Français

Privacy Notice

At Advance Medical we are committed to protecting and respecting your privacy.

This notice describes how personally identifiable information about you (the data subject) may be collected, used, and disclosed, and how you can get access to this information. Please review it carefully.

The data controller is Advance Medical S.A. with offices in 252 Via Augusta 08022 Barcelona Spain and its affiliates and subsidiaries.

Introduction

Advance Medical collects personal, medical data about and from individuals (data subjects) who have provided fully informed consent. Collected personal data is never shared for any purpose other than as defined in this notice and strictly for the purpose of rendering the Services for the benefit of the person identified by the data collected. Such data is permanently de-identified when the data subject is no longer eligible for the service.

Scope

Advance Medical operates globally and is committed to full compliance with all laws and regulations of any jurisdiction within which it operates. This particularly applies to all privacy laws and regulations.

Global policy, fundamental principles

Advance Medical's Privacy Policy complies with the general provisions and basic principles of the Madrid Resolution. (See: International Conference of Data Protection and Privacy Commissioners, Madrid, 5th November 2009):

  • Personal data must be processed lawfully and fairly
  • Limit private data usage to legitimate fulfilment of a specific purpose as defined by informed consent of the data subject.(Person the data is about)
  • Limit processing and storage to minimum necessary
  • Accurate and sufficient to consented purpose
  • Open, transparent privacy policies
  • Accountability for compliant privacy measures
  • Legitimacy: informed consent, adherence to law, easy path to withdraw consent.
  • Definition and protection of sensitive data
  • Third party privacy controls
  • International transfers must adhere to Madrid Resolution principles.
  • Data Subject's rights to concise, timely, comprehensive information regarding data about them and related processing and usage.
  • Data subject's right to rectification of data: incomplete, inaccurate, unnecessary or excessive.
  • Data subject's right to object subject to law and necessary processing.
  • Must implement procedures to support data subject's exercise of their rights.
  • Security Measures: Technical and procedural support for integrity, confidentiality and availability must be provided.
  • Maintain the confidentiality even after relationship to data subject has terminated.
  • Proactive measures: prevention, detection, organization, privacy/security officer, training, independent audits, privacy impact assessments, and policies and procedures.

The confidential information will be registered in a secure and proper manner following the General Data Protection Regulation (hereinafter GDPR) on the protection of individuals with regards to the processing of personal data and on the free movement of such data. You may request information, file a complaint and exercise your rights of access, rectification, suppression, limitation of treatment, portability and opposition to the Data Protection Officer: dpo@advance-medical.com, indicating your name, what service was used and your telephone number, and attaching your Identification Card or any other document that permits to identify you.

In order to better protect your data, we inform you that Advance Medical uses data centers based in the EU and in the USA that comply with all the privacy, security and contingency measures and regulations. With your acceptance you are also entering into an agreement for such matters with Advance Medical, Inc, a subsidiary of Advance Medical in the USA who owns the agreements with servers in the USA. By accepting these Terms and Conditions, you are agreeing to the international transfer of your personal data as stated above.

You should check whether it is lawful to access our services in the territory where you are. We provide our services in compliance with EU Data Protection laws and USA HIPPA regulations, and cannot take responsibility for any differences between those rules and any different rules applying to healthcare services anywhere else.

General Definitions

Binding Corporate Rules (""BCRs"") are European Union (EU) defined templates for binding (enforceable) corporate policies that define how PHI/PII are to be handled.

Data Privacy Authorities (DPA) are the designated governmental agency in each EU country designated to deal with privacy issues.

Standard Contractual Clauses (""SCCs"") are contract clauses between parties exporting and importing PHI/PII.

The term ""data subject"" and the term ""you"" mean the person identified by the data.

Advance Medical's contracts between exporting and importing entities implement SCCs wherever appropriate and feasible.

Advance Medical's corporate privacy policies while in compliance with privacy policy recommendation of the EU have not been reviewed by the relative Data Privacy Authorities. (DPA).

