EnlivenHealth™ Privacy Notice
Effective Date: August 1, 2020
- Privacy Notice Overview
- The Kinds of Information We Collect
- How We Use the Information We Collect
- Information We Share
- For California Residents
- International Transfers of Information
- Securing Your Data
- Your Data Subject Rights
- Contact Us
PRIVACY NOTICE OVERVIEW
This Privacy Notice (“Notice”) is designed to inform you about how we collect, use, and share your personal data through our website(s) (our “Site”), related applications, products, services, and web-based and mobile applications (collectively, the “Services”) operated by EnlivenHealth™, or when you interact with us online.
THE KINDS OF INFORMATION WE COLLECT
Information You Provide to Us Directly
We collect personal data you provide to us in the following instances:
- If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a
- We also collect personal data at such other points on our site and applications that expressly state that personal data is being
Information About You Collected Via Technology
When you visit our Sites, some information is automatically collected.
- Log Files. We gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”) data, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information for purposes including analyzing trends, Site administration, tracking users’ movements around the Site and tailoring our Services to our users’ needs. Except as noted in this Notice, we do not link this automatically collected data to other personal data we have collected from you.
web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the data processing agreement which we have concluded with Google. You can prevent your personal data from being used by Google Analytics by downloading and installing Google Analytics Opt-Out Browser Add-on, accessible through the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
HOW WE USE THE INFORMATION WE COLLECT
We use, collect, share, and otherwise process personal data for the purposes described in this Notice or as disclosed to you on our Sites or in connection with our services. We only collect the minimum amount of personal data needed to perform the specific processing activity for which the personal data was collected.
Performance of the Services
We process your personal data for the performance of the contractual obligations specified in our EnlivenHealth™ Website Terms and Conditions and/or in order to provide the services to you. This includes, for example, using your personal data for:
- operating our Sites;
- providing and delivering the products and services you request, including payment processing; or
- sending you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
We process your personal data based on your consent in order to communicate with you regarding new contests, promotions, rewards, upcoming events, and other news about products and services offered by EnlivenHealth™ and our selected partners.
We process your personal data when we have a legitimate interest to do so. This includes, for example, processing your personal data for:
- improving our Sites, products, services and the safety and security of our services, websites, and applications including facilitating identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;
- understanding you and your preferences in order to enhance your experience and enjoyment using our Sites, products, and services;
- responding to your comments and questions and providing customer service;
- linking or combining your personal data with other personal data we obtain from third parties without personally identifying you to such third parties in order to help understand your needs and provide you with better service;
- compliance with a judicial or administrative order or in the course of judicial or administrative proceedings;
- protecting the rights and property of EnlivenHealth™ and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and
We may create anonymized data records from personal data by rendering data anonymous in such a way that you, the data subject, are no longer identifiable. We use this anonymized data to analyze request and usage patterns so that we may enhance the content of our products and services and improve Site navigation. EnlivenHealth™ reserves the right to use anonymized data for any purpose and disclose anonymized data to third parties in our sole discretion.
We process your personal data for compliance with any legal obligation to which we are subject.
INFORMATION WE SHARE
(Information About You We Obtain from Third Parties or Information about You that You Made Publicly Available)
We disclose your personal data as described in this Notice below. Additionally, we reserve the right to share your personal data when you have: (1) consented to such processing and have the ability to unilaterally revoke your consent at any time, or (2) have expressly made such personal data public, subject to limitations under applicable law. Personal data shared with third parties for purposes of processing will only be shared pursuant to a data processing agreement.
· Service Providers, Consultants and Vendors
- performance of the contractual obligations in our EnlivenHealth™ Website Terms and Conditions and in order to provide the services to you;
- serving our legitimate interests and those of third-party vendors, consultants, and other service providers
- protecting the personal safety and property of EnlivenHealth™, its customers, or any other third party;
- providing or improving our services and the safety and security of our services, websites, and applications including facilitating
identification and authentication, targeted online and offline marketing, for general research and aggregate reporting, customization of website and application customer experiences;
- enabling third parties to perform services on behalf of EnlivenHealth™ including, but not limited to, payment processing, research, analytics, and security; or
· Public Authorities, Including Courts and Law Enforcement Agencies
- compliance with a legal obligation or judicial or administrative order or in the course of judicial or administrative proceedings;
- protecting the rights and property of EnlivenHealth™ and our agents, customers, and third parties including, but not limited to, the right to enforce our agreements, policies, and terms and conditions;
· Third Parties:
- facilitating the negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all, or a portion of our business or assets to another company. In the event of an insolvency, bankruptcy, or receivership, personal data may also be transferred as a business If another entity acquires our company, business, or assets, that entity will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Notice. EnlivenHealth™ will not disclose your personal data to Third Parties without your express, revocable consent except as specified in this Notice.
