The Personal Information we collect and transmit may include healthcare information, including billing, insurance, and medical information. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). We will maintain the privacy of your health information as required by HIPAA and the regulations promulgated under that Act. For additional information related to your healthcare information, please contact firstname.lastname@example.org.
Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it. For the purposes of Applicable Data Protection Laws including the European Economic Area Data Protection Law (the “Data Protection Law”), please note the following:
Non-Provider Users: The data controller is: PatientOne, Inc., 259 W. Front, Suite B, Missoula, MT 59802
Provider Users: The data controllers are YOUR healthcare provider and PatientOne, Inc., 259 W. Front, Suite B, Missoula, MT 59802
Data Protection Officer: Erik Guzik, email@example.com
Access to and use of the Services by a Healthcare Provider who is a PatientOne customer (a “Customer”) and such Customer’s authorized users is subject to and governed by the agreement between PatientOne and the applicable Customer as executed by authorized representatives of each party (the “Customer Agreement”). PatientOne may collect, use and disclose information from a Customer and such Customer’s authorized users as set forth in the Customer Agreement. If you would like more information about the Services or becoming a Customer, please contact us at firstname.lastname@example.org.
What Information Do We Collect and Why?
Personal Data that You Provide Through the Services
We collect Personal Information (e.g. demographic information) from you when you voluntarily provide such information, such as when you create a proﬁle on the Services, use the Devices in connection with the Services (including, without limitation, the software featured on the Devices and/or platforms made available by the third-party providers of the Devices (collectively, the “Integrated Services”)), contact us with inquiries, enter information into our Website contact form, respond to one of our surveys, or use certain features of the Services. We use this information to create your account and provide you with the Services.
In addition to demographic information, if you are a Patient, we may ask you to provide your contact preferences, certain contact information, such as your email address, mobile telephone number, and physical address, and other Health and Activity Data to us in order to create your account and provide you with the Services. Such Health and Activity Data may include your information about your health conditions, age, gender, weight, and height. You will also be asked to create a unique PIN to enter when signing into your profile. We collect this information to provide you more customized Services and to communicate information to your healthcare provider.
Primarily, the collection of your Personal Information assists us in creating your user login/profile, tailoring interventions to your healthcare needs, providing a means to track your treatments and symptoms for communication to your healthcare providers, and assessing treatment outcomes. Another primary purpose of collecting this information is to allow PatientOne to aggregate de-identified data that other providers and research institutions can use to better understand the symptoms associated with certain treatments. We may also use your Personal Information to (1) communicate with you about and manage your user profile; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) to enforce our terms and conditions; (6) manage and improve our operations and applications; (7) provide additional functionality; (8) protect our rights, privacy, safety or property, and/or that of yours or others; and (9) allow us to pursue available remedies or limit the damages we may sustain.
Failure to Provide Information
Providing your Personal Information is not statutorily or contractually mandated. If you choose not to provide this information, we cannot create a user profile for you, and you will be unable to use our Services.
IP Address; Device ID Information: The requests you make to PatientOne may contain your IP address (the Internet address of your computer or device). We may use Patients’ and other visitors’ IP addresses for various purposes, including to analyze and report upon usage of the Services; to diagnose and prevent service or technology problems aﬀecting the Services; and to monitor and prevent fraud and abuse. If you access the Services on a mobile device, we may also collect your device identiﬁcation number and request access to settings and location information for similar purposes.
Aggregated Personal Data: In an ongoing eﬀort to better understand and serve our Customers, other users of the Services and communities of patients with chronic health conditions, PatientOne conducts research on its user demographics and behavior based on the Personal Information we collect from you and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and PatientOne may share this research and related information in aggregated, de-identiﬁed and/or anonymized format with its aﬃliates, agents and other healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify you personally. PatientOne may also disclose aggregated, de-identiﬁed and/or anonymized information in order to describe our business and the Services to current and prospective business partners and Customers, and to other third parties for other lawful purposes.
You agree that such monitoring activities, if in compliance with applicable privacy laws, will not entitle you to any cause of action or other right with respect to the manner in which PatientOne or its affiliates or agents monitor your communications and enforces or fails to enforce the Terms of this agreement. In no event will PatientOne or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by PatientOne or its affiliates or agents.
Device and ISP Data
Where Is My Personal Information Stored And/Or Processed?
Information PatientOne collects through the Services will be stored on secure third party cloud-based servers. All of the information you share with us through the Services is encrypted during transmission using a public-key interface (PKI).
Will You Share My Personal Information with Anyone Else?
