Privacy Notice

Effective Date: September  21st, 2022.

This Privacy Notice describes the privacy practices of MicroHealth in connection with MicroHealth’s websites and mobile applications that display this Privacy Notice. The Privacy Notice describes the types of personal information that MicroHealth collects and processes, how MicroHealth may use and share the information, and the choices that are available to you with respect to MicroHealth’s handling of the information. Please note that some functionality described in this Privacy Notice may not be available on our websites or mobile applications to all individuals or at all times.

1. Personal Information We Collect

In connection with your use of our websites and mobile applications:

·         You may submit information directly to us;

·         You may direct third parties to share information about you with us. We and our service providers may use automated means to collect information about the use of our websites and mobile applications.

The types of personal information we may collect in connection with your use of our websites and mobile applications include:

·         Personal and business contact information, such as your name, email address, mailing address, and phone number;

·         Demographic information, such as your gender, birth date, weight, height and location;

·         Username and password that you may select in connection with establishing an account on our websites or mobile applications;

·         A profile picture (which may be your photograph) that you may choose to associate with your account;

·         Medical or health information that you choose to provide to us (whether directly or through third parties), including information about your treatments for medical conditions, symptoms and medications you may take;

·         Healthcare professionals’ and medical researchers’ information about their work and research.

We, our service providers, and our business partners may also collect certain information about the use of our websites and mobile applications by automated means, such as cookies, web beacons and other technologies. A “cookie” is a text file that a website sends to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. We and our service providers and business partners may collect information about your online activities over time and across third-party websites when you use our websites and mobile applications.

The information that may be collected by automated means includes:

·         Details about the devices that are used to access our websites or mobile applications (such as the IP address, and type of operating system and web browser;

·         Dates and times of visits to, and use of, our websites and mobile applications;

·         Information about how our websites and mobile applications are used (such as the content that is viewed on our websites and how users navigate between our web pages, or the features of our mobile application that are used and how users navigate between screens on our mobile application);

·         URLs that refer visitors to our websites; and

·         Search terms used to reach our websites or locate our mobile applications.

Please see the “Your Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for interest based advertising purposes.

2. How We Use The Personal Information We Collect

We may use personal information to:

·         Operate and improve the services we offer, including our websites and mobile applications (including to develop new services);

·         Provide customer service and respond to your requests, inquiries, comments, and suggestions;

·         Establish and maintain an account on our websites or mobile applications;

·         Send you information such as confirmations, technical notices, updates, security alerts, and support messages;

·         Understand how you use the service and tailor the content we display to you in connection with our websites or mobile applications and in our communications;

·         Send you information about products and services offered by selected industry partners that may be considered adequate in accordance with your medical condition (such as commercial and non-commercial messages, sponsored and non-sponsored information about new and existing treatment options, and regulatory or product safety alerts);

·         Invite you to participate in clinical studies, surveys, and other market research;

·         Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests);

·         Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the use of our websites and mobile applications; and

·         Link or combine your information with other personal information we collect through our services or receive from third parties.

We may also de-identify and/or aggregate any personal information that we collect in connection with our websites and mobile applications, such that the information is no longer personally identifiable or attributable to you. We may use such de-identified and/or aggregated information for our own legitimate business purposes without restriction.

3. Personal Information We Share

MicroHealth does not share personal information except as described in this Privacy Notice. We may share information that we obtain about you with:

·         Our affiliates and subsidiaries for the purposes described in this Privacy Notice;

·         Our service providers, vendors or consultants that perform services on our behalf;

·         We may share de-identified and/or aggregated information with third parties for data analysis, demographic profiling, marketing, advertising, research and other similar purposes; and

·         Third parties with whom you ask, consent or authorize us to share your personal information. For example, you may request that we send your personal information (whether on a one-time or recurring basis) to a healthcare provider or a company that maintains your health records or information. In addition, you may be given the opportunity to make a purchase or receive services from a third party through the websites or mobile applications, and we will share your information with that third party only to the extent that it is related to that purchase or receipt of services. These third parties may use or share personal information in accordance with their own privacy policies. We strongly suggest you review the third parties’ privacy policies before asking or authorizing us to share your personal information.

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, where required by applicable law, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.

In addition, we may share your information to comply with legal requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.

4. Minors

Our websites and mobile applications are not intended for individuals under 18 years of age, and individuals must be at least 18 years of age to register with our websites and mobile applications. If you are the parent or legal guardian of a child under the age of 13, you must register in order to manage the account for the minor. Otherwise, we do not knowingly collect personal information from children under age 13 and the use of our products and services is prohibited.

