PRIVACY POLICY
SYMBOL HEALTH SOLUTIONS, LLC WEBSITES
Symbol Health Solutions (SYMBOL) is committed to protecting the privacy of the personal information that our website users share with us. In this Privacy Policy, we provide information about what information we collect, how we collect it and for what purpose, and how we process and share personal information through websites, mobile applications, newsletters/blogs and emails that SYMBOL operates.
CONCERNS THE PURPOSE AND USE OF INFORMATION COLLECTED VIA THIS WEBSITE OR PROVIDED TO THIS WEBSITE. IF YOU DO NOT WANT TO AGREE TO, OR DO NOT UNDERSTAND, THIS PRIVACY POLICY, YOU MUST NEITHER BROWSE, NAVIGATE NOR CONTINUE BEYOND, NOR ACCESS THIS WEBSITE BEYOND, THE HOME PAGE. IF THE FIRST WEBPAGE THAT YOU VIEW OR TO WHICH YOU OTHERWISE BROWSE, NAVIGATE OR ACCESS IS NOT THE HOME PAGE, YOU ARE BOUND BY AND TO, AND HAVE MADE YOURSELF BOUND BY AND TO, THIS PRIVACY POLICY. ALSO, IF YOU RUN A SEARCH USING THE SEARCH TOOL ON THE HOME PAGE, YOU GO BEYOND THE HOME PAGE AND HAVE MADE YOURSELF BOUND BY AND TO THIS PRIVACY POLICY.
This PRIVACY POLICY is not the same as our NOTICE OF PRIVACY PRACTICES in the CareClinic patient treatment or Health Management program participation setting. Uses and disclosures, SYMBOL duties, patient health information confidentiality, rights to revise privacy practices, requests to inspect protected health information, complaints and contact information is distinct and separate from the SYMBOLHEALTH.com PRIVACY POLICY.
You may print or save a copy of this Privacy Policy for your records.
By utilizing this website, you authorize us to collect, use and disclose information about you, your practice and business and your usage of this website, as outlined herein. This Privacy Policy and related Terms and Conditions of Use do not apply to information collected through means other than this website.
We operate in many different jurisdictions and this policy is an indication of our intent, not a comprehensive statement or promise of any measures taken and legal compliance. This policy may be changed at any time by posting a new version on the website. We will also post a notice on the website when the Privacy Policy is changed.
Protecting Personal Information
We strive to maintain electronic and procedural safeguards in order to comply with federal and state regulations to guard nonpublic personal information. Although we generally believe that we have reasonable procedures and technologies in place which strive to protect against unauthorized disclosure of nonpublic personal information, we cannot, and do not, guarantee that information posted on, collected by or transmitted to, from, through or for this website will remain confidential or private at all times. We offer no assurances whatsoever that our controls and techniques will prevent unauthorized disclosures or breaches of, or compromises, in security.
To the extent you provide or access information on our system through the use of a password, we encourage you to keep your password confidential and secure, as we cannot be responsible for acts resulting from the unauthorized use of your password. And, as set forth in the Terms and Conditions of Use for this website, we have other rights, and you have other obligations, about or concerning any of your user ID, login, password or other access controls.
HIPAA Privacy Protections
We do not collect information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) via our website. This information is gathered through the PATIENT PORTAL, hosted by NextGen Healthcare Information Systems, LLC, its parent company Quality Systems, Inc. and their respective subsidiaries and affiliates.
Business Associates
SYMBOL and its clients have a “Business Associate Agreement,” or “BAA” to keep protected health information confidential as required by HIPAA. If you require a copy of the BAA, it can be obtained through the SYMBOL website TALK TO US form. This BAA does not change your CareClinic contract.
Collection of Data from Children
Through the PATIENT PORTAL, hosted by NextGen Healthcare Information Systems, LLC, SYMBOL may access personal information about children under the age of 13 as part of our healthcare services to health insurance plan dependents. This data is stored on the third-party site, is encrypted, and is maintained within that secure electronic health record keeping system. We do not knowingly collect personal information from children under the age of 13 on the SYMBOL website beyond PATIENT PORTAL use, and we do not knowingly market the Services or any goods or services to such children. Should children under the age of 13 opt into SYMBOL newsletters/blogs or emails via our website, they are protected to the extent of this Privacy Policy.
The information above illustrates, but does not exhaust, the kind of information that may be necessary or convenient for us to collect in order to serve your health-related or educational-related needs, or in order for us to provide you with other services available via the website or in order for us to protect our content, website, personnel and our other interests. For more information, visit the Federal Trade Commission’s website for tips on protecting children’s privacy online: www.OnGuardOnline.gov.
What Information We Collect
The types of information that may be gathered by us in connection with your use of this website includes information such as your name, address, email address, employer identity, information about your job function, and other information. We endeavor to clearly label which information is required and which information is optional in all cases. If you are unable or choose not to provide us with the personal information we reasonably require, we may be unable to provide you with the information or services you have requested.