We consider your information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Information with certain third parties without further notice to you. Those circumstances are described below:
With Our Customers: If you are a Patient, we will share your Personal Information and Health and Activity Data with our Customer(s) that provide healthcare services to you. This will enable your Provider to track your Health and Activity Data and combine such Health and Activity Data with other information about you that your Provider obtains in providing healthcare services to you.
With Patient-Authorized Persons: If you are a Patient, you may have the option of identifying family and/ or friends in the PatientOne application to view certain of your information and receive alerts regarding your health and/or activities (“Permissions”). If you designate Permissions, we may make available certain of your Personal Information and Health and Activity Data, and related alerts, to the people you designate.
In the Event of a Business Transfer: We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.
With Our Agents, Consultants and Related Third Parties: PatientOne, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include data hosting and billing management. When we employ another entity to perform a function of this nature, we only provide the entity with the information that it needs to perform its speciﬁc function.
To Meet Our Legal Requirements: We may disclose your Personal Information if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of you, us, other users of the Services or the public, or (iv) protect against legal liability.
NOTE: We may, from time to time, rent or sell aggregated data and/or other information that does not contain any personal identifiers (i.e., if the information has been anonymized by stripping out identifiers such as name, address, phone number, etc.). The purpose of this type of disclosure is to allow research institutions to learn more about symptoms associated with your medical condition(s).
How Long Will You Retain my Information?
We store your Personal Information for as long as you maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, we will remove your Personal Information from our databases and will request that our business partners remove your Personal Information from their databases. However, once we disclose your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to email@example.com. We retain anonymized data indefinitely.
How Do You Protect My Personal Information?
PatientOne is committed to protecting the security and conﬁdentiality of your Personal Information. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot ensure the security of information you transmit to us. By using the Services, you are assuming this risk.
The information PatientOne collects and stores on secure servers is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If PatientOne learns of a security concern, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by an in-app notiﬁcation. Depending on where you live, you may have a legal right to receive such notices in writing.
You are solely responsible for protecting information entered or generated via the Application or Website that is stored on your device and/or removable device storage. We have no access to or control over your device’s security settings, and it is up to you to implement any device level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our Application or Website.
NOTWITHSTANDING ANY OF THE STEPS WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.
How Can I Protect My Personal Information?
We will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from PatientOne, DO NOT RESPOND to the e-mail and DO NOT CLICK on any links and/or open any attachments in the e-mail, and notify PatientOne support at firstname.lastname@example.org.
You are responsible for taking reasonable precautions to protect your user ID, password, and other User Account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify PatientOne at email@example.com if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.
EU DATA SUBJECT RIGHTS
If you are an EU data subject, you have the following rights under certain circumstances:
- to receive communications related to the processing of your personal data that are concise, transparent, intelligible and easily accessible;
- to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us without undue delay;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your personal data, including the right to object to marketing;
- to request that your personal data be moved to a third party;
- to receive your personal data in a structured, commonly used and machine-readable format;
- to lodge a complaint with a supervisory authority.
Where our processing of your Personal Information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at firstname.lastname@example.org. You can also exercise the rights listed above at any time by contacting us at email@example.com.
How Can I Update, Correct or Delete My Personal Information?
You can change your e-mail address and other contact information by editing your profile in the Application or on the Website. If you need to make changes or corrections to other information, you may e-mail firstname.lastname@example.org. If you remove data from your account, it will no longer appear to you in your profile. Backups of that data will remain associated with your account and in our archive servers. You can deactivate your account by writing to email@example.com.
Can I “Opt-Out” Of Receiving Communications From Company?
We pledge not to market third party services to you. We only send e-mails to you regarding your PatientOne account and services. You can choose to filter these e-mails using your e-mail client settings, but we do not provide an option for you to opt out of these e-mails. We consider these e-mails very important to maintaining your account.
By requesting communication via the PatientOne SMS messaging service, you acknowledge that you agree to receive text messages as part of the PatientOne Connect Program, with an estimated message frequency of 1 message per day relating to your care plan protocol. The PatientOne Connect protocol is meant to keep you on track for your health care objectives and provide a way for you to communicate directly with your care team.
You may use the following as part of your communication: reply HELP for help and reply STOP to stop.
Message and data rates may apply.
Carriers are not liable for delayed or undelivered messages
Information Submission by Minors
We do not knowingly collect personal information from individuals under the age of 18 and the Services are not directed to individuals under the age of 13. We request that these individuals not provide personal information through the Services. If you are aware of a user under the age of 13 using the Services, please contact us at firstname.lastname@example.org.
How Can I Contact PatientOne?