ARBIMED, INC. Privacy Statement
At ArbiMed, the privacy of your personal information is extremely important to us. This Privacy Statement explains what information we collect when you use our website, what we do with your information, in which cases we may disclose, share, or transfer your information, and how we protect your information. By continuing to use our website, you consent to the terms and conditions set forth in this Privacy Statement.
SECTION 1 – INFORMATION WE COLLECT
When you use our website and/or register online by completing a sign-up form, ArbiMed will automatically collect and maintain information, about you (which may include personal information) or information about your business. The information we usually require for purposes of registering you or your business as a new customer is your company name, your first and last name, email address, and phone number.
In order to tailor our services to your specific business needs, once you create your account, you have the option of entering additional information. In the event the additional information you provide belongs to a third party (e.g. customer, client, patient, employee, agent, etc.), please be advised that there are specific laws and regulations related to data privacy and protected health information that you need to comply with and/or abide by, and that you are responsible for complying with all the duties and obligations contained therein. As for us, please note that we will take all reasonable steps to zealously protect the information that you enter into our system. Please read Section 6 of this Privacy Statement for further information about data security.
We may collect other online information when you visit our website, even if you are not using our services or you have not provided this information directly to us. We may collect different types of information in a variety of ways, including:
- Cookies: Cookies are information files that your web browser places on the hard drive of your computer when you visit a website. Cookies help track navigational information such as the time you spend on a website, how long you remain there, your browser type, and the specific pages of the website you visited. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use some features of ArbiMed’s website and services that depend on cookies.
- Clear Gifs: We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
- IP Address: An IP Address is automatically assigned to your device by your internet service provider, and it is automatically recorded and logged when you visit our website.
- Other user-tracking technologies that we may use from time-to-time as technology develops.
SECTION 2 – CONSENT
When you use or provide us with any personal information to retain our services, we imply that you consent to the collection, use, processing, and/or storage of such information by ArbiMed, its affiliates, partners, contractors, and permitted agents as described herein and that such consent is consistent with applicable laws and regulations. If we ask for your personal information for a secondary purpose, such as marketing and advertising, surveys and promotions, and service quality, among others, we may either ask you directly for your express consent or provide you with an opportunity to refuse to the use of your personal information for said secondary purpose.
You can opt out of receiving marketing, advertising, surveys or promotion-related emails or direct mail from ArbiMed by following the instructions included in each communication or by emailing us at firstname.lastname@example.org by writing the word “unsubscribe” on the subject line of the email. Regardless of your opt-out preferences, we reserve the right to send you emails or other communications for legal, contractual, or administrative purposes.
By using this website, you represent that you are at least the age of majority in your state of residence, or that you are the age of majority in your state of residence AND you have given us your consent and/or permission to allow any of your minor dependents to use this website.
SECTION 3 – WHAT WE DO WITH YOUR INFORMATION
The information you provide to us is primarily used to provide our services to you and to fulfill your requests. However, we may combine your information with other information that we have about you, that is publicly available and/or that we have obtained from authorized third parties. Additionally, we may use your information for the following secondary purposes:
- To improve customer experience and service quality. In order to achieve this, it is our desire to tailor our services to your specific needs, by offering customized location information, personalized support, and to otherwise personalize your experience during the time you utilize our services.
- For operational, transactional, and administrative purposes. To carry out our operations, administrative processes, and to render our services efficiently, as well as to facilitate your transactions or requests.
- For marketing and advertising. We may use your information, individually, in the aggregate, and/or combined with demographic information that we maintain or collect from you with your express consent, for marketing and advertising purposes (e.g. via email, direct mail, telephone, mobile phone, or other similar technology) and to send you updates regarding our services and any feature thereof.
- For surveys and promotions. From time to time, we may offer you the opportunity to participate in a survey or promotion. We use survey results for various purposes but mainly to improve the quality of our services.
- To protect our rights and interests, and the rights and interests of other users of our services.
- To the extent allowed by laws, treaties in which the U.S. is a signatory, rules, regulations, and public policy.
SECTION 4 – WHEN WE CAN SHARE, DISCLOSE, OR TRANSFER YOUR PERSONAL INFORMATION
Generally, ArbiMed will not disclose personal information to any third party (i.e., individuals or entities outside of ArbiMed) unless you request or otherwise consent to such sharing, disclosure, or transfer; or such sharing, disclosure, or transfer are required or permitted by applicable laws or treaties in which the United States is a signatory.
However, we may share, disclose, or transfer your personal information even without your consent in the following cases:
- When the sharing, disclosure, or transfer takes place between parent companies, subsidiaries, or affiliates under the control of ArbiMed or any of its affiliates, including branches or any other company of the same group of ArbiMed that operates under the same processes and internal policies;
- We may share your information with third parties that assist us and that perform functions on our behalf. These persons and/or entities may include technical support, information technology service providers, data processing vendors, website hosting, service/order fulfillment, customer service, and credit or debit card processing service providers, among others.
- We may also share your information with third parties as necessary to complete your transaction or fulfill your requests.
- We may share, disclose, and transfer your non-identifiable personal information for research and analytics purposes.
- We may also share, disclose, or transfer your information if required to do so by law, court order, subpoena, for public policy reasons or to serve justice, or other legal process; as requested by a governmental or law enforcement authority; to protect the rights or property of ArbiMed, its customers, its sites or site users; or when we believe in good faith that it is in the best interest of ArbiMed or that the sharing, disclosure, or transfer is otherwise necessary or convenient.
- When the sharing, disclosure, or transfer of personal information is necessary to maintain or perform duties and obligations under a contract executed between ArbiMed and you.
- If ArbiMed is acquired by or merges with another entity, if any of our assets are transferred to another entity, or as part of a bankruptcy proceeding, we may transfer the information that we collected from and about you to the other entity. However, the acquiring entity will still have to comply with the commitments we have made in this privacy statement. This privacy statement will remain valid and in full force and effect in case of change of ownership of this website, and subsequent transfer of your information to the new owner.
SECTION 5 – THIRD-PARTY SERVICES
Generally, third-party service providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us, which includes website hosting partners (e.g. Amazon Web Services), integration partners, and other third parties who assist us in operating our website, conducting our business, or serving our users. We may also release information when its release is appropriate to comply with the law, enforce our website policies, or protect ours or others’ rights, property or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, data analysis, statistical, or other secondary purposes.
All subscription fee credit card payments are processed through Stripe.com. The personally identifiable information Stripe.com collects for purposes of processing payment may include, but is not limited to, the amount of the transaction, your name, credit/debit card number, and expiration date, checking account number, and billing address.
We will only transfer your personal information to trusted and reliable third parties who provide sufficient guarantees in regards to the physical, technical, administrative, and procedural security measures governing the use, processing, and/or storage of your personal information, and who can demonstrate a commitment to compliance with those measures.
Where third parties are processing personal information on our behalf, they will be required to agree, by contractual means or any other applicable method, to process the personal information in accordance with the applicable laws, rules, regulations, and best practices. Said contract will stipulate, among other things, that the third party and its representative shall act only based on our instructions, on this privacy statement, and/or as permitted by law.
SECTION 6 – DATA SECURITY
To protect your personal information, we take reasonable physical, administrative, technological, and procedural measures and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, and destroyed. When you register online to become ArbiMed’s customer or access your account information, we use secure servers to protect your personal information, which are intended to encrypt the personal information that is transferred between you and our website. We use firewalls to help prevent outside parties from accessing our database server through the Internet, and physical access to the database server is restricted to authorized individuals, with whom we also have entered into confidentiality agreements.
The personal information you have provided us for the above mentioned purposes, will be encrypted using secure socket layer technology (SSL) and secure file transfer protocol (SFTP), which includes MD5 and SHA-1 encryption, as required for email sender and provider coalition (ESPC) membership. Although no method of transmission over the internet or electronic storage is 100% secure, we follow all Payment Card Industry Data Security Standard (PC1-DSS) requirements and implement additional generally accepted industry standards.
Although ArbiMed takes reasonable steps to safeguard and to prevent unauthorized access to your personal information, it cannot be responsible for the acts of external parties who gain unauthorized access and ArbiMed makes no warranty, express, implied, or otherwise, that we will always be able to prevent unauthorized access to your personal information.
Health Insurance Portability and Accountability Act (“HIPAA”)
As a provider of services and technology to the healthcare industry, ArbiMed has implemented programs to address the privacy and security requirements of HIPAA.
As a provider of services and technology to the healthcare industry, ArbiMed has implemented programs to address the privacy and security requirements of HIPAA.
SECTION 7 – YOUR RIGHTS
You are entitled to exercise the rights of access, rectification, deletion, and objection regarding the use and process of your personal information which are explained as follows:
Access: You have an absolute right to have access to your personal data held by ArbiMed, as well as to know and understand the contents of this Privacy Statement that governs the use and processing of your personal information.