We may also collect information regarding your use of educational or informational materials or services, including the articles or educational materials you have viewed or purchased. If you make a purchase via this website, information about the financial transaction may be collected. We do not store credit card information.
How We Collect Information
Our website collects information, such as information provided by you, and monitors website activity, such as described in our Cookies and Other Tracking Technologies section below.
Actively Submitted Information
We collect certain types of personal information when you act with our Services, such as when you:
- Register for an account on any Service or update your profile information
- Sign up for e-news or emails
- Participate in a health education program
- Respond to an online survey
- Submit comments, reviews or other user-generated content on our Services
- Request customer or technical support from us
SYMBOL tracks your usage of our website when you interact with email or other electronic communication. All of this information may be used or disclosed for various purposes (for example, but not limited to, the following: to monitor aggregate activity and trends, to improve site content, to comply with any laws, treaties, rules or regulations and to achieve our other business purposes). We may use and disclose information to third parties, as outlined in the Sharing of Information section below, except to the extent such use or disclosure clearly violates applicable law. The information we collect is not sold to marketing vendors, direct mail entities or email list services.
Passively Submitted Information
For each visitor to our website, we may collect or track (in addition to the information mentioned above) non-personal information such as, but not limited to, referring domain name, IP address, and browser type. An IP address is a number automatically assigned to your computer by your Internet service provider. Each time you use the website and each time you request one of our pages, our server logs your IP address. This type of information is collected for such purposes as system administration and to audit the use of the website.
Where permitted by applicable law, we may collect information about your place of employment, job title and other information from public resources. We may also collect or track other personal information to the extent not in violation of any applicable law.
Cookies and Other Tracking Technologies
SYMBOL and our analytics providers, such as Google Analytics, use technologies such as cookies, beacons, tags, and scripts, to collect information and to analyze website user activity. When users revisit our website, we may recognize the user based on any cookies placed on their computer and customize the users’ experiences accordingly. We may receive reports based on the use of these technologies.
Third parties with whom we partner to provide certain features on our website may collect non-personally identifiable information to deliver targeted messaging on other websites you may visit. We do not sell space on our website to advertisers. We reserve the right, to the extent not prohibited by applicable law, to use and disclose the information we gather through the use of tracking technologies. Most browsers automatically accept cookies by default. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.
Hypertext Links
Some of the pages on this website provide hypertext links to other sites created, maintained, hosted or sponsored by other organizations. We provide these links as a free service, for your convenience, and not as an endorsement, sponsorship or adoption of the views expressed, content presented or of the products, goods and services which may be sold, marketed, distributed or otherwise made available, on or through those other sites. Those other sites are not under our control. We neither make nor give any representations, warranties, assurances or other guarantees about the quality, accuracy, reliability, timeliness, confidentiality or privacy policy of those other sites.
Third party sites hyperlinked from the website may contain cookies that are collected by the third-party site owner. These cookies are beyond our control.
We do not accept, and we do disclaim, any responsibility or liability, whether civil, criminal or otherwise, for damages, losses, fines, injuries, demands, actions or other claims resulting from the use of or reliance on information located on any linked sites or resulting, in any way, from the content of such sites.
Use of Personal Data Collected
We use personal information that we collect about you through SYMBOL’s Services to:
- Upon request, create an account for you for the Services;
- Respond appropriately to your inquiries;
- Update you regarding your account;
- Provide you with a customized experience in connection with our Services;
- Discharge our contractual obligations to you; and
- Comply with any legal obligations that apply to us.
To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we also use your personal information for the following purposes:
- Invite you to participate in online health education programs by email. If you do not wish to receive such emails, you may opt out by following the opt-out instructions included in such emails. We may also invite you via postal mail.
- Send you health and wellness newsletters/blog posts including the top health news in your field of interest, employer-sponsored clinic industry news, and CareClinic or medical alerts. If you do not wish to receive such emails, you may opt out by following the opt-out instructions included in such emails.
- Send you invitations to complete market research surveys, by email. If you do not wish to receive such emails, you may opt out by following the opt-out instructions included in such emails.
- Review the information provided by you and obtained from public resources to complete your profile and better understand which medical news, education programs and surveys may be of most interest to you.
We also perform statistical analyses of the users of our Services to improve the content, design and navigation of our Services. In these cases, we use aggregate or statistical data that cannot reasonably be used to identify you.
If you respond to a SYMBOL survey, we only use your personal information in connection with your survey responses for the purposes of: (i) verifying your eligibility to participate; and/or (ii) validating your identity and responses for the purposes of preventing duplicate or fraudulent responses. Unless we have obtained your explicit consent, we anonymize survey results before sharing them with third parties, although we may be required by applicable law to identify a particular respondent to comply with applicable legal requirements, such as adverse events reporting requirements.
