1. Introduction to this Policy.
This Policy shall be supplemented by our Terms and Conditions of Use, and any other guidelines, terms and policies made available by us from time to time, all incorporated herein by reference.
2. Scope of this Policy.
This Policy is applicable to the information collected through your use of our Site, our websites, services and products, as applicable. As used herein and elsewhere, the words “collect”, “use”, “process”, “treat”, “disclose” and analogous shall be related to personally identifiable information (the “PI”) and other data that we may collect from our users and/or visitors, including cookies inside a computer and mobile device IDs.
By registering with us or otherwise using our products and services, you thereto consent to the collection, transfer, processing, storage, disclosure and other uses of your PI as described in this Policy. We will also ask for your specific consent to certain parts of the service (i.e. newsletter subscription) via clickable boxes with legends similar or analogous to “I Accept”.
3. Information You Provide to Us.
Each new patient form submission to E&S Orthodontics will correspond to the creation of a patient account with us on our PMS (Practice Management System). In the event it’s an existing patient, we will update their existing record. Patients will be required to provide certain PI, including but not limited to, name, surname, date of birth, email address, physical address, Social Security Number, family contact details and dental insurance information among other health-related information. For more information, please review our full patient schedule, as shown here: www.esorthodontics.com/hhf/.
We will use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly.
4. Usage and Processing of Personal Information.
The collected PI constitutes your medical record with us. The medical record is on the possession of our medical practice, but the information in the medical record belongs to you. Applicable law permits us to use or disclose your PI for the following purposes:
Treatment. We use PI about you to provide your medical care. We disclose PI to our employees and others who are involved in providing the care you need. For example, we may share your PI with other physicians or other health care providers who will provide services that we do not provide.
Payment. We use and disclose PI about you to obtain payment for the services we provide. For example, we give your health plan the information it requires before it will pay us. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided to you.
Health Care Operations. We may use and disclose PI about you to operate our medical practice. We may also share your information with other health care providers, health care clearinghouses or health plans that have a relationship with you, when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce health care costs, their protocol development, case management or care-coordination activities, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, or their health care fraud and compliance efforts.
Appointment Reminders. We may use and disclose PI to contact and remind you about appointments.
Notifications and Communications with Family Members. We may disclose your PI to notify or assist in notifying a family member, your personal representative or another person responsible for your care about your location and your general condition.
Marketing. Provided we do not receive any payment for making these communications, we may contact you to give you information about products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to you. We will not otherwise use or disclose your PI for marketing purposes or accept any payment for other marketing communications without your prior written authorization. The authorization will disclose whether we receive any compensation for any marketing activity you authorize, and we will stop any future marketing activity to the extent you revoke that authorization.
Public Health. We may, and are sometimes required by law, to disclose your PI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
Health Oversight Activities. We may, and are sometimes required by law, to disclose your PI to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by law.
Coroners. We may, and are often required by law, to disclose your PI to coroners in connection with their investigations of deaths.
Organ or Tissue Donation. We may disclose your PI to organizations involved in procuring, banking or transplanting organs and tissues.
Specialized Government Functions. We may disclose your PI for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.
Workers’ Compensation. We may disclose your PI as necessary to comply with applicable workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers’ compensation insurer.
Change of Ownership. In the event that this medical practice is sold or merged with another organization, your PI/record will become the property of the new owner, although you will maintain the right to request that copies of your PI be transferred to another physician or medical group.
Except as described in this Policy, E&S Orthodontics will, consistent with its legal obligations, not use or disclose PI which identifies you without your written authorization. If you do authorize this medical practice to use or disclose your PI for another purpose, you may revoke your authorization in writing at any time.
5. Your Rights as Medical Patient.
We understand the importance of privacy and are committed to maintaining the confidentiality of your PI. Accordingly, we make a record of the medical care we provide and may receive such records from others.
We are required by law to maintain the privacy of protected PI, to provide individuals with notice of our legal duties and privacy practices with respect to protected PI, and to notify affected individuals following a breach of unsecured protected PI.
We understand the importance of privacy and are committed to maintaining the confidentiality of your PI. Accordingly, we make a record of the medical care we provide and may receive such records from others. If you have any questions about this Policy, please contact our Privacy Officer.
We hereby remind you that you may have specific legal rights under applicable law, such as:
Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your PI by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning health care items or services for which you paid for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request, and will notify you of our decision.
Right to Request Confidential Communications. You have the right to request that you receive your PI in a specific way or at a specific location. For example, you may ask that we send information to a particular e-mail account or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.
Right to Inspect and Copy. You have the right to inspect and copy your PI, with limited exceptions. To access your medical information, you must submit a written request detailing what information you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred form and format. We will provide copies in your requested form and format if it is readily producible, or we will provide you with an alternative format you find acceptable, or if we can’t agree and we maintain the record in an electronic format, your choice of a readable electronic or hardcopy format. We will also send a copy to any other person you designate in writing. We will charge a reasonable fee which covers our costs for labor, supplies, postage, and if requested and agreed to in advance, the cost of preparing an explanation or summary.
We may deny your request under limited circumstances. If we deny your request to access your child’s records or the records of an incapacitated adult you are representing because we believe allowing access would be reasonably likely to cause substantial harm to the patient, you will have a right to appeal our decision. If we deny your request to access your psychotherapy notes, you will have the right to have them transferred to another mental health professional.
Right to Amend or Supplement. You have a right to request that we amend your PI that you believe is incorrect or incomplete. You must make a request to amend in writing, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your PI, and will provide you with information about this medical practice’s denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny your request, you may submit a written statement of your disagreement with that decision, and we may, in turn, prepare a written rebuttal. All information related to any request to amend will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
Right to an Accounting of Disclosures. You have a right to receive an accounting of disclosures of your PI made by this medical practice, except that our medical practice does not have to account for the disclosures provided to you or pursuant to your written authorization, or as described in Section 4 of this Policy.
Right to a Paper or Electronic Copy of this Notice. You have a right to notice of our legal duties and privacy practices with respect to your PI, including a right to a paper copy of this Policy, even if you have previously requested its receipt by e-mail or if you reviewed it online on the Site. If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact our Privacy Officer.
Lawful Disclosure of Information.
We must reserve our right to disclose your PI when we or our affiliates, clients, contractors, licensors, officers, agents and/or representatives reasonably believe it necessary to protect our interests, or where you result to be in breach of our Terms and Conditions of Use and/or this Policy. Accordingly, we will have the right to disclose any and all collected PI and/or data, under the following circumstances:
- If required under applicable law, rules or regulations.
- In response to a valid request or subpoena from a government or law enforcement agency.
- To defend ourselves and our affiliates, licensors, officers, agents and representatives from legal claims and processes brought to us by third parties (including takedown notices).
- To defend the property, rights and integrity of any of our users, advertisers or licensors.
- To stop or cause to cease any actions that we may consider to cause –whether allegedly or factually– a contingency or liability.
Email Communications & Opting Out.
We collect the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages users’ access or visit, and information volunteered by the consumer (such as survey information and/or website registrations).
We will send you service-related announcements on occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, or a new enhancement is released, which will affect the way you use our Service, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. Based upon the PI that you provide us, we may communicate with you in response to your inquiries to provide the services you request and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes. We may also use your PI to send you updates and other promotional communications.
If you no longer wish to receive those email updates, you may opt-out of receiving them by following the instructions included in each update or communication.
Cookies & Web Beacons.
From time to time, we may place the so-called ‘cookies’ in your computer in order to track and collect data regarding your use of our products and services. Cookies are small text files that our services transfer to you and that allow us permit us to recognize you and obtain data such as the environment in which our products are operating, OS type and version.
- Functional Cookies. These cookies enable the Site to remember a user’s choices – such as their language, user name, and other personal choices – while using the Site. They can also be used to deliver services, such as letting a user make a blog post, listen to audio, or watch videos on the Site.
- Session Cookies. These cookies allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering what a user has put in their shopping cart as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session; thus, they are not stored long term.
- Persistent Cookies. These cookies are stored on a user’s device in between browser sessions, which allows the user’s preferences or actions across a website (or, in some cases, across different sites) to be remembered. Persistent cookies may be used for a variety of purposes, including remembering users’ choices and preferences when using a website or to target advertising to them.
We may also use the so-called ‘beacons’, which are small files, sometimes only a pixel in size, embedded onto the pages of our websites. Beacons are used to identify each of our pages in order to be analyzed by our system tools.
We may also collect and use the data contained in log files, which may include your IP (internet protocol) address, your ISP (internet service provider), the browser you used to visit our platform, the time you visited our platform and which sections you visited.
We do not currently offer “do-not-track” or similar mechanisms.
Third-Party Service Providers.
Our platform and our services may display hyperlinks to the websites of our commercial partners and other third parties. If you click on such links, you are choosing to visit such websites, and will be redirected there.
Please take into consideration that we are not responsible for the privacy and personal data practices undertook by such third parties (including any tools, cookies, information or content contained thereunto), and that we do not have control over the manner in which such third-parties may collect, process, treat or use your PI.
When you use such links to go to another website, our Policy and Terms are no longer into effect and your browsing thereof is in your own and final risk. In addition, any banner or ad that we may have on our platform does not constitute any endorsement of any third-party thereof.
Advertising, Opt-out Choice.
From time to time, we may use Google Analytics, Ad Words, Double Click, Adroll and/or Ad Sense tracking codes, and other third-party software tools (such as remarketing codes) in order to collect information and marketing analytics about the manner in which you browse our platform and services.
The served ads will be targeted based on your previous browsing history, and may include retargeting codes. For example, third-party vendors may show you E&S Orthodontics’ ads on certain websites across the Internet, even after you leave our platform. The collected information is anonymized, meaning it cannot be tracked back to individuals. Using such tools, we learn how to optimize, and serve ads based on a user’s past visits, providing you with a better user experience.
You can learn more about how to opt-out by browsing Google’s opting-out and privacy pages located at www.google.com, or the Network Advertising Initiative website located at www.networkadvertising.org.
For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/. You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout.
Your PI may be accessed by us or our affiliates, agents, partners, advertisers or third-party service providers in the United States and other regions. The European Union has not found the United States and some other countries to have an adequate level of protection of PI under Article 45 of the GDPR. E&S Orthodontics relies on exceptions for specific situations as defined in Article 49 of the GDPR.
For European Union customers and users, by clicking the “I Accept” button or otherwise accepting the terms and conditions of our services through a clickable action or similar action, you hereby acknowledge, agree and accept that your PI may be transferred outside the European Union to the United States. We will use your PI to provide the goods, services, and/or information you request from us to perform a contract with you or to satisfy a legitimate interest of our company in a manner that does not outweigh your freedoms and rights.
Wherever we transfer, process or store your PI, we will take reasonable steps to protect it. We will use the information we collect from you in accordance with our Policy. By using our website, services, or products, you agree to the transfers of your PI described within this section.
You Rights under the GDPR.
The General Data Protection Regulation (GDPR) allows individuals in the EU greater control over their personal data and grants them a number of rights with regard to how that data is processed, stored, and accessed.
For the purposes of the GDPR, in the European Union E&S Orthodontics is both a “data controller” and a “data processor” of PI you provide to us for the primary purposes of providing you with our devices.
The section below covers the certain situations that you, as data subject, and we as a data controller, are most likely to see, but you should also carefully review the full list of data subject rights here: https://gdpr-info.eu/chapter-3/. You retain the right to be forgotten, to PI portability, data access, data rectification, right to be informed, right to object the use of your PI, right not to be subject to a decision based solely on automated processing (including marketing profiling), and the right to complain regarding the use of your PI. To do so, please contact email@example.com.
Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address in order for us to notify you the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the PI with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request. Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your PI from our products and services within thirty (30) days.
Notice to Arizona Residents.
In compliance with the Arizona Data Breach Law (A.R.S. § 18-545), residents of Arizona are hereby notified that the PI is safeguarded by E&S Orthodontics. Users can obtain certain information about the PI we may have access to, including disclosure thereof with third parties for direct marketing purposes (e.g. names and addresses of those third parties, types of services or products marketed thereby). If you wish to request a copy of your information disclosure, please contact us as indicated below.
Under the Arizona Data Breach Law, we are responsible for any and all factual or suspected security data breaches into our PI databases, and are also required to notify our customers in Arizona of any such factual or suspected breach (by email and/or post). A breach of security is defined as an “unauthorized access, or authorized access for an illegitimate purpose of PI, that compromises the security, confidentiality or integrity of such PI.
Such notification will be subject to a variety of factors, including but not limited to, the type of PI breached, whether the database was secured or not, type of key/cipher used, whether the PI was factually or allegedly acquired by an unauthorized person, and whether misuse of the PI is reasonably possible. Our customers can rest assured that we will undertake any and all necessary safety, managerial and technical measures in order to protect your PI and our right to privacy.
Lastly, we have posted this conspicuous Policy to the public, indicating the PI being collected and the manner in which it may be disclosed and with whom. Accordingly, our users can may visit our platform using anonymous browsing, and click on this Policy linked from our home page, with the link including the word ‘Privacy’ or similar. We also comply with Policy changes and notification to our users, and provide mechanisms that allow our users to manage their PI personal information.
Through the simple use of the platform and our products and services, you hereby represent and warrant that you are at least eighteen (18) years of age –or older– as of the date of first access thereof. If you are still a minor (which may depend on the jurisdiction where you reside), you may access our products and services, only under the direct supervision of your parent or legal guardian. E&S Orthodontics does not knowingly collect any kind of information from persons under the age of thirteen (13). If we learn or have reason to suspect that any user is under the age of thirteen (13), we will delete any PI under that user’s account.
We reserve the right to amend, change, suspend and/or update our platform, our products, our services, this Policy and/or our Terms, in whole or in part, from time to time and at our sole and final discretion. Your continued use thereof after the last effective date of modifications thereof indicates your acceptance of such modifications. We will post any updates on our platform, and may also send you an email or otherwise notify you of any material changes to this Policy.
From time to time, this Policy may be translated into other languages for your convenience. The English language version of each of these documents shall be the version that prevails and governs your use of Site and our products and services. Upon the case of any conflict between the English language version and any translated version, the English language version will prevail.
Complaints about this Policy or how our medical practice handles your health information should be directed to our Privacy Officer, available at firstname.lastname@example.org.
If you are not satisfied with the manner in which E&S Orthodontics handles a complaint, you may submit a formal complaint to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) by email to email@example.com or call the U.S. Department of Health and Human Services, Office for Civil Rights toll-free at: 1-800-368-1019, TDD: 1-800-537-7697.
The complaint form may be found at www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf. You will not be penalized in any way for filing a complaint.
How to Contact Us.
If you have any questions or queries about us, our services, our Terms and Conditions of Use and/or this Policy, please contact us as indicated in our website, by phone to (623) 209-7468, and by post to 8272 W. Lake Pleasant Parkway #209, Peoria, Arizona, 85382, USA.
Date of last effective update is 5th June, 2018.