HealthBeacon Limited
(“Privacy Notice”)
HEALTHBEACON
Privacy Notice USA
Version 2.0. Last
Revised: 12th April 2021
This Privacy
Notice is provided by HealthBeacon Limited, to participants in the HealthBeacon program
and mobile application “App” who have chosen to sign up to receive and use an
electronic smart sharps bin called a “HealthBeacon Unit”. This Privacy
Policy covers the collection and use of your personal health information
(“PHI”) in relation to your use of the HealthBeacon Unit and the
mobile App.
We are firmly
committed to protecting the confidentiality and security of your Personal
Information, as such term is defined herein. HealthBeacon may use or
disclose PHI to perform functions, activities and services for, or on behalf of
Express Scripts Holding, provided that such disclosure would not violate the
HIPAA Privacy and Security Rules if done by HealthBeacon.
The term “Personal
Information” means any information which can be used to identify a person
including by way of example, but not limitation, name, date of birth, mailing
address, social media and other third party platform account
identifiers, home phone number, mobile phone number, e-mail address, credit
card information, and/or Social Security number.
The term “Health
Information” means any information, in any form, related to the past, present,
or future health or medical status, condition, or treatment of a person,
including, by way of example, but not limitation, names of doctors, health
conditions, medicines, and/or prescription information and history.
This Privacy
Policy describes how we may use and disclose Health Information, and your
rights to access and update your Health Information, and how to request
restrictions on our use and disclosure of your Health Information.
COLLECTION, USE,
AND DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION
When
you enroll in the HealthBeacon program, the Personal
Information required to be submitted is limited to information that is
reasonably necessary to allow HealthBeacon provide the service to
you. The information you disclose in connection with the services is provided
strictly on a voluntary basis.
The HealthBeacon Unit
reminder schedule is based solely on information that you provide to
the HealthBeacon team. HealthBeacon shall not be
responsible for the effects of any incorrect information provided. For any
medical questions, you must contact your HealthCare Provider.
HealthBeacon complies
with all applicable requirements of the HIPAA Privacy and Security Rules and
has implemented the appropriate administrative, physical and technical
safeguards to prevent the use or disclosure of PHI in any manner other than
pursuant to the terms and conditions of this Agreement.
HealthBeacon complies
with the HIPAA Security Rule with respect to any electronic PHI
that HealthBeacon holds as part of the service.
USES AND
DISCLOSURE OF YOUR PERSONAL INFORMATION
PHI data collected
as part of the HealthBeacon Services may include, without
limitation:
·
Name.
·
Age and date of birth.
·
Gender.
·
Contact details (phone, address, e-mail, best time to contact).
·
Healthcare professional, hospital/medical centre details.
·
Pharmacy Details.
·
Details relating to medication being taken and how it is
administered.
·
Details of interactions with the HealthBeacon Services
including the smart sharps bin and the mobile app, such as missed doses and any
technical queries.
·
Details of interactions with the HealthBeacon team through the
customer care support line and mobile app chat feature.
·
Details of interactions with the Programme Nurse and/or other Programme
staff, including advice or information offered to you including information
provided during training sessions.
·
Information considered relevant by the HealthBeacon team you
speak to, including adverse event notifications, complaints, information on
clinical trial participation and information & service requests and
·
Feedback on the Programme
All the information
collected in relation to you for the above purposes is processed on the
basis of your consent.
HOW WILL
HEALTHBEACON USE AND SHARE YOUR INFORMATION
Your PHI data will
be used for:
·
Program administration, correct use of your HealthBeacon, delivery
and collection of products and services;
·
Reminding you when your medication is due, by SMS text, app
notification, phone or email as prescribed by the Health Care
Professional.
·
Tailoring the HealthBeacon services or the program
to you;
·
Providing you with information relating
to HealthBeacon services; Providing you with educational materials
and training sessions.
·
Reviewing calls and mobile app chat content for quality control and
safety reporting purposes.
·
Storing and managing your data on the HealthBeacon mobile
application
·
Providing your care team with information relating to your use of
the HealthBeacon services
·
Contacting you regarding any issues identified relating to
the HealthBeacon services, to inform you of changes and to collect
your feedback.
·
We may disclose your Personal Information to relevant third parties such
as auditors, lawyers, or other professional advisors
HealthBeacon will
not use or disclose your Personal Information in a manner inconsistent with applicable
law and this Privacy Policy.
Device and network
information
When you use our
smart sharps unit, mobile application, or website we collect information about
the app, browsers and devices that you use to access
the HealthBeacon services. The information that we collect may
include unique identifiers, browser type and settings, device type and
settings, operating system, and application version number. We also collect
information about the interaction of you and your browsers and devices with our
services, including IP address, crash reports, system activity, and the date,
time, and referrer URL of your request.