Opt-Out Right and Updating Account Information
If you would like to opt out of receiving invitations to medical education programs, medical surveys or medical newsletters from us, please click the opt-out link at the bottom of our emails. Even after you opt out or update your preferences, however, please allow us sufficient time to process your preferences. It may take up to 10 days to process your email-related requests, and up to 30 days for all other requests. Even after you have opted out of receiving invitations to medical education programs, medical surveys and medical newsletters from us, we may still contact you for appointment-making, healthcare follow-up, transactional or informational purposes. These include, for example, customer service issues or any questions regarding a specific inquiry you made to us.
If you believe any information we have about you is no longer accurate or current or would like to access personal information we may have about you, please contact us by emailing communication@sybmbolhealth.com. Upon authenticating your request, we will update or amend your information, or provide you with access, but we reserve the right to use personal information obtained previously to verify your identity or take other actions that we believe are appropriate.
Sharing of Information
SYMBOL does not share personal health information with patients’ employers, per our HIPAA privacy protections. Any reporting of patient health trends to SYMBOL clients are de-identified, completely anonymous and general in nature. We do not sell your nonpublic personal information to third parties. We may share information with our affiliated companies and others, such as auditors, insurers, reinsurers, producers, brokers, insurance agents or business consultants or other third parties with whom we may, from time to time, do business. We may disclose information about our website users to these parties in connection with their services or in connection with conducting our business or their business. For example, SYMBOL clients’ Human Resources representatives or brokers who market and sell our Services may have access to information as we view as necessary or convenient in conducting our business.
We may also disclose your use of, and other information about, educational and informational services for the purpose of reporting SYMBOL educational utilization to client leadership.
We may disclose personal, private, confidential or other information, with or without prior notice to you, when we believe that disclosure is, or appears likely, required by law or in answering or otherwise responding to any lawful discovery, investigation or subpoena. We may also disclose personal, private, confidential or other information, with or without prior notice to you, in cooperation with local, state and federal law enforcement (whether criminal, civil or otherwise) investigations and in cooperation with local, state and federal regulators, auditors and other governmental agencies or bodies.
From time to time, we may retain third parties to perform various support services for us or provide consulting or other services to us or for our website users including, but not limited to, our website designer and information technology support technicians.
Other Information
We may contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
As set forth in the Terms and Conditions of Use for this website, we have other rights, and you have other obligations.
If you have any questions about this Privacy Policy, you may:
1) Send us an email at info@symbolhealth.com , or
2) Write us at:
General Counsel
3765-A Government St.
Mobile, AL 36693
This Privacy Policy was last revised on June 13, 2018 and may be modified or altered at any time by posting a new version on the website. We will also post a notice on the website when the Privacy Policy is changed. Please check this page periodically for updates.
Supplemental European Privacy Statement
Though SYMBOL only provides Services to residents of the United States of America, we proactively endeavor to honor the European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”), which requires SYMBOL as the data controller to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”). If you are accessing SYMBOL Services from a member state of the EEA, this Supplemental European Online Privacy Statement applies to you in addition to our Privacy Policy.
Legal Bases for the Processing
We process your personal data on several different legal bases, as follows:
- Based on necessity to perform contracts with you (see Article 6(1)(b) of the EU GDPR): When you access, use or register for Service, you form a contract with SYMBOL based on the applicable terms of use or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
- Based on compliance with legal obligations (see Article 6(1)(c) of the EU GDPR): We may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process.
- Based on our legitimate interests (see Article 6(1)(f) of the EU GDPR): We process your personal data to send you invitations to relevant medical education activities (unless you have opted out), medical newsletters (unless you have opted out), invitations to relevant market research surveys (unless you have opted out), understand which products and services may be relevant to you and generally improve our products, services and business practices.
- Based on consent (see Article 6(1)(a) of the EU GDPR): We process your personal data on the basis of your consent in various instances, such as with respect to cookies that are not strictly necessary. You may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
Disclosures to affiliates
In accordance with applicable law, SYMBOL may disclose your personal data to its affiliates who act as data controllers for the purposes of improving SYMBOL and their products, services and business practices. Please contact us at info@symbolhealth.com for information about our affiliates and, if applicable, their GDPR-specific representative and data protection officer.
Personal Data Transfers outside of the EEA
Some recipients of your personal data located outside of the EEA are located in the following country for which the European Commission has issued adequacy decisions: Canada. In this case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (pursuant to Article 45 of the EU GDPR).
Some recipients of your personal data are located in the following countries for which the European Commission has not issued an adequacy decision in respect of the level of data protection there: The U.S. (where the recipient is not Privacy Shield certified) and Mexico. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or law.
You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice.
Data Retention
We will delete, erase or anonymize your personal data within one month after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.
Data Subject Rights
Under the conditions set out under applicable law (i.e., the EU GDPR), you have the following rights:
- Right to withdraw your consent: If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes.
- Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
- Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to submit complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights, please contact us as stated below.
Your Choices
You are not required to provide any personal data to SYMBOL, but if you do not provide any personal data to us, you may not be able to use or receive the Services. You can use the Services without consenting to cookies that are not strictly necessary; the only consequence is that the Services will be less tailored to you.
Contact Us
For more information or to exercise your rights as described herein, please contact us at info@symbolhealth.com.