Welcome to ARDIG!
ARDIG is owned and operated by ARDIG Corp.
1. GENERAL INFORMATION
Will be under responsibility and in charge of:
(Hereinafter referred to as “ARDIG”).
2. TYPES OF INFORMATION GATHERED
The information we collect from our users helps us to deliver our services effectively and to personalize and continually improve the user's experience on the platform. These are the types of information we collect:
Information You Give Us. You provide information when you provide, search, read and view content on the platform, register as a user, schedule an appointment with a doctor through our platform, use the features available on the platform, provide information through the use of the platform and our services and/or communicate with us through our contact information or contact forms. As a result of those actions, you might supply us with the following information:
· Full name
· Age and date of birth
· Email address
· Phone number
· Information related to the user's health
· Any additional information relating to you that you provide to us directly or indirectly through our website or online presence such as ‘cookies’.
ARDIG will not collect any personally identifiable information about you, unless you provide it.
Information Collected Automatically: By accessing and using the website you automatically provide us with the following information:
· The device and usage information you use to access the website
· Your IP address
· Browser and device characteristics
· Operating system
· Referring URLs
· Your location
If you access the website through a mobile phone, we will collect the following information:
· Mobile device ID
· Model and manufacturer
· Operating system
· Version information
· IP address
Payment information: Your payment data will be processed by the payment processors available on this website (Stripe), which will process and store your data securely and for the sole purpose of processing the purchase of services. ARDIG reserves the right to hire any payment platform available on the market, which processes your data for the sole purpose of processing the purchase of services.
3. HIPPA AND CONFIDENTIAL INFORMATION
ARDIG complies with the regulations contained in the Health Insurance Portability and Accountability Act (HIPPA) with respect to individually identifiable health information, known as protected health information, that users provide through the platform.
Healthcare professionals have a duty to take reasonable steps to preserve the confidentiality of personal health information that users provide through the platform. All health-related information provided by users through the use of the platform will be treated as confidential information and will not be disclosed unless the user expressly authorizes disclosure.
Health-related information provided by users through the platform will be treated as confidential and will be treated in accordance with the following regulations contained in the Health Insurance Portability and Accountability Act (HIPAA):
· In accordance with the Health Information Privacy Act (HIPAA), which specifies the following:
· Everyone should be able to see and obtain copies of his or her medical records and request that any errors they may contain be corrected.
· Any person legally authorized to make health care decisions on behalf of another person who lacks capacity to do so has the same right of access to private health information as the person in question.
· Health care professionals must regularly disclose how they ensure the confidentiality of medical information.
· Health professionals may share an individual's medical information, but only among themselves and only to the extent necessary to provide necessary care or to manage payment for treatment.
· Personal health information may not be disclosed for marketing purposes.
· Health care professionals must take the necessary precautions to ensure the confidentiality of their communications with the patient.
With respect to the use of the platform as a user, ARDIG complies with the regulations contained in the HIPPA and in accordance with the following provisions:
· Information provided by users through the platform will be hosted and stored by the Google Cloud and Cloud Firestore service. All content and information provided by the user through the use of the platform is encrypted at rest in Google Cloud Platform and Cloud Firestore. Security and compliance measures to facilitate HIPAA compliance are deeply integrated into the Google Cloud and Cloud Firestore security infrastructure and design.
· Our website or platform has an SSL certificate which encrypts the information that the user provides through the use of our platform. The user can check the security of the website and the existence of the SSL certificate by clicking on the padlock icon next to the navigation bar.
· The SSL certificate encrypts all the information that the user provides through the platform including the information provided through the web forms.
· ARDIG uses the Paubox email service to send emails to our users. Paubox is an email service specializing in HIPPA compliance. Emails sent through the Paubox service are encrypted to ensure the filtering of information.
· Patient data will only be displayed to logged-in physicians and to physicians who have an appointment with that patient. After several minutes of inactivity, the session is logged out and the user must log back in.
· PHI is only accessible to authorized persons and for the sole and exclusive purpose of providing the platform functionalities correctly.
· Backup and restore of PHI is provided by Firestore Database.
Users may file complaints about the privacy practices of health care professionals (directly with the health care professional or with the appropriate government agency, in the case of the United States with the Office for Civil Rights of the Department of Health and Human Services).
4. HOW LONG WE KEEP YOUR DATA
Personal data provided by users through the platform will be kept for the time necessary to provide the platform and the functionalities available on the platform or until the user keeps the user account on the platform or decides to close it or until ARDIG closes and deletes the user account. ARDIG may retain personal data for a longer period where the user has given consent to such processing, provided that such consent is not withdrawn. In addition, ARDIG may be obliged to retain personal data for a longer period if this is necessary for compliance with a legal obligation or by order of an authority. Once the retention period expires, the personal data will be deleted. Therefore, the right of access, the right of erasure, the right of rectification and the right to data portability cannot be asserted once the retention period has expired.
5. HOW WE USE YOUR INFORMATION.
In general, we use the information we collect primarily to provide, maintain, protect and improve our platform and services. We use personal information collected through our platform and website as described below:
· User registration.
· Schedule appointments.
· Provide the services.
· Process payments.
· Provide the functionalities available on the platform.