Advance Medical's Obligations

  • Maintain the privacy of data subject's personal data
  • Provide data subject with a notice as to our legal duties and privacy practices with respect to information we collect and maintain about the data subject
  • Abide by the terms of this notice
  • Notify data subject if we are unable to agree to a requested restriction
  • Accommodate reasonable requests data subject may have to communicate health information by alternative means or at alternative locations, or to correct data subject's information
  • Inform the data subject and address their rights related to personal data

Advance Medical's Definitions

  • Personally Identifiable Information (PII) is information or data that directly identifies an individual or that when used in combination with information available publically or to Advance Medical, may provide a high probability of identifying an individual.
  • Protected Healthcare Information (PHI) is PII that in addition contains health data about the individual identified by the data.
  • Data is constrained to be relevant and reliable for the purpose it was collected. Integrity and security controls are in place and monitored to maintain the accuracy of the data.

How data is used

  • Advance Medical uses and discloses PHI in creating a medical case history, identifying physician consultants, and producing Notes or Reports (the ""Report"").
  • Advance Medical does not share PHI, unless expressly consented by the Patient, for any purpose not both defined in this notice and required for the production of the Service and Report.
  • Examples of Disclosures for Treatment, Payment and Health Operations (TPO). Advance Medical may collect protected health information (PHI) for use in our Service (the ""Service""). The information will be used and disclosed in creating a medical case and history, identifying physician consultants, and producing the Notes or Reports (the ""Report""). Advance Medical may disclose your health information to case managers, clinical committee members, administrators who will use the information to process your case and other individuals who are involved in providing the Service or generating your Report. In some cases your information may be sent to an outside consulting physician or other consulting medical professionals. For example, a case manager may share your information with a medical director in order to identify an appropriate consulting physician for your case. The case manager may share the information with the consulting physician. We will ask these consultants to sign agreements requiring them to preserve the confidentiality of this information.
  • Other Uses of Data: Advance Medical also may use your health information to review or evaluate the performance of our systems in providing the Service to you and to improve the quality or timeliness of our services. Advance Medical also may create de-identified information based upon information you have provided to us. De-identified information is information that does not include your name, address, birth date, or other information that could be used to identify you. This de-identified information could be used for quality improvement, research and other purposes. For example, Advance Medical could use this de-identified information to demonstrate the reliability of our information management systems or to generate medical research information. We would not identify you by name or other personally identifying data in any resulting reports or other information. Advance Medical may disclose information in order to contact you during the course of providing services to you as either part of the ongoing process or as part of an effort to follow-up with you after using the Service or if there is an opportunity to inform you about additional services of interest. We may contact you through the mail, over e-mail or through the phone.
  • Online Activity Tracking and Advertising: We collect information about your activity on Our Systems through using technologies such as cookies, and server log files.
  • We do not use third-party cookies or non-Advance Medical web beacons i.e. Web based data collection by other than Advance Medical. I.E. we do not use advertising or tracking links. We use this automatically generated information to provide you with an optimal website experience. This includes measuring the effectiveness of our web pages and your interactions with them in order make using our pages as easy for you as possible.
  • Our site and related applications will generate log files tracking who has had access to your PHI and or PII.
  • Other Disclosures Mandated by Law: Advance Medical may be called upon to disclose PHI by a duly empowered branch of Government in any country in which our patients are a citizen.

Data Retention

  • Advance Medical retains PHI as long as it is required for the purpose of providing the Service to the individual identified by the PHI.
  • When the identified individual is no longer eligible for the Service, through specific request by the individual or other event that removes the individual from eligibility then the PHI is permanently de-identified in accordance with the GDPR on the protection of individuals with regards to the processing of personal data and on the free movement of such data. Any and all codes, links, or other data that could be used to relate the de-identified data to the identity of the individual are permanently destroyed.
  • Such permanently de-identified data is no longer PHI and is retained by Advance Medical indefinitely. Note that it is not possible to identify you from this de-identified data.