RIGHT TO
CONFIDENTIAL COMMUNICATIONS AND TO REQUEST RESTRICTION ON USE AND DISCLOSURE OF
PHI
HealthBeacon shall
comply in responding to your request for confidential communications or to
restrict the uses and disclosures of your PHI.
COMPELLED AND
NECESSARY DISCLOSURES
In certain
circumstances, we may be legally compelled to release your Personal Information
and Health Information in response to a court order, subpoena, search warrant,
law or regulation.
HOW YOU CAN
CORRECT/ UPDATE YOUR PERSONAL INFORMATION AND OR HEALTH INFORMATION
You can correct or
update your Personal Information or certain Health Information at any time by
calling the HealthBeacon Customer Care Team using the toll-free phone
number on the back of your HealthBeacon Unit.
RETENTION AND
DESTRUCTION OF PERSONAL INFORMATION
Subject to any
applicable business, legal, or regulatory requirements, we securely destroy
Personal Information when it is no longer required to fulfil our services and
commitments to you or to enforce our rights or meet our obligations.
YOUR ACCEPTANCE OF
THIS PRIVACY NOTICE
You are deemed to
have assented to the terms and conditions contained in this Privacy Notice when
you consent to the HealthBeacon program and that you accept the Terms
of Use into which this Privacy Notice is incorporated. You are deemed to have
read and accepted this Privacy Notice. If you do not agree to the terms of this
Privacy Notice, you will not be eligible to participate in
the HealthBeacon program. You may withdraw your consent at any time,
but if you withdraw your consent you may not be able to continue using
the HealthBeacon services.
The terms and
conditions contained in this Privacy Notice are subject to and may be
superseded by applicable Federal and State laws.
CHANGES IN OUR
PRIVACY POLICY
We use Personal
Information, Health Information collected from you pursuant to the scope of use
described in this Privacy Policy. However, we reserve the right, from time to
time in our sole and absolute discretion, to change, to modify, or to add
terms or remove terms from this Privacy Notice. Changes to this Privacy Notice
will be reflected when we post a new version number and updated revision date
on our website: http://www.healthbeacon.com
POLICY QUESTIONS
AND FEEDBACK
We welcome your
questions and comments on this Privacy Notice and the Terms of Use. If you have
general comments regarding these policies, please e-mail us. Specific questions
regarding the enforcement of these policies should be directed
to Quality@healthbeacon.com. For all HealthBeacon program related
queries, please contact the customer care team on free phone number: (857)
302-4872.
HealthBeacon Website
Privacy Policy
HEALTHBEACON
PRIVACY POLICY
Last Revised: April
2021
At HealthBeacon,
we are committed to protecting and respecting your data protection and privacy
rights. Please take a moment to read this Privacy Policy to find out more about
why and how we process your Personal Information. Personal Information (data)
is the information we hold in relation to you and this may vary dependent on
several factors.
Our aim is the
responsible and secure handling of Personal Information, balancing the benefits
of activities like research and data analytics to improve our products and
service delivery, with our other commitments, including fairness and
transparency. In Europe, we do so in accordance with the Data Protection Act
1988 and 2003 and the General Data Protection Regulation (GDPR)
(EU) 2016/679.
In the United
States, HealthBeacon may use or disclose PHI to perform functions, activities
and services for, provided that such disclosure would not violate the HIPAA
Privacy and Security Rules if done by HealthBeacon.
This Privacy
Policy describes how we may use and disclose Health Information, and your
rights to access and update your Health Information, and how to request restrictions
on our use and disclosure of your Health Information.
This Privacy
Policy will be supplemented by additional privacy notices tailored to our
specific relationships with you where this policy is useful to provide you with
a full picture of how we collect and use your Personal Information. In this
Privacy Policy, we refer to the HealthBeacon Program, Technology, Website, the
Apps and Social Media Content together as HealthBeacon Services.
HealthBeacon
services can be used by individuals under the age of eighteen (18), in which
case guardian information and consent will be required.
WHAT IS PROTECTED
HEALTH INFORMATION
As many health
care service providers, HealthBeacon receives and maintains certain personal
information. Some of this personal information is protected by federal and
state laws in the United States and under the GDPR in Europe. This type of
information is known as “protected health information” or “PHI”. PHI is health
information that identifies or could be used to identify a specific
person.
Protected Health
Information and Personal Information may be provided to us by you directly or
by a third party. For example, a Patient Support Provider, Pharmacy Benefits
Manager may add your information to the HealthBeacon system in order to provide
you with HealthBeacon services.
WHY DO WE PROCESS
YOUR DATA?
We process your
personal data in order to provide you with our services and to assist us in the
operation of our business. We are required to ensure that there is an
appropriate basis for the processing of your personal data, and we are required
to let you know what that basis is.
In Europe, under
GDPR, there are various options under data protection law, but the primary
bases that we use are (a) processing necessary for the performance of our
contracts with you, (b) processing necessary in order for us to pursue our
legitimate interests, (c) processing where we have your and/or your dependants’
consent, and (d) processing that is required under applicable law.
COLLECTION, USE, AND
DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION
The Personal
Health Information we collect, and hold depends on our relationship with you.
We process the identification and contact information and the data you input into
our programming forms or provide to us over the phone when you request a
HealthBeacon or when you join a HealthBeacon sponsored program.
When you enrol in
the HealthBeacon program, the Personal Information required to be submitted is
limited to information that is reasonably necessary to allow HealthBeacon
provide the service to you. The information you disclose in connection with the
services is provided strictly on a voluntary basis.
The HealthBeacon
schedule is based solely on information that you provide to the HealthBeacon
team. HealthBeacon shall not be responsible for the effects of any incorrect
information provided. For any medical questions, you must contact your
HealthCare Provider.
USES AND
DISCLOSURE OF YOUR PERSONAL INFORMATION
PHI data collected
as part of the HealthBeacon Services may include, without limitation:
·
Name.
·
Age and date of birth.
·
Gender.
·
Contact details (phone, address, e-mail, best time to contact).
·
Drug/Diagnosis
·
Details relating to medicine being taken and how it is
administered.
·
Health care professional, hospital/medical centre details, contacts
details.
·
Details of your interactions with the HealthBeacon services, such as
initial treatment start date, HealthBeacon start date, reminder preferences
missed doses and any technical queries related to the HealthBeacon Unit and the
service.
·
Other information considered relevant by HealthBeacon Care Team staff
you speak to, including information on, complaints, adverse event notifications
and information & service requests; and
·
Your satisfaction feedback on the Program.
PHI and personal
data will be used for:
·
Program administration, correct use of a HealthBeacon, delivery and
collection of products and services.
·
Reminders when medication is due by SMS text, phone or email.
·
Tailoring the HealthBeacon services or the program.
·
Providing information relating to HealthBeacon services.
·
Providing the care/ support team with information relating to use of the
HealthBeacon services
·
Contacting regarding any issues identified relating to the HealthBeacon
services, to inform of changes and to collect feedback.
·
We may disclose personal Information to relevant third parties such as
auditors, lawyers, or other professional advisors
HealthBeacon will
not use or disclose Personal Information in a manner inconsistent with
applicable law and this Privacy Policy. We provide only the minimal PHI to
accomplish the intended purpose of the use and disclosure of the PHI.
This information
is only processed where relevant and necessary to ensure that we provide
adequate services and to allow the service to be evaluated and continuously
improved. All the information we collect for the above purposes is processed
on the basis of consent.
In the United
States, as Required by Law:
We may use or
disclose your PHI as required by Law Enforcement Activities, Legal Proceedings
and Court Orders. We may use and disclose your PHI to prevent or minimize a
serious threat to your health and safety or that of another person. We may also
provide PHI to law enforcement officials, for example, in response to a
warrant, investigative demand or similar legal process, or for officials to
identify or locate a suspect, fugitive, material witness, or missing person. We
may also disclose PHI to appropriate agencies if we reasonably believe an
individual to be a victim of abuse, neglect or domestic violence. We may
disclose your PHI if required to do so with a court or administrative order. We
may disclose your PHI in response to a subpoena, discovery request or other
legal process during a judicial or administrative proceeding. We may also
disclose PHI to those assisting in disaster relief efforts so that others can
be notified about your condition, status and location. • Family and Friends: At
your request, we may disclose PHI to a family member, friend, or anyone else
you inform us to provide the information to.
WHAT IS THE LEGAL
JUSTIFICATION FOR OUR USE OF THE DATA?
We are obliged to
advise you on the legal justification we rely on for using your Personal
Information.
Relevant data
protection laws seek to ensure that the way Personal Information is used is
fair. We may be required to obtain Personal Information from you to comply with
applicable legal requirements, and certain data may be needed to enable us to
fulfil the terms of our contract with you (or someone else), or in preparation
of entering into a contract with you (or someone else). We may inform you of
this at the time that we are obtaining the data from you. In these
circumstances, if you do not provide the relevant data to us, we may not be
able to provide our products and benefits to you.
For more sensitive
special categories of Personal Information, we will rely on either your consent
or one or more of the other legal justifications below):
Where we rely on
our legitimate business interests or the legitimate interests of a third party
to justify the purposes for using your Personal Information, those legitimate
interests will be set out in a supplemental privacy notice (which is tailored
to our relationship with you where this is useful to provide you with a full
picture of how we collect and use Personal Information). In any event our
legitimate interests will usually be:
·
pursuit of our commercial activities and objectives, or those of a third
party (such as direct marketing)
·
compliance with legal and regulatory obligations, and any guidelines,
standards and codes of conduct (such as detecting or investigating fraud or
money laundering)
·
improvement and development of our business operations and service
offering, or those of a third party
·
protection of our business, shareholders, employees and members, or
those of a third party (such as ensuring IT network and information security,
enforcing claims, including debt collection)
·
analysing competition in the market for our services (such as research,
including market research).
We may need to
collect, use and disclose Personal Information in connection with matters of
important public interest, for instance when complying with our obligations
under anti-money laundering and terrorist financing laws and regulations, and
other laws and regulations aimed at preventing financial crime. In these
cases, the legal justification for our use of Personal Information is that the
use is necessary for matters of public interest. Additional justifications may
also apply depending on the circumstances.
OTHER USES AND
DISCLOSURES:
In the United
States, as permitted by HIPAA, we may disclose your PHI to:
Public Health
Authorities, The Food and Drug Administration, Health Oversight Agencies,
Military Command Authorities, National Security and Intelligence Organization,
Correctional Institutions, Organ and Tissue Donation Organizations, Coroners,
Medical Examiners and Funeral Directors, Workers Compensation Agents.
Please be aware
that we are required as stated in the Health Insurance Portability and
Accountability Act (HIPAA) of 1996 to notify you in the event of a breach
involving your PHI and will do so as required by law. You have the right to obtain
a paper copy of this Privacy Policy by written request to the address
below.
·
Where permitted by applicable law and consent, HealthBeacon may share
Personal Information with other third parties, for example, HCPs, Care Programs
and Program Sponsors
·
Personal Information may also be shared by you on message boards, chat,
profile pages and blogs, and other HealthBeacon digital services to which you
are able to post information and materials (including, our Social Media
Content).Please note that any information you post or disclose through these
services will become public information and may be available to visitors and
users of the HealthBeacon digital services and to the general public. We urge
you to be very careful when deciding to disclose your Personal Information, or
any other information, when using the HealthBeacon digital services.
CATEGORIES OF DATA
HealthBeacon holds
different types of categories of data:
·
Data that is generated by the Equipment and Software Application Services
or through use of the Services (including but not limited to diagnostic data
(device plugged in, connecting to network etc) as well as records such as a
time stamped image of the injection drop made, the time and date the injection
drop was made, the location the injection drop was made, type of medication
injection, frequency of the injections, injections missed, late or early
injections, the demographic of patient including gender and age, patient
persistence and adherence scores),
·
Automated decisions based on data generated: Sometimes, as part of our
business operations, decisions about you are taken using automated computer
software and systems. These decisions do not involve human input, and the
software and systems apply pre-defined logic programming and criteria to decide
and assess how we deal with you in connection with the provision of services.
For example, we sometimes use automated decision making as part of a process
to: Sending SMS Reminders, sending SMS Reminders if a Unit is unplugged, Excluding
images. You have the right in certain circumstances not to be subject to a
decision which is based solely on automated processing.
·
Data on patients who have used and use a HealthBeacon or Guardian or
caregiver where appropriate.
·
Data on HCP, Pharmacy Benefit Managers, Patient Support Companies
involved in the HealthBeacon Program
WHAT USER AND
DEVICE DATA DO WE COLLECT THROUGH THE HEALTHBEACON SERVICE?
Along with our
third-party service providers we may collect user and device data in a variety
of ways when you use HealthBeacon services including:
·
internet browser and electronic device information
·
app usage data
·
data grouped together so that it is not possible to link the data to an
individual, known as aggregated data.
This information
may not reveal your specific identity and therefore may not be Personal
Information which is used as described in the earlier sections of this Privacy
Policy.
