Effective April 1, 2020
INFORMATION WE COLLECT AND HOW WE USE IT
- Information Synchronous Health receives on applications or other forms, including, but not limited to, identifying information such as address, telephone number, e-mail address, social security number, date of birth, mother’s maiden name, medical history.
- Federal Tax ID #.
- Medical records.
- Investment information.
- Background security checks
The Synchronous Health Platform is available on a multitude of portable electronic devices. We provide our connection to mobile services for free, but please be aware that your carrier’s normal rates and fees, such as text messaging fees, may still apply.
USES OF COLLECTED DATA
Synchronous Health uses non-identifying and aggregate information to better design our Web site and to use in research and trend analysis. We only provide data to our partners, if any, after we have removed your name and any other personally identifying information from it, or have combined it with other people’s data in a way that it no longer personally identifies you. Synchronous Health uses non-identifying (De-Identified or “Safe Harbor” form) and aggregate information about responses to the clinical outcome assessments (personal assessments), and the frequency of the utilization of the Synchronous Health service. These efforts enhance program evaluation. The anonymous and aggregated data also may be published through various media platforms/academic journals. No personal identifying information is tied to the results, and Synchronous Health does not share anything that could be used to identify your account or your private information. From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future we will contact you before we use your data for these new purposes to notify you of the policy change and to provide you with the ability to opt out of these new uses. Synchronous Health stores data only for as long as it is necessary to provide products and services to you and others, including those described above and for legal protections or as required by applicable laws and regulations. Synchronous Health may enable access to public information that has been shared through our services. Synchronous Health may allow service providers to access information so they can help us provide services. IP addresses are used to identify the location of Participants, the number of visits from different countries and also to block disruptive use; and to analyze and improve the services offered on our website, e.g. to provide you with the most Participant-friendly navigation experience. Certain information is needed to provide you with services, so we only delete this information after you delete your account. Some forms of processing (geo-location, etc.) may require the express consent of the Participant. Specific information may be shown on the pages of the Site in connection with particular services or processing of Data provided by the Site Participant. Upon request we provide site visitors with access to a description of information that we maintain about them. Synchronous Health websites use industry-standard encryption technologies when transferring and receiving consumer data exchanged with our site. If you feel that this site is not following its stated information policy, you may contact us at addresses or phone number below. For content that is covered by intellectual property rights, like photos and videos you specifically grant Synchronous Health websites a non-exclusive, transferable, sub-licensable, royalty- free, worldwide license to use any IP content that you post on or in connection with Synchronous Health websites (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it. This Paragraph does NOT apply to photos, images or other videos shared ONLY with your Specialist in your private “chat” on the Platform. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
PERSONAL INFORMATION DISCLOSURES
We do not share nonpublic personal information about our customers, participants, or partners (present, former and potential) with anyone, except as required by law, or as follows:
- To any person when you authorize such disclosure.
- To computer services consultants and technicians or other security consultants, in order to ensure the confidentiality and security of customer & employee records.
- To financial service providers or consultants to carry out requested services, and/or to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.
- To independent auditors or consultants to carry out institutional risk control.
- To government or regulatory agencies, including self-regulatory organizations and to comply with a legal summons, court order, subpoena or a similar legal process, audit or investigation.
- To swap data repositories
PROTECTION OF INFORMATION & DATA
How We Protect Personal Information We restrict access to information about you to those employees who need to know that information as part of their job responsibilities. We also educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and our Code of Conduct. We take appropriate disciplinary measures to enforce employee privacy responsibilities. We have developed precautions that comply with federal regulations to ensure the security and confidentiality of customer records and information, to guard against any anticipated threats or hazards to the security or integrity of such records, and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to our customers or our employees. Synchronous Health maintains strict information security procedures, including physical, electronic and procedural safeguards, to protect the confidentiality of your information. We conduct semi-annual Risk Privacy Assessments and remediate to update our technology to improve the protection of information storage.
We protect nonpublic personal information by
- Restricting access to customer information to only those personnel for whom the information is necessary.
- Entering into written confidentiality/non-disclosure agreements with third party service providers for certain disclosures.
- Maintaining physical, electronic, and procedural safeguards that comply with the relevant laws and regulations; and
- Conducting Security & Data awareness training program to communicate and educate employees about information security policies and procedures in order to make them aware of their roles and responsibilities in safeguarding information resources.
- Synchronous Health uses firewall barriers and digital certifications to maintain the security of your online session and information.
