Last updated: June 28, 2019
GSI Health is committed to protecting your information and your right to privacy when you access our Technology Platform and use our services.
If your organization provides you with access to GSI Health’s Technology Platform (web and mobile), collectively GSIHealthCoordinator and GSIHealthConnect, your use of these products is subject to your organization’s policies and agreements with GSI Health. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator.
COLLECTION OF USER INFORMATION
The User information collected can be classified into two general categories: information you provide about yourself, and information collected about your usage.
Information provided by the User
Only Users authorized by their organization are provided access to the GSI Health Technology Platform (web and mobile). To provide Users the best experience when accessing our Technology Platform, an organization often provides information about their Users. This information includes, but is not limited to the following: name, credentials, gender, DOB, address, email, phone, id, and password. Users may have the ability to view and update this information, based upon the User role configured for them in the Technology Platform. Some of the ways that we may use your personal User information are below:
If you contact us for support purposes, we may ask you for information such as your name, e-mail address, and contact number so we can respond to your questions and requests. If you choose to correspond with us via e-mail, we may retain the content of your e-mail messages, your e-mail address, and our response to you.
You may wish to send us feedback. This feedback helps us improve our products and services, and we may use your contact information for further communication on the feedback you provided.
- Mobile Application
Our mobile application provides access to our Technology Platform capabilities, one of which is push notifications for information received in the GSI Health Technology Platform. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings. Our mobile application does not collect data, instead it provides access to data already stored within the GSI Health Technology Platform. Users are able to access and authenticate to our mobile application using their existing GSI Health Technology Platform credentials.
Information automatically collected
When you use our Technology Platform, we may collect information related to your visit. We collect this information to continually improve and enhance the functionality of our Technology Platform. We automatically gather certain information, which may include IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. Some information may be stored in cookies to ensure all capabilities work properly on the given device being used. If you reject cookies, you may still use our Technology Platform, however your ability to use some features may be limited. Most web browsers have settings to manage cookies, please refer to your chosen web browser’s website and settings for more information on managing cookies.
The User information collected through our Technology Platform is used for business purposes including:
- As reasonably required to conduct business with you, your organization, or to provide the products or services that you request.
- To correspond on support or feedback about our products and services provided.
- To protect the security and integrity of our Technology Platform.
- To comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations, and our policies.
YOUR OPT-IN/OPT-OUT CHOICES
Your access to the GSI Health Technology Platform must be authorized by your organization, and you automatically opt-in when becoming a User.
USE, DISCLOSURE, AND SHARING OF PERSONAL INFORMATION
We only share information to fulfill business obligations with your organization, to comply with laws, with your consent, or to protect your rights. We may process or share data based on the following legal basis:
- Performance of a Contract: Where we have entered into a contract with your organization or an organization procuring the GSI Health Technology Platform for your organization, we may process your personal information to fulfill the terms of our contract.
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations to our policies, suspected fraud, situations involving potential threats to the safety of any person, illegal activities, or as evidence in litigation in which we are involved.
- Consent: We may use your personal information if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may use your personal information when it is reasonably necessary to achieve our legitimate business interests.
- Legal Obligations: We may disclose your information where we are legally required to do so to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
We may need to process your data or share your personal information in the following circumstances:
Service providers need access
We use third-party service providers that are contractually restricted from using or disclosing the information, except as necessary to perform services on our behalf or to comply with legal requirements. We may use third-party partners to help us operate and deliver our products and services. We may also share your information with our service providers and other third parties (“Affiliated Parties”) that provide products or services for or through our Technology Platform or for our business (such as website or infrastructure hosting companies, communications providers, email providers, analytics companies and other similar service providers that use such information on our behalf).
GSI Health may be required to disclose a User’s personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. GSI Health may be required to disclose collected information in order to (i) respond to investigations, court orders or legal process, (ii) to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats to the physical safety of any person, (iii) violations of GSI Health’s terms of service, or (iv) as otherwise required by law.
Your ability to access, limit use and disclosure
You may request access to your personal information to update, correct, delete, or limit the use or disclosure of your personal information. Individuals wishing to view, update, delete, or supplement their personal information may do so by contacting their Organization/Business that provided GSI Health your personal information directly to make your requests. Alternatively you can submit your request through our Data Subject Access Request (DSAR) Portal or if the GSI Health DSAR portal is unavailable, requests can be sent to email@example.com. GSI Health may in turn contact your Organization/Business to effect these changes.
HOW LONG WE KEEP YOUR INFORMATION
We keep your personal information for the duration required by GSI Health’s contractual commitment with your organization or the organization procuring access to the GSI Heath Technology Platform for your organization. When we have no ongoing business need to process your personal information, we will either delete or anonymize it, as per our contractual agreements.
HOW WE KEEP YOUR INFORMATION SAFE
We take reasonable and appropriate precautions, including administrative, technical, personnel, and physical measures, to safeguard personal information against loss, misuse, theft, unauthorized access, disclosure, alteration, and destruction. We also use Secure Sockets Layer (SSL) encryption when transmitting sensitive information. Please keep in mind that due to the inherent nature of the Internet, there is no way to make the transmission of electronic data entirely safe from intrusion.
Upon request, GSI Health will provide Clients a copy of our HIPAA data protection policy, which provides additional details around the controls that have been implemented to safeguard protected health information hosted in our Technology Platform.
DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 179883, also known as the “Shine The Light” law, permits our Users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
GSI Health, LLC
1735 Market Street, 53rd Floor
Philadelphia, PA 19103