PRIVACY SHIELD POLICY
HiDO Technologies Inc., d/b/a HiDO (“HiDO ,” “we,” “our,” or “us”) complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Privacy Shield Personal Data (as defined below) from European Economic Area countries. HiDO Technologies has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visithttps://www.privacyshield.gov/
When individuals and family members share information with HiDO, they expect that their data will be treated with respect. Our commitment to patient privacy goes beyond treating patient data as if it were our own; we strive to give each person autonomy and control over how their information is used and shared. HiDO is honored to walk with patients on their journey to better health. Our goal is to live up to this position of high trust and use that health information to improve every person’s quality of life.
“Data Subject” means the individual to whom any given Privacy Shield Personal Data refers.
“Personal Data” means any information relating to an individual residing in the European Economic Area that can be used to identify that individual either on its own or in combination with other readily available data.
“Privacy Shield Personal Data” means Personal Data received by HiDO Technologies in the U.S. from European Economic Area member countries in reliance on the Privacy Shield.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, sexual life, or criminal record.
Scope and Responsibility
This Privacy Shield Policy applies only to Privacy Shield Personal Data.
All employees of HiDO Technologies that have access in the U.S. to Privacy Shield Personal Data are responsible for conducting themselves in accordance with this Privacy Shield Policy. Adherence by HiDO Technologies to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations.
HiDO Technologies employees responsible for engaging third parties to which Privacy Shield Personal Data will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.
Privacy Shield Principles
HiDO Technologies commits to subject to the Privacy Shield Principles all Privacy Shield Personal Data (i.e., all Personal Data received by HiDO Technologies in the U.S. from European Economic Area member countries in reliance on the Privacy Shield).
HiDO Technologies notifies Data Subjects about its data practices regarding Privacy Shield Personal Data, including: (i) the types of Privacy Shield Personal Data it collects about them; (ii) the purposes for which it collects and uses such Privacy Shield Personal Data; (iii) the types of third parties to which it discloses such Privacy Shield Personal Data and the purposes for which it does so; (iv) the rights of Data Subjects to access Privacy Shield Personal Data about them; (v) the choices and means that HiDO Technologies offers for limiting its use and disclosure of Privacy Shield Personal Data; (vi) how Data Subjects can contact HiDO Technologies with any inquiries or complaints; and (vii) other information about HiDO Technologies’s compliance with the Privacy Shield as required by the Notice principle. Notice is provided in clear and conspicuous language-including through this Privacy Shield Policy-when Data Subjects are first asked to provide Privacy Shield Personal Data to HiDO Technologies or as soon thereafter as is practicable, but in any event before HiDO Technologies uses such Privacy Shield Personal Data for a purpose other than that for which it was originally collected or processed by the transferring organization located in the European Economic Area or discloses it for the first time to a third party.
The Privacy Shield Personal Data that HiDO Technologies collects includes patient data, customer data, clinical trial participant data, caregiver data, and health care provider data. HiDO Technologies collects sensitive personal information such as medication lists and other clinical data specific to the individual’s situation. Data collected may include: Name, Email address, Mailing Address, Date of Birth, Medical Condition and Phone number. We may collect Privacy Shield Personal Data when you create a HiDO account, use our mobile apps or websites, use our products, participate in a clinical trial, or otherwise contact us with a question, comment, or request.
The purposes for which HiDO Technologies collects and uses such Privacy Shield Personal Data include:
- Providing you with products and services, including customization and development of those products and services;
- Responding to your questions and comments and otherwise providing information that you request;
- Coordinating your care with your health care providers and health plans; • Obtaining payment for our products and services;
- Handling complaints;
- Analyzing and improving the products and the services we provide;
- Delivering marketing communications, promotional materials, or advertisements that may be of interest to you;
- Conducting research, including through clinical trials;
- Performing our legitimate everyday business operations; and
- Other purposes as required or permitted by law.
In addition, we may use de-identified health information to contribute to public health efforts regarding respiratory disease and for other uses.
