PRIVACY POLICY
Welcome to ARDIG!
ARDIG is owned and operated by ARDIG Corp.
ARDIG values your privacy and the protection of your personal data. This privacy policy describes what information we collect from you, how we collect it, how we use it, how we obtain your consent, how long we retain it in our databases and, if necessary, with whom we share it.
By registering as a user and using the platform, you are accepting the practices described in this privacy policy. Your use of the platform is also subject to our terms and conditions.
This privacy policy may change from time to time. Your continued use of the platform after we make changes is deemed acceptance of those changes, so please check the policy periodically for updates. This privacy policy has been prepared and is maintained in accordance with all applicable national and international laws and regulations and, in particular, with the Health Insurance Portability and Accountability Act (HIPPA), the Florida Information Protection Act of 2014 (FIPA), the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR - European Regulations).
1. GENERAL INFORMATION
Users' personal data collected through:
Will be under responsibility and in charge of:
(Hereinafter referred to as “ARDIG”).
2. TYPES OF INFORMATION GATHERED
The information we collect from our users helps us to deliver our services effectively and to personalize and continually improve the user's experience on the platform. These are the types of information we collect:
Information You Give Us. You provide information when you provide, search, read and view content on the platform, register as a user, schedule an appointment with a doctor through our platform, use the features available on the platform, provide information through the use of the platform and our services and/or communicate with us through our contact information or contact forms. As a result of those actions, you might supply us with the following information:
· Full name
· Age and date of birth
· Email address
· Phone number
· Information related to the user's health
· Any additional information relating to you that you provide to us directly or indirectly through our website or online presence such as ‘cookies’.
ARDIG will not collect any personally identifiable information about you, unless you provide it.
Information Collected Automatically: By accessing and using the website you automatically provide us with the following information:
· The device and usage information you use to access the website
· Your IP address
· Browser and device characteristics
· Operating system
· Referring URLs
· Your location
If you access the website through a mobile phone, we will collect the following information:
· Mobile device ID
· Model and manufacturer
· Operating system
· Version information
· IP address
Payment information: Your payment data will be processed by the payment processors available on this website (Stripe), which will process and store your data securely and for the sole purpose of processing the purchase of services. ARDIG reserves the right to hire any payment platform available on the market, which processes your data for the sole purpose of processing the purchase of services.
See Stripe's privacy policy here:
· https://stripe.com/gb/privacy
GOOGLE Analytics. We use Google Analytics provided by Google, Inc., USA (“Google”). These tool and technologies collect and analyze certain types of information, including IP addresses, device and software identifiers, referring and exit URLs, feature use metrics and statistics, usage and purchase history, media access control address (MAC Address), mobile unique device identifiers, and other similar information via the use of cookies. The information generated by Google Analytics (including your IP address) may be transmitted to and stored by Google on servers in the United States. We use the GOOGLE Analytics collection of data to enhance the website and improve our service.
Please consult Google's privacy policy here:
· https://policies.google.com/privacy
3. HIPPA AND CONFIDENTIAL INFORMATION
ARDIG complies with the regulations contained in the Health Insurance Portability and Accountability Act (HIPPA) with respect to individually identifiable health information, known as protected health information, that users provide through the platform.
Healthcare professionals have a duty to take reasonable steps to preserve the confidentiality of personal health information that users provide through the platform. All health-related information provided by users through the use of the platform will be treated as confidential information and will not be disclosed unless the user expressly authorizes disclosure.
Health-related information provided by users through the platform will be treated as confidential and will be treated in accordance with the following regulations contained in the Health Insurance Portability and Accountability Act (HIPAA):
· In accordance with the Health Information Privacy Act (HIPAA), which specifies the following:
· Everyone should be able to see and obtain copies of his or her medical records and request that any errors they may contain be corrected.
· Any person legally authorized to make health care decisions on behalf of another person who lacks capacity to do so has the same right of access to private health information as the person in question.
· Health care professionals must regularly disclose how they ensure the confidentiality of medical information.
· Health professionals may share an individual's medical information, but only among themselves and only to the extent necessary to provide necessary care or to manage payment for treatment.
· Personal health information may not be disclosed for marketing purposes.
· Health care professionals must take the necessary precautions to ensure the confidentiality of their communications with the patient.
