Last Updated November 10, 2023
OneMedNet Corporation is headquartered in the State of Minnesota in the United States (“we”, “us”, “our”, and “OneMedNet”) is the creator and provider of BEAM , a service to securely exchange images and data between hospitals, clinics, healthcare providers and patients throughout the world. We take your privacy seriously and we have created this privacy policy to explain how we collect, share and use Personal Data when you visit OneMedNet.com (our “Website”) and how you can exercise your privacy rights in accordance with Data Protection Laws. Please read this policy in full to ensure that you fully understand how we use your Personal Data. Please note further that this policy does not cover users or subscribers to our BEAM services. BEAM subscribers may access the BEAM privacy policy here.
Key Terms
In this privacy policy, these terms have the following meanings:
“Data Controller” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller.
“Data Processors” means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Data Processors to process your data more effectively.
“Data Protection Laws” means all applicable laws and regulations, including laws and binding regulations of the European Union, the European Economic Area and their member states, US Privacy Laws, the United Kingdom and other parts of the world applicable to the processing of Personal Data.
“Personal Data” means any information that identifies or can be used to identify you or another individual, directly or indirectly. Examples of Personal Data include, but are not limited to, first and last name, email address, phone number and occupation.
“Service Partners” mean third-parties, including Data Processors, with whom we may have a contractual relationship to help service the Website, and whose privacy, safety and security protocols meet the requirements of this Privacy Policy and Data Protection Laws in general.
“Visitor” means any person who visits any of our Websites.
“you” and “your” means a Website Visitor.
“Website(s)” means any website(s) we own and operate.
Lawful Basis of Processing Personal Data
In order to process Personal Data of our Website Visitors we rely on the following lawful basis:
Personal Data Collection and Processing
We collect and process Personal Data applicable to Visitors to our Website, as follows:
1. Information you provide to us: In the course of engaging with our Website you may provide Personal Data about yourself, such as your name, email address or other contact information when you send us an email, request additional information, or communicate with us in any other way. By giving us this information, you agree to this information being collected, used, and disclosed as described in our Terms of Use and in this Privacy Policy.
Use of Personal Data
We may use Visitors’ Personal Data including name, address, phone number, IP address, and email address for many reasons, including:
We may also use Website Visitors’ Personal Data:
Your Consent
Based on the disclosures provided in this Policy, we need your informed, clear and unambiguous consent for us to process your data outside of the European Union or outside of any other jurisdiction that has data transfer restrictions (e.g., EU, UK, Quebec, China). To give us this consent, please click here. Please note that processing your Personal Data outside of your jurisdiction may result in transfer of your data to a country that may not guarantee the same level of protection as your country of residence. That said, we will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy. If you do not consent, please do not visit or stay on the Website.
How We Share Information
Your Rights Regarding Your Personal Data
Depending on where you live, and subject to our obligations under applicable laws, you may have certain rights and choices regarding your Personal Data. For example, in addition to choices described elsewhere in this policy, you may have some or all of the following rights and choices in general:
A. General Regional Rights
Access Rights: you may have the right to receive certain information, such as the following (these rights, and the applicable types of data and time periods, will vary depending on the laws applicable to the state or country in which you reside):
1. The categories of Personal Data we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting or selling your Personal Data; and the categories of third parties with whom we shared Personal Data.
2. Access to and/or a copy of certain Personal Data we hold about you.
3. In some circumstances, you may have the right to obtain certain Personal Data in a portable format.
Erasure: you may have the right to request that we delete certain Personal Data we have about you. We may either decide to delete your Personal Data entirely, or we may anonymize or aggregate your Personal Data such that it no longer reasonably identifies you. Certain Personal Data may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide our services to you, we may be required to retain certain information for legal purposes, and there may be other reasons we may need to keep certain Personal Data under various applicable laws. In addition, if you ask us to delete your Personal Data, you may no longer be able to access or use some of our services.
Correction: you may have the right to request that we correct certain Personal Data we hold about you.
Limitation of Processing: Certain laws may allow you to object to or limit the manner in which we process some of your Personal Data, including the ways in which we use or share it. For example, you may have these rights if the processing was undertaken without your consent in connection with our legitimate business interests (although we may not be required to cease or limit processing in cases where our interests are balanced against your privacy interests).
