COVID-19 Response Strategies for Pharmacies & Health Plans LEARN MORE

EnlivenHealth™ Privacy Notice

image description

Effective Date: August 1, 2020

Individual Data Requests

PRIVACY NOTICE OVERVIEW

This Privacy Notice (“Notice”) is designed to inform you about how we collect, use, and share your personal data through our website(s) (our “Site”), related applications, products, services, and web-based and mobile applications (collectively, the “Services”) operated by EnlivenHealth™, or when you interact with us online.

THE KINDS OF INFORMATION WE COLLECT

Information You Provide to Us Directly

We collect personal data you provide to us in the following instances:

  • If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a
  • We also collect personal data at such other points on our site and applications that expressly state that personal data is being

Information About You Collected Via Technology

When you visit our Sites, some information is automatically collected.

  • Log Files. We gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”) data, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information for purposes including analyzing trends, Site administration, tracking users’ movements around the Site and tailoring our Services to our users’ needs. Except as noted in this Notice, we do not link this automatically collected data to other personal data we have collected from you.
  • Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to improve EnlivenHealth™’s overall customer experience and tailor your customer experience to meet your special interests and needs. Performance and functionality Cookies will only be activated upon providing your consent. Moreover, you can typically choose to set your browser to remove Cookies and to reject Cookies. If you choose to remove Cookies or reject Cookies, please be aware that this could affect certain features or services of our site.
  • Google Analytics. We use Google Analytics to help analyze how users use the Site. Google Analytics uses Cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics only to improve our Site and Services. Google Analytics collects only the IP address assigned to you on the date you visit the Site, rather than your name or other personally identifying information. We do not link the information generated through the use of Google Analytics to your other personal Although Google Analytics plants a persistent Cookie on your

web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the data processing agreement which we have concluded with Google. You can prevent your personal data from being used by Google Analytics by downloading and installing Google Analytics Opt-Out Browser Add-on, accessible through the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

HOW WE USE THE INFORMATION WE COLLECT

We use, collect, share, and otherwise process personal data for the purposes described in this Notice or as disclosed to you on our Sites or in connection with our services. We only collect the minimum amount of personal data needed to perform the specific processing activity for which the personal data was collected.

Performance of the Services

We process your personal data for the performance of the contractual obligations specified in our EnlivenHealth™ Website Terms and Conditions and/or in order to provide the services to you. This includes, for example, using your personal data for:

  • operating our Sites;
  • providing and delivering the products and services you request, including payment processing; or
  • sending you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.

Consent

We process your personal data based on your consent in order to communicate with you regarding new contests, promotions, rewards, upcoming events, and other news about products and services offered by EnlivenHealth™ and our selected partners.

Legitimate Interest

We process your personal data when we have a legitimate interest to do so. This includes, for example, processing your personal data for:

  • improving our Sites, products, services and the safety and security of our services, websites, and applications including facilitating identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;
  • understanding you and your preferences in order to enhance your experience and enjoyment using our Sites, products, and services;
  • responding to your comments and questions and providing customer service;
  • linking or combining your personal data with other personal data we obtain from third parties without personally identifying you to such third parties in order to help understand your needs and provide you with better service;
  • compliance with a judicial or administrative order or in the course of judicial or administrative proceedings;
  • protecting the rights and property of EnlivenHealth™ and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and

De-Identified Information

We may create anonymized data records from personal data by rendering data anonymous in such a way that you, the data subject, are no longer identifiable. We use this anonymized data to analyze request and usage patterns so that we may enhance the content of our products and services and improve Site navigation. EnlivenHealth™ reserves the right to use anonymized data for any purpose and disclose anonymized data to third parties in our sole discretion.

Legal Obligation

We process your personal data for compliance with any legal obligation to which we are subject.

INFORMATION WE SHARE

(Information About You We Obtain from Third Parties or Information about You that You Made Publicly Available)

We disclose your personal data as described in this Notice below. Additionally, we reserve the right to share your personal data when you have: (1) consented to such processing and have the ability to unilaterally revoke your consent at any time, or (2) have expressly made such personal data public, subject to limitations under applicable law. Personal data shared with third parties for purposes of processing will only be shared pursuant to a data processing agreement.

·         Service Providers, Consultants and Vendors

  • performance of the contractual obligations in our EnlivenHealth™ Website Terms and Conditions and in order to provide the services to you;
  • serving our legitimate interests and those of third-party vendors, consultants, and other service providers
  • protecting the personal safety and property of EnlivenHealth™, its customers, or any other third party;
  • providing or improving our services and the safety and security of our services, websites, and applications including facilitating

identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;

  • enabling third parties to perform services on behalf of EnlivenHealth™ including, but not limited to, payment processing, research, analytics, and security; or

·         Public Authorities, Including Courts and Law Enforcement Agencies

  • compliance with a legal obligation or judicial or administrative order or in the course of judicial or administrative proceedings;
  • protecting the rights and property of EnlivenHealth™ and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and conditions;

·         Third Parties:

  • facilitating the negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all, or a portion of our business or assets to another company. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business If another entity acquires our company, business, or assets, that entity will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Notice. EnlivenHealth™ will not disclose your personal data to Third Parties without your express, revocable consent except as specified in this Notice.

FOR CALIFORNIA RESIDENTS

For avoidance of doubt, “Consumer” means any California resident, and “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as more fully defined in the California Consumer Privacy Act (CCPA).

  • In no event will EnlivenHealth™ sell Personal Information provided by a Consumer. EnlivenHealth™ does not offer financial incentives to Consumers for the collection of Personal Information or the deletion of Personal Information. Except as permitted by the CCPA and in accordance with any program of financial incentives established by EnlivenHealth™, if any, EnlivenHealth™ will not discriminate against a Consumer because the Consumer exercised any rights under the CCPA by denying goods or services to the Consumer; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services to the Consumer; or suggesting that the Consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Inquiries concerning CCPA or our compliance with the CCPA may be directed to us by email at privacy@omnicell.com, or to our toll-free telephone number at (800) 671-0535.

INTERNATIONAL TRANSFERS OF INFORMATION

 

If you are user of the Site residing outside of the United States, by visiting the Site and providing us with personal data, you acknowledge and agree that your personal data may be processed for the purposes identified in this Notice. In addition, your personal data may be processed in the country in which it was collected, but also in other countries outside of your country of Residence, including the United States, where laws regarding processing of personal data may be less stringent than or otherwise differ from the laws of the country in which you reside or are located when using our services.

Privacy laws and regulations in certain countries, including the rights of governmental authorities to access your personal data, may differ from those in the country in which you reside or are located when using EnlivenHealth™’s services. EnlivenHealth™ will only transfer personal data to governmental entities when authorized by the laws of the countries in which such transfers of personal data occur.

The Privacy Shield Frameworks

In light of the judgment of the Court of Justice of the European Union (CJEU) in Case C-311/18, the Privacy Shield framework for the transfer of personal data from the EU to the United States has been invalidated.  Transfers of personal data between the EU and the United States are now based on the Standard Contractual Clauses (SCCs) and data processing agreements.

However, Omnicell remains certified under the Privacy Shield Frameworks and is fully committed to its principles.  The Federal Trade Commission has jurisdiction over Omnicell’s compliance with the Privacy Shield Frameworks. Omnicell’s U.S. affiliates, namely Omnicell, Inc., Omnicell International, Inc., Medpak Holdings, Inc., MTS Medication Technologies, Inc., MTS Packing Systems, Inc., and Ateb, Inc. (EnlivenHealth™) (collectively “Omnicell US”) comply with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, to the United States.  Omnicell US has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield Frameworks and to view our certification, please visit https://www.privacyshield.gov/.

E-Mail: EnlivenHealth™@2b-advice.com

Omnicell has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.

An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Omnicell and afford Omnicell an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles: https://www.privacyshield.gov/article?id=11-Dispute-Resolution-and-Enforcement-d-e; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.

In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner’s authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner’s authority.

