EEA Privacy Policy

Effective 11/27/2019

OneMedNet Corporation is headquartered in the State of Minnesota in the United States (“we”, “us”, “our”, and “OneMedNet”) is the creator and provider of BEAM, a service to securely exchange images and data between hospitals, clinics, healthcare providers and patients in Europe. We take your privacy seriously and we have created this privacy policy to explain how we collect, share and use Personal Data and how you can exercise your privacy rights in accordance with the General Data Protection Regulation (GDPR) 2016.  Please read this policy in full to ensure that you fully understand how we use Personal Data.

Key Terms

In this privacy policy, these terms have the following meanings:

“BEAM” or “Service” is a service to securely exchange image and data between hospitals, clinics, providers and patients.

“BEAM Cloud” is a cloud-based service that allows BEAM Subscribers to exchange image and data with BEAM Cloud Users.

“BEAM Cloud User” is a patient, a patient representative, or a healthcare provider that is registered with us to use BEAM Cloud.

“BEAM Subscriber” is a subscriber to the BEAM service, typically hospitals and clinics and their users of BEAM.

“Data Controller” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller.

“Data Processors” means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Data Processors to process your data more effectively.

“Exchanged Data” or “Exchange Data” means any information exchanged between BEAM Subscribers, including Personal Data and Health Information (which is a Special Category of Personal Data under the GDPR).

“Personal Data” means any information that identifies or can be used to identify you or another individual, directly or indirectly. Examples of Personal Data include, but are not limited to, first and last name, email address, phone number and occupation.

“Health Information” means any information that is part of a patient’s medical record and is a Special Category of Personal Data under the GDPR.

“Visitor” means any person who visits any of our Websites.

“you” and “your” means, depending on the context, either a Visitor, BEAM Subscriber or BEAM Cloud User.

“Website(s)” means any website(s) we own and operate.

Lawful Basis of Processing Personal Data

In order to process Personal Data of our BEAM Cloud Users and Subscribers we rely on the following lawful basis:

  1. Consent of individuals using the Data Exchange system and our Websites
  2. Legitimate Interest for providing continuity of care for healthcare purposes such as urgent or emergency care for a patient

 

Personal Data Collection and Processing

We collect and process Personal Data applicable to the following:

  1. Visitors: We collect and process Personal Data through our Website and in our interactions with you in the usual course of business, such as events, sales, and marketing purposes.
  2. BEAM Subscribers and BEAM Cloud Users: We collect and process your Personal Data so that we can provide you with our Service.
  3. Exchange Data: We collect and process Personal Data and Health Information from Exchanged Data so we can provide our BEAM Subscribers or BEAM Cloud Users with this Service.

 

Information We Collect Applicable to Visitors, BEAM Subscribers, and BEAM Cloud Users

  1. Information you provide to us: In the course of engaging with our Website or Services, you may provide Personal Data about yourself. You may also provide Personal Data about other individuals such as patients, patient representatives and healthcare providers when you use our Exchanged Data services. Personal Data is often, but not exclusively, provided to us when you sign up for and use the Services, consult with our customer service team, send us an email, request additional information, or communicate with us in any other way.

By giving us this information, you agree to this information being collected, used, and disclosed as described in our Terms of Use and in this Privacy Policy. This information may include:

    • Registration information such as name, email address, username, password, company name, occupation, and phone number (for example, if you are using two-factor verification).
    • Billing information such as payment and billing information details including maintaining records of billing transactions.
    • Communications and organization information: such as general information about you or your organization (addresses, email addresses, phone numbers) as well as maintaining a record of communications and responses.
  1. Information we collect automatically: When you use our Services, we may automatically collect certain information about your device and usage of the Services. We use cookies to collect some of this information. Please refer to our separate Cookie Policy.
  2. Information we collect from other sources: From time-to-time, we may obtain information about you from our service partners. We take steps to ensure that our service partners are legally or contractually permitted to disclose such information to us.

Information We Collect Applicable to BEAM Subscriber’s Exchanged Data

When you use our Services to Exchange Data, we process the data that you approved to send and we log the exchange. We may use Personal Data logged during an exchange for customer support or Service maintenance purposes, such as providing you with support to troubleshoot technical issues with an exchange that either you are sending or receiving. If Personal Data is included, it may be logged during the exchange. For example, if you exchange medical imaging studies, a limited amount of demographic and data elements will be logged for evidence of the transfer. If you transmit a study to BEAM Cloud, the study is temporarily stored on our servers and deleted after 30 days and the BEAM Cloud account is deleted within 90 days of inactivity.

