What Is Health Informatics Privacy Notice
1. Important notice
This is the Privacy Notice of What Is Health Informatics whose principal mailing address is at 716 Stevens Ave., Portland, ME 04103, United States of America (“What Is Health Informatics”, “we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
This Privacy Notice relates to personal information that identifies “you” meaning students, prospective students, individuals who browse our website, or individuals outside our organization with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
We refer to this information throughout this Privacy Notice as “personal data” and paragraph 3 sets out further detail of what this includes.
Please read this Privacy Notice to understand how we may use your personal data.
This Privacy Notice may vary from time to time. Each time we update this Privacy Notice, we will post it on our website.
2. How to contact us
a) Data controller and contact details
For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.
If you (i) wish to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences, or (ii) need to contact us in connection with our use or processing of your personal data, or gain access to it, or to correct your personal data held by us, please contact our Data Privacy Manager at the email address set forth in paragraph 2b).
b) Data Privacy Manager
You can contact our Data Privacy Manager at firstname.lastname@example.org.
3. Categories of personal data we collect
The categories of personal data about you that we may collect, use, store, share and transfer are:
- Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, marital status, title, date of birth and gender, your contact details such as your billing address, delivery address, email address and telephone numbers, prior and current education records such as your transcripts, grades and class registrations, and your disciplinary records, Social Security number (or the equivalent (if any) for countries outside of the United States), and your taxpayer ID number;
- Account and Profile Data, which includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
- Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
- Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- Economic and Financial Data. This includes personal data which relates to your finances, such as your tax returns and supporting financial information, bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
- Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us (which may include, but is not limited to, purchases of food and products, tuition payments and financial aid transactions); and
- Health Data. This includes personal data which is gathered for health and safety purposes including any accident report or claim log or any information you provide about allergies or other medical conditions during the booking process or in one of our locations.
We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data that we collect are: (i) personal data revealing racial or ethnic origin that we are required to collect pursuant to applicable laws or regulations (“Racial Data”); and (ii) data concerning health, including, but not limited to, prior and current immunizations and other health or medical records (“Medical Data”).
We also collect information about criminal convictions and offenses when required by applicable laws or regulations.
4. The sources from which we obtain your personal data
We obtain your personal data from the following sources:
- Directly from you, either in person (at our locations or otherwise), via our website or by telephone, computing systems or via handheld devices. This could include personal data which you provide when you:
- place an order for our products or services or enroll in our programs;
- submit an application for our programs;
- subscribe to our publications;
- request information on our programs, products or services or for other marketing to be sent to you;
- enter into a competition or promotion that we may offer;
- complete a survey from us or give us feedback; and
- engage in any event or service offered by us either on or off our premises.
- We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie and log files policy at paragraph 6 for further details.
- Third parties, such as:
- analytics providers;
- our provider of customer/student feedback;
- our provider of online applications and information submissions;
- advertising networks;
- search information providers;
- providers of technical, payment and delivery services;
- data brokers or aggregators; and
- providers of social media platforms (such as Facebook, Twitter and Instagram) where you share our content through social media, for example, by liking us on Facebook, following or tweeting about us on Twitter;
- Publically available sources, such as electronic (such as the internet) and hard copy (such as newspapers) mediums.
5. How we use your personal data and our basis for using it
a) Where we are relying on a basis other than consent
We may rely on one or more legal bases when processing your personal data.
We have set out in Appendix A the purposes for which we may process your personal data.
b) Where we may rely on consent
There may be purposes for which we would like to use your personal data where it is appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. You may at any time withdraw the specific consent you give to our processing your personal data.
Please note that even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.