Regulator Contact: You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
If you believe that you have specific rights under your jurisdiction and you would like to exercise any of these rights, please submit a support request through our website or email us at Privacy@OnemedNet.com. Other than marketing opt-out and do-not-sell requests, you will be required to verify your identity before we fulfill your request. In certain jurisdictions, you may be able to designate an authorized agent to make a request on your behalf, subject to certain requirements of your applicable law. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf, and we may be required to take additional verification measures under applicable law.
B. Important Information for European Union and United Kingdom Users
If you are a user from the European Union or United Kingdom you should be aware that we are the controller of your Personal Data (Data Controller) under the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and such similar laws promulgated in the various EU countries. You may have certain additional rights regarding your Personal Data (as defined in the GDPR and UK GDPR, for instance), including the right to:
There is no charge for any of these requests. To make a request, please contact us at Privacy-EU@onemednet.com. We try to respond to such requests in a timely manner, but in no event longer than one month. When we collect your Personal Data, we maintain and store it for as long as we determine reasonably necessary to provide our services to you, unless you exercise your right to erasure described above, or to comply with applicable legal requirements.
If you are a resident of the European Union or United Kingdom, when we process your Personal Data, we will only do so in the following situations:
You should be aware that Personal Data you provide to us may be transferred out of the country in which you reside to servers in a country that may not guarantee the same level of protection as the one where you reside. Nevertheless, we will take all steps reasonably necessary to ensure that your Personal Data is treated securely in accordance with this privacy policy, and no transfer of your Personal Data will take place to a third party unless there are adequate controls in place to protect your personal information and/or you have provided contractual consent by registering an account with us.
C. U.S. State-Specific Rights
Various U.S. states provide specific rights to residents of the state regarding Personal Data, which includes allowing consumers in these states to opt out of certain sharing of their data or in Colorado where you must consent for us to process your sensitive Personal Data or any Personal Data of a minor.
Depending on where you reside, your state may have enacted privacy laws (e.g., as of the date of this policy California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah and Virginia) that allow you to request that OneMedNet:
Residents of these states may exercise these rights by emailing us at Privacy@OnemedNet.com.
In general, we, including our Service Partners, collect the following California regulated categories of Personal Data (PI) from you:
How We Have Shared Your Personal Data for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose with our Service Partners:
How You Can Exercise Your Privacy Rights
If you wish to exercise any of these rights, you may: (a) email our Data Protection Officer at Privacy@OnemedNet.com; (b) call us at +353 1 631 9460 in the EU or +1 800-918-7189 in the U.S.; or (c) send us a message on our website at www.OneMedNet/contact.
To change information that we collect through this Website, please email Privacy@OnemedNet.com. We allow you to opt out of future communications at any time by clicking the “unsubscribe” link at the bottom of all emails.
If you would like to make a complaint about how we have handled your Personal Data, or to make a complaint about a breach of data protection laws, please email us. We will investigate complaints and will communicate the outcome of the investigation to you after the complaint is made in accordance with applicable law. You may also have a right in some locations to file a complaint with your local data protection authority.
Security
We take appropriate and reasonable organizational, administrative, technical, and physical measures to safeguard your Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction such as encrypting data at rest and in transit, security information training for all staff, as well as periodic security risk assessments, vulnerability testing, and penetration testing.
Changes to This Privacy Policy
We may at our own discretion update this privacy policy at any time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the Personal Data we collect.
How to Contact Us
For residents of the EU or UK that may have a concern about the way in which we have handled any privacy matter, please contact our EU Data Protection Representative by email: Privacy-EU@onemednet.com. Alternatively, they can be reached by post: The DPO Centre Europe, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2; by phone: +353 1 631 9460; by website: www.dpocentre.com. You also have the right to lodge a complaint with your local data protection supervisory authority (list here: https://edpb.europa.eu/about-edpb/board/members_en).
For residents of all other countries or the U.S., please contact OneMedNet directly by contacting us at Privacy@onemednet.com. You may also contact us by post or telephone at:
Attn: Privacy Officer/DPO
OneMedNet Corporation
6385 Old Shady Oak Rd Suite 250
Eden Prairie, MN 55344 USA
Tel +1 800-918-7189