MetaDoc is deeply committed to protecting the privacy and security of our customers’ data. MetaDoc complies with the applicable privacy laws of the United States, Nevada, and the General Data Protection Regulation (GDPR).
This policy applies to information we collect:
This policy does not apply to the actions of any company or entity that we do not control and to individuals who we do not directly employ or manage.
Some of the individually identifiable information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended from time to time. PHI is subject to special protections under HIPAA. For more information about your rights under HIPAA, please refer to the “HIPAA” and “YOUR RIGHTS” sections below. To the extent other state or local privacy and data protection laws apply to your data, we will comply with those requirements as well.
Should you have any questions about this policy or our practices, please send an email to firstname.lastname@example.org.
MetaDoc does not market to minors for any products or services that minors are legally prohibited from buying. However, in the unlikely event a minor requires our products or services, we require parental consent as follows:
Any minor possessing an account with us may request and be granted removal of their account information per the laws and limitations of the State of Nevada and the GDPR
MetaDoc may provide you with notices, including those related to your enrollment or use of the Services, including but not limited to by email, postal mail, SMS, MMS, text message, or other reasonable means now known or hereinafter developed. MetaDoc will provide notice and request consent to receiving text messages at the point of collection for mobile phone numbers. By providing MetaDoc with your telephone number, this gives MetaDoc consent to send you text messages regarding your purchase(s), or for other non-telemarketing purposes, made by an automatic telephone dialing system.
You understand that you may receive email as part of using the Services, and while MetaDoc encrypts all email communications, your email server may not guarantee encryption. If your email provider does not encrypt email, you accept the risk that some PHI could be acquired by someone else.
You understand that you may receive text messages (SMS) as part of using the Services, such as a reminder about an upcoming appointment. SMS messages are encrypted by MetaDoc in transit to your cell phone provider, but cell providers do not guarantee encryption of SMS messages that are stored on your behalf. By using the Services, you accept the risk that some PHI could be intercepted by someone else targeting your SMS communications or seen by individuals who have access to your mobile device.
MetaDoc collects the following types of information about our users: automatically collected information and personal information.
Automatically collected information may include the name of the domain used to access the internet; an internet protocol (IP) address, which can reveal geographic information; the date and time of a website visit; URLS of pages visited on MetaDoc’s website; if present and available, the internet address of the website visited before; and characteristics of devices (such as operating system, web browser, and screen resolution).
Personal information includes identifying information such as your name, e- mail address or other contact information, and whether you are enrolled in your employer sponsored group health plan. MetaDoc collects other personal information about you through the Services including when you voluntarily provide it to us, including but not limited to, credit card and other payment information. In connection with your use of the Services, we may also collect or access medical records from your past, current, and future health care providers. This may include information about your existing or past diagnoses, previous treatments, general health, laboratory or pathology test results and reports, social histories, family medical history, and records about phone calls or emails related to your health or test results. If you choose to go through our screening process and/or register for the Services we ask you to provide personal information, including but not limited to, your name, address, telephone number and/or email address, height, weight, and health information in connection with the use of our products or services. We also collect information that will allow you to establish a username and password. You may choose not to provide us with certain information, but that may result in our inability to provide you access to the Services.
MetaDoc needs to collect certain personal information to process orders and fulfill contract services. We also have a legitimate interest in understanding how users interact with our website and other communication centers for relevancy of products and services; to address existing and changing customer needs; and to comply with state, federal, and international laws.
If you create an MetaDoc account, you may review and change/update your personal information by visiting the MetaDoc mobile applications and accessing the “profile”.
MetaDoc uses this information to provide customers, students, and participants with goods and services; including educational services, training content, certification, and similar offerings; and to fulfill our contracts with customers, students, and participants. We analyze and use this information for diagnostic purposes, for fraud prevention, to address website user experience, and to improve our offerings. If you sign up for offers for newsletters, we may use your name and email address to inform you of our future offers, similar products, and additional services. You can unsubscribe at any time via email or our website. In some cases, we may use, retain, sell, or disclose a consumer’s information that has been de-identified or aggregated, i.e., anonymized to protect your identity.
We do not disclose personal or privileged information collected or received in connection with an insurance transaction unless the disclosure (1) is authorized in writing by the individual or (2) is necessary for conducting business.
We do not publicly post full social security numbers. Any public display of a social security number will be truncated to the last four digits.
We do not sell your telephone calling pattern records without written consent.
We do not seek medical information for direct marketing purposes without your consent.
We do not disclose, without your consent, patient medical information obtained via our services, except to health care entities or other employers that have contracted us to provide said information; or as required by law.