Use of Personal Data

We may use Visitors’ and BEAM Subscribers’ Personal Data including name, address, phone number, IP address, and email address for many reasons, including:

  1. To bill and collect money owed to us by you.
  2. To send you notifications and alerts.
  3. To provide you with access to our Services. For example, without an email address, you cannot use BEAM Cloud.
  4. To monitor your use of the Service to ensure the Service is functioning as expected and to allow customer support to intervene if it is not functioning as expected.
  5. To communicate with you about your account, use of our services, and to provide you with customer support.
  6. For internal sales and marketing purposes as long as you are not identified as a patient.

We may use Visitors’, BEAM Cloud Users’, BEAM Subscribers’, and BEAM Subscriber Exchanged Data’s Personal Data:

  1. To provide, support and improve the Services. For example, this may include sharing your information or your exchange partner’s information with third parties in order to provide and support our Services or to make certain features of the Services available to you.
  2. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
  3. To enforce compliance with our Terms of Use and applicable law, and to protect the rights and safety of BEAM Subscribers, third parties, as well as our own. This may include developing tools and algorithms that help us prevent violations or it can be used in the course of an investigation of a security incident.
  4. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  5. To prosecute and defend a court, arbitration, or similar legal proceeding.
  6. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

Data Protection Rights

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with the GDPR 2016. We may ask you to verify your identity to help us respond efficiently to your request.

  1. If you are a Visitor or a BEAM Cloud User, you have the following rights as it pertains to the Personal Data and Health Information we store about you:
    • To be informed of our privacy notices and policies
    • To rectify inaccuracies in the Personal Data we collected about you
    • To delete information we have collected about you.
  2. If you are an individual included in Exchanged Data, we will direct you to the BEAM Subscriber to respond directly to your request.

You can exercise your rights by contacting us. See contact details below.

How we Share Information

  1. We will not sell or rent your Personal Data.
  2. For BEAM Cloud Users and BEAM Subscribers, we do not share or store Personal Data or Health Information beyond the Data Processors that are integral to the proper functioning of the BEAM service, such as the hosting and manage service providers as described in our List of Data Processors. For a list of Data Processors with whom we may share your data, please contact us.
  3. For Visitors, we may share and disclose your Personal Data to provide you with our Services. We may share information we collect from you with a Data Processor for analyzing data, hosting data, managing relationships, engaging technical support for our Services, processing payments, delivering content, securing and monitoring our infrastructure.  For a list of Data Processors with whom we may share your data, please contact us.
  4. We may share your Personal Data with any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary.

We may share your Personal Data with a potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition.

Security

We take appropriate and reasonable organizational, administrative, technical, and physical measures to safeguard your Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction such as encrypting data at rest and in transit, security information training for all staff, as well as periodic security risk assessments, vulnerability testing, and penetration testing.

International Transfers

Our servers providing BEAM Services for our EEA customers are located in Ireland and we do not transfer Personal Data outside of those servers but they may be accessed by our employees and service partners located in the UK, Canada and the United States who are providing support services for our BEAM Subscribers and BEAM Cloud Users. Visitor Personal Data may be transferred to, stored, processed or accessed outside of Ireland from either Canada or the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy.

Changes to this privacy policy

We may at our own discretion update this privacy policy at any time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the Personal Data we collect.

Contacting us

If you are in the EEA and have a concern about the way in which we have handled any privacy matter, please contact our EU Data Protection Representative by email: [email protected]. Alternatively, they can be reached by post: DPO Centre, 50 Liverpool Street, London, EC2M 7PR; by phone: +44 203 797 6340; by website: www.dpocentre.com. You also have the right to lodge a complaint with your local data protection supervisory authority (list here: https://edpb.europa.eu/about-edpb/board/members_en).

To contact OneMedNet directly about other matters, please send us a message to [email protected].  You may also contact us by post or telephone at:

Attn: Privacy Officer/DPO
OneMedNet Corporation
6385 Old Shady Oak Rd Suite 250
Eden Prairie, MN 55344
USA

Tel +1 800-918-7189