PRIVACY POLICY

MetaDoc is deeply committed to protecting the privacy and security of our customers’ data. MetaDoc complies with the applicable privacy laws of the United States, Nevada, and the General Data Protection Regulation (GDPR).

This statement sets forth MetaDoc’s Privacy Policy (“Privacy Policy”) and describes the practices that we will follow with respect to the privacy of the information of users of our mobile applications and our websites. By using MetaDoc’s mobile application and websites (collectively, the “Services”) you acknowledge that you accept the practices and policies outlined in this Privacy Policy. “You”, “your”, or similar terms refer to you as a user of the Services.

This policy applies to information we collect:

• through the Services; and
• via email, text, or other electronic messages between you and any employee or agent of MetaDoc.

This policy does not apply to the actions of any company or entity that we do not control and to individuals who we do not directly employ or manage.

As used in this Privacy Policy, the terms “using” and “processing” information may include, amongst other things, subjecting such information to analysis, using cookies or web beacons, and managing information in a number of ways, including, but not limited to, collection, storing, evaluating, modifying, deleting, using, combining, and/or disclosing.

Some of the individually identifiable information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended from time to time. PHI is subject to special protections under HIPAA. For more information about your rights under HIPAA, please refer to the “HIPAA” and “YOUR RIGHTS” sections below. To the extent other state or local privacy and data protection laws apply to your data, we will comply with those requirements as well.

Should you have any questions about this policy or our practices, please send an email to contact@metadoc.team.

AGE OF CONSENT

MetaDoc does not market to minors for any products or services that minors are legally prohibited from buying. However, in the unlikely event a minor requires our products or services, we require parental consent as follows:

1. In the U.S. we require parental consent before collecting personal information for persons under 13 years of age.
2. In the EU, we require parental consent before collecting personal information for persons under 16 years of age.

Any minor possessing an account with us may request and be granted removal of their account information per the laws and limitations of the State of Nevada and the GDPR

TELEPHONE CONSUMER PROTECTION ACT

MetaDoc may provide you with notices, including those related to your enrollment or use of the Services, including but not limited to by email, postal mail, SMS, MMS, text message, or other reasonable means now known or hereinafter developed. MetaDoc will provide notice and request consent to receiving text messages at the point of collection for mobile phone numbers. By providing MetaDoc with your telephone number, this gives MetaDoc consent to send you text messages regarding your purchase(s), or for other non-telemarketing purposes, made by an automatic telephone dialing system.

You understand that you may receive email as part of using the Services, and while MetaDoc encrypts all email communications, your email server may not guarantee encryption. If your email provider does not encrypt email, you accept the risk that some PHI could be acquired by someone else.

You understand that you may receive text messages (SMS) as part of using the Services, such as a reminder about an upcoming appointment. SMS messages are encrypted by MetaDoc in transit to your cell phone provider, but cell providers do not guarantee encryption of SMS messages that are stored on your behalf. By using the Services, you accept the risk that some PHI could be intercepted by someone else targeting your SMS communications or seen by individuals who have access to your mobile device.

INFORMATION WE COLLECT

MetaDoc collects the following types of information about our users: automatically collected information and personal information.

Automatically collected information may include the name of the domain used to access the internet; an internet protocol (IP) address, which can reveal geographic information; the date and time of a website visit; URLS of pages visited on MetaDoc’s website; if present and available, the internet address of the website visited before; and characteristics of devices (such as operating system, web browser, and screen resolution).

Personal information includes identifying information such as your name, e- mail address or other contact information, and whether you are enrolled in your employer sponsored group health plan. MetaDoc collects other personal information about you through the Services including when you voluntarily provide it to us, including but not limited to, credit card and other payment information. In connection with your use of the Services, we may also collect or access medical records from your past, current, and future health care providers. This may include information about your existing or past diagnoses, previous treatments, general health, laboratory or pathology test results and reports, social histories, family medical history, and records about phone calls or emails related to your health or test results. If you choose to go through our screening process and/or register for the Services we ask you to provide personal information, including but not limited to, your name, address, telephone number and/or email address, height, weight, and health information in connection with the use of our products or services. We also collect information that will allow you to establish a username and password. You may choose not to provide us with certain information, but that may result in our inability to provide you access to the Services.