Certain MetaDoc websites, like many other commercial websites, may use standard technologies called “cookies” and “web beacons” to collect information about how our website is used. Cookies were designed to help a website operator determine that a particular user had visited the site previously and thus save and remember any preferences that may have been set. This information also allows us to statistically monitor how many people are using our website and for what purpose. We may also make use of “persistent” or “memory based” cookies, which remain on your computer’s hard drive until you delete them. You have the ability to modify your browser to either accept all cookies, notify you when a cookie is sent, or reject all cookies, but it may not be possible to utilize our Services if you reject all cookies.
Web beacons are small pieces of code (also called pixels) that are embedded on the pages of websites and that can report your visit or use to a third party. We use web beacons to collect automatic information about our visitors but not personal information. MetaDoc may use these tools for the purposes of web analytics, marketing, and error management. You may modify your browser to prevent web beacons from collecting automatic information about you.
We exercise great care to protect your personal information through various administrative, technical, and physical safeguards. This includes, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on our systems. However, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us while that information is in transit. This is especially true for information you transmit to us via email since we have no way of protecting that information until it reaches us since email does not have the security features that are built into our websites.
In addition, we limit our employees’ and contractors’ access to personal information. Only those employees and contractors with a business reason to know have access to this information, and then may only access or use the minimum necessary for the task at hand. We educate our employees about the importance of maintaining confidentiality of user information.
We also periodically review our security arrangements and safeguards.
If you are using an MetaDoc website or mobile application for which you registered and choose a password, we recommend that you do not share your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Always remember to sign out of the MetaDoc website and close your browser window when you have finished using the Services. This is to ensure that others cannot access your personal information and correspondence to us if others have access to your computer or mobile device.
MetaDoc shall retain your information only for as long as is necessary to provide services and to comply with U.S., Nevada, GDPR, and certification agency retention laws. Any services that are subject to U.S. and Nevada medical privacy laws shall be retained for the periods listed in our HIPAA policies. More information on our retention schedule can be obtained from the data protection officer at email@example.com
MetaDoc has Data Protection procedures in place to oversee the effective and secure processing of your personal information including physical and administrative safeguards, and technical controls to protect data and prevent reidentification from data that has been de-identified, i.e., anonymized.
We use “privacy by design” guidelines to assess privacy issues at each step of new projects. Privacy Impact Assessments (PIA) are conducted if processing of a user’s data is likely to result in a high risk for the rights and freedoms of an individual located in the EU and as per the laws of the U.S.
We update and test our security technology on an ongoing basis.
We restrict access to your personal information to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
MetaDoc will notify you, as required by law, if unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This personal information includes:
In Nevada, if more than 500 NV residents are affected, we will also notify the Attorney General.
Under the GDPR we will notify the supervisory authority of the U.S. unless:
MetaDoc stores your personal information on its servers and/or in the cloud with its third-party cloud storage partners. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. All data is stored in the United States of America unless otherwise indicated. We retain data for the duration of your business relationship with us; for historical or archiving purposes; and as required by law. At the expiration of the retention period, your personal information will be shredded, erased, or modified to protect your identity. We do not retain or disclose information provided for verification of age for any other purpose other than to comply with federal, state, or local law on your rights of erasure and portability, please contact the data protection officer at firstname.lastname@example.org
MetaDoc has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Therefore, MetaDoc relies on “derogation for specific situations” as set forth in Article 49 of the GDPR for transfer of data out of the user country. These include: 1) explicit consent; 2) to perform or complete a contract; 3) as a matter of public interest; 4) to enforce legal rights; or 5) to protect a user incapable of giving consent.
MetaDoc undertakes to safeguard and protect privacy and security of your personal information and to use it only as it pertains to your relationship with MetaDoc and this Privacy Notice.
MetaDoc operates, in some cases, as a business associate to health care entities. In this capacity it may create, receive, maintain or transmit protected health information (PHI). As such we comply with HIPAA standards to safeguard PHI as per our contract and as required by law. We require our subcontractors to comply with the same requirements.
Services or Health assessments, that may contain PHI, and which are performed for covered entities in their capacity of employer, will be protected per the terms of our contract agreements with those entities, and applicable rules under HIPAA.
We may disclose PHI for the proper management and administration of our operations or to carry out legal responsibilities, provided 1) the disclosures are required by law; or, 2) if we obtain reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and handled only as required by law or for the purposes for which it was disclosed to the person.
You may also Opt out of having your personal information sold to third parties. You may request that service from the data protection officer at email@example.com; or click here to restrict sale of your personal information to third parties: Do Not Sell My Personal Information [link].
Residents of EU Member States have the following additional rights: