June 24, 2019 We are Datix (USA) Inc. (trading as RLDatix) (“we”, “our” or “us”). This policy applies to l information collected, accessed or provided to us (“Your Information”) in connection with services we provide to you in accordance with an agreement entered into between us and you (the “Agreement”). It does not apply to information we obtain from your use of our website, including for the purpose of accessing our services.
This policy explains how we will use Your Information, why we use it in that way, who it will be shared with and other important information. Please read the following carefully.
1 SOURCE OF INFORMATION AND WHAT WE PROCESS
1.1 Your Information is passed to us by you pursuant to the Agreement. The categories of information that we receive and process are: information you choose to submit for the management and investigation of patient safety events, risks, complaints, claims and mortalities. These categories of information are chosen by you and may include for example, .names and addresses, email addresses, phone numbers, hospital number, patient ID number, ethnicity, religion, sexual orientation, language spoken, details of disabilities and medical information.
1.2 Should you use the mobile application, Datix Anywhere, to submit Your Information, we may also request access to the microphone, and the camera and voice, video, photo or other digital content on your mobile device to receive, process and delete Your Information that you choose to submit via the mobile application. This will include information described above but in addition may include images, voice data and physical likenesses. Location tracking services are not used.
1.3 We are aware that Your Information may be confidential and we will protect the confidentiality of Your Information in accordance with the terms and conditions of the Agreement and with applicable law. Information is protected using storage and transport cryptography, with “least privilege” access controls and layered network security mechanisms. Datix Cloud IQ application code is tested for vulnerabilities on an ongoing basis and the infrastructure is monitored to detect incidents. Data is logically segregated and we use physical safeguards to secure the data.
2 HOW WE USE YOUR INFORMATION
2.1 We will use Your Information to provide you with the Datix Cloud IQ service or to enable you to use DatixWeb and/or to provide you with related services.
2.2 We will collect anonymized statistical information about your activity when using the services we provide to you in accordance with the Agreement, for example the number of users viewing pages on a site or how often a feature is used, in order to monitor the effectiveness and responsiveness of the services we provide to you in accordance with the Agreement and to help us improve it.
2.3 Access to the network where Your Information is stored is restricted to our operational engineers. The principle of “least privilege” ensures that administrative users of the system have only the minimum rights necessary to perform their role.
2.4 RLDatix collects technical information to identify the mobile device on which you use the mobile application, Datix Anywhere, to generate encryption keys for the secure transmission of data.
2.5 The health information data you input into our system will be of a nature that either identifies the patient or allows identification of individual patients and may be considered Protected Health Information. As such, we will maintain the privacy and security of such Protected Health Information in accordance with the terms of the Business Associate Agreement between RLDatix and You and in connection with providing you the Services.
2.6 If permitted under the Business Associate Agreement, we will use the Protected Health Information to create de-identified data and to aggregate such data, in accordance with the Business Associate Agreement and as required or permitted by law.
2.7 The existence of this data, when analysed on a large scale, de-identified basis, and aggregated with your own or other organisations’ de-identified data, offers the potential of learning from the data, to gain insights towards improving patient care. Part of our mission is to be instrumental in helping the general improvement in patient care and we want to help you and other healthcare organisations obtain learnings and insights from the overview of aggregated de-identified data which may not be perceptible when only looking at smaller, individually identifiable health information.
2.8 In relation to this de-identified data, we will NOT:
2.8.1 use it for healthcare applications (except to provide you with our Services) unless it is de-identified,
2.8.2 re-identify the data or attempt to do so, unless with your permission, or
2.8.3 use Identifiable Data in the way we will use de-identified data.
3 WHO WE SHARE YOUR INFORMATION WITH
3.1 In order to assist us in delivering services we provide to you in accordance with the Agreement, we may permit specialist data hosting organizations or other third party specialist organisations to store or maintain Your Information on our behalf. However, we do not permit staff from these organizations to view or have access to Your Information, [unless such viewing or access is necessary for such organization to provide the services. In any event, we require any such contractors, services providers, or other third parties whom we use to support our business and services to agree in writing to maintain the confidentiality of Your Information and to use it only for the limited purposes for which we disclose it to them.].
3.2 We may also share Your Information with other organisations:
3.2.1 if we sell or buy any business or assets (as we may share Your Information with the prospective seller or buyer);
3.2.2 if we or substantially all of our company assets are acquired by another party, in which case Your Information will be one of the transferred assets;
3.2.3 if we have to share Your Information to comply with legal or regulatory requirements.
3.3 RLDatix takes reasonable and appropriate measures to protect Your Information from interception when transmitted between networks and when stored on disk using asymmetrical encryption.
3.4 RLDatix may share Your Information in order to diagnose or investigate a serious issue relating to the RLDatix production network.
4 DATA STORAGE INSIDE THE US
4.1 Your Information may in some circumstances be transferred to, and stored at, a destination outside the United States. It may also be processed by staff operating outside the United States work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of the provision of support or investigation services relating to the service. However, to the extent Your Information constitutes Protected Health Information, we will store such PHI in the United States and we will not transfer such PHI outside of the United States.
5 RETENTION OF YOUR INFORMATION
5.1 We will keep Your Information as long as you subscribe services pursuant to the Agreement, and then for up to 30 days after such subscription after which Your Information will be removed from our systems.
6 CHILDREN UNDER THE AGE OF 13
6.1 Our website is neither intended for nor designed to attract or market to children under 13 years of age. No one under age 13 may provide any personal information to our website. We do not knowingly collect personal information from children under 13. However, if you use our services to store personal information that you may collect from children under 13, You acknowledge and represent that you have obtained the consent of the child’s parent or legal guardian to collect such information and store it through our services. If you are under 13, do not use or provide any information on this website or through any of its features, or provide any information about yourself to us, including your name, address, telephone number, or email address. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
7 YOUR CALIFORNIA PRIVACY RIGHTS
7.1 We do not share Your Information with any third parties for marketing purposes. However, to the extent applicable to your use of our services, California Civil Code Section § 1798.83 permits users of our website that are California residents to request certain information regarding our disclosure of Your Information to third parties for their direct marketing purposes. To make such a request, or if you have any questions regarding our use of Your Information, please send an email to email@example.com.