THE COMPANY IS NOT A MEDICAL PROVIDER NOR IS IT A "COVERED ENTITY" SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCONTABILITY ACT OF 1996, COMMONLY REFERRED TO AS "HIPAA".
I INFORMATION WE COLLECT
1. Personally-identifiable information
Our Website and our Service Providers only collect personally identifiable information ("PII") with your consent. Collection of PII occurs if you register for an appointment on the Website, subscribe to a newsletter, tweet to us, or use other features and resources on the Website. You may visit our Site anonymously, but that may prevent you from accessing certain Website features or Services. The PII we may collect includes the following items for:
1. Your patient profile:
- first and last name
- home address
- home telephone number
- credit card number, security code and expiration date
- cancer diagnosis
- health insurance account numbers
- medical history
- cancer screenings
- cancer history and treatments
- genetic information
- pathology reports
- Your diagnostic images
- Your clinical information and data
2. Health provider profiles:
- Oncologist first and last name
- Oncologist email address
- Oncologist employer
- Oncologist address
- Oncologist telephone number
- Oncologist's notes
3. Service Provider profiles:
- Service Provider first and last name
- Service Provider email address
- Service Provider employer
- Service Provider address
- Service Provider telephone number
- Service Provider work product
2. Protected Health Information and Sensitive Personal Information
We will collect and store sensitive personal information and data about you, including credit card numbers, health insurance account numbers, protected health information about your cancer treatment, such as your cancer diagnosis, cancer screenings, cancer history and treatments, and genetic information and treatments that your oncologist can use to identify your choice of cancer treatment options. Please be aware that:
- Loss, misuse, modification, or unauthorized access of your Sensitive Personal Information can adversely affect your privacy or welfare depending on the level of sensitivity and nature of the information.
- You may refuse to provide your protected health information to the Website but you and your health care providers will not be able to use our Services.
3. Non-Personally Identifiable Information:
Our Website and Service Providers may collect non-personally identifiable (anonymous) information ("Non-PII") from visitors including cancer patients, health care providers and staff, clinical staff, oncology experts, data analysts, and health plan administrators. Non personally-identifiable information is any information that, by itself, cannot be directly associated with you. This may include age, gender, cancer type, genetic information, cancer screening, cancer treatment, oncologist's name, and other information we collect. It may also include data about your visit to the Website collected by Cookies.
"Cookies" are short computer codes known as cookies, web beacons, and other technologies that collect and store Non-PII when you visit our Website or share Website content through a social media account. The following are examples of Non-PII third party service providers collect with Cookies:
Cookies that may uniquely identify your browser session and the other website you have visited
- Browser type and operating system
- Hardware settings
- Date and time of visit
- Website pages you visited
- Web page that referred you to Massive Bio
- Web pages your visit after leaving the Website
4. California Online Personal Privacy Act Disclosures:
1. When you visit our Website, our Service Providers may drop a Cookie on your browser to remember your preferences and collect analytical data about your visit. The Website does not employ technology to track you across multiple websites or override the privacy settings in your web browser.
2. Our Service Providers do not track Website visitors across multiple websites or override the privacy settings in your web browser. If you access our social media sites from the Website, be aware that the social media platforms may track you by across multiple websites and disregard the privacy settings in your web browsers.
5. Social Media
If you sign in to the Website through your social media account, you consent to our collecting your user name and email address.
6. Canadian and European Union Users
We do not intend to collect PII from Canadian and European Union users. If you are from the European Union or Canada, do not provide us with PII, use our Services, or the Website. If we learn that we collected PII from a user from the European Union or Canada, we will promptly delete that information.
The Company does not knowingly collect, store or disclose information about children under the age of 18 without parental consent. If we receive information from a child that we know to be under the age of 18, we will use that information only to inform the child that we must have parental consent.
8. Information about You from Other Sources:
We collect personal information about you on the Website and from other sources, including data from: your oncologists, oncology practice staff, clinical staff, health claims administrators, and patient benefits organizations. All information we collect about you may be combined by us to provide Services to you including: data analysis for identifying testing and treatment options, and, when de-identified, for our research efforts and to improve our Services and Website.
II HOW WE USE AND SHARE YOUR PERSONAL INFORMATION
1. How we use Personally-Identifiable Information (PII)
We will use your PII to: (i) communicate with you and your oncologist about our Services; (ii) register you as a patient, oncologist, health care provider staff, expert oncologist, or practice administrators that assist or support patients; (iii) collect data for patient profile; (iv) interpretation of genetic profiling data to provide a range of treatment options for difficult or complex cases; (v) determine patient eligibility for assistance programs for certain out-of-pocket health care costs; (vi) submitting requests to your health insurer for reimbursement purposes; and (viii) provide: (a) guidance and recommendations regarding an array of treatment options ranging from standards of care to experimental treatments; (b) clinical data to support use of off-label medications; (c) range of various clinical trials appropriate for and convenient to you; and (d) consulting and remote access to bioinformatics and molecular expertise to support your patient presentations at tumor boards.