Notice

  • We will make our privacy commitments easy to find and easy to read.
  • Each individual about whom Advance Medical collects PHI or PII (the data) is ensured to be aware of what data we are collecting, the usage and purpose of the data collected, the individual's ability to control that usage and their rights related to that data, and the retention period of that collected data.
  • We will listen to your feedback and answer your questions about our Privacy Policy, commitments, and practices.
  • We reserve the right to change our practices and to make the new provisions effective for all PHI and PII we maintain. We will not use or disclose your health information without your authorization, except as described in this notice. If you have a question or would like a copy of this notice or would like additional information, you may contact us, details of our offices is located on our website in the contacts section http://www.advance-medical.net/contact. If you believe your privacy rights have been violated, you may file a complaint with Advance Medical, at dpo@advance-medical.com. There will be no retaliation for filing a complaint.

Choice

  • We do not share the data about you outside Advance Medical except as explicitly defined in this ""Privacy Notice"". Individuals have the option to opt out of the collection and forward transfer of the data to third parties, however this may preclude Advance Medical from rendering its services.

Your Health Information Rights

  • Request a restriction on certain uses and disclosures of your information.
  • Obtain a paper copy of this privacy notice (information practices) upon request.
  • You have the right to inspect, copy, and amend completed medical records maintained by Advance Medical (a fee may be applied).
  • Obtain an accounting of disclosures of your health information.
  • Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
  • You have the right to request to receive confidential communications about your health information, such as having information sent to a particular address or in a particular way. In your request specify how you would like us to communicate with you. We may charge you a processing fee for these requests. In some cases we may not honor your requests, such as if disclosing records will cause you harm or if they are part of legal proceedings or if they are part of ongoing legal research.
  • You must include all of the specific information that you want changed, amended, or restricted and the person or categories of persons who should or should not have access to the information. We have the right to deny your requests or ask for additional information.
  • In the event that we deny your request you will be notified of any denial within 60 days and be given additional options or information.
  • We are only obligated to share disclosure accounting for the preceding six years. This accounting will not include disclosures made in the course of providing the Service or generating the Report, as described in this notice.
  • You have the right to make complaints about any possible violation of your Privacy Rights to Advance Medical. Advance Medical will not penalize you for making a complaint.
  • To inspect, modify or restrict your medical records please make a signed and dated written request to:
  • Privacy Officer
  • c/o
  • Advance Medical
  • EMEA office: Via Augusta 252 | 08017 BARCELONA | SPAIN | Tel. +34-932540010
  • dpo@advance-medical.com

Onward Transfer

  • We do not share PII or PHI with any third parties other than as required by the service and report production and documented in this notice. We insist that the vendors, including doctors under contract to Advance Medical that we retain to provide support services to Advance Medical, adhere to our Privacy Policy and Principles as well as all globally applicable data privacy laws.

Security Enforcement

  • We safeguard the data with tested and certified technical and manual security controls. We educate our employees and service providers on our Privacy Policy and Principles- as well as their roles and responsibilities in complying with them; and we enforce remedial penalties for non-compliance.

Global Compliance

  • We are committed to comply with the applicable data privacy laws in all regions where we have subsidiaries and affiliates.

Access

  • We strive to keep your Personal Information accurate and current; and we update or disclose it to you whenever you request us to do so. We post our Privacy Policy and Principles on our Web sites and we notify you about any significant amendments thereto. Individuals are able to access information held about them, and correct or delete it if it is inaccurate. Individuals are responsible for communicating modifications, rectifications or additions to their Personal Information in order that Advance Medical may change it accordingly and keep it current.
  • Access to Advance Medical sites are access controlled and restricted to registered adult patients, parents or guardians of minor patients, and our own staff of physicians, case managers and medical experts. Advance Medical has implemented manual and technical, physical and electronic security controls to best ensure that our systems and data are secure. These controls are continuously monitored and upgraded as required by changing business processes, new threats and as better security controls become available.

Payment Data

  • Advance Medical does not use PII or PHI for payments.