In the context of an onward transfer, Omnicell, as a Privacy Shield Organization, has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Omnicell organization shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Omnicell commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

The main EU DPAs with which we cooperate and to which we have notified our DPO are the following:

United Kingdom

Information Commissioner’s Office

Address

Wycliffe House, Water Lane, Wilmslow

Cheshire SK9 5AF

https://ico.org.uk/

Telephone: 0303 123 1113

Fax: 01625 524510

Italy

Garante per la protezione dei dati personali

Address:

Piazza Venezia n. 11 – 00187 Roma

www.gpdp.it –  www.garanteprivacy.it

Telephone: (+39) 06.69677.1

Fax: (+39) 06.69677.3785

E-mail:  garante@gpdp.it

France

CNIL (Commission Nationale de l’Informatique et des Libertés)

Address:

3 Place de Fontenoy TSA 80715

75334 PARIS CEDEX 07, France

Telephone: +33 (0)1.53.73.22.22

Fax: +33 (0)1.53.73.22.00

E-Mail: servicedpo@cnil.fr

Netherlands

Autoriteit Persoonsgegevens

Address

PO Box 93374

2509 AJ DEN HAAG

https://www.rijksoverheid.nl/contact/contactgids/autoriteit-persoonsgegevens

Telephone: (+31) – (0)70 – 888 85 00

Fax: (+31) – (0)70 – 888 85 01

Germany (Darmstadt)

The Hessian Commissioner for Data Protection and Freedom of Information

Address

Gustav-Stresemann-Ring 1,  65189 Wiesbaden

Telephone: 0611 – 1408 0

Fax: 0611 – 1408 611

E-mail: poststelle@datenschutz.hessen.de

Germany (Bochum)

State Commissioner for Data Protection and Freedom of Information

Address

North Rhine-Westphalia

Postfach 20 04 44

40102 Düsseldorf

Telephone: 0211 / 38424-0

Fax: 0211 / 38424-10

E-mail: poststelle@ldi.nrw.de

If you are residing, or located, in an EU Member State, you may also contact your local supervisory authority, the government agency charged with the enforcement of privacy laws, for information about your rights as a data subject. Under the law, you have the right to redress for violations of your privacy rights, as well as to seek compensation for violations of your privacy rights. Contact information for the respective supervisory authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.

HIPAA AND HEALTH PRIVACY LAWS

EnlivenHealth™’s handling of information subject to the Health Insurance Portability and Accountability Act (HIPAA) is governed by our HIPAA Statement which is available on the EnlivenHealth™ website.


SECURITY OF YOUR PERSONAL DATA

RETENTION

We delete your personal data which we process based on your consent if you withdraw your consent, or when you request us to erase your personal data in accordance with this Notice. We will retain your personal data when we have a legitimate interest to do so. For example, we may retain your personal data to resolve disputes, enforce our EnlivenHealth™ Website Terms and Conditions or other user agreements, or comply with legal requirements, including (tax) retention obligations; in that event, your personal data will be blocked from use for any other purpose. In any case, EnlivenHealth™ will not retain your personal data longer than necessary for the purposes set out in this Notice.

YOUR DATA SUBJECT RIGHTS

  • Request access to your personal data in order to receive a copy of the personal data we hold about
  • Request correction of the personal data that we hold about you in order to correct any incomplete or inaccurate information. New information provided to us may require
  • Request erasure of your personal data where a legitimate interest for us to process such personal data does not exist. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be provided to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal
  • Request restriction of processing of your personal
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party at your direction, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you (a) initially provided consent for us to use, (b) where we utilized the personal data to perform a contract, or (c) we utilized the personal data to provide services to
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you object to processing on the basis that the processing impacts your fundamental rights and In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data, which override your rights and freedoms. You may, however, control the extent to which we market to you, and you have the right to request that we stop sending you marketing messages at any time.
  • Withdraw consent at any time where we are relying on consent to process your personal However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In particular, you may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as  emails  about  our ongoing business relations. You may also send requests about your contact preferences and changes to your personal data including requests to opt-out of sharing your personal data with third parties by clicking on the Individual Data Requests link at the top of this Notice.