REASON WE COLLECT THE INFORMATION

MetaDoc needs to collect certain personal information to process orders and fulfill contract services. We also have a legitimate interest in understanding how users interact with our website and other communication centers for relevancy of products and services; to address existing and changing customer needs; and to comply with state, federal, and international laws.

HOW TO REVIEW AND CHANGE YOUR PERSONAL INFORMATION

If you create an MetaDoc account, you may review and change/update your personal information by visiting the MetaDoc mobile applications and accessing the “profile”.

HOW WE USE AND DISCLOSE INFORMATION THAT WE COLLECT ONLINE

MetaDoc uses this information to provide customers, students, and participants with goods and services; including educational services, training content, certification, and similar offerings; and to fulfill our contracts with customers, students, and participants. We analyze and use this information for diagnostic purposes, for fraud prevention, to address website user experience, and to improve our offerings. If you sign up for offers for newsletters, we may use your name and email address to inform you of our future offers, similar products, and additional services. You can unsubscribe at any time via email or our website. In some cases, we may use, retain, sell, or disclose a consumer’s information that has been de-identified or aggregated, i.e., anonymized to protect your identity.

We do not disclose personal or privileged information collected or received in connection with an insurance transaction unless the disclosure (1) is authorized in writing by the individual or (2) is necessary for conducting business.

We do not publicly post full social security numbers. Any public display of a social security number will be truncated to the last four digits.

We do not sell your telephone calling pattern records without written consent.

We do not seek medical information for direct marketing purposes without your consent.

We do not disclose, without your consent, patient medical information obtained via our services, except to health care entities or other employers that have contracted us to provide said information; or as required by law.

INFORMATION WE SHARE

MetaDoc shares account and other personal information with third parties involved in the fulfillment of your contracts with us, including with businesses and professional organizations that provide professional or other types of certifications or certificates to the user. These third parties are required to comply with our privacy policies. We also share the information when we believe release is necessary to comply with the law; to enforce our Terms of Use; or to protect the rights, property, or safety of our customers, students, or health risk assessment participants. No 3rd parties have access to your personal information unless the law allows them to do so. In some cases, we may use, retain, sell, or disclose a consumer’s information that has been de-identified or aggregated.

COOKIES AND WEB BEACONS

Certain MetaDoc websites, like many other commercial websites, may use standard technologies called “cookies” and “web beacons” to collect information about how our website is used. Cookies were designed to help a website operator determine that a particular user had visited the site previously and thus save and remember any preferences that may have been set. This information also allows us to statistically monitor how many people are using our website and for what purpose. We may also make use of “persistent” or “memory based” cookies, which remain on your computer’s hard drive until you delete them. You have the ability to modify your browser to either accept all cookies, notify you when a cookie is sent, or reject all cookies, but it may not be possible to utilize our Services if you reject all cookies.

Web beacons are small pieces of code (also called pixels) that are embedded on the pages of websites and that can report your visit or use to a third party. We use web beacons to collect automatic information about our visitors but not personal information. MetaDoc may use these tools for the purposes of web analytics, marketing, and error management. You may modify your browser to prevent web beacons from collecting automatic information about you.

HOW WE PROTECT INFORMATION ONLINE

We exercise great care to protect your personal information through various administrative, technical, and physical safeguards. This includes, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on our systems. However, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us while that information is in transit. This is especially true for information you transmit to us via email since we have no way of protecting that information until it reaches us since email does not have the security features that are built into our websites.