With respect to the use of the platform as a user, ARDIG complies with the regulations contained in the HIPPA and in accordance with the following provisions:
· Information provided by users through the platform will be hosted and stored by the Google Cloud and Cloud Firestore service. All content and information provided by the user through the use of the platform is encrypted at rest in Google Cloud Platform and Cloud Firestore. Security and compliance measures to facilitate HIPAA compliance are deeply integrated into the Google Cloud and Cloud Firestore security infrastructure and design.
· Our website or platform has an SSL certificate which encrypts the information that the user provides through the use of our platform. The user can check the security of the website and the existence of the SSL certificate by clicking on the padlock icon next to the navigation bar.
· The SSL certificate encrypts all the information that the user provides through the platform including the information provided through the web forms.
· ARDIG uses the Paubox email service to send emails to our users. Paubox is an email service specializing in HIPPA compliance. Emails sent through the Paubox service are encrypted to ensure the filtering of information.
· Patient data will only be displayed to logged-in physicians and to physicians who have an appointment with that patient. After several minutes of inactivity, the session is logged out and the user must log back in.
· PHI is only accessible to authorized persons and for the sole and exclusive purpose of providing the platform functionalities correctly.
· Backup and restore of PHI is provided by Firestore Database.
Users may file complaints about the privacy practices of health care professionals (directly with the health care professional or with the appropriate government agency, in the case of the United States with the Office for Civil Rights of the Department of Health and Human Services).
4. HOW LONG WE KEEP YOUR DATA
Personal data provided by users through the platform will be kept for the time necessary to provide the platform and the functionalities available on the platform or until the user keeps the user account on the platform or decides to close it or until ARDIG closes and deletes the user account. ARDIG may retain personal data for a longer period where the user has given consent to such processing, provided that such consent is not withdrawn. In addition, ARDIG may be obliged to retain personal data for a longer period if this is necessary for compliance with a legal obligation or by order of an authority. Once the retention period expires, the personal data will be deleted. Therefore, the right of access, the right of erasure, the right of rectification and the right to data portability cannot be asserted once the retention period has expired.
5. HOW WE USE YOUR INFORMATION.
In general, we use the information we collect primarily to provide, maintain, protect and improve our platform and services. We use personal information collected through our platform and website as described below:
· User registration.
· Schedule appointments.
· Provide the services.
· Process payments.
· Provide the functionalities available on the platform.
· Improve our website and platform.
· Understand and enhance your experience using our website and platform.
· Respond to your comments or questions through our support team.
· Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages.
· Sending notifications and other messages via SMS messages.
· Communicate with you about upcoming events, offers and news about products and services offered by ARDIG and our selected partners.
· Marketing purposes of ARDIG.
· Link or combine your information with other information we get from third parties to help understand your needs and provide you with better service.
· Protect, investigate and deter against fraudulent, unauthorized or illegal activity.
6. HOW DO YOU GET MY CONSENT?
By registering as a user, scheduling an appointment with a doctor, using the functionalities available on the platform, providing information through the platform and services, communicating with us through our contact forms or our contact information, and providing us with personal information to communicate with you, you consent to our use of cookies, you consent to our collection, storage and use of your information on the terms contained in this privacy policy. You may withdraw your consent by sending us your request via the contact information or contact page.
7. HOW WE SHARE INFORMATION
The personal information of our users is an important and fundamental part of our business. Under no circumstances will we sell or share information with third parties that has not been previously authorized by the user or owner of the personal data. We share user information solely and exclusively as described below.
Third-Party Service Providers. We use third-party services to perform certain functions on our behalf and through our website and platform. Examples include building and hosting the platform (Google Cloud, Cloud Firestore), processing payments (Stripe), sending emails (Paubox), provide backups and restoration of PHI (Cloud Firestore), analyzing data (Google Analytics), providing marketing assistance and delivering search results.
These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.
Business Transfers. In the event that ARDIG creates, merges with, or is acquired by another entity, your information will most likely be transferred. ARDIG will email you or place a prominent notice on our website before your information becomes subject to another privacy policy.
Protection of ARDIG and others. We release personal information when we believe release is appropriate to comply with the law, enforce or apply our Terms and conditions and other agreements, or protect the rights, property, or safety of ARDIG, our users or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
With Your Consent. Other than as set out above, you will receive notice when personally identifiable information about you might go to third parties, and you will have an opportunity to choose not to share the information.
Anonymous Information. ARDIG uses the anonymous browsing information collected automatically by our servers primarily to help us administer and improve the platform. We may also use aggregated anonymous information to provide information about the platform to potential business partners and other unaffiliated entities. This information is not personally identifiable.
