Every Workforce Member who conducts business for or on behalf of HealthPals
(a) comply with this Policy and supporting policies and procedures designed to ensure the privacy and security of Personal information; and
(b) collect, use and disclose Personal Information in a manner consistent with applicable laws in the countries in which HealthPals does business.
HealthPals Corporation is responsible for complying with this Policy, identifying applicable local privacy or data protection laws and developing supplementary policies, procedures, standards, and guidelines, if and where needed, for meeting the requirements of this Policy, applicable laws, regulations and contracts.
This policy applies to all internal and external data deemed direct, associated, or deterministic of private data that is gathered, handled, processed, sub-processed, or stored within HealthPals’ information systems.
HealthPals is responsible for this policy and the communication of this policy to all Workforce Members who have access to Personal Information within HealthPals. Additionally, it is responsible for providing guidance, in consultation with appropriate functions and legal representatives, on the implementation of this Policy. Finally, it is responsible for annually reviewing and updating this Policy as necessary.
Each Business Organization will assess and document the processing of Personal Information in accordance with applicable laws, regulations, contracts, and company policies, which may include:
HealthPals, and any third parties acting on its behalf, will collect Personal Information only in connection with a legitimate business purpose in compliance with all applicable laws, regulations, contracts, and company policies. All parties will perform as follows:
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use, as needed, both Session and Persistent Cookies for the purposes set out below:
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Type: Persistent Cookies
Administered by: Us
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
The Company may use Personal Data for the following purposes:
We may share Your personal information in the following situations:
HealthPals will comply with all applicable laws, regulations, contracts, and company policies regarding the provision of a privacy notice or statement to individuals about whom Personal Information is collected, maintained, used or disclosed.
Additionally, HealthPals will identify whether, in accordance with all applicable laws, regulations, contracts, and company policies, an intended collection, use, or disclosure of Personal Information requires that an individual be provided with an opportunity to authorize or consent, as defined by applicable law, to such collection, use or disclosure.
When required by applicable law, or as otherwise made available to an individual, each Business Organization must observe an individual’s choice to revoke consent, or to opt-out of any procedure designed to obtain consent, for the use of such individual’s Personal Information in accordance with all applicable laws, regulations, contracts, and company policies.
In accordance with applicable laws, regulations, contracts, and company policies, HealthPals will respond to requests from individuals pertaining to the Personal Information that HealthPals maintains pertaining to them. These include individual requests to:
HealthPals may only disclose Personal Information in accordance with applicable laws, regulations, contracts, and company policies and may only disclose Personal Information to vendors, contractors, service providers, government entities, and other third parties, after confirming that:
(a) the disclosure is legally permitted;
(b) the person, system or entity allowed to receive information is identified;
(c) the transfer of the Personal Information is secure, where appropriate; and
(d) the third party is contractually and/or legally committed to protecting the information and limiting its use and disclosure, where appropriate or required by law.
Prior to transferring Personal Information from one country to another or allowing access to Personal Information by Business Organizations, vendors, contractors, service providers, or other third parties located in other countries, HealthPals will gain assurances, as may be required by applicable laws, regulations, and contracts, that the information will be lawfully processed and protected.
HealthPals will comply with security policies that establish administrative, physical, technical, and organizational safeguards to protect Personal Information wherever Company work occurs.
Company-issued devices and accounts must be used for receiving, creating, maintaining, or transmitting Personal Information regardless of where Company work is being performed.
Workforce members are responsible for the confidentiality of their work-related conversations. Personal Information should not be discussed at a location or time where unauthorized individuals are present.
Interactive/Voice Activated Smart Devices or Digital Assistants located in or near to a workspace must be disabled, turned off or moved away from the workspace when Company work is being performed.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
HealthPals will take reasonable steps to maintain accurate and complete Personal Information.
HealthPals will disclose data under the following circumstances:
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
HealthPals is responsible for reviewing the effectiveness of procedures and other controls related to the implementation of and compliance with this Policy. Workforce Members are responsible for immediately reporting possible violations of this Policy in accordance with the Enterprise Incident Management Reporting and Response Policy.
HealthPals is responsible for addressing privacy complaints in accordance with company policies. If HealthPals determines that an employee has violated this Policy, the employee may be subject to discipline in accordance with SOP-NCA Nonconformity and Corrective Actions Policy for non-compliance with HealthPals Privacy Policies and any applicable disciplinary processes and procedures developed by HealthPals,
This document is part of HealthPals overall set of privacy and security policies and procedures. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.
This policy will be enforced by the HealthPals Senior Leadership Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of HealthPals property (physical or intellectual) are suspected, the HealthPals may report such activities to the applicable authorities.
Under CCPA, personal information does not include:
All sections of this policy meet or exceed and support HIPAA Compliance.
All sections of this policy meet or exceed and support CCPA Compliance.