 

5. Your Rights and Choices

You have certain rights and choices regarding MicroHealth’s processing of your personal information:

·         You may unsubscribe from receiving marketing or other commercial emails from MicroHealth by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as changes in websites on mobile applications terms);

·         Your web browser may provide you with the ability to disable receiving certain types of cookies; however, if you disable cookies, some features or functionality of our websites may not function correctly; and

·         You may correct, update, or change any information provided and stored in MicroHealth’s database by updating your profile. In countries that provide you with a legal right to request that we delete your personal information, or request that we cease some or all processing of your personal information, you may make such a request; however, your choice to exercise these rights may affect your ability to continue to use our websites or mobile applications.  If you ask MicroHealth to delete your information, MicroHealth may retain any information in aggregate form and use and share such aggregate data for its business purposes. We reserve the right to verify user identity in connection with access or correction requests to help ensure that we provide the information to individuals to whom it pertains.

6. International Data Transfers

We may transfer your personal information to countries other than the country in which the data was originally collected. For example, if you are located outside of the United States, we typically transfer personal information to the United States. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the personal information. Our websites and mobile applications are not intended to subject MicroHealth to the laws or jurisdiction of any state, country or territory other than that of the United States.

7. Processing of personal data of data subjects who are in the European Union

In accordance with article 3(2) Regulation (EU) 2016/679 (“GDPR”), MicroHealth, as an entity falling under the scope of the European data protection framework has adapted its processing activities to make them compliant with European standards.

As such, you are hereby informed, unequivocally, that all personal data provided to MicroHealth, as well as any other personal data will be incorporated into MicroHealth’s record of processing activities. Additionally, and in accordance with the applicable European data protection regulations, you, as a data subject in the European Union are hereby informed of the following:

7.a Data Controller identity

MicroHealth is the Data Controller responsible for the processing of your personal data within the Site. MicroHealth Inc. is an entity domiciled at 2093 Philadelphia Pike #9328, Claymont, DE 19703, EIN number 47-4199935.

7.b Purposes and lawfulness of the processing and retention of the personal data

7.b.i Individual Consumers

If you interact with our platform as an individual consumer (e.g. patient, user, etc.) MicroHealth will process your personal data to carry out the purposes indicated in Section 2 of this Privacy Notice.

 

MicroHealth is legitimized to process your personal data for the above mentioned purposes in accordance with the following grounds of lawfulness:

 

        You have given consent to the processing of the personal data for one or more specific purposes (article 6(1)(a) GDPR).

        The processing is necessary for the performance of a contract to which you are a party of (article 6(1)(b) GDPR)

        The processing is necessary for the purposes of the legitimate interests pursued by MicroHealth, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (article 6(1)(f) GDPR)

In accordance with European Supervisory Authority recommendations, please find below a summarized table which indicates the term your data will be retained as well as the individual grounds of lawfulness that legitimize each of the purposes:

 

PURPOSE

GROUND OF LAWFULNESS

RETENTION PERIOD

Send you information  about products and services offered by MicroHealth.

Consent (article 6(1)(a)GDPR)

Until you unsubscribe from the service / revoke the consent granted.

Send you information  about products that you are already consuming.

Until you unsubscribe from the service / revoke the consent granted.

Send you invitations, by email or other means, to market research survey opportunities through MicroHealth’s program.

Until you unsubscribe from the service / revoke the consent granted.

Better understand you so that we may tailor messaging and services based on your interests, preferences and needs.

Until you unsubscribe from the service / revoke the consent granted.

Send you related information, including confirmation, technical notices, updates, security alerts and support messages.

Contractual relationship (article 6(1)(b) GDPR)

Until you unsubscribe from the service.

Provide and deliver products and services you request.

Until you unsubscribe from the service.

Send you information about products and services offered by our selected partners that may be considered adequate in accordance with your medical condition.

Until you unsubscribe from the service.

Communicate with you via text message, email, mobile alerts and other messaging services about commercial, non-commercial, sponsored and non-sponsored medical information, regulatory and product safety alerts, new drugs, and clinical studies.

Legitimate Interest (article 6(1)(f) GDPR) in improving our products and services.

Until you unsubscribe from the service.

Operate and improve our services.

Until you unsubscribe from the service.

Better understand how you use the services and thus optimize the service based on your interests, preferences and needs.

Until you unsubscribe from the service.