Email Address. The email address that you supply to us for purposes of receiving our email communications will never be rented or sold to a third party.
8. PROTECTING YOUR INFORMATION
ARDIG protects the information that the user provides through the use of the platform and complies with the regulations contained in the HIPPA and in accordance with the following provisions:
· The information provided by users through the platform will be hosted and stored by the Google Cloud and Cloud Firestore service. All content and information provided by the user through the use of the platform is encrypted at rest on Google Cloud Platform and Cloud Firestore. Security and compliance measures to facilitate HIPAA compliance are deeply integrated into the Google Cloud and Cloud Firestore security infrastructure and design.
· Our website or platform has an SSL certificate that encrypts the information the user provides through the use of our platform. The user can check the security of the website and the existence of the SSL certificate by clicking on the padlock icon next to the navigation bar.
· The SSL certificate encrypts all information that the user provides through the platform including information provided through the web forms.
· ARDIG uses the Paubox email service to send emails to our users. Paubox is an email service specializing in HIPPA compliance. Emails sent through the Paubox service are encrypted to ensure information filtering.
· Patient data will only be displayed to logged-in physicians and those who have an appointment with that patient. After several minutes of inactivity, the session is logged out and the user must log back in.
· PHI is only accessible to authorized individuals and for the sole and exclusive purpose of correctly providing the platform's functionalities.
· Backup and restore of PHI is provided by Firestore Database.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while ARDIG strives to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
9. RIGHTS
Users who provide information through our website and platform, as data subjects and data owners, have the right to access, rectify, download or delete their information, as well as to restrict and object to certain processing of their information. While some of these rights apply generally, others apply only in certain limited circumstances. We describe these rights below:
· Access and portability: to access and know what information is stored in our servers, you can send us your request through our contact information.
· Rectify, Restrict, Limit and/or Delete: You can also rectify, restrict, limit or delete much of your information.
· Right to be informed: Users of our platform will be informed, upon request, about what data we collect, how it is used, how long it is retained and whether it is shared with third parties.
· Object: When we process your information based on our legitimate interests as explained above, or in the public interest, you may object to this processing in certain circumstances. In such cases, we will stop processing your information unless we have compelling legitimate reasons to continue processing it or where it is necessary for legal reasons.
· Revoke consent: Where you have previously given your consent, such as to allow us to process and store your personal information, you have the right to revoke your consent to the processing and storage of your information at any time. For example, you may withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn your consent if we have a legal basis for doing so or if your withdrawal of consent was limited to certain processing activities.
· Complaint: If you wish to file a complaint about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority. Users can exercise all these rights by contacting us through the contact information or the contact page.
· Rights related to automated decision-making, including profiling: Platform users may request that we provide a copy of the automated processing activities we conduct if they believe that data is being unlawfully processed.
Users or owners of the personal information they provide through the platform and website may exercise these rights over their personal information at any time and without any limitation by sending us their request through our contact information.
10. CHILDREN’S ONLINE PRIVACY PROTECTION
We comply with the requirements of the Health Insurance Portability and Accountability Act (HIPPA), the Florida Information Protection Act of 2014 (FIPA), the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR - European Regulation) regarding the protection of personal data of minors. We do not collect any information from children under the age of 18 without the consent of their parents or legal guardians. Personal information of minors must be provided only and exclusively by their parents or legal guardians. Use of the platform is permitted to persons of all ages but use of the platform by minors under the age of 18 must be in the company of their parents or one of their parents or with the supervision of their parents or legal guardians who alone are authorized to provide information about their child or minor in custody. If we become aware that a child under the age of 18 has provided personal information without parental or legal guardian consent, we will take immediate steps to delete such information.
11. THIRD PARTIES
Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of information ARDIG collects from you. If you disclose your information to others, whether other ARDIG users or vendors, different rules may apply to their use or disclosure of the information you disclose to them. ARDIG does not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. ARDIG is not responsible for the privacy or security practices of other websites, including those that are linked to from ARDIG.
12. GOOGLE API SERVICE
You have the ability to revoke or modify the permissions granted to our application for accessing your Google data. Instructions on how to do this can be found here. You can also request the deletion of your account or data by contacting our support team at ardig.development@gmail.com.
ARDIG use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
13. CONTACT US
ARDIG Corp.
Email: planning@ardig.org
Phone: 786-725-7167