Rectification: You have an absolute right to have your personal information rectified and/or updated when such personal information is inaccurate, outdated, or incomplete.
Deletion: You have the right to withdraw your consent and have your personal information deleted. Please note that ArbiMed may only retain or keep your personal information for the exclusive and specific purpose for which the personal information was obtained. In the following situations, ArbiMed will not be obliged to delete your personal information:
- When the personal information is related to a contract, and such information is necessary for you and ArbiMed to perform their obligations under such contract;
- When the personal information is required to be used, processed, and/or stored according to Law;
- When the deletion of your personal information would hinder a judicial or administrative process related to tax obligations, to the investigation and prosecution of crimes, or to administrative sanctions;
- When the personal information is necessary to protect our legal rights;
- When the personal information is necessary to perform an action in accordance with public policy; and
- When the personal information is necessary to perform an obligation that was legally acquired by you.
Objection: You have the right to object to the use, processing, and/or storage of your personal information for any of the abovementioned secondary purposes. If the objection is related to said secondary purposes, ArbiMed may no longer use, process, and/or treat your personal information for such purposes.
Please contact Bin Feng, Chief Executive Officer and Data Protection Officer of ArbiMed, at email@example.com to exercise any of your rights as listed in this section, or if you have any questions about how your personal information is processed.
SECTION 8 – HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We will retain your personal identifiable information only and for as long as necessary to fulfill the purposes listed above or which have otherwise been notified to you. Often, this is necessary to comply with our legal requirements and/or obligations under a contract. Once your personal identifiable information is no longer necessary and we are under no legal obligation to retain it, we will delete it promptly in the due course of our regular data maintenance programs.
SECTION 9 – CHILDREN’S PRIVACY
The website is not directed to children under the age of thirteen (13) and we do not knowingly nor intentionally collect personal information from children under this age on the website. Consequently, children may not use our services. Please note that we have no way of distinguishing the age of individuals who access our website, therefore, if a child has provided us with personal information, the parent or guardian should contact us to remove the information and opt-out of any communication sent for primary or secondary purposes.
SECTION 10 – CHANGES TO THE PRIVACY STATEMENT
Our privacy statement is subject to change. We will inform you of these changes by posting the privacy statement on this website and revising the date listed at the top of this page. By continuing to use our website after the posting, you consent to the modified privacy statement.
SECTION 11 – LEGAL EFFECT AND DISCLAIMERS
- Not a contract. This privacy statement is not a contract nor does it create or confer any legal rights or obligations. Instead, this privacy statement merely outlines ArbiMed’s intended business practices in regards to how it collects, uses, and protects personal information.
- Rights of ArbiMed. ArbiMed, in its discretion, may amend, interpret, modify or withdraw any portion of this Privacy Statement, and related business practices at any time by posting updated Privacy Statement on this website. Your continued use of this website through your account constitutes your consent to those amendments, interpretations, modifications, or partial withdrawals. A version of this Privacy Statement has been effective since December 1st, 2014 and was last updated on April 20th, 2018. This Privacy Statement supersedes previous privacy statements posted on www.arbimed.com
- Links to Other Websites. Our website and our online services may contain links to other sites that are not owned or controlled by ArbiMed. Any access to and use of such linked sites is not governed by this Privacy Statement, but instead is governed by the privacy statements or policies of those third-party sites. Therefore, we are not responsible for the information or practices of such third-party websites.
- Scope of Personal Information. We only collect information for the purposes stated herein. In order to provide our services and with the exception of credit/debit card information for payment processing of our services, we do not otherwise need to collect sensitive personal information such as social security numbers in combination with first or last name, driver’s license information, or physical or mental health of an individual. Please note that we do not solicit nor require said information. The fields in the sign-up form are designed to obtain only the information set forth in Section 1 of this Privacy Statement, which is the only information we need for you to be registered as a Customer and to provide our services to you. We are not responsible if you decide to include any other information besides that which is set forth in the above referenced section. If you decide to enter into your account sensitive information, you agree to fully indemnify and hold ArbiMed harmless from and against any and all claims, demands, costs, expenses, liabilities, causes of action and damages of every kind and character (including attorney’s fees) asserted by any third party or government agency in any way related or incident to, arising out of, or in connection with such sensitive information.
SECTION 12– CONTACT US
If you have any questions or suggestions regarding our Privacy Statement, please contact us at firstname.lastname@example.org