|
Methods of Data Collection |
Examples |
|
Through your internet
browser or electronic device |
Certain information is
collected by most websites or automatically through your electronic device,
such as your IP address (i.e. your computer’s address on the internet), ,
internet browser type and version, electronic device manufacturer and model,
language, time of the visit, pages visited, and the name and version of the
HealthBeacon services (such as the Firmware revision) you are using. We use
this information to ensure that the HealthBeacon services function
properly. |
|
Through your use of an App |
When you download and use an
App, we and our service providers may track and collect App usage data, such
as the date and time the App on your electronic device accesses our servers
and what information and files have been downloaded to the App based on your
device number. |
|
Using cookies and online
tracking |
To make this website work
properly, the HealthBeacon sometimes place small data files called cookies on
your device. Most websites do this. You can refuse to accept the cookies we
use by adjusting your browser settings. However, if you do not accept these
cookies, you may experience some inconvenience in your use of the Site and
some online products. We do not respond to browser do not track signals
currently. |
|
Physical location |
Subject to applicable law
(and your consent where required by applicable law), we may collect the
physical location We may obtain the location of your device if you provide
your address. We may share your location information with our partners and
other entities with whom we work in order to provide our collection service
if relevant. In some circumstances,
physical location information may become your Personal Information if you are
identifiable in relation to the physical location information. In such cases,
the physical location information will be handled as Personal Information as
described in the earlier sections of this Privacy Policy. |
|
Using information provided
by you |
Some information (for
example, your location or preferred means of communication) is collected when
you voluntarily provide it. Unless combined with Personal Information, this
information does not personally identify you. |
|
By aggregating
information |
We may group information
together so that it does not link to a specific individual, i.e. aggregate,
and use that information (for example, we may aggregate information to
calculate the percentage of our users who have a particular telephone area
code). |
Who is responsible
for third party services accessed via HealthBeacon digital services?
We are not
responsible for the privacy, information or other practices of any third
parties, including any third party operating any site or service to which the
HealthBeacon digital services link.
This Privacy
Policy does not address, and we are not responsible for, the privacy,
information or other practices of any third parties, including any third party
operating any site or service to which HealthBeacon digital services link. The
inclusion of a link on HealthBeacon digital services does not imply endorsement
of the linked site or service by us or by our group companies.
Please note that
we are not responsible for the collection, usage and disclosure policies and
practices (including the information security practices) of other organizations,
such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or
any other app developer, app provider, social media platform provider,
operating system provider, wireless service provider or electronic device
manufacturer, including any Personal Information you
CALL MONITORING
AND COMMUNICATIONS
To ensure that we
can meet the needs of our members we may record telephone calls to:
·
Improve the standard of service that we provide by providing our team
with feedback and training
·
Address queries, concerns or complaints
·
Prevent, detect and investigate crime, including fraud and money
laundering, and analyse and manage other commercial risks
·
Comply with our legal and regulatory obligations
We may also
monitor electronic communications between us (for example, emails) to protect
you, our business and IT infrastructure, and third parties including by
identifying and dealing with inappropriate communications, looking for and
removing any viruses, or other malware, and resolving any other information
security issues.
DURATION OF
PROCESSING
HealthBeacon will
process (use/store) PHI and personal data only for so long as you require us,
or as legally required by set retention periods. As a company recording medical
records, there are laws and regulations that apply to us which set minimum
periods for retention of Personal Information.
For example:
·
Where we hold Personal Information to comply with a legal or regulatory
obligation, we will keep the information for at least as long as is required to
comply with that obligation.
·
Where we hold Personal Information in order to provide a product or
service (such as a HealthBeacon), we will keep the information for at least as
long as we provide the product or service.
·
For further information about the period of time for which we retain
your Personal Information, please contact us.
RIGHT TO
CONFIDENTIAL COMMUNICATIONS AND TO REQUEST RESTRICTION ON USE AND DISCLOSURE OF
PHI
HealthBeacon shall
comply in responding to your request for confidential communications or to
restrict the uses and disclosures of your PHI.
DATA SECURITY
HealthBeacon
complies with all applicable requirements of the HIPAA Privacy and Security
Rules in the United States and Security of Processing rules under General Data
Protection Regulation (GDPR) and has implemented the appropriate
administrative, physical and technical safeguards to prevent the use or
disclosure of PHI in any manner other than pursuant to the terms and conditions
of this Agreement.
HealthBeacon
complies with the HIPAA Security Rule with respect to any electronic PHI that
HealthBeacon holds as part of the service
HealthBeacon has
put technological and organisational controls, including policies and
procedures, in place to protect personal data from loss, misuse, alteration or
unintentional destruction. HealthBeacon personnel who have access to the data
have been trained to maintain the confidentiality of such information.
Conditions to protect data to at least the same standard as the HealthBeacon
does are cascaded to all our contractors, sub processors and suppliers.
The HealthBeacon
carries out regular monitoring and testing of its security defences to ensure
they continue to be effective against the latest threats.
Data transferred
over the internet by us are protected using encryption technologies to ensure
they remain secure.
Please note that
no communications over the internet can be guaranteed as secure. Whilst we take
appropriate steps to protect your data, we cannot guarantee that it will remain
secure in transit.
INDIVIDUAL RIGHTS
Individuals have
several rights under applicable laws in relation to how the HealthBeacon uses
personal information. Individual have the right free of charge to:
·
Request a copy of the personal information held about them; you have the
right to receive a copy of the Personal Information we hold about you and
information about how we use it. This right is always applicable when we hold
your Personal Information (subject to certain exemptions)
·
Rectify any inaccurate personal data held.