Link or combine your information with other personal information we collect through our Services or get from third parties to help understand your needs and expand our products and services.

Until you unsubscribe from the service.

Respond to your comments and questions and provide customer service

Consent / Contractual relationship / Legitimate interest

Until necessary for our customer service team to adequately address and close the comments and questions.

 

Your personal data will be processed for the term contained in the “retention period” section above.  At the end of said periods, MicroHealth informs you that it will keep your personal data blocked for the sole purpose of addressing any responsibilities that may arise in relation to the personal data. The personal data will be deleted upon the statute of limitations of said responsibilities.

To adequately provide you with the platform services, MicroHealth needs to access and process your health data. This type of data is defined by GDPR as “special categories of personal data”. To adequately allow MicroHealth to process said data, you hereby expressly consent to the processing of health data. MicroHealth hereby declares that it will process your health data strictly for the purposes enshrined in the table above. We remind you that the communication of your health data is voluntary. Nevertheless, please take into account that non-communicating this type of data may render the platform services ineffective.

In the event that you access our platform as a “Parent/ Relative/Guardian” of a patient you expressly warrant that you have all necessary powers of representation and/or authorization to act on behalf of said patient. MicroHealth informs you that you shall be liable for any damages that may be attributed to MicroHealth to this regard.

7.b.ii Health Care Professionals

If you interact with our platform as a healthcare professional (e.g. as a physician, nurse, pharmacist, etc.) MicroHealth will process your personal data to carry out the purposes indicated in Section 2 of this Privacy Notice.

 

MicroHealth is legitimized to process your personal data for the above mentioned purposes in accordance with the following grounds of lawfulness:

 

        You have given consent to the processing of the personal data for one or more specific purposes.

        The processing is necessary for the performance of a contract to which you are a party of (article 6(1)(b) GDPR)

        The processing is necessary for the purposes of the legitimate interests pursued by MicroHealth, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (article 6(1)(f) GDPR)

In accordance with European Supervisory Authority recommendations, please find below a summarized table which indicates the term your data will be retained as well as the individual grounds of lawfulness that legitimize each of the purposes:

 

PURPOSE

GROUND OF LAWFULNESS

RETENTION PERIOD

Send you information via email about products and services offered by MicroHealth and our selected partners.

Consent

(article 6(1)(a) GDPR)

Until you unsubscribe from the platform / revoke the consent granted.

Better understand you so that we may tailor messaging and services based on your interests, preferences and needs.

 

Until you unsubscribe from the platform / revoke the consent granted.

Send you related information, including confirmation, technical notices, updates, security alerts and support messages.

Contractual

relationship

(article 6(1)(b) GDPR)

Until you unsubscribe from the service.

Allow you to interact with your patients on the platform.

 

Until you unsubscribe from the platform.

Provide and deliver products and services you request.

 

Until you unsubscribe from the platform.

Communicate with you via text message, email, mobile alerts and other messaging services about commercial, non-commercial, sponsored and non-sponsored medical information, regulatory and product safety alerts, new drugs and clinical studies.

 

Legitimate Interest (article 6(1)(f) GDPR) in improving our products and services.

Until you unsubscribe from the service.

Operate and improve our services.

 

Until you unsubscribe from the platform.

Better understand how you use the services and thus optimize the service based on your interests, preferences and needs.

 

Until you unsubscribe from the platform.

Link or combine your information with other personal information we collect through our Services or get from third parties to help understand your needs and expand our products and services.

 

Until you unsubscribe from the platform.

Respond to your comments and questions and provide customer service.

Consent / Contractual relationship / Legitimate interest

Until necessary for our customer service team to adequately address and close the comments and questions.

 

 

 

Your personal data will be processed for the term contained in the “retention period” section above.  At the end of said periods, MicroHealth informs you that it will keep your personal data blocked for the sole purpose of addressing any responsibilities that may arise in relation to the personal data. The personal data will be deleted upon the statute of limitations of said responsibilities.

Finally, as a healthcare Professional, you are hereby informed that you will have access to Individual consumer information and will have the capacity to process said information in accordance with your own professional criteria. As such, you will be considered a Data Controller regarding the information you obtain from said Individuals and hence will be responsible for the processing of said information. MicroHealth guarantees to enable instruments to ensure Individual consent in regards to access to the information in the platform. Nevertheless, as a healthcare Professional, you shall be solely responsible for the medical advice granted and/or other purposes for which you will process their information, ensuring in all cases that you will obtain adequate legitimation for said alternative processing.