FOR CALIFORNIA RESIDENTS
For avoidance of doubt, “Consumer” means any California resident, and “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as more fully defined in the California Consumer Privacy Act (CCPA).
- In no event will EnlivenHealth™ sell Personal Information provided by a Consumer. EnlivenHealth™ does not offer financial incentives to Consumers for the collection of Personal Information or the deletion of Personal Information. Except as permitted by the CCPA and in accordance with any program of financial incentives established by EnlivenHealth™, if any, EnlivenHealth™ will not discriminate against a Consumer because the Consumer exercised any rights under the CCPA by denying goods or services to the Consumer; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services to the Consumer; or suggesting that the Consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Inquiries concerning CCPA or our compliance with the CCPA may be directed to us by email at email@example.com, or to our toll-free telephone number at (800) 671-0535.
INTERNATIONAL TRANSFERS OF INFORMATION
If you are user of the Site residing outside of the United States, by visiting the Site and providing us with personal data, you acknowledge and agree that your personal data may be processed for the purposes identified in this Notice. In addition, your personal data may be processed in the country in which it was collected, but also in other countries outside of your country of Residence, including the United States, where laws regarding processing of personal data may be less stringent than or otherwise differ from the laws of the country in which you reside or are located when using our services.
Privacy laws and regulations in certain countries, including the rights of governmental authorities to access your personal data, may differ from those in the country in which you reside or are located when using EnlivenHealth™’s services. EnlivenHealth™ will only transfer personal data to governmental entities when authorized by the laws of the countries in which such transfers of personal data occur.
The Privacy Shield Frameworks
In light of the judgment of the Court of Justice of the European Union (CJEU) in Case C-311/18, the Privacy Shield framework for the transfer of personal data from the EU to the United States has been invalidated. Transfers of personal data between the EU and the United States are now based on the Standard Contractual Clauses (SCCs) and data processing agreements.
However, Omnicell remains certified under the Privacy Shield Frameworks and is fully committed to its principles. The Federal Trade Commission has jurisdiction over Omnicell’s compliance with the Privacy Shield Frameworks. Omnicell’s U.S. affiliates, namely Omnicell, Inc., Omnicell International, Inc., Medpak Holdings, Inc., MTS Medication Technologies, Inc., MTS Packing Systems, Inc., and Ateb, Inc. (EnlivenHealth™) (collectively “Omnicell US”) comply with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, to the United States. Omnicell US has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Frameworks and to view our certification, please visit https://www.privacyshield.gov/.
Omnicell has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Omnicell and afford Omnicell an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles: https://www.privacyshield.gov/article?id=11-Dispute-Resolution-and-Enforcement-d-e; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner’s authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner’s authority.
In the context of an onward transfer, Omnicell, as a Privacy Shield Organization, has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Omnicell organization shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Omnicell commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
The main EU DPAs with which we cooperate and to which we have notified our DPO are the following:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
Garante per la protezione dei dati personali
Piazza Venezia n. 11 – 00187 Roma
www.gpdp.it – www.garanteprivacy.it
Telephone: (+39) 06.69677.1
Fax: (+39) 06.69677.3785
CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy TSA 80715
75334 PARIS CEDEX 07, France
Telephone: +33 (0)18.104.22.168.22
Fax: +33 (0)22.214.171.124.00
PO Box 93374
2509 AJ DEN HAAG
Telephone: (+31) – (0)70 – 888 85 00
Fax: (+31) – (0)70 – 888 85 01
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Telephone: 0611 – 1408 0
Fax: 0611 – 1408 611
State Commissioner for Data Protection and Freedom of Information
Postfach 20 04 44
Telephone: 0211 / 38424-0
Fax: 0211 / 38424-10
If you are residing, or located, in an EU Member State, you may also contact your local supervisory authority, the government agency charged with the enforcement of privacy laws, for information about your rights as a data subject. Under the law, you have the right to redress for violations of your privacy rights, as well as to seek compensation for violations of your privacy rights. Contact information for the respective supervisory authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.