·
Erase personal information held- this right is sometimes referred to as
‘the right to be forgotten’. This right entitles you to request that your
Personal Information be deleted or removed from our systems and records.
However, this right only applies in certain circumstances. Examples of when
this right applies to Personal Information we hold include (subject to certain
exemptions):
·
When we no longer need the Personal Information for the purpose, we collected
it
·
If you withdraw consent to our use of your information and no other
legal justification supports our continued use of your information
·
If you object to the way, we use your information and we have no
overriding grounds to continue using it
·
If we have used your Personal Information unlawfully
·
If the Personal Information needs to be erased for compliance with
law.
·
Right to restrict processing of Personal Information – you have the
right to request that we suspend our use of your Personal Information.
However, this
right only applies in certain circumstances.
·
You can exercise this right I you think that the Information we hold
about you is not accurate, but this only applies for a period that allows us to
consider if your Personal Information is in fact inaccurate.
·
The processing is unlawful, and you oppose the erasure of your Personal
Information and request the restriction of its use instead
·
We no longer need the Personal Information for the purposes we have used
it to date, but the Personal Information is required by you in connection with
legal claims.
·
You have objected to our processing of the Personal Information and we
are considering whether our reasons for processing override your
objection.
·
Right to data portability – this right allows you to obtain your
Personal Information in a format which enables you to transfer that Personal
Information to another organisation. However, this right only applies in
certain circumstances.
·
You may have the right to have your Personal Information transferred by
us directly to another organisation, if this is technically feasible.
This right will
only apply:
·
To Personal Information you provided to us, where we have justified our
use of your Personal Information based on your consent, the fulfilment by us of
a contract with you if our use of your Personal Information is by electronic
means.
Where we suspend
our use of your Personal Information, we will still be obliged to store your
Personal Information, but any other use of this information while (subject to
certain exemptions) our use is suspended will require your consent.
·
Restrict processing of personal information.
·
Object to the HealthBeacon’s use of personal information for their
legitimate interests.
·
Receive personal information in a structured commonly used and
machine-readable format; and
·
To have that data transmitted to another data controller.
These rights are
in some circumstances limited by European data protection legislation. If you
wish to exercise any of these rights please contact the HealthBeacon Data
Protection Officer using the contact details listed.
RIGHT OF ACCESS TO
PERSONAL INFORMATION –
Right to object to
processing of Personal Information – you have the right to object to our use of
your Personal Information in certain circumstances.
You can object to
our use of your Personal Information where you have grounds relating to your
particular situation and the legal justification, we rely on for using your
Personal Information is our (or a third party’s) legitimate interests. However,
we may continue to use your Personal Information, despite your objection, where
there are compelling legitimate grounds to do so or we need to use your
Personal Information in connection with any legal claims.
This right is
different where it relates to direct marketing and you can read about how to
exercise your right to opt-out of receiving any direct marketing in the ‘How
can you tell us about your marketing preferences?’ section of this Privacy
Policy.
You can also
object to the use of your Personal Information for direct marketing purposes at
any time (including if we are carrying out profiling related to direct
marketing).
Rights relating to
automated decision making and profiling – you have the right not to be subject
to a decision which is based solely on automated processing (without human
involvement) where that decision produces a legal effect or otherwise
significantly affects you. However, this right only applies in certain
circumstances.
This right is not
applicable if:
We need to make
the automated decision in order to enter or fulfil a contract with you. We are
authorised by law to take the automated decision. You have provided your
explicit consent to the decision being taken in this way using your Personal
Information.
Right to withdraw
consent to processing of Personal Information – where we have relied upon your
consent to process your Personal Information, you have the right to withdraw
that consent. This right only applies where we process Personal Information
based upon your consent.
Right to complain
to the relevant data protection authority – if you think that we have processed
your Personal Information in a manner that is not in accordance with data
protection law, you can make a complaint to the data protection
regulator.
If you live or
work in an EEA member state, you may complain to the regulator in that state.
This right applies at any time.
Right to provide
instructions regarding the management of your Personal Information after your
death (only where such right applies under applicable law)
You may have the
right to inform us of instructions on how we manage the Personal Information we
hold about you after your death. This right is applicable at all times when we
hold your Personal Information (only where such right applies under applicable
law). If you wish to exercise any your rights, please contact us.
IMPLICATIONS OF
NOT PROVIDING INFORMATION
Sharing
information with us is in both your interest and ours.
We need your
information in order to:
·
Provide our services to you and fulfil our contract with you.
