Privacy Shield Notice

INTRODUCTION

HealthTap, Inc. and its U.S. controlled subsidiaries (collectively, "HealthTap", "we, "our" or "us") respect your privacy. This Privacy Shield Notice ("Notice") describes our standards and procedures for handling Personal Information transferred from the European Economic Area ("EEA") and Switzerland to the U.S. in accordance with HealthTap's obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

HealthTap has subscribed to and will adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles ("Principles"). More information about the Privacy Shield can be found at www.privacyshield.gov. Our Privacy Shield certification can be found at www.privacyshield.gov/list.

For the purpose of this Notice, "Personal Information" means any data relating to an identified or identifiable individual (our "members", "you", or "your"), including, for example, name, address, telephone number, e-mail address, as well as healthcare information; and "processing" means any operation performed on Personal Information, such as, for example, collection, use, management, virtual consults or disclosure. This Notice supplements our HealthTap Privacy Statement. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Statement. In case of conflict between this Notice and the Principles, the Principles will govern.

We obtain and process Personal Information from the EEA and Switzerland in different capacities:

  • As a data controller, we collect and process EEA and Swiss Personal Information directly from members, either via our publicly available websites, including www.HealthTap.com, our mobile device application or in connection with our customer, partner, and vendor relationships.
  • As an agent (as that term is used in the Principles), we obtain and process EEA and Swiss Personal Information on behalf of and under the instructions of our members in connection with healthcare services HealthTap provides, such as Personal Information stored by members using our Doctor A.I. application. In that context, members are the data controllers or agents and the roles and responsibilities of the parties for the processing of Personal Information are defined in our agreements with members.

HealthTap commits to comply with the Principles with respect to all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.

PRIVACY SHIELD PRINCIPLES

  1. Notice

    HealthTap's Privacy Statement, in combination with this Notice, describes our privacy practices with respect to Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.

  2. Choice

    When providing our Services, our members choose the types of Personal Information we process and the purposes of the processing. Accordingly, our affiliated service partners, e.g.- prescription services, are sometimes responsible for providing notice to members. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, members will be given, where practical and appropriate, an opportunity to opt out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, members must opt-in before such use or transfer.

  3. Accountability for Onward Transfer of Personal Information

    HealthTap may transfer Personal Information for the purposes described in the HealthTap Privacy Statement to a third party acting as a data controller or as an agent. If we intend to disclose Personal Data to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. When providing our Services, we disclose Personal Information as provided in our agreement with members.

    We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

  4. Security

    HealthTap takes reasonable and appropriate precautions, considering the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

  5. Data Integrity and Purpose Limitation

    Any Personal Information we receive may be used by HealthTap for the purposes indicated in our HealthTap Privacy Statement or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

    We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Members are encouraged to keep their Personal Information with HealthTap up to date and may contact HealthTap as indicated below or in the HealthTap Privacy Statement to request that their Personal Information be updated or corrected.

    We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the HealthTap Privacy Statement, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

    When providing our Services, we process and retain Personal Information as necessary to provide our services as permitted in our agreement with members, or as required or permitted under applicable law.

  6. Access

    Members have reasonable access to their Personal Information via their application account and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. You may request access to your Personal Information by contacting us as described below and through the Help & Support communication features in the application.

    When providing our Services, we only process and disclose the Personal Information as specified in our agreements with members. Our customer controls how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to which you submitted your Personal Information and that uses our Services. If you contact us with the name of our customer to which you provided your Personal Information, we will refer your request to that customer and support them in responding to your request.

  7. Recourse, Enforcement and Liability

    HealthTap has established procedures to periodically verify implementation of and compliance with the Principles. HealthTap conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions HealthTap makes about its practices are true and that such practices have been implemented as represented.

    Please refer to HealthTap's Terms of Use for a complete description of Indemnification & Exclusions, Limitations and Liability.

    HealthTap is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission ("FTC"). In certain situations, HealthTap may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Individuals may file a complaint with our US Privacy Office at [email protected], if they have any complaints with HealthTap's processing of their personal data under the Privacy Shield Program. If the dispute is unable to be resolved through HealthTap's internal processes, HealthTap offers a variety of options for the individual to resolve their dispute. If the dispute involves data collected in the context of an EU resident's employment relationship, we will cooperate with competent EU or Swiss data protection or labor authorities and comply with the advice of such authorities. If those authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance. If the dispute involves other types of data, individuals may file a claim with Judicial Arbitration and Mediation Services (JAMS) here. Under certain circumstances, an individual may invoke binding arbitration. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration.

Amendment

This Notice may be amended consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. When we update this Notice, we will also revise the "Last Updated" date at the bottom of this document.

Contact for Questions or Complaints

If you have any questions, concerns or complaint regarding our privacy practices, or if you'd like to exercise your choices or rights, you can contact us:

  • By email to: [email protected]
  • by mailing to: HealthTap, Inc., Attn: Compliance, 270 University Ave., Palo Alto, 94301
Last updated: Nov 15, 2018