Effective Date: August 15, 2016
CareSpeak Communications, Inc. (hereinafter collectively referred to as the "Company," "we," "us" or "our") provides a software platform to help patients, the patient's caregiver family and friends, and medical workers improve the patient's medical therapy outcomes. As such personal data is very important to the company, and we respect and protect an individual's privacy.
"Personal Information" or "Information" means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual's health.
Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.
The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
When signing up for the Company services, the users do so by providing their mobile phone number in order to communicate with the Company system via two-way text messaging. In doing so, the user is providing mobile phone carriers, and sms aggregator services access to the personal information exchanged via two-way text messaging. Users who do not wish to have their personal information disclosed to these third parties, will be advised at sign up, not to sign up for the service.
In order to provide its services to users, the Company receives technical support services from its wholly owned subsidiary CareSpeak d.o.o., located in Zagreb, Croatia (EU), which may have access to the users' personal information during their regular technical support activities. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Company is potentially liable.
Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security of Information on or transmitted via the Internet.
Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
Users have the right to request from the Company (a) access to a secure web portal containing their personal information to allow the individual to correct, amend or delete inaccurate information changes to their personal data (e.g. phone number, name, etc.), and/or (b) that their account be terminated and that all their personally identifiable data be permanently deleted, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
In order to deliver the appropriate service(s) to the patient, the Company may collect the following data for the purposes listed:
1 An "event date" may be a procedure date, a start of therapy date, a hospital discharge date, and any other even that may be relevant in a patient's medical therapy treatment and or other personal communications purposes
In order to provide patients, their caregivers, clinicians and program sponsors with the desired services, the Company has to rely on the following third parties:
The Company does not disclose user personal data, in ways other than described in this document. The Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We also may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
CareSpeak Communications, Inc.
Attn: Privacy Officer
220 Davidson Avenue, Suite 100
Somerset, NJ 08873
CareSpeak Communications, Inc. has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, EU individuals can access a binding arbitration option before a Privacy Shield Panel.