In addition, we limit our employees’ and contractors’ access to personal information. Only those employees and contractors with a business reason to know have access to this information, and then may only access or use the minimum necessary for the task at hand. We educate our employees about the importance of maintaining confidentiality of user information.

We also periodically review our security arrangements and safeguards.

HOW CAN YOU HELP PROTECT YOUR INFORMATION?

If you are using an MetaDoc website or mobile application for which you registered and choose a password, we recommend that you do not share your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Always remember to sign out of the MetaDoc website and close your browser window when you have finished using the Services. This is to ensure that others cannot access your personal information and correspondence to us if others have access to your computer or mobile device.

RETENTION OF INFORMATION

MetaDoc shall retain your information only for as long as is necessary to provide services and to comply with U.S., Nevada, GDPR, and certification agency retention laws. Any services that are subject to U.S. and Nevada medical privacy laws shall be retained for the periods listed in our HIPAA policies. More information on our retention schedule can be obtained from the data protection officer at contact@metadoc.team

DATA SECURITY

MetaDoc has Data Protection procedures in place to oversee the effective and secure processing of your personal information including physical and administrative safeguards, and technical controls to protect data and prevent reidentification from data that has been de-identified, i.e., anonymized.

We use “privacy by design” guidelines to assess privacy issues at each step of new projects. Privacy Impact Assessments (PIA) are conducted if processing of a user’s data is likely to result in a high risk for the rights and freedoms of an individual located in the EU and as per the laws of the U.S.

We update and test our security technology on an ongoing basis.

We restrict access to your personal information to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

DATA BREACH NOTIFICATION

MetaDoc will notify you, as required by law, if unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This personal information includes:

1. An individual’s name plus one or more of the following: Social Security number, driver’s license or State Identification Card number, financial account numbers, medical information, health insurance, or information collected through an automated license plate recognition system; or
2. User ID and password or other specified credentials permitting access to online accounts.

In Nevada, if more than 500 NV residents are affected, we will also notify the Attorney General.

Under the GDPR we will notify the supervisory authority of the U.S. unless:

1. We have implemented appropriate technical and organizational protection measures that render the personal information unintelligible to any person who is not authorized to access it;
2. We take actions subsequent to the personal information breach to ensure that the high risk to the rights and freedoms of data subjects is unlikely to materialize; or,
3. When notification to each data subject would involve disproportionate effort, in which case alternative communication measures will be used.

DATA STORAGE AND RETENTION

MetaDoc stores your personal information on its servers and/or in the cloud with its third-party cloud storage partners. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. All data is stored in the United States of America unless otherwise indicated. We retain data for the duration of your business relationship with us; for historical or archiving purposes; and as required by law. At the expiration of the retention period, your personal information will be shredded, erased, or modified to protect your identity. We do not retain or disclose information provided for verification of age for any other purpose other than to comply with federal, state, or local law on your rights of erasure and portability, please contact the data protection officer at contact@metadoc.team

TRANSFER OF PERSONAL INFORMATION FROM THE EU TO THE U.S.

MetaDoc has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Therefore, MetaDoc relies on “derogation for specific situations” as set forth in Article 49 of the GDPR for transfer of data out of the user country. These include: 1) explicit consent; 2) to perform or complete a contract; 3) as a matter of public interest; 4) to enforce legal rights; or 5) to protect a user incapable of giving consent.

MetaDoc undertakes to safeguard and protect privacy and security of your personal information and to use it only as it pertains to your relationship with MetaDoc and this Privacy Notice.

HIPAA

MetaDoc operates, in some cases, as a business associate to health care entities. In this capacity it may create, receive, maintain or transmit protected health information (PHI). As such we comply with HIPAA standards to safeguard PHI as per our contract and as required by law. We require our subcontractors to comply with the same requirements.

Services or Health assessments, that may contain PHI, and which are performed for covered entities in their capacity of employer, will be protected per the terms of our contract agreements with those entities, and applicable rules under HIPAA.