· Improve our website and platform.
· Understand and enhance your experience using our website and platform.
· Respond to your comments or questions through our support team.
· Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages.
· Sending notifications and other messages via SMS messages.
· Communicate with you about upcoming events, offers and news about products and services offered by ARDIG and our selected partners.
· Marketing purposes of ARDIG.
· Link or combine your information with other information we get from third parties to help understand your needs and provide you with better service.
· Protect, investigate and deter against fraudulent, unauthorized or illegal activity.
6. HOW DO YOU GET MY CONSENT?
7. HOW WE SHARE INFORMATION
The personal information of our users is an important and fundamental part of our business. Under no circumstances will we sell or share information with third parties that has not been previously authorized by the user or owner of the personal data. We share user information solely and exclusively as described below.
We use third-party services to perform certain functions on our behalf and through our website and platform. Examples include building and hosting the platform (Google Cloud, Cloud Firestore), processing payments (Stripe), sending emails (Paubox), provide backups and restoration of PHI (Cloud Firestore), analyzing data (Google Analytics), providing marketing assistance and delivering search results.
ARDIG We release personal information when we believe release is appropriate to comply with the law, enforce or apply our Terms and conditions and other agreements, or protect the rights, property, or safety of ARDIG, our users or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Other than as set out above, you will receive notice when personally identifiable information about you might go to third parties, and you will have an opportunity to choose not to share the information.
ARDIG uses the anonymous browsing information collected automatically by our servers primarily to help us administer and improve the platform. We may also use aggregated anonymous information to provide information about the platform to potential business partners and other unaffiliated entities. This information is not personally identifiable.
The email address that you supply to us for purposes of receiving our email communications will never be rented or sold to a third party.
8. PROTECTING YOUR INFORMATION
ARDIG protects the information that the user provides through the use of the platform and complies with the regulations contained in the HIPPA and in accordance with the following provisions:
· The information provided by users through the platform will be hosted and stored by the Google Cloud and Cloud Firestore service. All content and information provided by the user through the use of the platform is encrypted at rest on Google Cloud Platform and Cloud Firestore. Security and compliance measures to facilitate HIPAA compliance are deeply integrated into the Google Cloud and Cloud Firestore security infrastructure and design.
· Our website or platform has an SSL certificate that encrypts the information the user provides through the use of our platform. The user can check the security of the website and the existence of the SSL certificate by clicking on the padlock icon next to the navigation bar.
· The SSL certificate encrypts all information that the user provides through the platform including information provided through the web forms.
· ARDIG uses the Paubox email service to send emails to our users. Paubox is an email service specializing in HIPPA compliance. Emails sent through the Paubox service are encrypted to ensure information filtering.
· Patient data will only be displayed to logged-in physicians and those who have an appointment with that patient. After several minutes of inactivity, the session is logged out and the user must log back in.
· PHI is only accessible to authorized individuals and for the sole and exclusive purpose of correctly providing the platform's functionalities.
· Backup and restore of PHI is provided by Firestore Database.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while ARDIG strives to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Users who provide information through our website and platform, as data subjects and data owners, have the right to access, rectify, download or delete their information, as well as to restrict and object to certain processing of their information. While some of these rights apply generally, others apply only in certain limited circumstances. We describe these rights below:
· Access and portability: to access and know what information is stored in our servers, you can send us your request through our contact information.
· Rectify, Restrict, Limit and/or Delete: You can also rectify, restrict, limit or delete much of your information.
· Right to be informed: Users of our platform will be informed, upon request, about what data we collect, how it is used, how long it is retained and whether it is shared with third parties.
· Object: When we process your information based on our legitimate interests as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have compelling legitimate reasons to continue processing it or where it is necessary for legal reasons.
· Revoke consent: Where you have previously given your consent, such as to allow us to process and store your personal information, you have the right to revoke your consent to the processing and storage of your information at any time. For example, you may withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a legal basis for doing so or if your withdrawal of consent was limited to certain processing activities.
· Complaint: If you wish to file a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users can exercise all these rights by contacting us through the contact information or the contact page.
· Rights related to automated decision-making, including profiling: Platform users may request that we provide a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.
Users or owners of the personal information they provide through the platform and website may exercise these rights over their personal information at any time and without any limitation by sending us their request through our contact information.
11. THIRD PARTIES
12. GOOGLE API SERVICE
We collect and use Google user data, including but not limited to user names, email addresses, and calendar event information, for the sole purpose of providing appointment scheduling and management features within our doctor dashboard.
Our application may request permissions to access your Google account, including read and write access to your Google Calendar. These permissions are necessary for us to view, create, update, and remove calendar events as part of the appointment management process.
We use Google user data obtained through the Google Calendar API solely for managing appointments and facilitating communication between patients and doctors. This data is not used for any other purposes, such as marketing or third-party sharing.
Your Google user data is securely stored in compliance with relevant data protection regulations. We have implemented robust security measures, including encryption and access controls, to protect the confidentiality and integrity of your data.
You have the ability to revoke or modify the permissions granted to our application for accessing your Google data. Instructions on how to do this can be found here. You can also request the deletion of your account or data by contacting our support team at email@example.com.
ARDIG use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
13. CONTACT US