2. How we use Non-Personally Identifiable Information (Non-PII)
We also use Non-PII to monitor and improve the quality of our Services and Website, to remember your Website preferences and selections, and for data research and statistical purposes. We use Non-Personally Identifiable Information in consulting services to other users, for research, and to share, lease, or sell our data and analysis to patient assistance programs, clinical laboratories, cancer screening providers, pharmaceutical manufacturers, and oncologists for improvement of their professional services, screening and treatment products, and to educate the public about the services we provide.
3. Other Uses of Personal Information
We may transfer personal information to Service Providers such as outside contractors, auditors, consultants or others hired by the Company to assist in providing financial or operational activities on the Company's behalf, including technical and processing services and analysis of website performance.
4. Legal Requirements
We may transfer PII to other third parties if we receive your permission or we are required to do so by law, or we have a good faith belief that such disclosure is necessary to comply with a current judicial proceeding, a court order, a legal process served on the Company or to resolve any potential fraud or perceived irregularity in any audits of the accuracy of any documentation or information submitted to the Company by you or on your behalf, as deemed appropriate by the Company.
5. Transfers of Business Assets
In the event the Company goes through a transaction, such as a merger, being acquired by another entity, bankruptcy, or selling all or a portion of its assets, your PII may be part of the business assets transferred. We can provide no assurance that you will be notified in advance of the transfer, if any, of your PII in connection with any such transition or transfer.
6. Protection of Massive Bio and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of our Company, employees, users, or others. This includes exchanging information with other companies and organizations for fraud protection and data breach risk reduction.
7. Aggregate or Anonymous Information
We may share your personal information and user data in aggregate or anonymously: to improve our Services, to share with Service Providers and other third parties, and in our annual report and marketing materials.
8. With Consent
Except as set forth above, you will be notified when PII may need to be shared with third parties, and will be able to prevent the sharing of this information.
9. Links to Other Websites
The Company website includes links (the "Linked Sites") to other websites. In providing access to these Linked Sites, the Company is by no means endorsing the products or services on these Linked Sites. The Company is not responsible for the privacy practices or the content of the Linked Sites, and hereby expressly disclaims all responsibility and liability associate with use of the Linked Sites. We recommend that you review the privacy statements posted on those sites to understand their procedures for using and disclosing personal information.
III HOW WE PROTECT AND RETAIN YOUR INFORMATION
We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include secure socket layers, firewalls and encryption, internal reviews of our data collection, storage and processing practices, and security measures, as well as physical security measures to guard against unauthorized access to systems. However, because the internet and mobile web are inherently insecure and no information system is 100% secure and even the most secure system can be compromised, we cannot guarantee security.
If we retain PII on our systems, we restrict access to PII to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our Website and Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.
We delete and destroy individual records of PII and all Non-PII according to Company's Record Retention Schedule.
IV HOW TO CONTROL AND CORRECT YOUR INFORMATION
1. Correcting your Personal Information
To gain access to personal information about you collected online, and to keep it accurate, complete and current, or to request deletion, you may contact us at firstname.lastname@example.org. In some cases, where we are required to retain information by law or regulation, or to continue to manage a service you have requested, or to ensure that we honor your preferences, or for other necessary business purposes, we may not be able to delete certain personal information about you.
2. Your California Privacy Rights:
Under California Civil Code Section 1798.83, California residents who have an established business relationship with us have the right to request that we provide certain information regarding the disclosure of their personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may send your request for such information to email@example.com. Requests shall only be accepted via this email address. We are not responsible for requests made over the telephone or by any other means.
3. Learn More about Cookies, Web Beacons, and other Technologies
- All About Cookies: www.allaboutcookies.org/cookies/
- Google: www.google.com/analytics/learn/privacy.html
- Google Chrome: http://www.google.com/chrome/intl/en/more/privacy.html
- Microsoft Internet Explorer: www.microsoft.com/info/cookies.htm
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Options+window+-+Privacy+panel
- Flash: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
4. Limitation of Liability.
5. Unavailability of Website
The Company reserves the right to alter, suspend or discontinue this website at any time for any reason without notice or cause. This website may be temporarily unavailable due to maintenance or malfunction of computer equipment.