Updated September 1, 2021
California Residents: Click here to see our additional privacy information for California residents.
In some cases, Fivos may process your personal health data or patient data as provided directly by you or by our customers for whom we process data. Fivos collects, uses, discloses, and retains Patient Data in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Health Information Technology for Economic and Clinical Health Act (“HITECH”), applicable state law, and Fivos’ own policies and procedures.
For Personal Data collected from individuals located in the European Union and other applicable countries, the General Data Protection Regulation (GDPR) shall apply
The following definitions shall apply throughout this Policy:
“Agent” means any third party that uses Personal Data provided to us to perform tasks on behalf of and under the instruction of Fivos. Examples include our cloud service providers or other contracted service providers .
“Controller” means the entity that determines the purposes and means of processing personal data. Generally speaking, this is the entity that originally collected the data.
“Personal Data” means Information or a set of information that identifies or could be used by or on behalf of Fivos to identify an individual. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data.
“Processor” means the entity which processes personal data on behalf of the controller.
III. Fivos Website
In general, you may visit the Fivos website without identifying yourself or revealing any Personal Data. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data. Fivos may collect domain information from your visit to customize and improve your experience on our website.
Aside from domain information, Fivos will not collect any Personal Data through the Fivos website that you do not volunteer, and we are the sole owner of all information collected on this site.
When you visit Fivos’ website and/or cloud-based applications (including Pathways™ Clinical Data Performance Platform, Workflow and this website), Fivos may send one or more cookies—a small text file containing a string of alphanumeric characters—to your browser or mobile device. Fivos may also sometimes collect analytics information from visits you make to our websites and/or cloud-based applications to measure traffic, usage, and to help us provide better services. This information is sent by your browser or mobile device, including the pages and/or applications you visit and other information that assists us in improving our products and/or services. Fivos may share this information with third party organizations that help us provide services to you, such as Google Analytics.
Additional information regarding how Google Analytics’ uses the data collected can be found here: https://policies.google.com/technologies/partner-sites.
V. Data Collected
With the exception of domain, account and cookies of which Fivos is a data Controller, Fivos acts as a Processor of Personal Data. As a Processor, Fivos collects Personal Data at the direction of our customers. The following types of Personal Data may be collected: medical records, including name, date of birth, social security number, medical images, patient outcomes, and other sensitive individually-identifiable data.
VI. Privacy Principles
- Notice. When Fivos collects Personal Data directly from individuals, we will inform them about the purposes for which we collect and use their Personal Data, the types of third parties (other than Agents), if any, to which we disclose that information, and the choices and means, if any, that we offer individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Fivos, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected. If Fivos receives Personal Data from its affiliates or other entities in which we do business, Fivos will use such information in accordance with the notices such entities provided and the choices made by the individuals to whom such Personal Data relates.
- Website Consultants and Service Providers. Fivos may disclose personal information to third party consultants and service providers (such as providers of hosting services, support, maintenance and remedial and repair services) to the extent that they require access to Fivos’ databases, or the information contained in Fivos’ databases, to service us and our customers under the conditions set out in the Principles.
- Enforcement of Rights / Security. Fivos reserves the right to release personal information (i) when Fivos is under legal compulsion to do so (e.g. we have received a subpoena) or Fivos otherwise believes that the law requires us to do so, (ii) when Fivos believes it is necessary to protect and/or enforce the rights, property interests, or safety of Fivos, our customers, or others, or (iii) as Fivos deems necessary to resolve disputes, troubleshoot problems, prevent fraud and/or enforce the Principles.
- Reorganization or Sale. In the event that Fivos is merged with or becomes part of another organization, or in the event that our company is sold or it sells all or substantially all of its assets or is otherwise reorganized, the information you provide may be one of the transferred assets to the acquiring or reorganized entity.
- As Otherwise Allowed by Law. Fivos may transfer personal information to third parties where we are expressly authorized by Applicable Law and the Principles to do so. Fivos also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
- Accountability For Onward Transfers. Information collected by Fivos may be stored, processed in, or transferred between any of the countries in which Fivos, its affiliates, or agents operate in to enable Fivos to use the information in accordance with this Policy. Fivos will obtain assurances from our Subcontractors and Agents that they will safeguard Personal Data consistently with this Policy. If Fivos has knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this Policy, we will take reasonable steps to prevent or stop the use or disclosure. In cases of Onward Transfer specific to European Personal Data, Fivos, Inc. remains liable. Fivos relies on the Standard Contractual Clauses and/or the use of model contractual clauses as a legitimate transfer mechanism for locations outside of the U.S for any Personal Data related to EU individuals All Fivos affiliates or vendors with locations outside of the U.S. shall enter into agreements with Fivos that obligate them to comply with all Applicable U.S. Federal Law and the terms of this Policy.
- Security. Fivos will take reasonable precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity & Purpose Limitation. Fivos will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual or Controller, as applicable. Fivos will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
- Access. Upon request, Fivos will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Fivos may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If an individual desires to correct, amend, or delete Personal Data that was provided to Fivos by third parties (and not directly by the individual), you may contact us to access, correct, or remove your information from our files. Fivos will use its best efforts to provide any access, or to correct or remove your information. Fivos will use its best efforts to provide requested access, or to correct or remove your information. Fivos reserves the right to retain a single copy of any data needed for archival purposes or to meet record retention requirements under Applicable Law. An individual should also contact the applicable third party to whom provided the data to correct, amend, or delete such Personal Data.
