“PERSONAL INFORMATION” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION TO IDENTIFY OR CONTACT A SINGLE PERSON OR TO INDENTIFY AN INDIVIDUAL IN CONTEXT. IF WE CAN LINK PARTICULAR INFORMAITON (DIRECTLY OR INDIRECTLY) TO AN INDIVIDUAL, WE WILL CONSIDER THIS INFORMATION PERSONAL INFORMATION, AND WE WILL PROTECT IT.
Please read the following carefully to understand our views and practices regarding your Personal Information and how we treat it. For the purposes of Applicable Data Protection Laws, including the European Economic Area data protection law (the “Data Protection Law”), the data controller is Prism Care™, Inc. located at 2745 Dallas Parkway, Suite #500 Plano, TX 75093.
BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS PORTAL, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT ACCESS THE PORTAL AND DO NOT SUBMIT ANY INFORMATION TO US.
WHAT INFORMATION DOES MRG HEALTH COLLECT AND WHY?
Personal Information– When you access the Portal, you may be asked to provide Personal Information about yourself. The Personal Information we collect from you includes:
- Details of personal identification, including copies of government-issued identification such as passport and driving license, and medical insurance information;
- Account details, such as usernames, passwords and answers to security questions relating to your access to the Portal and your use of our Services;
- A record of telephone conversations, for example nurse calls, concierge calls, physicians and customer service;
- Medical history as provided by you;
- Information on your vitals collected through the Prism Care™ Portal and Devices;
Our collection of your Personal Information assists us in creating your user account and providing our Services. Additionally, MRG Health may de-identify and aggregate data that healthcare providers and research institutions can use to better understand symptoms and treatments. Your Personal Information will be assigned to an unidentifiable number that cannot be associated with your name or other personal information. We store this and use identifiable data for the following purposes:
- to provide you with products and services;
- to perform or enforce any contract that we have with you;
- to understand your needs and provide you with a better service or generally improve our services and products;
- to contact you for market research purposes. We may contact you by email, phone, fax or mail;
- to customize our Portal in line with your particular interests or preferences;
- for our internal business record keeping, tax, accounting and audit purposes;
- to collect moneys owed to us;
- in connection with legal and regulatory requirements that we need to comply with; and other lawful purposes as may be notified to you from time to time.
Device and ISP Data- We use common information-gathering tools, such as log files, cookies and similar technologies to automatically collect information, which may contain Personal Information, from your computer or mobile device as you navigate our websites or interact with e-mails we have sent you. As is true of most websites, we gather certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We also collect IP addresses from users when they log into the services as part of the Prism Care’s security features.
Sensitive Data- In the EU, certain Personal Information is known as sensitive data. Sensitive data is defined as data related to:
- racial or ethnic origin
- political opinions
- religious beliefs or other beliefs of a similar nature
- trade union membership (within the meaning of the M1Trade Union and Labour Relations (Consolidation) Act 1992)
- physical or mental health or condition
- sexual life
- the commission or alleged commission of any offence, or
- any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.
WILL PRISM CARE™ SHARE MY PERSONAL INFORMATION WITH ANYONE ELSE?
Yes, with third parties, including VitalTech, that help us power our Portal. Prism Care™ has a limited number of service providers and other third parties (“Business Partners”) that help us run various aspects of our business. These Business Partners are contractually bound to protect your Personal Information and to use it only for the limited purpose(s) for which it is shared. Such third party uses may include, but are not limited to, data hosting, call center operations, your doctors, nurses and concierge services, e-mail management services analytics or other services in relation to our Portal or services.
If we share your Personal Information with a third party other than as provided above, you will be notified at the time of data collection or transfer, and you will have the option of not permitting the transfer.
Prism Care™ Devices and the Portal are provided to you; however, your healthcare providers also have access to your Personal Information and other information entered and stored in the Portal. Similarly, entities/institutions conducting research studies, as described above, may also pay a fee to use the Portal, which may include access to your Personal Information and other information entered and stored in the Portal.
In addition, we may, from time to time, rent or sell aggregated data and/or other information that does not contain any personal identifiers (i.e., if the information has been anonymized by stripping out identifiers such as name, address, phone number, etc.). The purpose of this type of disclosure is to provide healthcare professionals, research institutions, and other interested parties (e.g., pharmaceutical and/or device manufacturers) real-world information about the type, severity, and frequency of symptoms associated with specific treatments, beyond what is collected in pre-market clinical trials.
HOW DOES PRISM CARE™ PROTECT MY PERSONAL INFORMATION?
We are committed to ensuring that any Personal Information we hold about you is properly safeguarded. In order to prevent unauthorized access or disclosure, we have put in place appropriate physical, electronic and managerial procedures to maintain the security and integrity of your Personal Information, to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you.
However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot ensure the security of information you transmit to us. By using the Portal, you are assuming this risk.
The information collected by Prism Care™ and stored on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Prism Care™ learns of a security concern, we may attempt to notify you and provide information on protective steps, if available, through the e-mail address that you have provided to us or by an in-Portal notification. Depending on where you live, you may have a legal right to receive such notices in writing.
You are solely responsible for protecting information entered or generated via the Portal that is stored on your device and/or removable device storage. Prism Care™ has no access to or control over your device’s security settings, and it is up to you to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our Portal.
NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.
HOW CAN YOU PROTECT YOUR PERSONAL INFORMATION?
In addition to securing your device, as discussed above, we will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from Prism Care™, DO NOT RESPOND to the e-mail and DO NOT click on any links and/or open any attachments in the e-mail, and notify Prism Care™ support at firstname.lastname@example.org.
You are responsible for taking reasonable precautions to protect your user ID, password, and other user account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify Prism Care™ at email@example.com if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other user account information, or any other security concern.
EU DATA SUBJECT RIGHTS
If you are an EU data subject, you have the right under certain circumstances:
- to receive communications related to the processing of your Personal Information that are concise, transparent, intelligible and easily accessible;
- to be provided with a copy of your Personal Information held by us;
- to request the rectification or erasure of your Personal Information held by us without undue delay;
- to request that we restrict the processing of your Personal Information (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your Personal Information, including the right to object to marketing;
- to request that your Personal Information be moved to a third party;
- to receive your Personal Information in a structured, commonly used and machine-readable format;
- to lodge a complaint with a supervisory authority.
Where processing of your Personal Information by us is based on consent, you have the right to withdraw that consent without detriment at any time by going by contacting us at firstname.lastname@example.org.
HOW CAN I UPDATE, CORRECT OR DELETE MY PERSONAL INFORMATION?
You can change your e-mail address and other contact information by editing your profile in the Portal. If you remove data from your account, it will no longer appear to you in the Portal. Backups of that data will remain associated with your account and in our archive servers. You can deactivate your account by writing to email@example.com.
PROVIDING US WITH PERSONAL INFORMATION OF THIRD PARTIES
If you provide us with the Personal Information of another person such as your parent or your child, or direct us to share that person’s information with another person such as your sibling, you represent and warrant to Prism Care™ , Inc. that you either (1) have full legal authority to provide such information or instructions (e.g., through power of attorney or guardianship of an elderly parent, or parental authority over a minor child), or (2) have obtained such person’s express and informed authorization to provide such information or instructions.
INFORMATION STORAGE AND RETENTION
We store your Personal Information for as long as you maintain an Prism Care™ user account and up to five (5) years after the account is closed. At the end of this five-year retention period, we will remove your Personal Information from our databases and will request that our Business Partners remove your Personal Information from their databases. However, once we disclose your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to firstname.lastname@example.org. We retain anonymized data indefinitely.
If you have any questions about these terms, please contact us.