Join The HiPAL mailing List for exclusive offers and updates

Supplemental Privacy Policy

For United States of America

Version: 1.0
Last Updated: [03/Jul/2023]

 

1. Notice at collection: Personal Data we collect

1.1 We collect the following categories of Personal Data:

(a) Personal identifiers: name, email address, your home or billing address, telephone numbers, customer number, account name and password, feedback, information related to customer reviews, IP address;

(b) Protected class information: sex/gender;

(c) Commercial and financial information: payment information when you are requesting for or purchasing certain of our Offering;

(d) Internet or other electronic activity information: your device and browser type, your browsing and search history on our websites, and information regarding your interaction with us through our websites or in connection with our Offering and our advertisements;

(e) Professional information: job title, information about your employer;

(f) Education information: schools, degrees and certifications;

(g) Audio, visual information: recordings of customer service calls for quality assurance purposes; recordings of video webinars;

(h) Inferences drawn from Personal Data we collect: results generated from interacting with us through our websites or in connection with our Offering; and/or

(i) Sensitive Personal Data: health information, or geolocation information.

2. Notice at collection: Purposes for collection of Personal Information

2.1 We collect your Personal Data to provide our Offering to you; to contact you from time to time; to provide you with information about our business; for customer support; to deliver advertisements and marketing promotions and offers about information we think may be of interest to you; to respond to your inquiries; and to customize your experience.

2.2 We also use Personal Data to monitor or improve our Offering; for internal business analysis; to prevent fraud, activities that violate our end user license agreement or other contracts, or that are illegal; and to protect our rights and the rights and safety of our users or others.

2.3 For those who interact with us in a commercial capacity, we use your Personal Data to engage in business transactions with you or the entity you represent and market to or engage in diligence with you or the entities you represent.

We do not sell your Personal Data except as permitted under certain state privacy laws with respect to our use of cookies as described in this Policy.

3. Sources From Which We Collect Personal Data

3.1 We collect Personal Data directly from our customers, users of our websites or purchasers or potential purchasers of our Offering, and representatives of entities with which we do business or may do business with.

4. Use or Disclosure of Sensitive Personal Data

4.1 We do not use or disclose sensitive Personal Data to create profiles about individuals or for any purposes other than in connection with providing our Offering.

5. Disclosure of Personal Data For Business Purposes

5.1 The following chart describes the categories of Personal Data we disclose to third parties for a business purpose:

Categories of Consumers’ Personal DataCategories of Third Parties to Which We Disclose Personal Data for Business Purposes
Personal identifiers: name, email address, your home or billing address, telephone numbers, customer number, account name and password, feedback, information related to customer reviews, IP address.

Service providers that process payments, verify customer information, manage customer information and provide customer service (including through our call center), facilitate email communications, provide security services and cloud-based data storage, host our websites and mobile applications and assist with other IT-related functions, advertise and market our websites and Offering, and provide legal and accounting services.

Healthcare providers you authorize to review the outputs of our Offering.

Protected class information: sex/gender.

 

Service providers that process payments, verify customer information, manage customer information and provide customer service (including through our call center), provide security services and cloud-based data storage, host our websites and mobile applications and assist with other IT-related functions, and advertise and market our products.

Healthcare providers you authorize to review the outputs of our Offering.

Commercial and financial information: payment information.Service providers that process payments, verify customer information, manage customer information and provide customer service (including through our call center), facilitate email communications, provide security services and cloud-based data storage, host our websites, mobile applications and assist with other IT-related functions, advertise and market our Offering, and provide accounting services.
Internet or other electronic activity information: your device and browser type, your browsing and search history on our websites, and information regarding your interaction with our Services and our advertisements.

Service providers that provide security services and cloud-based data storage, host our websites, mobile applications and assist with other IT-related functions, and advertise and market our Offering.

Healthcare providers you authorize to review the outputs of our Offering.

Professional information: job title, information about your employer.

N/A

 

Audio information: recordings of customer service calls for quality assurance purposes.Service providers that manage customer information and provide customer service (including through our call center).

Inferences drawn from Personal Data collected: results generated from interacting with us through our Offering.

 

N/A
Sensitive Personal Data: health information or geolocation information Healthcare providers you authorize to review the outputs of our Offering.
6. Business purposes for such disclosures

6.1 We disclose the aforementioned categories of Personal Data to the categories of third parties identified above, our representatives, agents and companies which are affiliated with us (such as but not limited to our shareholders and subsidiaries), for the following purposes: to manage customer, supplier and vendor accounts and relationships; process payments; verify customers’ identities; provide our Offering; engage in advertising and marketing; operate our IT systems and secure our systems; prevent fraud and other illegal activities; for research and development; and to obtain professional advice about legal and accounting matters.

6.2 Additional Information About How We May Disclose Personal Data and Purposes for Disclosures

We may also disclose your Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your Personal Data to third parties to help detect and protect against fraud or data security vulnerabilities. And we may disclose or transfer your Personal Data to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.

7. Accessibility

7.1 We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us at  gtddataprotection@gtdiag.com.

8. Contact Us

8.1 If there are any questions regarding this Policy or to request a copy of this Policy in another format you may contact us at  gtddataprotection@gtdiag.com.

 9. US State Data Privacy Rights

9.1 Laws in certain US states give residents of those states specific rights with respect to the Personal Data collected about them. See below for more information.

 

CALIFORNIA PRIVACY RIGHTS

9.2 If you are a California resident, the California Consumer Privacy Act (“CCPA”) and other laws provide you with the following rights with respect to your Personal Data:

(a) Your Right To Know About Personal Data We Collect

You can ask us for the following information from us with respect to the Personal Data we have collected about you in the 12 months prior to our receipt of your request:

• Specific pieces of Personal Data we have collected about you;

• Categories of Personal Data we have collected about you;

• Categories of sources from which such Personal Data was collected;

• Categories of Personal Data that the business disclosed for a business purpose about the consumer;

• Categories of third parties to whom the Personal Data was disclosed for a business purpose; and

• The business or commercial purpose for collecting your Personal Data

(b) Your Right To Request Deletion of Personal Data We Have Collected From You

Upon your request and subject to exceptions in the law, we will delete the Personal Data we have collected from you upon your request.

(c) Your Right to Request to Correct Personal Data We Hold About You

You have the right to request that we correct Personal Data we hold that you believe is not accurate.  We will take steps to determine the accuracy of the Personal Data that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the Personal Data you have identified as being incorrect.  We may ask that you provide documentation regarding your request to correct in order to assist us in evaluating the request.

(d) California Shine the Light

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the Personal Data (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year.  To make a request, please contact us at  gtddataprotection@gtdiag.com.

(e) Our Commitment to Honoring Your Rights

If you exercise any of the rights explained in this Policy, we will continue to treat you fairly.  If you exercise your rights under this Policy, you will not be denied or charged different prices or rates for our Offering , or provided a different level or quality of our Offering  than others.

(f) Exercising Your Rights and How We Will Respond

To exercise your rights to know, delete or correct your Personal Data, or to ask a question, contact us at  gtddataprotection@gtdiag.com.  For such requests, we will first acknowledge receipt of your request within 10 business days of receipt of your request.  We will then provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances.  If we expect your request is going to take us longer than normal to fulfill, we will let you know.

You have the right to direct companies not to sell your Personal Data or share it for purposes of cross-context behavioral advertising. To opt out of the sale for cross context behavioral advertising please click [here].

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.  In some cases, the law may allow us to refuse to act on certain requests.  When this is the case, we will endeavor to provide you with an explanation as to why.

(g) Verification of Identity – Requests to Know, Delete or Correct

We will ask you for two pieces of Personal Data and attempt to match those to information that we maintain about you.

If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of the denial.

(h) Authorized Agents

You may designate an agent to submit requests on your behalf.  The agent can be a natural person or a business entity.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. If the agent submits a request, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf.  We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney.  Any such requests will be processed in accordance with California law pertaining to powers of attorney.