·
Manage our business for our legitimate interests.
·
Comply with our legal obligations.
Of course, you can
choose not to share information, but doing so may limit the services we are
able to provide to you.
·
We may not be able to provide you with certain services that you
request. We may not be able to continue to provide you with or renew existing
services.
·
When we request information, we will tell you if providing it is a
contractual requirement or not and whether or not we need it to comply with our
legal obligations.
·
COMPELLED AND
NECESSARY DISCLOSURES
In certain
circumstances, we may be legally compelled to release your Personal Information
and Health Information in response to a court order, subpoena, search warrant,
law or regulation
HOW YOU CAN
CORRECT/ UPDATE YOUR PERSONAL INFORMATION AND OR HEALTH INFORMATION
You can correct or
update your Personal Information or certain Health Information at any time by
calling the HealthBeacon Customer Care Team using the phone number on the back
of your HealthBeacon Unit.
RETENTION AND
DESTRUCTION OF PERSONAL INFORMATION
Subject to any
applicable business, legal, or regulatory requirements, we securely destroy
Personal Information when it is no longer required to fulfil our services and
commitments to you or to enforce our rights or meet our obligations.
WHERE DO WE
PROCESS PERSONAL INFORMATION?
We may process
Personal Information both nationally and internationally. This may include
transferring Personal Information outside the European Economic Area (EEA).
Rest assured, we are committed to protecting and respecting your data
protection and privacy rights. We take additional steps to ensure the security
of Personal Information when we transfer it outside the EEA. Depending on the
nature of our relationship with you, we will transfer Personal Information to
parties located in other countries in the EU an EEA. When making these
transfers, we will take steps to ensure that your Personal Information is
adequately protected and transferred in accordance with the requirements of
data protection law.
This typically
involves the use of data transfer agreements in the form approved by the
European Commission and permitted under Article 46 of the EU General Data
Protection Regulation (GDPR) (the relevant data protection law). If there is no
data transfer agreement in place, we may use other mechanisms recognised by the
GDPR as ensuring an adequate level of protection for Personal Information
transferred outside the EEA (for example, the US Privacy Shield framework or
any framework that replaces it).
HOW DO WE KEEP
YOUR DATA SECURE?
Information
security is extremely important to us. HealthBeacon uses appropriate technical,
physical, legal and organisational measures, which comply with data protection
laws to keep Personal Information secure. If, despite our efforts, you believe
that Personal Information is no longer secure, please tell us so that we can
resolve any security issue.
As most of the
Personal Information we hold is stored electronically we have implemented
appropriate IT security measures to ensure this Personal Information is kept
secure. For example, we may use anti-virus protection systems, firewalls, and
data encryption technologies. We have procedures in place at our premises to
keep any hard copy records physically secure. Our team receive regular
training on data protection and information security.
When HealthBeacon
engages a third party (including our service providers) to collect or otherwise
process Personal Information on our behalf, the third party will be selected carefully
and required to use appropriate security measures to protect the
confidentiality and security of Personal Information.
Unfortunately, no
data transmission over the Internet or electronic data storage system can be
guaranteed to be 100% secure. If you believe that your interaction with us is
no longer secure (for example, if you feel that the security of any Personal
Information you might have sent to us has been compromised), please contact us
immediately.
YOUR ACCEPTANCE OF
THIS PRIVACY POLICY
You are deemed to
have assented to the terms and conditions contained in this Privacy Notice when
you consent to the HealthBeacon program and that you accept the Terms of Use
into which this Privacy Notice is incorporated. You are deemed to have read and
accepted this Privacy Notice. If you do not agree to the terms of this Privacy
Notice, you will not be eligible to participate in the HealthBeacon program.
You may withdraw your consent at any time, but if you withdraw your consent you
may not be able to continue using the HealthBeacon services.
The terms and
conditions contained in this Privacy Notice are subject to and may be
superseded by applicable Federal and State laws.
CHANGES IN OUR
PRIVACY POLICY
We use Personal
Information, Health Information collected from you pursuant to the scope of use
described in this Privacy Policy. However, we reserve the right, from time to
time in our sole and absolute discretion, to change, to modify, or to add terms
or remove terms from this Privacy Notice. Changes to this Privacy Notice will
be reflected when we post a new version number and updated revision date on our
website: www.healthbeacon.com
QUESTIONS AND
FEEDBACK
If you believe
your privacy rights have been violated, you have the right to file a complaint
with us. You also have the right to file a complaint with the Secretary of the
U.S. Department of Health and Human Services, Office for Civil Rights. We will
not retaliate against any individual for filing a complaint. To file a
complaint with us, or should you have any questions about this Privacy Policy
and Notice of Privacy Practices, send an email to quality@healthbeacon.com.