- Resource, Enforcement, And Liability. Fivos will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
- Data Retention. Fivos may retain Personal Data for archival purposes, to meet legal obligations such as record retention requirements, to resolve disputes, or to enforce agreements. When Fivos no longer has a business need to process the Personal Data, Fivos may either delete or destroy the data, pursuant to Applicable Law. Individuals may also request that Fivos delete your Personal Data at any time, and Fivos will do so provided that we may retain any records needed for archival purposes or to meet record retention requirements pursuant to Applicable Law. If Fivos cannot delete or destroy any such Personal Data, such as when it is archived in Fivos’ backup systems, then Fivos will store, but not otherwise further process, that Personal Data until it is deleted or destroyed pursuant to Fivos’ data retention policies.
VII. GDPR Notices for EU Individuals
The European Union (“E.U.”) General Data Protection Regulation (“GDPR”) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data protection laws across Europe.
The lawful basis of Fivos’ data collection is the “legitimate interests” lawful basis. As a service provider and Processor, Fivos collects, processes, and maintains Personal Data on behalf and at the request of the Controller(s).
Consistent with its pledge to protect personal privacy, Fivos adheres to GDPR as applicable. If there is any conflict between the provisions in this Policy and GDPR, the GDPR shall govern.
Our website and services are not intended for use or access by children or minors. Fivos does not knowingly collect or solicit information from anyone under the age of thirteen (13). If you believe Fivos has inadvertently collected information about a child under the age of thirteen (13), please contact us at [email protected] immediately using the contact information below.
IX. Dispute Resolution and Enforcement
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to us at the address given below. Fivos will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy within thirty (30) days of receiving a complaint. EU Persons (EU Data Subjects) may make complaints to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
This Policy may be amended from time to time, consistent with the requirements of HIPAA, HI-TECH, GDPR, CCPA, and/or other Applicable Law. Fivos will provide appropriate public notice about such amendments. Your continued use of our Website or products following the posting of changes constitutes your acceptance of such changes.
XI. Contact Information
Questions or comments regarding this Policy should be submitted to us by mail or e-mail as follows:
Attn: Privacy Officer / Legal Dept.
8 Commerce Avenue
West Lebanon, NH 03784
I. Additional Information for California Residents
These “Additional Disclosures for California Customers” apply only to customers who are residents of the state of California, and to the personal information of those customers that is collected by Fivos both online—via any Fivos website, mobile application, or other online service that includes a link to these additional disclosures. Your California Privacy Rights.
II. Personal Information We May Collect and Potential Sources and Third Party Recipients
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
III. How We May Use Personal Information for Business Purposes
We may use personal information for the following business or commercial purposes:
- Provide, operate, maintain, market and promote our products and services;
- Develop new or improved products, services, features, and functionalities;
- Provide information about our products and services, and grant you access to the products and services;
- Process and complete business transactions, such as webinar registrations;
- Evaluate your interest in employment and contact you regarding possible employment with us;
- Communicate directly with you, such as by responding to your comments, questions, and requests;
- Provide customer service and support, such as by sharing notices, updates, alerts, and administrative or marketing messages;
- Monitor and analyze trends, usage, and activities in connection with the Site;
- Investigate or prevent fraudulent or illegal activities, including unauthorized access to the Site;
- Comply with applicable laws and regulations;
- Defend ourselves from legal liability or allegations;
- Respond to emergencies or take steps to prevent harm to Fivos or any person or entity;
- Negotiate any merger, sale, financing, or acquisition of all or a portion of Fivos’ business to another entity;
- Undertake any uses that you have authorized (for example, if you contact us to correct an issue by e-mail, we may use your personal information to respond to and resolve your issue);
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
- As otherwise set forth per California Law
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
IV. Disclosures of Personal Information for a Business Purpose
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, Fivos has disclosed the following categories of personal information for a business purpose:
V. Your Rights and Choices
If you are a California resident, you are allowed to make certain requests about your personal information. Specifically, you can request us to:
- Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
- Once we receive and confirm your verifiable consumer request, provide access to and/or a copy of certain personal information we hold about you over the past 12 months.
- Delete certain personal information we have about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, Fivos will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Please note that if your personal information has been collected by Fivos as a result of a customer’s use of our services, Fivos collects and maintains your personal information under the directions of the relevant customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our customers to give effect to consumer choices as appropriate and required by applicable laws.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us at [email protected]health.com.
The California law provides certain rights if a company “sells” personal information. We disclose your personal information for a business purpose to our third party service providers, but we do not sell your information.
You have the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Fivos will not discriminate against you for exercising any of your California Privacy Rights.
VII. Do Not Track Signals
Some web browsers and operating systems include a Do-Not-Track (DNT) setting that you can activate to signal your preference not to have information about your online activities monitored. There is currently no uniform standard for recognizing and implementing DNT signals. As a result, Fivos does not recognize or respond to browser-initiated Do Not Track signals, as the internet industry is currently still working on Do Not Track standards, implementations and solutions.