HIPAA AND HEALTH PRIVACY LAWS
EnlivenHealth™’s handling of information subject to the Health Insurance Portability and Accountability Act (HIPAA) is governed by our HIPAA Statement which is available on the EnlivenHealth™ website.
We delete your personal data which we process based on your consent if you withdraw your consent, or when you request us to erase your personal data in accordance with this Notice. We will retain your personal data when we have a legitimate interest to do so. For example, we may retain your personal data to resolve disputes, enforce our EnlivenHealth™ Website Terms and Conditions or other user agreements, or comply with legal requirements, including (tax) retention obligations; in that event, your personal data will be blocked from use for any other purpose. In any case, EnlivenHealth™ will not retain your personal data longer than necessary for the purposes set out in this Notice.
YOUR DATA SUBJECT RIGHTS
- Request access to your personal data in order to receive a copy of the personal data we hold about
- Request correction of the personal data that we hold about you in order to correct any incomplete or inaccurate information. New information provided to us may require
- Request erasure of your personal data where a legitimate interest for us to process such personal data does not exist. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be provided to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal
- Request restriction of processing of your personal
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party at your direction, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you (a) initially provided consent for us to use, (b) where we utilized the personal data to perform a contract, or (c) we utilized the personal data to provide services to
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you object to processing on the basis that the processing impacts your fundamental rights and In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data, which override your rights and freedoms. You may, however, control the extent to which we market to you, and you have the right to request that we stop sending you marketing messages at any time.
- Withdraw consent at any time where we are relying on consent to process your personal However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In particular, you may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations. You may also send requests about your contact preferences and changes to your personal data including requests to opt-out of sharing your personal data with third parties by clicking on the Individual Data Requests link at the top of this Notice.
CHANGES TO THIS NOTICE
If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by posting notice of the changes on our Site. These changes will be effective immediately for new users of our Site. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address. In the event that the last email address that you have provided to us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our Site or service, following notice of such changes after such emails are sent shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
What is a Cookie?
What Cookies does EnlivenHealth™ use on its Site(s)? Essential Cookies
Essential cookies are necessary for the Site(s) functionality and cannot be disabled by Users. These cookies do not gather information about you that could be used for marketing purposes and do not remember where you have been on the internet.
Performance and Functionality
Performance and functionality cookies are used to enhance the performance and functionality of our Site(s), but are not essential to its use. However, without these cookies, certain functionality may become unavailable. Performance and functionality Cookies will only be activated upon providing your consent.
A marketing cookie collects personal information such as your name, pages visited on our Site(s), a User’s history arriving at our website, and the like. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.
Third Party Website Cookies
Third party cookies do not originate from EnlivenHealth™’s Site(s). Rather, they are from a third party, such as an advertiser. These cookies collect information on a User’s behavior, demographics, or personalized marketing. When visiting our Site(s), a User may encounter embedded content or be directed to a website for activities. These websites and embedded content use their own cookies. EnlivenHealth™ does not have control over the placement of cookies by third parties, even if a user is directed to these cookies as a result of visiting our Site(s). However, if you do not want cookies placed on your device by a third party, many third parties offer ways to opt-out of these cookies.
Deletion and Control of Cookies
If you consented to cookies placed on your device but then wish to disable such cookies, please note that many of the cookies used on EnlivenHealth™’s Site(s) can be enabled/disabled through a User’s browser. To disable cookies through a browser, follow instructions located within the “Edit”, “Tools” or “Help” menus in the browser. Disabling a cookie or category of cookies does not delete the cookie from a User’s browser unless manually completed through a User’s browser function.
Collection of a User’s data from EnlivenHealth™’s analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used. However, EnlivenHealth™ will cease using the disabled cookie to collect any further information from your user experience.
Questions or requests may be directed to firstname.lastname@example.org