For purposes of this Policy, the following definitions shall apply:
"Agent" means any third party that collects or uses Personal or Sensitive Information under the instructions of, and solely for, pingmd or to which pingmd discloses Personal or Sensitive Information for use on pingmd's behalf.
"pingmd" means pingmd Inc, a Delaware corporation, with offices located at 404 5th Avenue, 5th floor, New York, NY 10018, and any of its subsidiaries, predecessors and successors in the United States.
"Personal Information" means any information or set of information that identifies or could be used by or on behalf of pingmd to identify (together with other information) a living individual. Personal information does not include information that is anonymized or aggregated.
"Sensitive Information" means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.
pingmd complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. pingmd has certified that it adheres to the Privacy Shield Principles of Notice, choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
pingmd complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. pingmd has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, and enforcement. If there is any conflict between the policies in this Policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit htts://www.export.gov/safeharbor/.
Where pingmd collects Personal Information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses Personal Information about them, the types of third parties to which pingmd discloses that information, the choices and means, if any, pingmd offers individuals for limiting the use and disclosure of Personal Information about them, and how to contact pingmd. Notice will be provided when individuals are first asked to provide Personal Information to pingmd, or as soon as practicable thereafter, and in any event before pingmd uses or discloses the information for a purpose other than that for which it was originally collected.
pingmd collects only the Personal or Sensitive Information that is submitted to it through its mobile or web application by individuals. pingmd hosts the platform by which individuals can connect with medical providers, but does not use the information which is sent through its platform. In order to create an account, an individual must provide his or her name, e-mail address, phone number, as well as his or her date of birth. pingmd asks for this Personal Information, upon first use of its platform, in order to facilitate, but not to provide, medical treatment by healthcare professionals through its platform. pingmd does not monitor communications between individuals and health care providers once an account has been created. pingmd supports HIPAA compliance for health care providers through its secure messaging service, and any information shared by an individual with a health care provider is not monitored.
pingmd’s Agent’s include its server host, Armor, Inc. (f/k/a FireHost). Armor, like pingmd, does not monitor or disclose the messages that are sent by individuals to health care providers, but rather, simply allows for the transmission of data over its servers. Other pingmd Agents are the contracted with health care providers who offer the pingmd service to their patients.
Where pingmd receives Personal Information from its subsidiaries, affiliates or other entities in the EEA or Switzerland, pingmd will use that information in accordance with the notices those entities provided to the individuals to whom that Personal Information relates and the choices made by those individuals.
pingmd will offer individuals the opportunity to choose whether their Personal Information is (a) to be disclosed to a third party (other than Agents), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. pingmd will not disclose Sensitive or Personal Information to a third party (other than Agents) or use Sensitive or Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless pingmd has received the individual’s affirmative and explicit consent (opt-in). If an individual wishes to opt-out, he or she may contact pingmd by e-mailing firstname.lastname@example.org for this request.
pingmd will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. pingmd will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current.
TRANSFERS TO AGENTS
pingmd will obtain assurances from its agents that they will safeguard Personal Information consistently with this Policy. Examples of appropriate assurances that may be provided by Agents include the following: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, and the agent being subject to EU Directive 95/46/EC (the EU Data Protection Directive), the Swiss Federal Act on Data Protection, its own Privacy Shield certification, or another European Commission or Swiss FDPIC adequacy finding.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, pingmd is potentially liable.
ACCESS AND CORRECTION
pingmd acknowledges that individuals have the right to access their Personal Information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
pingmd will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
pingmd will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that pingmd determines is in violation of this Policy will be subject to disciplinary action.
pingmd is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Any questions regarding the use or disclosure of Personal Information should be directed to pingmd at the address given below. pingmd will investigate and attempt to resolve complaints regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. For further assistance with a complaint:
EU-US Privacy Shield In compliance with the EU-US Privacy Shield Principles, pingmd commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with inquiries or complaints regarding this Policy, should first contact pingmd at the address located under the “Contact Information” heading. pingmd has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel
US-Swiss Safe Harbor In compliance with the US-Swiss Safe Harbor Principles, pingmd commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this Policy should first contact pingmd at the address located under the “Contact Information” heading. pingmd has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
Questions regarding this Policy should be submitted to pingmd by mail to:
16 W 36th St. Suite 902
New York, NY 10016
Or by e-mail to: firstname.lastname@example.org
LIMITATIONS & CHANGES
pingmd may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. The amended Policy will be made publicly available via pingmd’s website.
Effective Date: August 24th, 2016