Scope and Overview
PatientWorthy is committed to protecting the privacy and security of your personal data. This Privacy Notice describes how PatientWorthy and its subsidiaries, affiliates, and related entities (collectively, “PatientWorthy,” “we,” or “us”) collect and process personal data about persons residing in an EU member state who access the website www.patientworthy.com (the “Website”).
This EU Privacy Notice describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of your home jurisdiction. This EU Privacy Notice also describes your rights regarding the personal data that we hold about you including how you can access, correct, and request erasure of your personal data.
We will only process your personal data in accordance with this EU Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.
Collection of Personal Data
For the purposes of this EU Privacy Notice, personal data means any information about an identifiable individual collected by PatientWorthy in connection with such individual’s use of the Website. PatientWorthy may collect personal data directly from you when you register as a user of the Website or when you subscribe to our services. Personal data excludes anonymous or de-identified data that is not associated with a particular individual. We may collect, store, and process the following categories of personal data that you provide to when you register or subscribe:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Information collected during phone calls and conversations.
- Health-related topics of interest to you, which may include your personal health information if you share it with us.
Use of Personal Data
We only process your personal data as needed to manage and facilitate your relationship with PatientWorthy and provide the services and information you request. We will not use your personal data for any purpose other than the purpose for which it was collected without your express consent. Likewise, we will not share your personal data with any third party without your express consent. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.
We may also process your personal data for our own legitimate interests, including for the following purposes:
- To prevent fraud.
- To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
Collection and Use of Special Categories of Personal Data
The following special categories of personal data are considered sensitive under the laws of your jurisdiction and may receive special protection:
- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic data.
- Biometric data.
- Data concerning health.
- Data concerning sex life or sexual orientation.
- Data relating to criminal convictions or offences.
We may collect and process the following special category of personal data when you voluntarily provide it:
- Information about your health in order to allow you to interact with the Website and utilize the services we provide.
We do not and will not sell your personal data. Your personal data may be disclosed to our affiliates and contractors who require such data to assist us with administering the Website and making our services available.
We require all affiliates and contractors, by written contract, to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us. We do not permit our affiliates and contractors to process your personal data for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.
We may contact you about opportunities and services available through third parties and affiliates that we believe may be of interest to you. We will not share your personal data with any such third parties or affiliates unless you provide specific consent for us to do so.
All Data Stored in the U.S.
PatientWorthy is a U.S.-based company. All personal data that is collected through the Website is stored in the United States.
We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting requirements, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider our statutory obligations, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means. We specify the retention periods for your personal data in our data retention policy.
Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
Rights of Access, Correction, Erasure, and Objection
It is important that the personal data we hold about you is accurate and current. We encourage you to verify the accuracy of your personal data by accessing your user registration on the Website. By law you may have the right to request access to, correct, and erase the personal data that we hold about you, or object to the processing of your personal data under certain circumstances. You may also have the right to request that we transfer your personal data to another party. If you want to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us at firstname.lastname@example.org.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Right to Withdraw Consent
Where you have provided your consent to the collection, processing, and transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at email@example.com.
Changes to This Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.
If you have any questions about our processing of your personal data or would like to make an access or other request, please contact us at firstname.lastname@example.org.
Effective Date: March 16, 2021