CHANGES TO THIS NOTICE

If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Site. These changes will be effective immediately for new users of our Site. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address. In the event that the last email address that you have provided to us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Site or service, following notice of such changes after such emails are sent shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

EnlivenHealth™ COOKIE POLICY

This Cookie Policy (“Cookie Policy”) explains how EnlivenHealth™ and its affiliates (collectively, “EnlivenHealth™”, “we”, or “us”) uses cookies on its website(s), related applications, or online services operated by EnlivenHealth™, (collectively, “Site(s)”) which all link to this Cookie Policy as of August 1, 2020.

What is a Cookie?

To ensure our Site(s) work properly and to provide the most up to date and relevant information to the user of such Site(s) (“User” or “you”), EnlivenHealth™ places cookies on your device. Cookies are small files or part of a file stored on an internet user’s computer, creating and subsequently read by a website server, and containing personal information (such as user identification code, customized preferences, or a record of pages visited). Cookies enhance a User’s experience when using the Site(s). In addition, cookies help EnlivenHealth™ to understand how Users use our Site(s) so that we can make improvements to better serve you. This Cookie Policy provides you with information about cookies and how to control them for the Site(s).

What Cookies does EnlivenHealth™ use on its Site(s)? Essential Cookies

Essential cookies are necessary for the Site(s) functionality and cannot be disabled by Users. These cookies do not gather information about you that could be used for marketing purposes and do not remember where you have been on the internet.

Performance and Functionality

Performance and functionality cookies are used to enhance the performance and functionality of our Site(s), but are not essential to its use. However, without these cookies, certain functionality may become unavailable. Performance and functionality Cookies will only be activated upon providing your consent.

Analytics Cookies

  • EnlivenHealth™ uses Google Analytics Cookies to help analyze how Users use the Site(s). Google Analytics uses Cookies to collect information, such as how often Users visit the Site(s), what pages they visit and what other sites they used prior to coming to the Site(s). EnlivenHealth™ uses the information it gets from Google Analytics only to improve its Site(s) and services. Google Analytics collects only the IP address assigned to a User on the date they visit the Site(s), rather than a name or other personally identifying information. EnlivenHealth™ does not link the information generated through the use of Google Analytics to other personal data. Although Google Analytics plants a persistent cookie on a web browser to identify a visitor as a unique User the next time such User visits the Site(s), the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about visits to the Site(s) is restricted by the data processing agreement Omnicell has concluded with Google. To review a summary of the privacy of your Google Analytics cookies, please click here: https://support.google.com/analytics/answer/6004245. You can prevent your personal data from being used by Google Analytics by downloading and installing Google Analytics Opt-Out Browser Add-on, accessible through the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Marketing Cookie

A marketing cookie collects personal information such as your name, pages visited on our Site(s), a User’s history arriving at our website, and the like. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.

Third Party Website Cookies

Third party cookies do not originate from EnlivenHealth™’s Site(s). Rather, they are from a third party, such as an advertiser. These cookies collect information on a User’s behavior, demographics, or personalized marketing. When visiting our Site(s), a User may encounter embedded content or be directed to a website for activities. These websites and embedded content use their own cookies. EnlivenHealth™ does not have control over the placement of cookies by third parties, even if a user is directed to these cookies as a result of visiting our Site(s). However, if you do not want cookies placed on your device by a third party, many third parties offer ways to opt-out of these cookies.

Deletion and Control of Cookies

If you consented to cookies placed on your device but then wish to disable such cookies, please note that many of the cookies used on EnlivenHealth™’s Site(s) can be enabled/disabled through a User’s browser. To disable cookies through a browser, follow instructions located within the “Edit”, “Tools” or “Help” menus in the browser. Disabling a cookie or category of cookies does not delete the cookie from a User’s browser unless manually completed through a User’s browser function.

Past Cookies

Collection of a User’s data from EnlivenHealth™’s analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used. However, EnlivenHealth™ will cease using the disabled cookie to collect any further information from your user experience.

Contact Us

Questions or requests may be directed to privacy@omnicell.com