- We do not collect any non-public personal information about visitors on our website, unless information is provided to us voluntarily or derived from website navigation and usage of the Synchronous Health website and online platforms.
- We may gather and analyze information regarding usage of our website, including domain name, the number of hits, the pages visited, previous/subsequent sites visited and length of Participant session. This information may be gathered by using cookies.
Protecting the Privacy of your fellow Synchronous Health Participants During the use of Synchronous Health websites services, you will not send or otherwise post unauthorized commercial communications (such as spam) on Sync.Health
- You will not collect Participants’ content or information, or otherwise access Sync.Health using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission.
- You will not upload viruses or other malicious code.
- You will not solicit login information or access an account belonging to someone else.
- You will not bully, intimidate, or harass any other Participant.
- You will not post content that: is hateful, threatening, or pornographic; incites violence; or contains nudity or graphic or gratuitous violence.
- You will not provide any false personal information on Sync.Health or create an account for anyone other than yourself without permission. You will not create more than one personal profile.
COPYRIGHTS OF SYNCHRONOUS HEALTH AND ASSOCIATED PRODUCTS
PROTECTING THE PRIVACY OF CHILDREN
The Site is not directed at children under 13 and we will not knowingly allow anyone under 13 to provide any personally identifying information. If you are under 13, please do not provide any information about yourself.
CALIFORNIA CONSUMER PRIVACY ACT – USE AND DISCLOSURES
Synchronous Health recognizes that California has articulated specific privacy rights of Synchronous Health Participants in that State. California Participants should understand that Synchronous Health does not sell Participant data to third parties. Further, Synchronous Health is a medical records retention company. As such, almost all Participant data is kept in encrypted storage as a medical record. State Law requires Synchronous Health to retain such records for at least seven years. The CCPA does not generally apply to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request, once a year, if Synchronous Health has shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. This is California’s “Shine-the-Light Law.” To request a copy of the information disclosure provided by Synchronous Health, please contact us on Synchronous Health websites at the “contact us” link on the website. Please allow reasonable time for a response. If you are a California resident under the age of 18, and a registered Participant of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted on our site. Synchronous Health does not have Participant below the age of 13 and does not typically allow Participants to publicly post information. However, if you feel you publicly posted information on the Site and you are between the ages of 13 and 17, please contact us on Synchronous Health websites at the “contact us” link on the website. Please allow reasonable time for a response. Please be aware that such a request does not ensure complete or comprehensive removal of the data/content you have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested. California Right to Know: You may request access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal data we have collected about you, the sources of such collection, the categories of personal data we share for a business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on Synchronous Health websites at the “contact us” link on the website. Please allow reasonable time for a response. California Designated Agent. You may designate an agent to make a request on your behalf. That agent must have access to your account for us to verify the request. California Non-Discrimination. Synchronous Health will never discriminate against you, including by denying or providing a different level of service should you choose to exercise your rights under the CCPA.
GDPR AND INTERNATIONAL PRIVACY
We respect and comply with the local laws of any international based Client. The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA and is commonly referred to as “GDPR.” The GDPR regulations include but are not limited to the following: disclosure when you sell, transfer or market to a third party the Participant’s data; access to collected data and clear consent for data provided; security and a notice sent out regarding any potential breach of said security. Finally, dependent of your EU country or origin, the GDPR takes what was previously termed the right “to forget” or request deletion of your data once you cease using an application or site. This tenant of the GDPR may conflict with applicable medical records retention laws. In the United States, this requires at least seven years of retention, which is common around the world and is sometime up to ten years or more in certain countries. So, unlike some data platforms, we cannot erase private health data directly upon a client’s request, as it may be considered essential for other medical file retention purposes. Applicable individual country medical retention laws are generally considered an acceptable exception to the GDPR regulations regarding the right to deletion of certain data.
We take privacy and security seriously. We have implemented security safeguards designed to protect the personal information that you provide in accordance with industry standards. Access to your data on the Site is password-protected, and, if we collect sensitive data (such as journal entries and credit card information), we will protect it by SSL encryption when it is exchanged between your web browser and the Site. However, since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you transmit to the Site. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails, instant messaging, and similar means of communication are not encrypted, and we strongly advise you not to communicate any confidential information through these means. Please help keep your account safe by using a strong password.
LINKS TO THIRD PARTY SITES
The Sync.Health websites may contain links to and from external websites. If you follow a link to any of these external websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or their policies. Please check these policies before you submit any personal data to these external websites.
CORRECTING AND REMOVING YOUR INFORMATION
HOW TO CONTACT US