Scope
The terms in this policy apply to all Prompt.Health Online Services.
Previews may employ lesser or different privacy and security measures than those typically present in the Online Services. Unless otherwise noted, Previews are not included in the Product Purchase for the corresponding Online Service, and Customer should not use Previews to process Personal Data or other data that is subject to legal or regulatory compliance requirements. The following terms in this section do not apply to Previews: Processing of Personal Data and Data Security.
Processing of Customer Data; Ownership
Customer Data will be used or otherwise processed only to provide Customer the Online Services including purposes compatible with providing those services. Prompt.Health will not use or otherwise process Customer Data or derive information from it for any advertising or similar commercial purposes. As between the parties, Customer retains all right, title and interest in and to Customer Data. Prompt.Health acquires no rights in Customer Data, other than the rights Customer grants to Prompt.Health to provide the Online Services to Customer or in the Online Services Agreement. This paragraph does not affect Prompt.Health’s rights in software or services Prompt.Health licenses to Customer.
Disclosure of Customer Data
Prompt.Health will not disclose Customer Data outside of Prompt.Health or its controlled subsidiaries and affiliates except (1) as Customer directs, (2) as described in the Online Services Agreement, or (3) as required by law.
Prompt.Health will not disclose Customer Data to law enforcement unless required by law. If law enforcement contacts Prompt.Health with a demand for Customer Data, Prompt.Health will attempt to redirect the law enforcement agency to request that data directly from Customer. If compelled to disclose Customer Data to law enforcement, Prompt.Health will promptly notify Customer and provide a copy of the demand unless legally prohibited from doing so.
Upon receipt of any other third-party request for Customer Data, Prompt.Health will promptly notify Customer unless prohibited by law. Prompt.Health will reject the request unless required by law to comply. If the request is valid, Prompt.Health will attempt to redirect the third party to request the data directly from Customer.
Prompt.Health will not provide any third party: (a) direct, indirect, blanket or unfettered access to Customer Data; (b) platform encryption keys used to secure Customer Data or the ability to break such encryption; or (c) access to Customer Data if Prompt.Health is aware that the data is to be used for purposes other than those stated in the third party’s request.
In support of the above, Prompt.Health may provide Customer’s basic contact information to the third party.
Processing of Personal Data
Personal Data provided to Prompt.Health by, or on behalf of, Customer through use of the Online Service is also Customer Data. Pseudonymized identifiers may also be generated through Customer’s use of the Online Services and are also Personal Data. To the extent Prompt.Health is a processor or subprocessor of Personal Data subject to the GDPR, the parties also agree to the following terms in this sub-section:
Processor and Controller Roles and Responsibilities
Customer and Prompt.Health agree that Customer is the controller of Personal Data and Prompt.Health is the processor of such data, except when (a) Customer acts as a processor of Personal Data, in which case Prompt.Health is a subprocessor or (b) stated otherwise in the Online Service-specific terms. Prompt.Health will process Personal Data only on documented instructions from Customer. Customer agrees that its Online Services Agreement along with Customer’s use and configuration of features in the Online Services are Customer’s complete and final documented instructions to Prompt.Health for the processing of Personal Data. Any additional or alternate instructions must be agreed to according to the process for amending Customer’s Online Services Agreement. In any instance where the EU General Data Protection Regulation applies and Customer is a processor, Customer warrants to Prompt.Health that Customer’s instructions, including appointment of Prompt.Health as a processor or subprocessor, have been authorized by the relevant controller.
Processing Details
The parties acknowledge and agree that:
- The subject-matter of the processing is limited to Personal Data within the scope of the applicable regulations;
- The duration of the processing shall be for the duration of the Customer’s right to use the Online Service and until all Personal Data is deleted or returned in accordance with Customer instructions or the terms of the Online Services Agreement;
- The nature and purpose of the processing shall be to provide the Online Service pursuant to Customer’s Online Services Agreement;
- The types of Personal Data processed by the Online Service include those expressly identified in applicable regulations; and
- The categories of data subjects are Customer’s representatives and end users, such as employees, contractors, collaborators, and customers.
If you provide us with personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws in relation to such disclosure. In so far as required by applicable data protection laws, you must ensure that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the information and that you explain to them how we collect, use, disclose, and retain their personal information or direct them to read our Data Privacy Policy.
Marketing Communications from Us
Email:
You always have the opportunity to opt-out of our marketing communications or change your preferences by following the link provided in the footer of all non-transactional email messages from us, or by emailing us at . Some communications from us are considered transactional or service communications (for example, important account notifications and billing information), and your account(s) for Prompt.Health products and services are provided to you upon the condition that you receive these communications from us. You must cancel your account(s) for Prompt.Health products and services, as applicable, if you do not wish to receive any transactional or service communications. You may still receive marketing communications from us even after you cancel your account unless you also opt-out of our marketing communications, as described above.
Phone:
We may contact you by telephone, with your consent where applicable, for marketing purposes (including by automatic dialer and/or prerecorded message). If you do not want to receive marketing calls, please contact customer support. You do not need to agree to receive automated marketing phone calls or texts from us to use our Services.
Third-Party Platform Advertising:
Where you respond to communications we post on third-party platforms (such as Facebook, Google and Twitter), we may also share your information with those third-parties in order to serve targeted advertising/content to you via the relevant third-party platform based on your profile/interests. Your information is used by the third-party platform provider to identify your account and serve advertisements to you. You can control what advertisements you receive via the privacy settings on the relevant provider’s platform and you should consult the third-party’s help/support center for more information.
Under data protection laws, in certain circumstances you have the following rights:
- The right to be told how we use your information and obtain access to your information;
- The right to have your information rectified or erased or place restrictions on processing your information;
- The right to object to the processing of your information (e.g. for direct marketing purposes) or where the processing is based on our legitimate interests;
- The right to have any information you provided to us on an automated basis returned to you in a structured, commonly used, and machine-readable format, or sent directly to another company, where technically feasible (“data portability”);
- Where the processing of your information is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions; and
- The right to object to any decisions based on the automated processing of your personal data, including profiling.
If you request a copy of your information, you may be required to pay a statutory fee.
If we hold any information about you that is incorrect or if there are any changes to your details, please let us know so that we can keep our records accurate and up-to-date.
Other Sites and Social Media
If you follow a link from our website, application, or service to another site or service, this Data Privacy Policy will no longer apply. We are not responsible for the information handling practices of third-party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
Our websites, applications, or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third-party social media account(s) to manage what personal information you enable us to access from that account.
Data Subject Rights; Assistance with Requests
Prompt.Health will make available to Customer in a manner consistent with the functionality of the Online Service and Prompt.Health’s role as a processor Personal Data of data subjects and the ability to fulfill data subject requests to exercise their rights under applicable regulations. Prompt.Health shall comply with reasonable requests by Customer to assist with Customer’s response to such a data subject request. If Prompt.Health receives a request from Customer’s data subject to exercise one or more of its rights under applicable regulations in connection with an Online Service for which Prompt.Health is a data processor or subprocessor, Prompt.Health will redirect the data subject to make its request directly to Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Online Service. Prompt.Health shall comply with reasonable requests by Customer to assist with Customer’s response to such a data subject request.
Records of Processing Activities
Prompt.Health shall maintain all records required by applicable regulations and, to the extent applicable to the processing of Personal Data on behalf of Customer, make them available to Customer upon request.
Security and Storage of Information
We will keep your information secure by taking appropriate technical and organizational measures against its unauthorized or unlawful processing and against its accidental loss, destruction, or damage. We will do our best to protect your personal information, but we cannot guarantee the security of your information which is transmitted to our website, applications, or services or to other websites, applications, and services via an internet or similar connection. If we have given you (or you have chosen) a password to access certain areas of our websites, applications, or services please keep this password safe – we will not share this password with anyone.
If you believe your account has been compromised, please contact .
Changes to Prompt.Health Data Privacy Policy
We may change this Data Privacy Policy from time-to-time. However, we will not reduce your rights under this policy. We will always update this privacy notice on our website, so please try to read it when you visit the website.
Further Information
If you have any queries about how we treat your information, the contents of this Data Privacy Policy, your rights under local law, how to update your records, or how to obtain a copy of the information that we hold about you, please contact .
v.12.24.2019.1