6. Cookies and log files
Our websites automatically gather anonymous information about our visitors including browser types, and the times and dates of webpage visits, referred to as log files. The information collected does not include any personally identifiable details and is used to improve our services and administer our websites. You can manage your ad choices and opt out of advertising networks at these websites (but not limited to):
- The Digital Advertising Alliance (Adroll, Facebook and LinkedIn)
- Oath (formally Yahoo and AOL)
7. Who receives your personal data
We may disclose your personal data to:
- third party data processors who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
- legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
- external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
- law enforcement agencies, courts or other relevant parties, to the extent necessary for the establishment, exercise or defense of legal rights;
- third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties; and
- third party analytics providers.
8. Personal data about other people which you provide to us
If you provide personal data to us about someone else you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.
You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
9. Accuracy of your personal information
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us by contacting our Data Privacy Manager at the email address set forth in paragraph 2b). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
10. International transfers of personal data
Personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area, specifically in the United States.
In connection with such transfers, we will apply at least the same level of protection as required by the Privacy Shield Principles under the EU-US Privacy Shield compliance framework.
11. How long will we store your personal data
We will store your personal data for the time period which is necessary for the purposes for which we collected such data. We keep the length of time that we hold your personal data for under review.
12. Contractual or statutory requirements on you to provide personal data
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain programs, products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.
13. Your rights in relation to your personal data
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 0), you may have a number of rights in connection with the processing of your personal data, including:
- the right to request access to your personal data that we process or control;
- the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
- the right to request, on legitimate grounds as specified in law:
- erasure of your personal data that we process or control; or
- restriction of processing of your personal data that we process or control;
- the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
- the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
- the right to lodge complaints regarding the processing of your personal data with the relevant supervisory body.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2b).
We have set out below the purposes for which we may process your personal data:
(Refer to paragraph 5a)
|Purposes for which we process your personal data||Categories of personal data||The basis on which we can do this (this is what the law allows)|
|To register you as a new student or customer and process your application or order.|
The processing is necessary:
In order to perform our contractual obligations to you. This would include:
The processing is necessary:
|In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the police).||The processing is necessary for us to comply with the law.|
|In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel).||The processing is necessary in order to protect the vital interests of an individual.|
In order to manage our relationship with you including:
|The processing is necessary for our legitimate interests to promote our business.|
|In order to administer and protect our business and organization, deal with any misuse of our website and to comply with our security policies at our locations.|
The processing is necessary:
|In order to make suggestions and recommendations to you about programs, goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising.||The processing is necessary for our legitimate interests to study how individuals use our programs/products/services, to develop our programs, products and services and ensure our marketing is relevant to you, to grow our institution and business and to inform our marketing strategy.|
|For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, programs/products/services, marketing, student and customer relationships and experiences.||The processing is necessary for our legitimate interests in defining types of students and customers for our programs, products and services, to keep our website updated and relevant, to develop our institution and business and to inform our marketing strategy.|
|To communicate with you about, and administer your participation in, our academic, residential and other programs and events.|
The processing is necessary:
|In order to enforce or apply our policies and procedures.||The processing is necessary for our legitimate interests in protecting our institution, business and property and recovering debts owed to us.|
In addition, we may lawfully process Special Categories of Data in certain ways. We set these out below along with the legal bases on which we process these Special Categories of Data:
|Purposes for which we process your personal data||Categories of personal data||THE BASIS ON WHICH WE CAN DO THIS (THIS IS WHAT THE LAW ALLOWS)||The basis on which we can do this (this is what the law allows)|
|In order to use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when living on, studying at, or visiting any of our campuses or other locations.|
|In order to disclose any Special Categories of Data we hold on you, where to do so is in the substantial public interest, provided that when we do so we provide suitable measures to protect your rights.|
The processing must be on the basis of applicable law which provides for suitable and specific measures to safeguard your rights and freedoms, in particular professional secrecy.
|In order to use the health-related personal data we hold on you to provide you with medical services. This will be subject to usual patient confidentiality rules.|
|In order to carry out our archiving role in the public interest (e.g. where we log your racial or ethnic origin), provided that when we do so we provide suitable measures to protect your rights.|