HiDO Technologies may disclose such Privacy Shield Personal Data to the following types of third parties:
- agents (e.g., third party service providers) that need the information to perform services on our behalf;
- your health care providers and health plans, in connection with coordinating your care, improving your treatment, and/or obtaining payment for our products and services;
- third parties designated by you and with whom you elect to share your information through our mobile apps or websites (e.g., friends, family, and health care providers);
- third parties in association with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets;
- third parties as required by law or regulation and when we have a good faith belief that it is necessary to protect the legal rights, safety, and security of us or others; and
- law enforcement or other government entities to comply with or respond to law enforcement or legal process or a request for cooperation, such as complying with legal requirements to disclose Privacy Shield Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If Privacy Shield Personal Data is to be used for a new purpose that is materially different from that for which the Privacy Shield Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, HiDO Technologies will provide Data Subjects with an opportunity to choose whether to have their Privacy Shield Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Privacy Shield Personal Data should be sent to:Charles
If Privacy Shield Personal Data that qualifies as Sensitive Personal Data is to be used for a new purpose that is different from that for which the Privacy Shield Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, HiDO Technologies will obtain the Data Subject’s explicit consent prior to such use or disclosure, except if the use or disclosure is:
- In the vital interests of the Data Subject or another person;
- Necessary for the establishment of legal claims or defenses;
- Required to provide medical care or diagnosis;
- Related to data that are manifestly made public by the Data Subject.
3. Accountability for Onward Transfer
In the event we transfer Privacy Shield Personal Data to non-agent third parties, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Privacy Shield Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection to that Privacy Shield Personal Data as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Privacy Shield Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If HiDO Technologies has knowledge that a nonagent third party is processing Privacy Shield Personal Data in a way that is contrary to the Privacy Shield Principles, HiDO Technologies will take reasonable steps to prevent or stop such processing.
With respect to our agents, we will transfer only the Privacy Shield Personal Data needed for an agent to deliver to HiDO Technologies the requested service. Furthermore, we will (i) permit the agent to process such Privacy Shield Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection to that Privacy Shield Personal Data as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Privacy Shield Personal Data transferred in a manner consistent with HiDO Technologies’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify HiDO Technologies if it makes a determination that it can no longer meet its obligation to provide the same level of protection to the Privacy Shield Personal Data as is required by the Privacy Shield Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, HiDO Technologies will take reasonable and appropriate steps to stop and remediate unauthorized processing.
HiDO Technologies remains liable under the Privacy Shield Principles if an agent processes Privacy Shield Personal Data in a manner inconsistent with the Privacy Shield Principles. except where HiDO Technologies is not responsible for the event giving rise to the damage.
HiDO Technologies takes reasonable and appropriate measures to protect Privacy Shield Personal Data from loss, misuse, and unauthorized access, disclosure. alteration. and destruction, taking into due account the risks involved in the processing and the nature of the Privacy Shield Personal Data.
5. Data Integrity and Purpose Limitation
HiDO Technologies limits the collection of Privacy Shield Personal Data to information that is relevant for the purposes of processing. HiDO Technologies does not process such Privacy Shield Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject. HiDO Technologies takes reasonable steps to ensure that such Privacy Shield Personal Data is reliable for its intended use, accurate, complete, and current.
HiDO Technologies retains Privacy Shield Personal Data in identifiable form only for as long as it serves a purpose of processing, unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Privacy Shield Personal Data.
Data Subjects have the right to access Privacy Shield Personal Data about them and to correct, amend, or delete such Privacy Shield Personal Data if they can demonstrate that it is inaccurate. However, this right may be restricted in limited circumstances, such as when the burden or expense of providing access. correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated. Requests for access, correction, amendment, or deletion should be sent to:Charles
7. Recourse, Enforcement, and Liability
HiDO Technologies’s participation in the Privacy Shield is subject to investigation and enforcement by the Federal Trade Commission.
HiDO Technologies agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. HiDO Technologies acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
In compliance with the Privacy Shield Principles, HiDO Technologies commits to resolve complaints about your privacy and our collection or use of your Privacy Shield Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact HiDO Technologies at:
HiDO Technologies has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visithttp://www.bbb.org/EU-privacy-shield/for-eu-consumers/for more information and to file a complaint. The services of BBB EU PRIVACY SHIELD are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under certain conditions, you may be able to invoke binding arbitration before a Privacy Shield Panel, as described in Annex I of the Privacy Shield (available athttps://www.privacyshield.gov/article?id=ANNEX-l-introduction).
Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.
Effective Date: October 10, 2016