MicroHealth shall not be responsible for the processing you conduct of Individual personal data. As such, you hereby acknowledge and declare to hold MicroHealth harmless for any damages caused to the entity which are, directly and/or indirectly, attributable to your professional activity.

7.c Personal data recipients

 

7.c.i Individual Consumers

 

If you access our platform as an individual consumer, your personal data may be transferred to third parties to be used for their own purposes. In particular, the following parties may receive your personal data:

 

        Health care professionals that have a profile in the Site and which you have expressly authorized to receive the data.

        Designated Third Parties which you have expressly authorized to receive the data.

        Our partners and/or collaborators, who may obtain your aggregated or de-identified information following HIPAA safe harbor and/or expert determination regulations.

        Public administrations in order to comply with the applicable regulations.

 

Additionally, other entities may have access to your personal data to provide us with its services. These entities are defined by GDPR as ‘Data Processor’. As such, MicroHealth hereby guarantees you that it has duly regulated its relationships with all of its Data Processors through a contract or other legal act that is compliant with article 28 GDPR requirements.

 

 

 

7.c.ii Health Care Professional

 

If you access our platform as a healthcare professional, your personal data may be transferred to third parties to be used for their own purposes. In particular, the following parties may receive your personal data:

 

        Designated Third Parties which you have expressly authorized to receive the data.

        Our partners and/or collaborators, whom may obtain your aggregated or de-identified information

        Public administrations in order to comply with the applicable regulations

Additionally, other entities may have access to your personal data to provide us with its services. These entities are defined by GDPR as ‘Data Processor’. As such, MicroHealth hereby guarantees you that it has duly regulated its relationships with all of its Data Processors through a contract or other legal act that is compliant with article 28 GDPR requirements.

 

7.d Transfer of your personal data to our US Servers

 

By using the services of this Site, you are hereby informed that your personal data will be transferred to MicroHealth, Inc. servers, located in the United States. As of the date of this Privacy Notice, the United States of America has not been recognized by the European Commission as an adequate jurisdiction in regards to its data protection framework. The United States is therefore a country that does not offer sufficient security guarantees and whose current data protection framework does not resemble the European framework.

 

Nevertheless, the sending of your information to our American servers is necessary for the performance of our services and hence, of the contractual obligations that both MicroHealth and yourself have entered to at the time of your registration and acceptance of our policies. To this extent, you are hereby informed that registration in our platform and acceptance of our Privacy Notice implies your express acceptance of the transfer of your data to the USA to enable MicroHealth to perform its contractual obligations. MicroHealth hereby guarantees to process your data in accordance with European data protection standards.

 

7.e Data Subject rights

 

You may exercise your rights of access, to rectification, to erasure, to object, to restriction of the processing and to data portability before MicroHealth. This may be done via the following email address: privacy@microhealth.com. Please note that MicroHealth may request your application to be amended if it does not meet the necessary requirements. Additionally, if you consider that your data subject rights application has not been dealt with correctly, you have the right to lodge a complaint before the competent Supervisory Authority.

 

7.f Contact details of the representative of MicroHealth established in the EU

 

MicroHealth has appointed the following representative established in the Union to deal with any data protection matters within the EU:

 

MicroHealth España, S.L.

Calle Felipe Sanclemente, 6,

50001, Zaragoza, Spain

B-99311284

Email: privacy@microhealth.com

 

Any concern regarding this Privacy Notice may be addressed to the Representative established in the European Union.

 

8. How We Protect Personal Information

MicroHealth maintains reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot guarantee that the measures we maintain will ensure the security of the personal information.

9. Links to Websites and Third-Party Content

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by MicroHealth. The websites and third-party content to which we link may have separate privacy notices or policies. MicroHealth is not responsible for the privacy practices of any entity that it does not own or control.

This Privacy Notice does not apply to the privacy practices of any clinical study sponsor or its service providers that conduct a clinical study in which you participate, or any research institution, healthcare facility, physician, or any other entity or individual associated with the clinical trial.

10. Updates To Our Privacy Notice

MicroHealth reserves the right to change this Privacy Notice at any time. When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Notice and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Notice in other ways, such as via email or other contact information you have provided.

11. How To Contact Us

You may contact us with questions or comments about this Privacy Notice or our privacy practices, or to request access to or correction of your information. Our contact information is as follows:

MicroHealth, Inc.

Attn: Legal Department

2093 Philadelphia Pike #9328

Claymont, DE 19703

Email: privacy@microhealth.com