Why We Collect Personal Information
Information The Beautox Nurse Collects from You
Contact Information. We collect your contact information, such as your name, email address and organization, when you fill out our online forms or set up your user account for our Services. We use your contact information to activate your user account, give you access to the Services, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us at email@example.com.
Billing Information. When a Subscriber subscribes to our Services, we also collect credit card information to process payment. Credit card information is provided directly to our payment processor and is processed in a PCI-compliant manner. We do not keep your credit card information. Note that when credit card information is referred to as being “stored”, this means we have a “token”. The token replaces sensitive information and acts as a non-sensitive placeholder that can be used by the payment processor to reference your credit card information when payments need to be processed.
Log and Device Information. When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used.
This information is not used to market or send promotions at an individual user level.
To learn about use of our websites, such as user traffic patterns and the effectiveness of our navigational structure
To identify email open rates in order to gauge the effectiveness of certain communications or marketing campaigns to clinics
To allow you to login to secure areas of our Services
To store your login credentials for easy access to our Services
Social Media. If you login to our Services using a third-party sign-in service, such as Google, Facebook Connect or Twitter, we will receive personal information from those services, such as your name and email address in order to pre-populate our online forms. We also include social media “Like” and “Share” buttons on our websites. These features may collect your IP address and the page you are visiting on our website. They may also set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the third parties who provide them.
Patient Data. Subscribers use our clinic management platform to collect personal information from their patients and create patient records. These records may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data (“Patient Data”). This information is sometimes referred to as “personal health information”, “protected health information”, “data concerning health” or “sensitive data” depending on the location of the Subscribers and the privacy laws applicable to them. If you are a patient, Patient Data is collected from you when you visit our clinic or when you setup an account with our clinic through our online booking website.
Subscriber’s Role. Subscribers retain sole control over Patient Data and may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them.
What Patient Data to collect;
How the Subscriber will use the Patient Data;
Who has access to Patient Data;
How long the Subscriber will store Patient Data; and
On what basis the Subscriber may delete Patient Data.
Subscribers are responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.
Patient Rights. Patients have certain rights with respect to their Patient Data, which may include knowing what information our clinic has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data.
Sharing Your Information
We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. We will only share personal information we collect in the following circumstances:
Suppliers and Service Providers. In order to operate our business and provide the Services to our Subscribers and their users, we may need to share a limited amount of personal information, including Patient Data, with our third-party suppliers and service providers. Before sharing personal information, we ensure that the third parties receiving the personal information have provided appropriate safeguards, and that privacy rights are protected and preserved. Some of the areas where we use third-party suppliers and service providers include:
Our booking platform where all platform data is stored
Communication services to send out email and SMS notices or reminders
We protect your personal information, including Patient Data stored in our platform, by:
Using industry standard security controls such an encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
Using state-of-the-art data centres with appropriate security and compliance certifications, such SOC 2 and EU-US Privacy Shield that are HIPAA compliant.
Having our personnel sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process, and only accessing your account when you request assistance from us.
Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via the email address or mobile phone number you use for the Services.
While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential.
We retain personal information only for as long as necessary to achieve our stated purposes, or as required by applicable law. For example, Contact and Billing information is kept for as long as a Subscriber account is active and for a reasonable period after it has been deactivated in the event you or your Subscriber wish to re-activate the account. User account information may also be retained as necessary to comply with our legal obligations, resolve disputes or maintain our relationship with your Subscriber organization. Credit card information is never kept or stored by us.
Individuals have certain rights with respect to their personal information. These rights are set out below.
Correction and Deletion. We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by logging into your user account and modifying your personal information, including your preferences to receive messages from us. You may also update, correct or delete your personal information by contacting us as noted below.
Withdrawing Consent. Where we have relied on your consent to use your personal information, you have the right to withdraw that consent at any time by contacting us as noted below. In addition, all our marketing email messages contain the ability to automatically “opt-out” or unsubscribe from our mailing lists and marketing messages.
Access and Portability. You have the right to request a record of the personal information that we have collected about you and to ask that the information be provided in a structured, used electronic format (where applicable and technically feasible). There may be some cases where we cannot provide you with certain information about you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. If you require access to your personal information, please Contact Us. We will respond to you within thirty (30) days of receiving your request. We may charge a fee where permitted by applicable law.