Last Updated: 10/02/2023
As Data Controllers, the Health Care Customers are responsible for disclosing the rights of individuals (“Data Subjects”) with respect to their Personal Data and other information regarding the collection and use of that Personal Data, in accordance with the GDPR, CCPA, and other laws requiring such disclosures.
THE INFORMATION WE COLLECT AND WHY
The table below describes the information we may collect on behalf of the health care provides, why we would collect the information, and the sources of the information.
|Personal information that directly identifies you, such as name, date of birth, phone number, e-mail address, electronic signature and if applicable relationship to patient.||We use this data in generating records for Health Care Customer as part of our Services.||We obtain this information directly from you when you enter information into the Application or when you otherwise submit the information to your Health Care Customer.|
|Personal Health Information including your name, birthdate, telephone number, email, unique record identifier, an IP Address.||As allowed under applicable law, this data is used to provide patient access and health care treatment directed by the Health Care Customer.||This information is obtained from you when you enter the information into the Application or from the Health Care Customer who is making the Application accessible to you.|
|IP address, or other electronic device identifier and serial number, location data, and information about how you interact with the Application and related Services.||At the request of the Health Care Customer, we may use this data to provide you with our Services, to help us improve the Services, and for security and fraud prevention purposes.||We obtain this information when you visit our Services.|
|De-Identified Data: 5thPort separately retains information from your health record, with all identifying data removed entirely.||This data is used to assist 5thPort’s efforts to improve its services and products.||The Health Care Customer who makes the Application accessible to you.|
Legal Basis for Processing (for residents of the European Union and United Kingdom)
If you reside in the European Union or United Kingdom, our legal basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it.
We may also use your personal data that you have provided to your Health Care Customer in order to make the Application accessible to you. This notification also is intended to provide you with a record of your agreement. If you would like to withdraw your consent for us to use your personal data in this manner, please contact your Health Care Customer.
At the time you provided your personal data to your Health Care Customer in order for you to use the Service, you may have provided your consent to them for us to use your personal data. However, we have no control over and assume no responsibility for the content, privacy policies or practices of the Health Care Customer or other third-party sites or services that have contracted with your Health Care Customer.
We also collect and process personal information about you as necessary to meet our contractual and legal obligations, and/or fulfill our other legitimate interests (when not overridden by your data protection interests or fundamental rights and freedoms).
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact your Health Care Customer.
WITH WHOM WE SHARE THIS INFORMATION
Affiliates and Business Transfer
To provide the Health Care Customer with our Services, we may share your personal information with our affiliates, specifically 3rd party integrated service providers. We also reserve the right to disclose and transfer all such information, subject to applicable laws and regulations, in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change.
We reserve the right to share your personal information if required or permitted to do so by law. The table below describes how we share your information.
|Data Category|| Shared with Service Providers and other Third Parties|
|Personal information that directly identifies you.||We may share this information with our affiliates.|
|IP address, location data, and information about how you interact with the Services.||We may share this information with our affiliates.|
Third-Party Privacy Policies
Any third parties to whom we may disclose personal information may have their own privacy policies which describe how they use and disclose personal information. Those policies will govern use, handling and disclosure of your personal information once we have shared it with those third parties as described in this Policy. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties. These entities or their servers may be located either inside or outside the United States.
Our Retention of Your Information
We store your personal information as needed to accomplish the purposes identified in this Policy and to meet legal requirements, including legal and compliance requirements regarding records retention, resolving disputes, and enforcing our agreements. This means that we may be required to maintain your personal information, for example, to: (1) comply with our legal or regulatory compliance needs (e.g., maintaining records of transactions you have made with us); (2) to exercise, establish or defend legal claims; and/or (3) to protect against fraudulent or abusive activity on our services and systems. For these and possibly other reasons, we may be unable to delete personal information upon request of an individual in certain cases.
We may retain different categories of information for different periods of time for the instances stated above. Retention periods for records maintained by us, including those containing personal data are established based upon business need, statutory and regulatory record keeping requirements in the geographies where we do business, and legal obligations. If you have any further questions about our handling of personal information, please contact us via the information provided.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Children Under the Age of 13 and Minors
California Privacy Rights
If you are a resident of California, the California Consumer Privacy Act of 2018 (CCPA) may permit you to request the following from your Health Care Customer:
- disclosure of information about the collection, use, disclosure, and sale of your personal information;
- a list of categories of personal information collected about you in the preceding 12 months, including (a) categories of personal information collected about you, (b) categories of sources from which the personal information is collected, (c) the business or commercial purpose for collecting or selling personal information, (d) categories of third parties to whom we disclose, share, or sell personal information, and (e) specific pieces of information that we have collected about you;
- deletion of any personal information about you that we have collected from you;
- correction of inaccurate personal information about you.
These rights are subject to certain limitations. You have the right not to face discrimination for exercising any of your rights under the California Consumer Privacy Act. As stated above, we do not sell your personal information.
For further information regarding, and to exercise, these rights, please send your request to your Health Care Customer.
European Union And United Kingdom Privacy Rights
If you are an individual located in the European Union or United Kingdom, you may have additional rights available to you under applicable laws with respect to your Health Care Customer, including:
- You have the right to request access to your personal data and the rectification of inaccurate personal data concerning you.
- You have the right to obtain the deletion or the restriction of processing of your personal data in certain circumstances, including when the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, except when we are required by law to maintain or otherwise process your personal data, for the establishment, exercise, or defense of legal claims, or for the protection of the rights or another person.
- You may have the right to request that the Health Care Customer stop processing your personal information and/or to stop sending you marketing communications.
- In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that the Health Care Customer transfer the personal information to another data controller without hindrance.
- Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
- You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of an alleged infringement of the applicable data protection law.
Your Health Care Customer may not erase personal data to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by EU or UK law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Health Care Customer or 5thPort;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as any erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise, or defense of legal claims.
You may exercise these rights by contacting your health provider.
Transfer Of Information (For Residents Of The European Union And United Kingdom)
Your personal information may be transferred to, stored, and processed within the United States. Additionally, we may transfer your personal information to other countries in certain circumstances, for example because a server or third party service provider is located there. BY PROVIDING YOUR PERSONAL INFORMATION TO US, YOU ARE CONSENTING TO ANY TRANSFER, STORAGE, AND PROCESSING IN ACCORDANCE WITH THIS POLICY.
There are potential risks to you associated with transferring your information to the United States due to the absence of an adequacy decision and appropriate safeguards. These risks include the risk that you will not be able to exercise your data protection rights under applicable law to protect yourself from unlawful use or disclosure of your information. The data protection and privacy laws of other countries, including the United States, may not afford you the same level of protection as those in your own country.
IF YOU ARE FROM THE EUROPEAN UNION, THE UNITED KINGDOM OR OTHER REGIONS WITH LAWS GOVERNING DATA COLLECTION AND USE AND YOU PROVIDE US WITH YOUR PERSONAL INFORMATION, YOU ARE AGREEING TO THE TRANSFER OF YOUR PERSONAL INFORMATION TO THE UNITED STATES AND POSSIBLY OTHER JURISDICTIONS.
How We Manage This Policy
We may update this Policy from time to time and changes be will posted on our Website.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we take measures to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Services. Any transmission of personal information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Services.
or by mail at:
Data Privacy Officer – 5thPort
5 Community Dr. Ste. 1,
Augusta, ME, 04330-8088.