no Personal Information is shared with them.
e. We may combine the information collected through Cookies, Pixel Tags and other analytical tools with other information we may have collected from you. This information may be used to improve the Website, to personalize your online experience, to help us deliver information to you, to determine the effectiveness of advertising, and for other internal business purposes. We may use and share aggregated and anonymous information to conduct market research and analysis for ourselves and/or for our business partners. For example, we may freely share such information with third parties who may use such data for their own marketing, advertising, research, or other business purposes. We may also freely share such information with our service providers in order for them to perform services to or for us.
f. The Website contains links to and/or enables certain third-party functionalities to enhance your experience on the Website, including social plug-ins, tools and APIs. Prior to using any third party functionalities (e.g., Facebook “Like” button) on the Website, you should consult the privacy notices of the third party providers of such functionalities (e.g., Facebook). The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices in respect of their own processing of your Personal Information. Your communications and interactions with such third parties in respect of their own processing of your Personal Information are solely between you and them and are at your own risk.
6. Data Retention.
b. Where we are processing Personal Information based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
c. Where we are processing Personal Information as set out in this policy, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Information erased (see Section 8, Deleting, Changing & Updating Your Personal Information).
d. Where we are processing Personal Information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
b. Ad Industry Opt-Outs. You can opt out of Internet-based and mobile advertising on your mobile device by visiting TRUSTe’s Ad Preference Manager, currently available at https://preferences-mgr.truste.com/.
You may can opt out of receiving online behavioral or internet based advertising by using the tools located at the Digital Advertising Alliance’s consumer choice page, currently available at http://www.aboutads.info/choices/ or the Network Advertising Initiative (NAI) opt out tool currently available at http://www.networkadvertising.org/choices/.
When using the ad industry opt out tools, note that: (a) if you opt-out we may still collect some data about your online activity for operational purposes (such as fraud prevention), but it will not be used by us for the purpose of targeting ads to you; (b) if you use multiple browsers or devices you may need to execute this opt out on each browser or device; and (c) other ad companies’ opt-outs may function differently than our opt-out, and we have no control over the practices of any third parties. We do not make any representations or warranties about such opt-out services. Such services are independent from us, and we have no control over, or responsibility for their performance.
8. BASIS FOR CONTINUED USE OF YOUR PERSONAL INFORMATION.
9. Notice to Californian Users Regarding Your Privacy Rights
a. Shine the Light. Pursuant to California Civil Code Section 1798.83, also known as the "Shine The Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (i) a list of the categories of Personal Information, such as name, address, e-mail address, and the type of services provided to that individual, that a business has disclosed to third-parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third-parties. EDC does not share Personal Information with third-parties for those parties’ direct marketing. To request the above information, California residents can e-mail us at contact us via e-mail at firstname.lastname@example.org or write to us at EDC Nexus, LLC, Attn: Privacy Office, 8 Aurora Ave, Saratoga Springs, NY 12866. Please note that, under California law, a business is only required to respond to such a request twice in any calendar year.
b. California Consumer Privacy Act. The California Consumer Privacy Act, Cal. Civ. Code §1798.100 et. seq. (“CCPA”), grants residents of California certain rights with respect to their Personal Information and requires us to provide such individuals with certain information, described in this Section.
i. Your Rights. California residents may exercise the following rights by contacting us by phone at the toll-free phone number (833) 914-1336 or by e-mail at email@example.com, or as described at the end of this document:
Know the ways in which we acquire, use, share, disclose and otherwise process your Personal Information;
Know the specific pieces of your Personal Information that we hold;
Request the deletion of your Personal Information, subject to several exceptions; and
Not to be denied goods or services for exercising these rights
c. Requesting Access to or Deletion of Personal Information. If you are a California resident, you have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months.
In order to verify your request, you will need to provide us with sufficient information to identify you individually so that we can comply with you request, including the name you provided to us when you created your account(s) (i.e. your legal first, last name or variants thereof, e.g. nicknames, aliases, titles (“Mr.”, “Mrs.”, “Dr.”, “Jr.”, etc.), the e-mail address(es) you use to correspond with us and any other e-mail addresses you have used with us in the past, your mailing address, including the state and city you reside in currently.
To make an information access and/or deletion request you may contact us by phone at the toll-free phone number (833) 914-1336 or by e-mail at firstname.lastname@example.org.
d. Notice Disclosures. Depending on the circumstances and which Service you use, we have disclosed the following categories of your Personal Information for a “business purpose” (as defined in the CCPA) in the preceding twelve (12) months:
First name, last name, your image and/or likeness, e-mail address, phone number, street address, comments, company name and address, title, work experience and skills, username and/or e-mail address in combination with a password or security questions and answers, account numbers or credit/debit card numbers, even without a security code, access code, or password if the account could be accessed without such information
Non-Personally Identifiable Information
Internet or other electronic network activity information
Audio, electronic, visual, or similar information
- Inferences drawn from any of the above information.
e. Non-Discrimination. We will not discriminate against you for exercising any of your rights under California law, including:
Deny you goods or services;
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
f. Do Not Track. Some web browsers may let you enable a "do not track" feature that sends signals to the websites you visit, indicating that you do not want your online activities tracked. This is different than blocking or deleting cookies, as browsers with a "do not track" feature enabled may still accept cookies. There is currently no industry standard for how companies should respond to "do not track" signals, although one may develop in the future. We do not respond to "do not track" requests or signals at this time.
This Website is not directed to or intended for children under 13 years of age. We do not knowingly solicit, collect or maintain information from those we actually know are under 13, and no part of our Website is targeted to attract anyone under 13. We also do not send e-mail correspondence to anyone who advises that they are under the age of 13. If we later obtain actual knowledge that a User is under 13 years of age we will take steps to remove that User’s Personal Information from our systems. If you are the parent or guardian of a child whom you believe has disclosed Personal Information to us, please contact us at contact us via e-mail at email@example.com or write to us at EDC Nexus, LLC, Attn: Privacy Office, 8 Aurora Ave, Saratoga Springs, NY 12866 so that we may delete and remove such information from our system.
We strive to keep your Personal Information private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of Personal Information collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Unfortunately, despite our best efforts, the transmission of data over the Internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Website, any transmission of Personal Information by you is at your own risk. We cannot guarantee that such information will not be intercepted by third-parties and we shall not be liable for any breach of the security of your Personal Information resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.
12. Third-Party Websites
14. Contact Us