We welcome your
questions and comments on this Privacy Notice and the Terms of Use. If you have
general comments regarding these policies, please e-mail us. Specific questions
regarding the enforcement of these policies should be directed to quality@healthbeacon.com.
In the United
States, for all HealthBeacon program related queries, please contact the
customer care team on free phone number: (857) 302-4872.
In Europe, please
contact the customer care team on number: Writing: Data Protection Officer,
HealthBeacon, Unit 18 Naas Road Business Park, Muirfield Drive, Dublin 12. D12
WD85 or by email: quality@healthbeacon.com
RESPONSIBLE
DISCLOSURE GUIDELINES
Security issues
should be disclosed to quality@healthbeacon.com. We will investigate legitimate
security reports and respond within 1-2 business days, and make every effort to
quickly correct any issues, while following Data Protection guidelines and
responsibilities. If you identify a security issue you should not modify or
access data that does not belong to you.
WHEN WAS THE
PRIVAY POLICY LAST UPDATED?
This Privacy
Policy was last updated in April 2021. We review this Privacy Policy regularly
and reserve the right to make changes at any time to take account of changes in
our business activities, legal requirements, and the way we process Personal
Information. We will place updates on this website and where appropriate we
will give reasonable notice of any changes.
TERMS OF USE
Terms of Use for http://www.healthbeacon.com
These Online Terms
of Use only apply to http://www.healthbeacon.com.
Without prejudice
to your rights under applicable law, HealthBeacon reserves the right to amend
these Online Terms of Use at any time (including, without limitation, to
reflect technological or functional advancements, legal and regulatory changes
or good business practices). If HealthBeacon amends the Online Terms of Use, we
will notify users by posting the amended version with an updated effective date
on this HealthBeacon Website. By accessing or using the HealthBeacon Website,
you agree to be bound by the then current version of the Online Terms of Use.
If you disagree with these Online Terms of Use, or are dissatisfied with the
HealthBeacon Website, your sole and exclusive remedy is to discontinue using
the HealthBeacon Website.
In order to use
the HealthBeacon Website, you may be asked to furnish information that
constitutes an electronic signature. You accept that your electronic signature
is legally binding and equivalent to your written signature. You agree that
after your authentication for use of an HealthBeacon Website, both (i) your act
of ticking any checkbox on a form to indicate consent, or (ii) your use of
functionality of the HealthBeacon Website, constitute “electronic signatures”
within the meaning of the Electronic Commerce Act 2000, and manifest your
intention to consent (in particular, to the data collection, handling or
disclosure to which such “checkbox” or website functionality may relate, in
accordance with the Privacy Policy).
DISCLAIMERS
·
HealthBeacon will take reasonable care to ensure that the information
and content on the HealthBeacon Website is accurate, complete, up to date,
available and does not infringe any third-party rights. However, we do not
guarantee that this is always the case. The HealthBeacon Website and the
content and information on it are provided on an “as is” and “as available” basis,
with all faults. To the maximum extent permitted by applicable law,
HealthBeacon hereby disclaims all representations and warranties relating to
the information and content on the HealthBeacon Website, whether express
or implied, created by law, contract or otherwise, including, without
limitation, any warranties or conditions about satisfactory quality, fitness
for a particular purpose, title or non-infringement of third party
rights.
·
The information and content on the HealthBeacon Website do not constitute,
and is not intended to be, medical or financial advice. You should seek
independent advice before you make any decisions relating to your medical
condition or finances. To the maximum extent permitted by applicable law,
HealthBeacon hereby disclaims all liability for any loss or damage which may be
suffered by any person, whether suffered directly, indirectly, immediately or
consequentially, and whether arising in contract, tort (including negligence)
or otherwise, which arises out of, or in connection with, use of the
HealthBeacon Website or any decisions which you make in consultation with an
independent advisor or practitioner, except in the case of death or personal
injury resulting from HealthBeacon’s negligence.
·
HealthBeacon is not responsible, and provides no warranty whatsoever,
for the accuracy, effectiveness, timeliness and suitability of any information
or content obtained from third parties, including any hyperlinks to or from
third-party websites.
Your Use:
You agree:
- not to
disrupt, amend or intercept information posted on the HealthBeacon Website
or on any of HealthBeacon’s servers.
- to provide
only information that is accurate, complete and not misleading.
- to abide by
all applicable, national and international laws, rules and regulations.
- not to attempt
to circumvent any security features of the HealthBeacon Website.
- not to permit
any other person to use your account (failing which, you assume full
responsibility for those persons’ use of the HealthBeacon Website or mobile
app, and further acknowledge that such use is unauthorised and shall
constitute a material breach of these Online Terms of Use);