We may disclose PHI for the proper management and administration of our operations or to carry out legal responsibilities, provided 1) the disclosures are required by law; or, 2) if we obtain reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and handled only as required by law or for the purposes for which it was disclosed to the person.

MetaDoc will:

1. Not use or disclose protected health information other than as permitted or required by its contracts with covered entities, or as required by law;
2. For a period of 6 years, retain Health Assessments and other documents which are necessary for us to continue the proper management and administration of our business, and that of the health entity; or to carry out our legal responsibilities;
3. Use appropriate safeguards, and comply with the HIPAA Security Rule with respect to electronic PHI, to prevent use or disclosure of PHI as per our contract and as required by law;
4. Report to any covered entity partner any unauthorized use or disclosure of PHI, of which it becomes aware, including breaches of unsecured PHI. In such case, we will include the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed during such breach. Any breach will be reported without unreasonable delay and in no case later than 60 calendar days after discovery;
5. Make PHI available to the covered entity in a designated record set as necessary to satisfy covered entity’s obligations under 45 CFR 164.524;
6. Make any amendment(s) to PHI in a designated record set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526;
7. Maintain and make available the information required to provide an accounting of disclosures to the covered entity as necessary to satisfy covered entity’s obligations under 45 CFR 164.528;
8. Maintain designated record sets that are subject to access by individuals. Release of that information will be upon request only by the covered entity;
9. Make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules; and,
10. At the end of our contracts return or destroy all protected health information created, received, or transmitted, on behalf of the covered entity..

YOUR RIGHTS

Nevada

1. If the business is subject to the CCPA, as a Nevada resident you have the right to request information about how your personal information is collected; processed; for what purpose and with whom it is shared. You have the right to receive a response within 45 days subject to one 45- day extension with notice. You may request that information from the data protection officer at contact@metadoc.team
2. If the business is subject to the CCPA, as a Nevada resident you have the right to restrict use of your personal information for marketing purposes. Click here to Opt Out of marketing use and notifications.
3. If the business is subject to the CCPA, as a Nevada resident you have the right to have personal information you provided to us deleted; subject to restrictions. You may request that information from the data protection officer at contact@metadoc.team.
4. If the business is subject to the CCPA, as a Nevada resident you have the right to know whether the business sells or discloses personal information to third parties; and upon request may obtain:
   1. The categories of personal information it has collected about that consumer.
   2. The categories of sources from which the personal information is collected.
   3. The business or commercial purpose for collecting or selling personal information
   4. The categories of third parties with whom the business shares personal information.
   5. The specific pieces of personal information it has collected about that consumer.

You may also Opt out of having your personal information sold to third parties. You may request that service from the data protection officer at contact@metadoc.team; or click here to restrict sale of your personal information to third parties: Do Not Sell My Personal Information [link].

EUROPEAN UNION

Residents of EU Member States have the following additional rights:

1. EXPLICIT CONSENT. We do not collect personal information on EU residents protected by the GDPR without explicit consent at the time of transaction. If you do not provide consent during any transaction, and such personal information is necessary to complete sales or service, the transaction will be canceled. If the information is not required for this business purpose, or as required under law, completion of your transaction shall not be affected by your refusal to provide explicit consent. Additional processing for archiving in the public interest, statistical purposes, or scientific and historical research are exempt from this provision.
2. RIGHT TO OPT OUT. If you are in the European Union, you have certain rights over how we use your data. If you previously gave us consent to process your data for marketing purposes, and would now like that usage restricted, you may OPT OUT[LINK] here. If you previously gave us consent to sell or process your data to third parties, and would now like that usage restricted, you may OPT OUT [LINK]here, or contact the data protection officer at contact@metadoc.team.
3. RIGHT TO BE FORGOTTEN: Once your consent is withdrawn, you have the right to request your personal information be erased and no longer used for processing. You may request this action at this link REMOVE MY PERSONAL INFORMATION [LINK] or via the data protection officer at contact@metadoc.team.